Russ Feingold: Yahoo Didn’t Get the Info Needed to Challenge the Constitutionality of PRISM
The answer: Yahoo.
The Yahoo ruling, from 2008, shows the company argued that the order violated its users’ Fourth Amendment rights against unreasonable searches and seizures. The court called that worry “overblown.”
But the NYT doesn’t explain something that Russ Feingold pointed out when the FISA Court of Review opinion was made public in 2009 (and therefore after implementation of FISA Amendments Act): the government didn’t (and still didn’t, under the PAA’s successor, the FISA Amendments Act, Feingold seems to suggests) give Yahoo some of the most important information it needed to challenge the constitutionality of the program.
The decision placed the burden of proof on the company to identify problems related to the implementation of the law, information to which the company did not have access. The court upheld the constitutionality of the PAA, as applied, without the benefit of an effective adversarial process. The court concluded that “[t]he record supports the government. Notwithstanding the parade of horribles trotted out by the petitioner, it has presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse in the circumstances of the instant case.” However, the company did not have access to all relevant information, including problems related to the implementation of the PAA. Senator Feingold, who has repeatedly raised concerns about the implementation of the PAA and its successor, the FISA Amendments Act (“FAA”), in classified communications with the Director of National Intelligence and the Attorney General, has stated that the court’s analysis would have been fundamentally altered had the company had access to this information and been able to bring it before the court.
In the absence of specific complaints from the company, the court relied on the good faith of the government. As the court concluded, “[w]ithout something more than a purely speculative set of imaginings, we cannot infer that the purpose of the directives (and, thus, of the surveillance) is other than their stated purpose… The petitioner suggests that, by placing discretion entirely in the hands of the Executive Branch without prior judicial involvement, the procedures cede to that Branch overly broad power that invites abuse. But this is little more than a lament about the risk that government officials will not operate in good faith.” One example of the court’s deference to the government concerns minimization procedures, which require the government to limit the dissemination of information about Americans that it collects in the course of its surveillance. Because the company did not raise concerns about minimization, the court “s[aw] no reason to question the adequacy of the minimization protocol.” And yet, the existence of adequate minimization procedures, as applied in this case, was central to the court’s constitutional analysis. [bold original, underline mine]
This post — which again, applies to PAA, though seems to be valid for the way the government has conducted FAA — explains why.
The court’s ruling makes it clear that PAA (and by association, FAA) by itself is not Constitutional. By itself, a PAA or FAA order lacks both probable cause and particularity.
The programs get probable cause from Executive Order 12333 (the one that John Yoo has been known to change without notice), from an Attorney General assertion that he has probable cause that the target of his surveillance is associated with a foreign power.
And the programs get particularity (which is mandated from a prior decision from the court, possibly the 2002 one on information sharing) from a set of procedures (the descriptor was redacted in the unsealed opinion, but particularly given what Feingold said, it’s likely these are the minimization procedures both PAA and FAA required the government to attest to) that give it particularity. The court decision makes it clear the government only submitted those — even in this case, even to a secret court — ex parte.
The petitioner’s arguments about particularity and prior judicial review are defeated by the way in which the statute has been applied. When combined with the PAA’s other protections, the [redacted] procedures and the procedures incorporated through the Executive Order are constitutionally sufficient compensation for any encroachments.
The [redacted] procedures [redacted] are delineated in an ex parte appendix filed by the government. They also are described, albeit with greater generality, in the government’s brief. [redacted] Although the PAA itself does not mandate a showing of particularity, see 50 USC 1805b(b), this pre-surveillance procedure strikes us as analogous to and in conformity with the particularity showing contemplated by Sealed Case.
In other words, even the court ruling makes it clear that Yahoo saw only generalized descriptions of these procedures that were critical to its finding the order itself (but not the PAA in isolation from them) was constitutional.
Incidentally, while Feingold suggests the company (Yahoo) had to rely on the government’s good faith, to a significant extent, so does the court. During both the PAA and FAA battles, the government successfully fought efforts to give the FISA Court authority to review the implementation of minimization procedures.
The NYT story suggests that the ruling which found the program violated the Fourth Amendment pertained to FAA.
Last year, the FISA court said the minimization rules were unconstitutional, and on Wednesday, ruled that it had no objection to sharing that opinion publicly. It is now up to a federal court.
I’m not positive that applies to FAA, as distinct from the 215 dragnet or the two working in tandem.
But other reporting on PRISM has made one thing clear: the providers are still operating in the dark. The WaPo reported from an Inspector General’s report (I wonder whether this is the one that was held up until after FAA renewal last year?) that they don’t even have visibility into individual queries, much less what happens to the data once the government has obtained it.
But because the program is so highly classified, only a few people at most at each company would legally be allowed to know about PRISM, let alone the details of its operations.
According to a more precise description contained in a classified NSA inspector general’s report, also obtained by The Post, PRISM allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers. The companies cannot see the queries that are sent from the NSA to the systems installed on their premises, according to sources familiar with the PRISM process. [my emphasis]
This gets to the heart of the reason why Administration claims that “the Courts” have approved this program are false. In a signature case where an Internet provider challenged it — which ultimately led the other providers to concede they would have to comply — the government withheld some of the most important information pertaining to constitutionality from the plaintiff.
The government likes to claim this is constitutional, but that legal claim has always relied on preventing the providers and, to some extent, the FISA Court itself from seeing everything it was doing.