You are using an outdated browser.
Please upgrade your browser
and improve your visit to our site.

"Metadata Material Shouldn’t be Held by the Government"

Interview: A key NSA reform panelist explains their recommendations

Saul Loeb/AFP/Getty Images

On December 20, the day after the President’s Review Group on Communications and Intelligence Technologies issued its recommendations for reform of American surveillance policies, The New Republic’s legal affairs editor, Jeffrey Rosen, interviewed Cass Sunstein, a member of the Review Group as well a contributing editor to the magazine, about the recommendations in the report.

An edited transcript of their conversations follows.

JR: Let’s run through the major recommendations, which you summarized in The New York Times yesterday. Tell us about the first recommendation: that the government should stop storing bulk telephone metadata for domestic surveillance, and the data should be held by private third parties and only accessible by a court order.

CS: The idea is that for the government to hold metadata of that magnitude creates risks to public trust, privacy and civil liberties. The risks shouldn’t be overstated. We didn’t find that government is trying to snoop on political dissenters or trying to go after people’s private lives, but there are risks in government ownership of such material through storage. The question is whether those risks are justified by national security needs, and our conclusion is they aren’t. You can have a more standard process by which the government doesn’t store otherwise private data but still has access by a showing of need. We think that transition to a more standard procedure– the data is held privately and the government has access only by a showing of need – strikes a better balance between privacy and security.

JR: Some civil libertarians think that even allowing private storage concedes too much. Did you consider recommending that the data not be collected and stored at all?

CS: Under existing FCC law there’s an 18-month requirement of storage by the phone companies, which is motivated by a consumer protection rationale. The fact that many companies voluntarily keep this material for longer periods, and the fact that the FCC requires retention for reasons that have nothing to do with national security, seems to us suggestive that there are legitimate reasons to hold the material. The risks of private owning don’t seem high and the possibility of helping to protect the safety of the American people is real. In the face of that possibility, a system of private ownership and government access on the proper showing seems to strike the right balance.

JR: You recommend tightening the standard the government has to meet to access the data. How so?

CS: We believe if government has access to data, it has to be limited in scope, like a subpoena. The data have to be tightly and narrowly limited, and the government has to a reasonable belief that the material is relevant to an investigation that involves national security or foreign intelligence. The idea that there’s a reasonable belief the data is relevant to an investigation means the government is put to a kind of demonstration of relevance, and you have to get the court convinced of that relevance. So the model we’re trying to create is more like the conventional subpoena model, with judicial safeguards.

JR: The two previous administrations said the old standard of access to the data was just like a grand jury subpoena, but in fact it wasn’t.

CS: I’d want to leave to others the characterization of previous system. We believe that to see this as a standard subpoena with independent court approval is more consonant with our legal traditions. It deprives the government of nothing that it deserves to have access to and ensures appearance and reality of oversight.

JR: You recommend that the government shouldn’t have access to private information held by third parties (like telephone companies or Internet providers) without a court order. In her concurrence in the Jones GPS case, Justice Sonia Sotomayor identified the “third party doctrine,” which holds that Americans have no constitutionally protected expectations of privacy in data held by third parties, as the biggest threat to privacy today. Were you trying to address the problems with the third party doctrine?

CS: Our group wasn’t thinking in constitutional terms, but we were saying that if people’s bank records are of concern to the government, the government should have access only if there’s sufficient reason to get them. We believe that whatever the Fourth Amendment was originally understood to mean, it’s right in the modern era to say that fact that people dealing with a credit card or internet company doesn’t mean it’s open season on their transactions or communications.

JR: Would implementing this and other recommendations require legislation, or could it be done by an administrative regulation?

CS: In each case, it depends on the program. There are things that the executive branch can do on its own that would be respectful of this kind of recommendation. We didn’t clearly separate the things that would require legislation and the things that are properly handled by the executive but certainly elements of what I just described could be done within the executive branch.

JR: The report talks a lot about the importance of transparency and urges Congress to pass laws authorizing telephone and Internet providers to disclose the now secret orders they get from the government telling them to turn over private data. Tell us about the transparency recommendations.

CS: They have several motivations. Justice Brandeis said sunlight is the best disinfectant, and we think accountability to the public in terms of what the government is doing is desirable in a democracy. The recommendation that the government disclose orders on its own and that Congress should authorize the companies to do so is partly motivated by the accountability goal. There’s also another interest. I don’t think anyone wants our national security policies to be having adverse effects on our economic goals. The idea that American companies would be at a competitive disadvantage for fear that their customers aren’t being allowed to communicate safely and securely with others, no one wants that. So the idea of the disclosure is to provide some mechanism for assurance about what government is actually asking. We think that because the requests aren’t are as numerous and alarming as some people fear, transparency is a good idea for that reason.

JR: You say that if the government happens to collect the data of Americans when they’re communicating with non-Americans, it shouldn’t be allowed to use that data in any legal proceedings against the Americans. What was the thinking behind that recommendation?

CS: If an American is communicating with someone outside the country, which is hardly unusual, and if the government lawfully but inadvertently picks up the material and finds out something about the American, we recommend that it can’t use that as evidence against the American if there’s no national security rationale. The idea is that section 702, [the part of the foreign intelligence law that justifies the surveillance of non-Americans], was about national security and if Americans are incidentally swept up because they’re talking to other people, that’s not legitimately used as evidence against Americans. It wasn’t intended as a program for surveillance of Americans.

JR: Some European countries have adopted controls on the use of data swept up in national security investigations. In Germany, for example, foreign intelligence information can’t be shared with law enforcement unless it relates to terrorism – evidence of low-level crimes can’t be introduced in court. But the Germans don’t distinguish so sharply between citizens and non-citizens. What was your model in making this recommendation?

CS: It was based on an understanding of what section 702 is about and how to square it with our ordinary privacy safeguards. We monitor not foreigners generally but foreigners who want to do violence to us, and if in course of legitimate monitoring of people who want to do us violence in Saudi Arabia, one person is American and it turns out to be an innocuous conversation – say, what you learn about an American involves gambling­ – that’s not the way we convict people of gambling, by listening in on their phone calls on unrelated matter. The idea was not necessarily to build on any particular model others have adopted but to ensure that the 702 program was focused on what the 702 program was about: communications by non-U.S. persons that are legitimately connected with a national security investigation.

JR: The report does say that the protections of the federal privacy act should apply to all people, citizens and non- citizens alike. Tell us about that recommendation.

CS: The basic idea is that there’s evident concern in a number of nations that the United States is spying on people. The fact is that such surveillance is done for national security purposes, not other purposes. That’s important and true, we think it’s very important to affirm that the use of any surveillance will never be done to target people’s political convictions, their religious beliefs or would never be done to go after trade secrets or promote the interest of domestic industries. We also think the Privacy Act, which the Department of Homeland Security actually has applied to non-Americans as a presumption, should be applied by all agencies to non-Americans so that there are fair information practices. That means that if people have access to information the government has, they can correct errors and restrict dissemination.

We also think that there’s a very important part of U.S. law called minimization, where, inside the government, you’re not going to disseminate people’s names even if you have a query where you find them. The idea is that if you discover someone’s name in a foreign country, and there’s an investigation where the name pops up lawfully, once you know there’s no national security reason to have concern, you don’t disseminate. No nation treats foreign nationals outside of its territorial boarders exactly the same as it treats its own citizens, but these various steps would go a significant way toward affirming values that are constitutionally required or in our domestic law.

JR: Was there any consideration about applying the same surveillance standards for Americans as non-Americans?

CS: We thought long and hard about the options, but there are challenges about applying the same standards to non-Americans and Americans alike. The system doesn’t equally treat people outside the country exactly the same as people inside the country, but our recommendations would go a long way in that direction

JR: The report says the president should require high-level approval of all sensitive intelligence requests against all non-citizens, including foreign leaders. What’s the idea there?

CS: This is a large recommendation, and it’s important to isolate what makes it large. If the United States is involved in hostilities with another nation or if it’s involved in some very tense conflict that doesn’t amount to hostilities, it’s perfectly legitimate to learn what you can to save lives. Every country does that. On the other hand, we don’t want to be recording material just because we can. If we have nations with whom we share values and interests, the fact that we can engage in surveillance doesn't mean we should.

There are many reasons for that. One has to do with respect. Another has to do with maintaining cooperative and congenial relations. The idea is you don’t just want the intelligence community, as honorable and impressive as it is, to be making the decision about the scope of surveillance. This should be done by very high-level policy makers. You want to have a process by which people with multiple perspectives -- including economic perspectives, including treaty formation perspectives, including maintaining collegiality perspectives -- are playing a role in the decision about the uses of surveillance.

Another way to put it, which I saw in government myself, is that often an entity, whether it’s the Department of Transportation of the Department of the Interior or the Environmental Protection Agency, has its own knowledge and perspective. That’s really important, but for an administration-wide decision, you want multiple people involved, including those who have a focus maybe that the particular department or agency doesn’t have foremost in its mind. The idea of senior policy level review is designed to ensure a broader perspective

JR: The report recommends FISA Court reforms, including more transparency of decisions and a public interest advocate to represent civil liberties and privacy interests.

CS: This is an extremely important recommendation. We have a great deal of respect for the FISA court and its judges. We think the institution makes sense. When the court was created, it was thought most of its decisions would be deciding whether to issue a subpoena, and that was supposed to be a small fact based decision. But it turns out that some of its decisions involve large questions of law that depend not just on the facts but also on big judgments about how the law should be understood. For anything like that, an adversarial proceeding is really important. Ours is an adversarial system, and someone presenting privacy and civil liberties concerns will promote the public interest and make the court function more like a standard court does in cases that have high level stakes. In addition, as recent decisions have shown, a number of the FISA court’s decision belongs in the public domain. There’s no reason to keep them from the people, so to move toward declassification is a good idea

Another thing we say is we’d like to change is the mechanism for composing the FISA court. It’s now the case that 10 of the 11 judges are Republican nominees to the federal bench. While we all have all the respect in the world for Chief Justice Roberts, and no one thinks he is trying to stack the bench in any way, it’s not ideal if any court of this importance has one or another party showing that kind of percentage domination. To split the choices among the various justices is one approach. The approach we recommend is toward decentralizing the appointment process. If we have a mix of choosers, we’ll almost inevitably have a mix of choices as a result.

It would take Congress to enact that recommendation but everyone is on notice now that the 10 out of 11 from one party isn’t ideal and it wouldn't be surprising if the next appointees show a better mix.

JR: You also say that Congress should strengthen the Privacy and Civil Liberties Oversight Board, creating a new oversight body.

CS: There’s a current board called PCLOB that is understaffed and under resourced. It’s not in a position to provide the strong independent voice we think the system deserves. We think there should be a new board, whose mission would be to oversee not just terrorism related judgments but a broader array and be in a capacity to review and assess the protection of privacy and civil liberties throughout the government. This, by the way, is part of two- pronged institutional change. The other is we think there should be a privacy official within the white house, dual hatted both in the National Security Council and OMB whose portfolio is privacy protection to have an internal privacy person and an independent entity creates two levels of safeguards. One thing I saw in government is that it matters who is in the room. If you have someone in the room that has a privacy profile, that makes a difference

JR: You say the U.S. should support international treaties and promise not to subvert or get around commercial encryption.

CS: One very important idea that has bipartisan support is that the Internet should be a free area where there won’t be suppression of dissent. We won’t create the Splinternet, which is something some people are worried about. One thing we’re recommending is that the US reaffirm policies stated in 2011, open policies for Internet governance. Also, the affirmation that we will respect encryption and not create backdoors. That’s not meant as a commentary on what’s been feared and claimed but it’s a forward-looking recommendation for U.S. policies consistent with our commitment to a genuinely free and open Internet.

JR: All the spying scandals dating back to the nineties have involved concerns about U.S. hacking and the government’s insistence on backdoors around commercial encryption.

CS: There’s a part of the report that discusses the allegations and what we understand to be the case. But the report is not a kind of retrospective assessment of existing practice. What the president asked us to do is to make recommendations for the future not to conduct an ex post evaluation of recent years. We did get careful briefing on existing practice, and our emphasis was informed by those briefings.

JR: You say that while classified information should be shared on a “need to know” basis, departments and agencies should have “work related” access. What’s the difference there?

CS: Here’s the way to understand that recommendation. There was an idea that was prominent in the intelligence community especially before 9/11, which was “need to know.” After 9/11, it was reasonably thought that could result in an inability to get a full picture of emerging threats. So there was an idea that some people appeared to speak for which was called “need to share.” That was designed to ensure against keeping things in buckets, which prevented the government from getting an adequate picture of what the threats were.

What we propose instead is that there’s a need to share with people who need to know. By itself, the need to know model is inadequate if it doesn’t take on board the importance of separate buckets and the need to share model can create risks to national security and privacy when people are getting access to material merely because they’re curious. The idea of work related access says that if it’s necessary for your work, you get to see it, but not if you are interested in it or would like to be informed by it. We have a large number of reforms designed to reduce the risks that people inside or outside the government will see material even if it’s not necessary for their work. That’s important both for national security purposes – we don’t want people leaking practices which are secret – and it’s also important for privacy purposes – we don’t want the restrictions on dissemination of material to be violated by people seeing stuff simply because they're curious.

JR: Security and privacy concerns sometimes conflict. Did either predominate in your deliberations?

CS: Both were important, but it’s fair to say that there are a range of recommendations designed to reduce insider threats, and those have an initial motivation as a national security protection. The risks that surveillance is designed to reduce can also be augmented if government releases classified information because it hasn’t adequately confined the number of people who have access to that information.

JR: Your report wouldn’t have been possible without the Snowden disclosures. Does he deserve our thanks?

CS: We believe there are internal processes for bringing to people’s attentions concerns about government practices. The right way to respond to concerns about existing practices is through internal channels that are ample and fair, and not through illegality.

JR: How likely is it that the White House and Congress will implement your recommendations?

CS: I don’t have a crystal ball. The president’s made clear that he’s taking it very seriously. I know from being there that if the president wants a report to be taken seriously, it will be taken seriously. I have all the confidence in the world that recommendations that withstand careful security will be considered very carefully. There are recommendations that could run into counter arguments that maybe we didn’t adequately appreciate, and those recommendations will be bracketed.

JR: What about Congress?

CS: I certainly don’t have a crystal ball with respect to Congress. We did meet with the heads of the Senate and Foreign Relations Committees both on the Republican and Democratic sides. They are very interested people with a range of views. We’ll see.

JR: What surprised you most about what you learned on the commission?

CS: That’s a great question. I had no clear expectation about what would happen. Maybe the biggest surprise was that there was no division on the group on any of the recommendations. The unanimity on 46 recommendations of 300 pages of text -- it would have been a lot to expect going in that would happen with five pretty diverse people.

We worked extremely congenially together, and we decided at the outset that if we had a difference of opinion, we’d note it. In other words, the majority thinks this and minority thinks that. It would have been reasonable to expect splits, but in the end, there was nothing on which we split.

JR: The report says that while privacy and security sometimes involves balancing, on some questions, there can be no balancing. Do your recommendations set out to protect privacy and security at same time?

CS: It’s true that sometimes a balance needs to be struck but some things compactly off limits. If some people are dissenters or worshiping at a particular alter, then to engage in surveillance of them for that reason is not ok with us. Our government does not and should not engage in surveillance to get trade secrets or to give an unjustified economic advantage to domestic companies. There are some considerations that don’t involve a balance because they’re legitimate grounds for surveillance. That distinction between illegitimate and legitimate grounds is an extremely important part of what distinguishing free country from an unfree one. Countries that aren’t free have surveillance to protect those in political power, to intimidate, to punish dissenters. It’s not as if the goals there are part of the balance. They are not part of the balance. Some grounds for surveillance are per se illegitimate.

JR: The report notes that some forms of surveillance haven’t made us more secure. Have any surveillance programs actually worked?

CS: Everyone agrees that section 702 is very useful. The 702 program, which involves non-U.S. persons, there are documented cases where that program has been a significant contributor. There is a consensus, and we see no reason to disagree with this, in the intelligence community about the importance of the 702 program. On the domestic side, the evidence is less overwhelming. I’ll let the report speak for itself, and here I’m just speaking for myself.

I believe there is value in allowing the government to be able to get at metadata not because it holds it and stores it itself but because it’s gone through the normal legal process to contribute information to actual and prospective threats. So for 702 the record is unambiguous. For section 215 [of the Patriot Act] it doesn’t have the overwhelming character of the 702 program in terms of effectiveness.

JR: Section 215 of the Patriot Act has been the most controversial provision, especially as construed by the FISA Court, which would allow the government to seize any data that might be relevant to future investigations that don’t yet exist. How would your report change the construction of section 215?

CS: Probably most important thing in the report on section 215 is that the metadata material shouldn’t be held by the government any more. Many people are concerned that the government is holding and storing telephone metadata, and we share that concern. It’s not that government has been prying into people’s private life and going after dissenters. But there are risks if the government holds this material. There are risks to public trust, to privacy and liberty. We think that a better system is one in which private providers hold that information and the government can’t get access to it except by getting judicial authorization. The judicial authorization would be available on two conditions. First, the request has to be reasonable and focused in scope and breadth. You can’t get subpoena by saying I want everyone’s phone calls. Second, the government has to have not just a wish for material but reasonable grounds to believe that material its seeks is relevant to an investigation to protect against international terrorism or clandestine terrorist activity.

If after the bombing in say, Boston, the government has reasonable grounds to figure out who was having conversations with a suspect, there’s a pretty good argument that the information sought is relevant and time may be of the essence. The idea of getting who is calling whom, that’s legitimate under standard legal rules, but the idea is that government isn’t holding material and the court will allow the government to have access only on a particular showing.

JR: So if your recommendations are adopted, the government couldn’t do the “three hops” analysis it’s doing now, where it investigates all the numbers called by a suspect, all the numbers those numbers call, and all the numbers those numbers call?

CS: No, not unless you specified what you wanted. Three hops would be a lot to ask for, and you’d’ have to explain why that is a good idea. Obviously, in the aftermath of an apparent terrorist attack either of the magnitude of what happened after 9/11 or the magnitude of what happened in Boston, our report didn’t specify what would be the acceptable requests. But if you had a terrible attack, the government might reasonably want more than it would if it just had a report of a possibility.

JR: Your group didn’t have access to Judge Richard Leon’s opinion questioning the constitutionality of the metadata surveillance program. But it’s consistent with some of your recommendations. 

CS: I didn’t read the opinion after the report was finalized and I haven’t gone back and forth from one document to the other. Our report is free standing. The members of our group have a legal background, but we weren’t making a legal determination. Our task was to think about policy.

JR: How would shutting down the database work in practical terms?

CS: The idea would be that phone companies already have the information and voluntarily some of them hold the information for a long time. They would have it, and the government could get access if it needed it. The challenge for the government is what if the phone calls involve several carriers? Can they figure out this carrier was involved and this one and can they query them in away that is workable despite the fact that there talking to different entities? We believe that is technically feasible. The idea would be that government would go to carriers with a technical mechanism by which it could check the various numbers that are involved. We recognize that our judgment that this is technically feasible is an empirical judgment and not every one shares it. We suggest that if it turns out not to be feasible, an alternative worth considering would be another private entity that could hold the material. It would have to be a genuinely private entity. We would leave to others which that private entity should be. That's not our preferred outcome, though. Our preferred outcome is that there’s a need to access the material, and you get to the people who have the metadata.

JR: So the current data collection system and the government database would have to be shut down?

CS: Yes, we would transition from a system where the government has the information to one, which is based on the status quo, where phone companies have the information.

JR: if you could pick a single recommendation to be implemented, what’s the most important?

CS: I wouldn’t single out any one. We’re committed to all 46.