Saturday, December 1, 2012
Was Petraeus Borked?
ProPublica, Nov. 14, 2012
In 1987, when Judge Robert Bork was enmeshed in a partisan struggle over his Supreme Court nomination, a reporter for an alternative weekly in Washington, D.C., got a tip that the judge was a patron of a local video store. Michael Dolan went to Potomac Video, in the western corner of the capital, and asked the assistant manager for a list of videos the judge had checked out. "Cool," the assistant manager said. "I'll look."
Dolan's subsequent story, published in the Washington City Paper, caused a sensation, though not because of the judge's taste in videos, which, it turned out, was unremarkable. There were 146 rentals in less than two years, including lots of Hitchcock and Bond, as well as movies featuring Meryl Streep and Bette Midler. As Dolan wrote, "Despite what all you pervs were hoping, there's not an X in the bunch, and hardly an R."
After a bitter fight, the Senate rejected Bork's nomination. One thing everyone agreed on, however, was that Bork's privacy had been invaded. In 1988, Congress passed the Video Privacy Protection Act, making it illegal to release video lists without a customer's consent to anyone but law enforcement, and then only with an appropriate warrant. It is reasonable to note that the unusually rapid congressional action was perhaps aimed at protecting the privacy of Legislator X as much as Citizen Y. If a reporter could easily get the judge's video list, a senator's list would not be much harder to get, and would probably be a lot more lively.
Will the scandal surrounding David Petraeus, General John Allen, Paula Broadwell, Jill Kelley, and a shirtless F.B.I. agent turn into the same sort of eureka moment that Congress experienced when Bork was, as the saying now goes, "borked"? Although the lustful portion of the Petraeus scandal is hardly disappearing — who else will be drawn into it, and when will we read the emails? — attention is turning toward the apparent ease with which the F.B.I. accessed the electronic communication of Petraeus, Broadwell, Kelley, and Allen. The exact circumstances of how the F.B.I. got its hands on all this material remains to be revealed — for instance, whether search warrants were obtained for everything — but the bottom line appears to be that the F.B.I. accessed a vast array of private information and seriously harmed the careers of at least Petraeus and Broadwell without, as of yet, filing a criminal complaint against anybody. As the law professor and privacy expert James Grimmelmann tweeted the other day, "The scandal isn't what's illegal; the scandal is what's legal (or what the FBI thinks is legal)."
In recent years, a handful of privacy activists — led by the A.C.L.U., the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the Center for Democracy & Technology — have filed lawsuits and requested official documents in an effort to reveal and challenge the government's vast surveillance powers. For the most part, they have not succeeded in changing things; the Petraeus scandal appears to show just how much surveillance the F.B.I. and other law enforcement agencies can conduct without a judge or a company telling them "no, you can't have that."
For instance, in its semiannual transparency report, Google announced this week that it receives more requests for user data from the U.S. government than any other government in the world, and that those requests rose 26 percent in the latest six-month reporting period, to nearly 8,000; the company said that it complied with 90 percent of the requests, either fully or partially. As Chris Soghoian, the A.C.L.U.'s principal technologist and senior policy analyst, wrote this week:
"The guest lists from hotels, IP [computer] login records, as well as the creative request to email providers for 'information about other accounts that have logged in from this IP address' are all forms of data that the government can obtain with a subpoena. There is no independent review, no check against abuse, and further, the target of the subpoena will often never learn that the government obtained data."
It's not just email. In July, Rep. Edward Markey, a Democrat from Massachusetts, cajoled major cellphone carriers into disclosing the number of requests for data that they receive from federal, state, and local law enforcement agencies: In 2011, there were more than 1.3 million requests. As ProPublica reported at the time, "Police obtain court orders for basic subscriber information so frequently that some mobile phone companies have established websites — here's one — with forms that police can fill out in minutes. The Obama Administration's Department of Justice has said mobile phone users have 'no reasonable expectation of privacy.'"
There's a particularly cruel irony in all of this: If you contact your cell-phone carrier or Internet service provider or a data broker and ask to be provided with the information on you that they provide to the government and other companies, most of them will refuse or make you jump through Defcon levels of hops, skips, and clicks. Uncle Sam or Experian can easily access data that shows where you have been, whom you have called, what you have written, and what you have bought — but you do not have the same privileges.
The surveillance, which is being challenged in a number of suits, is conducted through an alphabet soup of laws, regulations, and loopholes, including the Wiretap Act, the Electronic Communications Privacy Act (which extended the Wiretap Act to email, and added the Stored Communications Act for stored email), the Foreign Intelligence Surveillance Act and the Patriot Act (which amended all the others). One of the remedies that's before Congress is a bill introduced by Senator Patrick Leahy, a Democrat from Vermont, to require that in most cases law-enforcement agents must obtain a search warrant from a judge before getting customer emails from an Internet company. It would also provide more guarantees that citizens be notified that their email is being surveilled. It's only a partial fix, of course; for instance, it does nothing about cell-phone surveillance.
Everyone has an opinion on what should be done, and one of the country's most famous judges is of two minds on the subject. "It seems to me we often hamper enforcement agencies so that they can't do their job, and when we aren't doing that we are cutting them loose so they can abuse their power," said Judge Bork, reached by phone at his home in northern Virginia. "Is there too much intrusion into private lives? I can't answer that very well, because sometimes there is, sometimes there isn't."
Until now, Congress has not stood in the way of the expanding surveillance, mainly because it was justified as part of the effort to prevent another 9/11. But the Petraeus case shows that among the people who have the most to lose from unchecked surveillance are the people who thought they would benefit from it—government elites who allocate the funding and make the laws and operate the bureaucracy of surveillance. Perhaps they will start worrying a bit more about becoming the next Petraeus or Bork. Our legislators, who are not all angels, now have real skin in the game, so to speak.