Terrorist attacks in Paris earlier this month killed 130 people
David Medine: We should take a deep breath before changing our surveillance laws
Editor’s Note: David Medine is chairman of the Privacy and Civil Liberties Oversight Board, an independent agency within the executive branch whose mission is to ensure that the federal government’s efforts to prevent terrorism are balanced with the need to protect privacy and civil liberties. The views expressed in this article are his own and do not represent the views of the board or any other board member.
The recent terror attacks in Paris were a horrible tragedy, claiming 130 lives and injuring hundreds of innocent people who were just going about their lives on a Friday evening. We are all saddened by the unthinkable stories that witnesses and victims have shared about the night that France – and the world – will never forget.
As our opinion leaders, lawmakers and intelligence community officials reflect on the events leading up to these terrible attacks, and what the appropriate response should be to better detect and thwart terrorist plots in the United States and throughout the world, it is critical that we first step back and take a deep breath.
Rather than reacting reflexively, we should ask thoughtful questions and give careful consideration to multiple crucial issues that are at hand. Simply put, the Paris tragedy should not be used as the basis for rapidly expanding mass surveillance programs without due consideration and public debate, where possible, about the important balance between national security concerns and privacy and civil liberties.
For example, over the past few days, there have been calls to extend the National Security Agency’s telephone metadata records program, known as the Section 215 program, which is scheduled to be phased out at the end of this month under the USA Freedom Act, enacted by Congress last June. But we should not so hastily seek to undo a carefully balanced piece of legislation that was enacted after almost two years of robust public debate.
The Privacy and Civil Liberties Oversight Board spent a significant amount of time examining the national security and legal justifications for this program. In January 2014, following a thorough investigation, the board released an extensive report on it. In our report, we found that bulk collection of Americans’ phone call metadata was not effective in identifying terrorist plots or terrorists, concluding there was “little evidence that the unique capabilities provided by the NSA’s bulk collection of telephone records actually have yielded material counterterrorism results that could not have been achieved without the NSA’s Section 215 program.”
Balanced against this slim record of efficacy, the government’s collection of information about countless private interactions between millions of people not suspected of any wrongdoing clearly risks chilling freedom of speech, association and religion, and as well as risking future data abuse by government officials.
Our report concluded that the program should be ended, because it lacked a viable legal foundation, implicated constitutional concerns under the First and Fourth Amendments, raised serious threats to privacy and civil liberties as a policy matter, and had shown only limited value.
We have made real progress in balancing national security and privacy and civil liberties through the USA Freedom Act. This law will soon result in the end of the government’s bulk telephone records program, as the board recommended. Abandoning indiscriminate bulk collection in favor of targeted queries to individual telephone companies, based on individualized suspicion, is not only more privacy-protective, but better for national security. We should not reverse this progress.
The Paris attacks also have resulted in some calling for new laws that would outlaw technology companies from using encryption that cannot be accessed by the government through “backdoor” means. Yet this is an extraordinarily complex issue with multiple privacy and national security implications, and these issues should be thoughtfully and carefully examined – we do not yet know what methods the ISIS terrorists used to plan the Paris attack.
The administration announced a few weeks ago that it would not seek legislation to compel tech companies to provide the government with keys to encrypted information, citing the complexity of the problem. Instead, it stated that it intends to work with the tech industry toward a voluntary solution. This is a wise strategy that should not be abandoned.
As chairman of the Privacy and Civil Liberties Oversight Board, I greatly appreciate the important contribution surveillance programs make to identifying terrorists and preventing future attacks. But as the 9/11 Commission noted in recommending the creation of the board, the choice between security and liberty is a false one. The Paris attacks were tragic, but we should take a deep breath before making hasty policy decisions and changing our surveillance laws.