By Jay Stanley
Free Future / ACLU
In a pair of stories this past weekend, the Washington Post and the AP reported on the construction of an ambitious surveillance system by which the government aims to carry out detailed surveillance of its own employees.
Great, you say, our government security establishment is taking some strong steps to carry out their highest mission: protecting and defending the Constitution against the kind of unconstitutional spying that these agencies’ sweeping surveillance powers make all too easy. By monitoring and recording the actions of agency employees at every level, such a system can protect Americans by serving as the Intel Community version of police body cameras. It can serve to “watch the watchers.”
In fact, the driving concern behind this system seems to be not to protect the public but to protect the agencies against whistleblowers and leakers who threaten to embarrass these organizations and undermine the shield of secrecy that they use to expand their powers without having to undergo “damaging public debate” and other threats to their independent autonomy.
This is fully consistent with what I have been arguing is the best way to think of our intelligence establishment: as a giant mindless machine that is programmed to, above all, protect itself. The Snowden (and Manning) revelations have been a body blow to the machine, undermining its secret, autonomous ability to continue marching toward its goal: collection of every communication that takes place on the planet.
Now we see the machine is moving to defend itself.
The solution for the machine? In typical bureaucratic, control-it-all fashion, it’s a vision of automated constant monitoring and judging of employees. The AP describes a program under development called the “Automated Continuous Evaluation System,” which would draw on “six or seven data streams” to engage in the “continuous monitoring” of employees. It would draw on sources including private credit agencies, law enforcement databases, government records, and social media. The Washington Post piece similarly looks at products being peddled by major defense contractors that will ostensibly flag “high risk” workers through strategies ranging from total keystroke logging to social media monitoring to “sentiment analysis.”
I have written about the silly nature of some of these efforts, in particular DARPA’s ADAMS system, which aims at detecting when an employee’s mental health declines by scanning massive amounts of internal email and other data. Development of this program is apparently still in full swing.
These efforts seem to comingle the goal of stopping leakers with the idea that the next office shooter can somehow be identified ahead of time through email. The latter is silly, while the former threatens one of the few remaining checks and balances on our secret security agencies: the existence within those agencies of idealistic Americans willing to sacrifice their careers and more to blow the whistle when they see unconstitutional behavior.
All that said, there is a genuine potential for these kinds of tools to actually be properly deployed in such a way as to help protect the public against the internal misuse of very powerful surveillance powers.
Recall the following statement that Edward Snowden made to the journalists Laura Poitras and Glenn Greenwald in June 2013 in Hong Kong:
Any [NSA] analyst at any time can target anyone, any select or anywhere. Where those communications will be picked up depends on the range of the sensor networks and the authorities that that analyst is empowered with. Not all analysts have the ability to target everything. But I, sitting at my desk, certainly had the authorities to wiretap anyone—from you, or your accountant, to a federal judge, to even the President if I had a personal email.
This was one of the statements that Snowden made at the time that was most widely challenged by government officials and other NSA defenders. However, in his testimony to a committee of the EU Parliament earlier this month, Snowden reiterated the point:
The NSA granted me the authority to monitor communications world-wide using its mass surveillance systems, including within the United States. I have personally targeted individuals using these systems under both … Executive Order 12333 and the US Congress’ FAA 702. I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true.
Even for those who for some reason find the official protestations of the NSA on this matter more credible than Snowden’s first-hand testimony, it is undoubtedly the case that the NSA has enormous powers of surveillance at its disposal, that as a technological matter those powers can be targeted at U.S. citizens, and that the agency does not appear to have very tight controls on how its tens of thousands of employees can use them.
For us the bottom line is this:
- We would like to see systems of internal auditing and tracking that are strictly aimed at protecting the American people from abuses. Those audits should be immutable, and should be available to independent oversight bodies such as the PCLOB.
- These systems should be in effect at the highest levels of the agencies. In the Cold War FBI, they should have covered J. Edgar Hoover. (I’ve gotten demos of computer surveillance programs aimed at the corporate market that include a functionality allowing top executives to exempt their own online behavior from being recorded—a reminder of the hypocrisy of power, and the need to counteract it.)
- Intrusive systems should be deployed in proportion to an employee’s power to invade privacy. The AP quotes one official as saying that a monitoring system would “extend across the executive branch,” but there’s no reason to apply this level of monitoring to the Department of the Interior or Housing and Urban Development. Intrusive monitoring should not be applied to those who do not have access to very intrusive tools themselves.
- These systems should not monitor anyone’s activities outside of work.
In the end, as I often point out in the video surveillance context, we don’t want the government spying on its citizens, but we do want citizens to have the ability to monitor their government. Like police body cameras, we would like to see surveillance machinery deployed only in the service of ensuring that no employees abuse the wildly intrusive capabilities of the national security state.