Another reason on McCain
About ten days ago, I was a co-moderator (with Ari Schwartz) of a panel at CFP during which surrogates for the Obama and McCain campaigns had a civil and well-informed conversation about tech policy. I was impressed by Chuck Fish, the McCain representative, who did his best to win the respect of the geek crowd in the room. (ArsTechnica report about the panel here.)
In response to a question about immunity for the telcos in connection with their cooperation with the NSA’s warrantless wiretapping program, Fish said that there should be hearings held to figure out what the NSA had been up to. He also (although vaguely) suggested that there should be statutory limits to what the NSA could do, and that the telcos and the NSA should be held to those limits.
Now Wired is reporting that McCain has repudiated Fish’s remarks. (That’s unfortunate, and I think unfair to Fish, who works full-time for the campaign and is clearly a careful guy. He didn’t seem like someone who would make misstatements when he was speaking for the campaign.)
McCain is going with Bush’s Law: No matter what the law or the Constitution says, if the president needs to carry out warrantless surveillance in his capacity as Commander in Chief of the armed forces, he can do it. This is the familiar, overreaching view that Article II essentially trumps everything else. If we’re “in a time of war,” anything goes.
Here is the bottom line: Senator McCain supports the FISA modernization bill passed by the Senate without qualification. He believes no additional steps should be necessary to secure immunity for the telecoms; both the 109th and 110th Congresses have conducted extensive evaluation and examination of this topic and have satisfied the public’s need for appropriate oversight; hearings purportedly designed to ‘get to the bottom of things’ have already occurred; and neither the Administration nor the telecoms need apologize for actions that most people, except for the ACLU and the trial lawyers, understand were Constitutional and appropriate in the wake of the attacks on September 11, 2001.
Senator McCain has never stated, nor does he believe that telecoms should only receive retroactive immunity in exchange for congressional testimony about their actions. We do not know what lies ahead in our nation’s fight against radical Islamic extremists, but John McCain will do everything he can to protect Americans from such threats, including asking the telecoms for appropriate assistance to collect intelligence against foreign threats to the United States as authorized by Article II of the Constitution.
Wired’s Ryan Singel explains that McCain has apparently been pushed into this Curtiss-Wright-So-I’m-Right chest-thumping position by commentary from the National Review Online.
The legal argument is straightforward: in general, domestic eavesdropping without a warrant is illegal. If the government is eavesdropping on “foreign powers” inside the U.S. it can go to a special court, the Foreign Intelligence Surveillance Court, and get an order authorizing the surveillance - or it can start the surveillance and ask for judicial authority afterwards. This allows the President to act in foreign affairs with expedition, but retains judicial supervision.
It’s alarming that McCain says he will be willing to ignore the law on the books if needed. We adopted this structure after evidence of overwhelming domestic surveillance abuse was revealed as part of the Church Committee’s work.
(It’s also alarming that some Democrats are willing to believe that prospective judicial supervision of warrant requests is an outmoded idea - you can see this in the FISA-rewrite debates. At least they seem to believe that the statute would have to be rewritten in order to avoid the current judicial supervision requirement.)
But let’s start with McCain. He’s more alarming. He’s saying he’d be willing to ignore the statute, whatever it says. I don’t think Obama would take this view.
The biggest surveillance story in years
To very little uproar - that’s the problem - the UK is considering floating a bill that would centralize all data collected by ISPs.
Can you imagine this? The UK has had data retention laws since October 2007 that require phone companies to hang onto phone and text records, and this next step would make all of that data plus email, internet usage, and VoIP data available in a single place - accessible by a mid-level policeman who wanted to know more about his traffic-stop suspect. Data mining for any purpose (national security, fighting terrorism, or a divorce case) would be possible, without judicial oversight.
The UK is a very watched place.
I understand that coverage of this issue by mainstream press in the UK (and in particular the BBC) has been light. Perhaps the civil society objections are too muted - perhaps it seems inevitable that all data will be perfectly searchable by law enforcement authorities. There’s a good story in ComputerWeekly here, which may be an exception. And this seems to be a summary of the bill, but I can’t find its actual text.
This is the biggest surveillance story in years. If there isn’t uproar, the bill will be introduced as planned; if it’s introduced, it will likely pass. Let’s hope someone is watching and objecting.
Prior restraints
The odd story of the Wikileaks.org injunction is described here by the Berkman Center’s Citizen Media project. We still don’t know exactly why the site was ordered taken down - it seems like a trade secret issue - or why this was done ex parte, or why the court initially ordered wikileaks.org’s registrar/host to “immediately clear and remove all DNS hosting records for the wikileaks.org domain name and prevent the domain name from resolving to the wikileaks.org website or any other website or server other than a blank park page, until further order of this Court.” (That part of the order seems to have been revised - now it’s just a takedown order.) We’d like to know more about this court action.
Speaking of prior restraints, don’t tell EFF that retroactive immunity for the telcos is necessarily constitutional. As Cindy Cohn of EFF told Farber’s IP list, “[t]here are serious due process and separation of powers problems with the bill, which effectively grants the Executive the power to demand that pending court cases come out a particular way that favors the Executive. This is an extraordinary thing to do, especially when the constitutional claims of millions of Americans are at issue.” EFF has a chart of its responses to common arguments in favor of immunity, and has posted a set of documents relevant to the allegations made in its lawsuit.
FISA and immunity
Great work today on the OpenCongress.org blog, telling us that (1) Sen. Specter wants to have the government step in as defendants in the tens of cases pending against cooperative telcos involved in violating FISA and other laws; (2) Sen. Feinstein wants the secret FISA court to decide the question of immunity; (3) Sen. Leahy’s amendment removing immunity from the telcos has been rejected and Sen. Dodd has vowed to filibuster.
As of tonight, it appears the Senate has delayed further consideration of the issue until Monday. Sen. Reid is blaming the Republicans. And an interesting sidenote: the Senators now have access to the requests for data given to the telcos and the President’s authorization of the warrantless wiretapping.
Under the version of FISA in place at the time the wiretapping was authorized, 18 U.S.C. 2511(2)(a)(ii) said that
Notwithstanding any other law, providers of wire or electronic communication service. . . are authorized to provide information, facilities, or technical assistance to persons authorized by law to . . . conduct electronic surveillance, . . . if such provider . . . has been provided with. . . a certification in writing by . . . the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required. . .
The cases so far keep running up against the State Secrets Doctrine (except for Hepting), and so we never get to the application of this statutory exception. But if we ever get there, and the AG provided this certification, then why wouldn’t the cases be dismissed? Maybe because this would mean that the AG himself acted unlawfully - because all the statutory requirements weren’t met. (How could they have been? This was a blatantly unlawful program.) Or maybe the certification doesn’t meet this standard.
I hope we see these certifications and authorizations someday soon. Most of us don’t want immunity for the telcos. I’d like to see the lawfulness of the surveillance program reviewed by an ordinary federal court, myself - that’s probably more important than money damages at this point.
The Auction, the Cops, and Comcast
The 700 MHz auction is just ahead. Bidders will soon be filing their applications, and the auction itself is supposed to start by Jan. 24.
This is the big event for telecommunications policy in the U.S. One recent online story says that “it’s almost like the powers-that-be decided to auction off the land in the Grand Canyon or Central Park in New York City.” It could affect the competitive landscape for U.S. wireless providers and change the way broadband reaches rural areas in this country.
Re-reading the final rules [warning: enormous PDF] in light of recent events, though, makes for a little less optimism. You’ll remember that Chairman Martin at the last minute succeeded in slipping in limited “no locking, no blocking” elements into the rules.
In particular, as long as the reserve price for the C Block is met the first time it is auctioned, “a C Block licensee may not block, degrade, or interfere with the ability of end users to download and utilize applications of their choosing on the licensee’s C Block network, subject to reasonable network management.” And the FCC “will require only C Block licensees to allow customers, device manufacturers, third-party application developers, and others to use or develop the devices and applications of their choosing in C Block networks, so long as they meet all applicable regulatory requirements and comply with reasonable conditions related to management of the wireless network (i.e., do not cause harm to the network).”
The Cops
The Department of Justice has filed a “deficiency petition” (explanation here) in connection with CALEA compliance. This deficiency petition is likely to become an FCC document requesting comments (an NPRM). This NPRM will cover providers of any type of broadband internet access service (phone, cable modem, wireless, whatever) - the entities that the FCC has already said are covered by CALEA.
It will also cover “interconnected VoIP services,” which include any applications that are capable of connecting to the traditional phone networks.
The NPRM, if it follows the DOJ’s request, will suggest (among other things) that all of these providers should build their routers and network hardware to provide “packet activity reporting” for all packets crossing their networks, and physical location information for all of their customers at all times. It will also suggest that very fine-grained timing information is needed - something that the internet and its applications don’t provide at the moment. “Packet activity reporting” means that the broadband provider will need to know the destination IP address and port number for everything happening on its network.
The idea is that these designs will help law enforcement when they want to carry out a request for call-identifying information.
Here’s the tie-in to the auction rules: if these CALEA requirements are adopted by the Commission, there will be at least two consequences for the C Block auction winner. First, the winner will need to allow for the cost of the upgraded routers/switches etc. that are capable of providing this CALEA information as part of their bid. For a new entrant, this will be a big deal. Second, the winner will be able to say that it cannot permit any applications or devices to be used on its network that frustrate the network provider’s ability to provide this information to law enforcement.
(This is clear in the auction rules: “Wireless providers [subject to the C Block conditions] are not required to permit attachment of any device or application that would interfere with the provider’s obligations to comply with applicable regulatory requirements…” - at paragraph 216.)
So much for lowering barriers to entry for a new wireless competitor - and for making the platform truly “open access.” If the network provider has to be completely answerable to law enforcement for detailed information about everything that travels across its wireless network, then nothing will be done without the network provider’s permission. That’s where we are today, and that’s the situation that the open access rules have been touted as changing.
Comcast
Apologies to Comcast - everyone else is probably doing it too - but “reasonable network management” can cover a host of activities. We’re seeing that right now. The auction rules say that “C Block licensees cannot exclude applications or devices solely on the basis that such applications or devices would unreasonably increase bandwidth demands,” but there may be many other reasons for applications or devices to be degraded or mistreated. The use of the word “solely” makes that sentence provide slim (or no) protection. Here’s another sentence from the auction rules: “Wireless service providers may continue to use their own certification standards and processes to approve use of devices and applications on their networks so long as those standards are confined to reasonable network management.”
Through the skillful use of ad hoc, one-off certification standards and “reasonable network management,” a lot of openness can be avoided.
===No great conclusions here - just watching the threads knit together. With any luck, any CALEA and “reasonable network management” opining will be done by the next FCC, not this one.
Boundaries
It’s the ad hoc nature of U.S. communications law these days that gets depressing. It seems only federal courts can help - except when they refuse to get involved.
Four very quick snippets of stories to watch:
1. Warshak. The Sixth Circuit said back in June that people have a reasonable expectation of privacy in email sent through ISPs, and so the loose-and-low statutory procedures for government access to these emails (found in the Stored Communications Act) have to be measured against Fourth Amendment standards. The government had used those loose-and-low procedures to obtain a court order giving it general access to Warshak’s emails stored by ISPs - and the government didn’t tell Warshak it was doing this for a year. That failed the Fourth Amendment test, according to the Sixth Circuit.
Although the particular loose-and-low procedure (a one-sided appearance before a judge stating “reasonable grounds” rather than probable cause, the Fourth Amendment requirement) has been declared unconstitutional, there are still plenty of other ways for the government to get access to these materials if they need it. They can get a warrant based on probable cause, or go in front of a judge and let the search-ee know that they want access and are asking for a subpoena. (Meanwhile, judicial steps can be taken to avoid having the emails disappear.)
But that’s not enough for our government, which wants to avoid any additional oversight or notice requirements in connection with access to email.
Everything’s in email - a complete dossier of our communicative lives is in email. What could be more personal? Years ago, we agreed that people had a reasonable expectation of privacy (triggering Fourth Amendment protections) in phone calls - why would we treat emails differently? But our government has successfully sought rehearing of the Sixth Circuit case by the full panel of judges, and it’s likely we’ll see some clever fight over the “ripeness” (liveliness, concreteness) of the claim that avoids the merits of the dispute but keeps the status quo of easy access in place.
Ripeness is a sophisticated way of saying to the courts: “Move along here, now, nothing for you to work on.”
2. Hepting. That’s the name of the lawsuit addressing the NSA surveillance scandal. At the direction of our government, telecommunications companies copied all online transmissions crossing their network — wholesale — and sent that copy on to the NSA for further processing. This likely violated the Fourth Amendment (clearly the telecom companies were acting on behalf of the government), the Telecommunications Act, the Wiretap Act, the Foreign Sovereign Immunities Act, the Stored Communications Act, and state unfair competition/deceptive practices laws. At the least.
Right now, Congress is considering whether to grant retroactive immunity to the telecommunications companies that participated in this warrantless vacuuming up of all possible communications. A Senate panel has voted against immunity today — a welcome development. Sen. Specter (R-PA) has argued that Hepting (and cases like it) need to proceed. “[C]ourt cases may be the only way Congress can learn how far outside the law the administration has gone in eavesdropping.” Specter wants to substitute in the government for the telcos, though, which seems problematic. Why should citizens have to pay for this illegality? A House bill on the same subject already rejected immunity.
Retrospective immunity is another way of saying to the courts: “Move along here, now, nothing for you to work on.”
3. Title I and Chevron Deference. At the same time all communications have become IP-based, the FCC has manuvered regulation of those communications out of the scope of its own delegated power from Congress. Instead of keeping things within Title II of the Communications Act (the home of some heavy-handed regulation, to be sure, but at least there were guideposts for the FCC’s action), the Commission has declared that just about everything having to do with the internet and access to the internet is within its power under Title I of the Act.
Title I says nothing. So the Commission has enormous discretion to do whatever it wants - it’s a swamp, a murky, bottomless realm of unaccountable action, that Title I.
Here’s the place where (unlike Warshak and, potentially, Hepting) the courts have deferred to the broad exercise of communications discretion. Somewhat enigmatically, Justice Thomas in 2005’s Brand X decision said:
Information-service providers . . are not subject to mandatory common-carrier regulation under Title II, though the Commission has jurisdiction to impose additional regulatory obligations under its Title I ancillary jurisdiction to regulate interstate and foreign communications.
Justice Scalia thought that was weak, and said so:
This is a wonderful illustration of how an experienced agency can (with some assistance from credulous courts) turn statutory constraints into bureaucratic discretions.
I’d like to see another case that makes a court address the scope of the Commission’s power over the internet — surely the Commission can’t act without some kind of delegated authority. Surely there needs to be a guidepost in the swamp somewhere.
Right now, a combination of judicial deference and Commission brashness is keeping the courts - and Congress - from getting involved.
4. 70/70. Title VI of the Cable Act says:
[A]t such time as cable systems with 36 or more activated channels are available to 70 percent of households within the United States and are subscribed to by 70 percent of the households to which such systems are available, the Commission may promulgate any additional rules necessary to provide diversity of information sources.
We know that the Commission plans to say this “70/70″ trigger has been met. It’s true that cable has enormous market power and the empirical step makes sense.
But “any rules necessary”? I’d be worried, if I were the cable industry. Again, the issue here is a complete lack of boundaries. Not even a hint of limitations.
And, again, the argument from the Commission will be: “Move along here, courts, nothing for you to work on.”
==
These are all separate stories, each with its own history and set of acronyms. They all share, though, a certain open-endedness and ad hocery that is distressing. Not that every detail needs to be written down in legislation - but some checks, some examination has to happen at some point, provided by some institution that isn’t pressing for action.