1ac
1ac – internet freedom
Contention 1 – internet freedom
--NSA overbreadth
--perception alone that the US is relying on XO12333
--driving global data localization – wrecks the internet
--Eagleman
--spills over to foreign policy generally
--legitimacy impact
The NSA’s PRISM program is being used to collect surveillance data from US
companies – this overreach undermines US soft power and credibility on internet
freedom
Wheeler, 14 - Marcy Wheeler is an independent journalist and PhD from the University of Michigan. She
specializes in civil liberties, technology, and national security. (Marcy, “The Drama Ahead: Google versus
America” 6/16, http://www.cato-unbound.org/2014/06/16/marcy-wheeler/drama-ahead-googleversus-america
This leaves one central drama to play out, in which Google and other tech companies (and to a much
lesser extent, a few telecoms) begin to push back against the NSA’s overreach. It’s not just that U.S.
cloud (and other tech) companies stand to lose billions as their clients choose to store data locally rather
than expose it easily to the NSA. It’s also that the NSA violated several aspects of the deal the Executive
Branch made six years ago with the passage of the FISA Amendments Act (FAA), Section 702 of which
authorizes the PRISM program and domestic upstream collection.
Congress passed the FISA Amendments Act several years after the New York Times’ exposure of the
illegal wiretap program, ostensibly to address a technical problem used to justify that program.
Technology had changed since the analog and radio world in place when FISA was first passed in 1978.
Now, much of the world’s communications – including those of extremists who were targeting America
– were sitting in Google’s and Yahoo’s and Microsoft’s servers within the United States. So Congress
authorized the NSA to conduct collection inside the United States on targets located outside of the
country (which swept up those who communicated with those targets, wherever they were located). In
exchange , the government and its supporters promised, it would extend protections to Americans who
were overseas.
Yahoo and Google played by the rules, as the PRISM slide released last June revealed. The data of both
Yahoo and Google have been readily available for any of the broad uses permitted by the law since
January 2009. Yet, in spite of the fact that the NSA has a legal way to obtain this Internet data inside the
United States using PRISM, the government also broke in to steal from Yahoo and Google fiber overseas.
That’s an important implication of Sanchez’ point that “modern communications networks obliterate
many of the assumptions about the importance of geography.” American tech companies now store
data overseas, as well as in the United States. Americans’ data is mixed in with foreigners’ data
overseas. Many of the more stunning programs described by Snowden’s documents – the collection of 5
billion records a day showing cell location, NSA partner GCHQ’s collection of millions of people’s
intimate webcam images, and, of course, the theft of data from Google and Yahoo’s servers – may suck
up Americans’ records too.
Plus there’s evidence the NSA is accessing U.S. person data overseas. The agency permits specially
trained analysts to conduct Internet metadata contact chaining including the records of Americans from
data collected overseas. And in a Senate Intelligence Committee hearing earlier this year, Colorado
Senator Mark Udall asked hypothetically what would happen with a “a vast trove of U.S. person
information” collected overseas; the answer was such data would not get FISA protection (California
Senator Dianne Feinstein, the Intelligence Committee Chair, asked an even more oblique question on
the topic).
Udall and Feinstein’s questions show that a lot of this spying does not undergo the oversight Benjamin
Wittes and Carrie Cordero point to. Last year, Feinstein admitted her committee gets less reporting on
such spying. Even for programs overseen by FISA, the NSA has consistently refused to provide even its
oversight committees and the FISA Court real numbers on how many Americans get sucked into various
NSA dragnets.
Moreover, the government’s threat to tech companies exists not just overseas. When a group of tech
companies withdrew their support for the USA Freedom Act, they argued the bill could permit the
resumption of bulk collection of Internet users’ data domestically. In the past, that has always meant
telecoms copying Internet metadata at telecom switches, another outside entity compromising tech
companies’ services. As with the data stolen overseas, Internet metadata is available to the government
legally under PRISM.
In response to the news that the government at times bypasses the legal means it has to access Google’s
clients’ data, the tech giant and others have found new ways to protect their customers. That consists of
the new encryption Sanchez described – both of that fiber compromised overseas and of emails sent
using Google – but also the right to publish how much data the government collects. Even within the
criminal context, tech companies (including telecoms Verizon and AT&T) are challenging the U.S.
government’s efforts to use tech companies’ presence in the United States to get easy access to
customers’ data overseas.
The conflict between Google and its home country embodies another trend that has accelerated since
the start of the Snowden leaks. As the President of the Computer & Communications Industry
Association, Edward Black, testified before the Senate last year, the disclosure of NSA overreach did not
just damage some of America’s most successful companies, it also undermined the key role the
Internet plays in America’s soft power projection around the world : as the leader in Internet
governance, and as the forum for open speech and exchange once associated so positively with the
United States.
The U.S. response to Snowden’s leaks has, to a significant degree, been to double down on hard power,
on the imperative to “collect it all” and the insistence that the best cyberdefense is an aggressive
cyberoffense. While President Obama paid lip service to stopping short of spying “because we can,” the
Executive Branch has refused to do anything – especially legislatively – that would impose real controls
on the surveillance system that undergirds raw power.
And that will likely bring additional costs, not just to America’s economic position in the world, but in
the need to invest in programs to maintain that raw power advantage. Particularly given the paltry
results the NSA has to show for its domestic phone dragnet – the single Somali taxi driver donating to alShabaab that Sanchez described. It’s not clear that the additional costs from doubling down on hard
power bring the United States any greater security.
The perception that the NSA is using Executive Order 12333 to circumvent section 702
of the FISA Amendments Act is causing a backlash against US tech companies and
driving global data localization
Eoyang, 14 - Mieke Eoyang is the Director of the National Security Program at Third Way, a center-left
think tank. She previously served as Defense Policy Advisor to Senator Edward M. Kennedy, and a
subcommittee staff director on the House Permanent Select Committee on Intelligence, as well as as
Chief of Staff to Rep. Anna Eshoo (D-Palo Alto) (“A Modest Proposal: FAA Exclusivity for Collection
Involving U.S. Technology Companies” Lawfare, 11/24, http://www.lawfareblog.com/modest-proposalfaa-exclusivity-collection-involving-us-technology-companies
Beyond 215 and FAA, media reports have suggested that there have been collection programs that
occur outside of the companies’ knowledge. American technology companies have been outraged about
media stories of US government intrusions onto their networks overseas, and the spoofing of their web
pages or products, all unbeknownst to the companies. These stories suggest that the government is
creating and sneaking through a back door to take the data. As one tech employee said to me, “the back
door makes a mockery of the front door.”
As a result of these allegations, companies are moving to encrypt their data against their own
government; they are limiting their cooperation with NSA; and they are pushing for reform. Negative
international reactions to media reports of certain kinds of intelligence collection abroad have resulted
in a backlash against American technology companies , spurring data localization requirements ,
rejection or cancellation of American contracts, and raising the specter of major losses in the cloud
computing industry. These allegations could dim one of the few bright spots in the American economic
recovery: tech.
Without commenting on the accuracy of these media reports, the perception is still a problem even if
the media reports of these government collection programs are not true---or are only partly true . The
tech industry believes them to be true , and more importantly, their customers at home and abroad
believe them to be true, and that means they have huge impact on American business and huge impact
as well on the relationship between these businesses and an intelligence community that depends on
their cooperation.
So, how should we think about reforms in response to this series of allegations the Executive Branch
can’t, or won’t, address? How about making the FAA the exclusive means for conducting electronic
surveillance when the information being collected is in the custody of an American company? This could
clarify that the executive branch could not play authority shell-games and claim that Executive Order
12333 allows it to obtain information on overseas non-US person targets that is in the custody of
American companies, unbeknownst to those companies.
As a policy matter, it seems to me that if the information to be acquired is in the custody of an American
company, the intelligence community should ask for it, rather than take it without asking. American
companies should be entitled to a higher degree of forthrightness from their government than foreign
companies, even when they are acting overseas. Under the FAA, we have a statutory regime that
creates judicial oversight and accountability to conduct electronic surveillance outside the US for specific
purposes: foreign intelligence (or traditional espionage), counter-terrorism, and prevention of WMD
proliferation. It addresses protections for both non-US and US persons. It creates a front-door, though
compelled, relationship under which the intelligence community can receive communications contents
without individual warrants but with programmatic judicial oversight.
FAA exclusivity would say to the rest of the world that when the US conducts bulk electronic
surveillance overseas, we are doing so for a particular, national security purpose. The FAA structure with
FISC review provides an independent check that the statutory purposes are met. Through transparency
agreements with the government, the American companies are able to provide their customers with
some sense of how many requests are made.
This would not change the 12333 authorities with respect to non-US companies. It would also not
change 12333 authorities when the Executive Branch seeks to obtain the information in some other way
than through the US company (i.e. breaking into the target’s laptop, parking a surveillance van outside
their house, sending a spy, etc.).
Some have asked me what would happen if foreign companies tried to set up shop here in the US to
seek these protections. I need to refine this part further, but would look to other statutory regimes that
need to define the nationality of companies, like the Foreign Corrupt Practices Act, or the CFIUS process.
Executive Order 12333 itself offers a partial answer, defining a US person to include “a corporation
incorporated in the United States, except for a corporation directed and controlled by a foreign
government or governments.”
Others may argue that FAA provides inadequate civil liberties protections. This proposal says nothing
about the adequacy of that statute. What it says is that for data held by an American company about a
target that is not a US person, the checks within FAA are stronger than those under 12333 acting alone.
That perception prevents the US from stopping data localization globally
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
Costs to the Internet Freedom Agenda and U.S. Credibility in Internet Governance
“As the birthplace for so many of these technologies, including the internet itself, we have a
responsibility to see them used for good,” declared Secretary of State Hillary Clinton in January
2010.175 Her speech at the Newseum in Washington DC effectively launched the United States’ Internet
Freedom agenda, articulating a leading role for the U.S. in using the Internet
to promote freedom of expression, freedom of worship, and the freedom to connect around the world.
Clinton went on to give two other major addresses on Internet Freedom, becoming the first global
leader to emphasize Internet Freedom as a foreign policy priority and urging “countries everywhere… to
join us in the bet we have made, a bet that an open internet will lead to stronger, more prosperous
countries.”176 As Richard Fontaine and Will Rogers describe in a seminal paper on the subject in June
2011, “Internet Freedom, broadly defined, is the notion that universal rights, including the freedoms of
expression, assembly and association, extend to the digital sphere.”177
Although there were questions from the beginning about whether the United States would hold itself to
the same high standards domestically that it holds others to internationally,178 the American
government has successfully built up a policy and programming agenda in the past few years based on
promoting an open Internet.179 These efforts include raising concerns over Internet repression in
bilateral dialogues with countries such as Vietnam and China,180 supporting initiatives including the
Freedom Online Coalition, and providing over $120 million in funding for “groups working to advance
Internet freedom – supporting counter-censorship and secure communications technology, digital safety
training, and policy and research programs for people facing Internet repression.”181 However, the
legitimacy of these efforts has been thrown into question since the NSA disclosures began. “Trust has
been the principal casualty in this unfortunate affair,” wrote Ben FitzGerald and Richard Butler in
December 2013. “The American public, our nation’s allies, leading businesses and Internet users around
the world are losing faith in the U.S. government’s role as the leading proponent of a free, open and
integrated global Internet.”182
Prior to the NSA revelations, the United States was already facing an increasingly challenging political
climate as it promoted the Internet Freedom agenda in global Internet governance conversations. At the
2012 World Conference on International Telecommunications (WCIT), the U.S. and diverse group of
other countries refused to sign the updated International Telecommunications Regulations based on
concerns that the document pushed for greater governmental control of the Internet and would
ultimately harm Internet Freedom.183 Many observers noted that the split hardened the division
between two opposing camps in the Internet governance debate: proponents of a status quo
multistakeholder Internet governance model, like the United States, who argued that the existing
system was the best way to preserve key online freedoms, and those seeking to disrupt or challenge
that multistakeholder model for a variety of political and economic reasons, including governments like
Russia and China pushing for greater national sovereignty over the Internet.184 Many of the proposals
for more governmental control over the network could be understood as attempts by authoritarian
countries to more effectively monitor and censor their citizens, which allowed the U.S. to reasonably
maintain some moral high ground as its delegates walked out of the treaty conference.185 Although few
stakeholders seemed particularly pleased by the outcome of the WCIT, reports indicate that by the
middle of 2013 the tone had shifted in a more collaborative and positive direction following the
meetings of the 2013 World Telecommunications/ICT Policy Forum (WTPF) and the World Summit on
Information Society + 10 (WSIS+10) review.186
However, the Internet governance conversation took a dramatic turn after the Snowden disclosures.
The annual meeting of the Freedom Online Coalition occurred in Tunis in June 2013, just a few weeks
after the initial leaks. Unsurprisingly, surveillance dominated the conference even though the agenda
covered a wide range of topics from Internet access and affordability to cybersecurity.187 Throughout
the two-day event, representatives from civil society used the platform to confront and criticize
governments about their monitoring practices.188 NSA surveillance would continue to be the focus of
international convenings on Internet Freedom and Internet governance for months to come, making
civil society representatives and foreign governments far less willing to embrace the United States’
Internet Freedom agenda or to accept its defense of the multistakeholder model of Internet governance
as a anything other than self-serving. “One can come up with all kinds of excuses for why US surveillance
is not hypocrisy. For example, one might argue that US policies are more benevolent than those of many
other regimes… And one might recognize that in several cases, some branches of government don’t
know what other branches are doing… and therefore US policy is not so much hypocritical as it is
inadvertently contradictory,” wrote Eli Dourado, a researcher from the Mercatus Center at George
Mason University in August 2013. “But the fact is that the NSA is galvanizing opposition to America’s
internet freedom agenda.”189 The scandal revived proposals from both Russia and Brazil for global
management of technical standards and domain names, whether through the ITU or other avenues.
Even developing countries, many of whom have traditionally aligned with the U.S. and prioritize access
and affordability as top issues, “don’t want US assistance because they assume the equipment comes
with a backdoor for the NSA. They are walking straight into the arms of Russia, China, and the ITU.”190
Consequently, NSA surveillance has shifted the dynamics of the Internet governance debate in a
potentially destabilizing manner. The Snowden revelations “have also been well-received by those who
seek to discredit existing approaches to Internet governance,” wrote the Center for Democracy &
Technology’s Matthew Shears. “There has been a long-running antipathy among a number of
stakeholders to the United States government’s perceived control of the Internet and the dominance of
US Internet companies. There has also been a long-running antipathy, particularly among some
governments, to the distributed and open management of the Internet.”191 Shears points out that
evidence of the NSA’s wide-ranging capabilities has fueled general concerns about the current Internet
governance system, bolstering the arguments of those calling for a new government-centric governance
order. At the UN Human Rights Council in September 2013, the representative from Pakistan—speaking
on behalf of Cuba, Venezuela, Zimbabwe, Uganda, Ecuador, Russia, Indonesia, Bolivia, Iran, and China—
explicitly linked the revelations about surveillance programs to the need for reforming Internet
governance processes and institutions to give governments a larger role.192 Surveillance issues
continued to dominate the conversation at the 2013 Internet Governance Forum in Bali as well, where
“debates on child protection, education and infrastructure were overshadowed by widespread concerns
from delegates who said the public’s trust in the internet was being undermined by reports of US and
British government surveillance.”193
Further complicating these conversations is the fact that several of the institutions that govern the
technical functions of the Internet are either tied to the American government or are located in the
United States . Internet governance scholar Milton Mueller has described how the reaction to the NSA
disclosures has become entangled in an already contentious Internet governance landscape. Mueller
argues that, in addition to revealing the scale and scope of state surveillance and the preeminent role of
the United States and its partners, the NSA disclosures may push other states toward a more nationally
partitioned Internet and “threaten… in a very fundamental way the claim that the US had a special
status as neutral steward of Internet governance.”194 These concerns were publicly voiced in October
2013 by the heads of a number of key organizations, including the President of the Internet Corporation
for Assigned Names and Numbers (ICANN) and the chair of the Internet Engineering Task Force (IETF), in
the Montevideo Statement on the Future of Internet Cooperation. Their statement expressed “strong
concern over the undermining of the trust and confidence of Internet users globally due to recent
revelations of pervasive monitoring and surveillance” and “called for accelerating the globalization of
ICANN and Internet Assigned Numbers Authority (IANA) functions, towards an environment in which all
stakeholders, including all governments, participate on an equal footing.”195 In particular, the process
of internationalizing ICANN—which has had a contractual relationship with the Commerce Department’s
National Telecommunications and Information Association (NTIA) since 1998—has progressed in recent
months.196
That will collapse the global internet
Chandler and Le, 15 - * Director, California International Law Center, Professor of Law and Martin Luther
King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School
AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D.,
University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J.
677, lexis)
The era of a global Internet may be passing. Governments across the world are putting up barriers to the
free flow of information across borders. Driven by concerns over privacy, security, surveillance, and law
enforcement, governments are erecting borders in cyberspace, breaking apart the World Wide Web.
The first generation of Internet border controls sought to keep information out of a country - from Nazi
paraphernalia to copyright infringing material. n1 The new generation of Internet border controls seeks
not to keep information out but rather to keep data in. Where the first generation was relatively narrow
in the information excluded, the new generation seeks to keep all data about individuals within a
country.
Efforts to keep data within national borders have gained traction in the wake of revelations of
widespread electronic spying by United States intelligence agencies. n2 Governments across the world,
indignant at the recent disclosures, have cited foreign surveillance as an argument to prevent data from
leaving their borders, allegedly into foreign hands. n3 As the argument [*680] goes, placing data in
other nations jeopardizes the security and privacy of such information. We define "data localization"
measures as those that specifically encumber the transfer of data across national borders. These
measures take a wide variety of forms - including rules preventing information from being sent outside
the country, rules requiring prior consent of the data subject before information is transmitted across
national borders, rules requiring copies of information to be stored domestically, and even a tax on the
export of data. We argue here that data localization will backfire and that it in fact undermines privacy
and security, while still leaving data vulnerable to foreign surveillance. Even more importantly, data
localization increases the ability of governments to surveil and even oppress their own populations.
Imagine an Internet where data must stop at national borders, examined to see whether it is allowed to
leave the country and possibly taxed when it does. While this may sound fanciful, this is precisely the
impact of various measures undertaken or planned by many nations to curtail the flow of data outside
their borders. Countries around the world are in the process of creating Checkpoint Charlies - not just
for highly secret national security data but for ordinary data about citizens. The very nature of the World
Wide Web is at stake. We will show how countries across the world have implemented or have planned
dramatic steps to curtail the flow of information outside their borders. By creating national barriers to
data, data localization measures break up the World Wide Web, which was designed to share
information across the globe. n4 The Internet is a global network based on a protocol for
interconnecting computers without regard for national borders. Information is routed across this
network through decisions made autonomously and automatically at local routers, which choose paths
based largely on efficiency, unaware of political borders. n5 Thus, the services built on the Internet,
from email to the World [*681] Wide Web, pay little heed to national borders. Services such as cloud
computing exemplify this, making the physical locations for the storage and processing of their data
largely invisible to users. Data localization would dramatically alter this fundamental architecture of the
Internet.
Such a change poses a mortal threat to the new kind of international trade made possible by the
Internet - information services such as those supplied by Bangalore or Silicon Valley. n6 Barriers of
distance or immigration restrictions had long kept such services confined within national borders. But
the new services of the Electronic Silk Road often depend on processing information about the user,
information that crosses borders from the user's country to the service provider's country. Data
localization would thus require the information service provider to build out a physical, local
infrastructure in every jurisdiction in which it operates, increasing costs and other burdens enormously
for both providers and consumers and rendering many of such global services impossible.
While others have observed some of the hazards of data localization, especially for American
companies, n7 this Article offers three major advances over earlier work in the area. First, while the
earlier analyses have referred to a data localization measure in a country in the most general of terms,
our Article provides a detailed legal description of localization measures. Second, by examining a variety
of key countries around the world, the study allows us to see the forms in which data localization is
emerging and the justifications offered for such measures in both liberal and illiberal states. Third, the
Article works to comprehensively refute the various arguments for data localization offered around the
world, showing that data localization measures are in fact likely to undermine security, privacy,
economic development, and innovation where adopted.
[*682] Our paper proceeds as follows. Part I describes the particular data localization measures in place
or proposed in different countries around the world, as well as in the European Union. Part II then
discusses the justifications commonly offered for these measures - such as avoiding foreign surveillance,
enhancing security and privacy, promoting economic development, and facilitating domestic law
enforcement. We appraise these arguments, concluding that, in fact, such measures are likely to
backfire on all fronts. Data localization will erode privacy and security without rendering information
free of foreign surveillance, while at the same time increasing the risks of domestic surveillance.
A free internet is vital to combating every existential threat
Eagleman, 10 - American neuroscientist and writer at Baylor College of Medicine, where he directs the
Laboratory for Perception and Action and the Initiative on Neuroscience and Law (David, “Six ways the
internet will save civilization” Wired, 9/10,
http://www.wired.co.uk/magazine/archive/2010/12/start/apocalypse-no
Many great civilisations have fallen, leaving nothing but cracked ruins and scattered genetics. Usually
this results from: natural disasters, resource depletion, economic meltdown, disease, poor information
flow and corruption. But we’re luckier than our predecessors because we command a technology that
no one else possessed: a rapid communication network that finds its highest expression in the internet. I
propose that there are six ways in which the net has vastly reduced the threat of societal collapse.
Epidemics can be deflected by telepresence
One of our more dire prospects for collapse is an infectious-disease epidemic. Viral and bacterial
epidemics precipitated the fall of the Golden Age of Athens, the Roman Empire and most of the empires
of the Native Americans. The internet can be our key to survival because the ability to work
telepresently can inhibit microbial transmission by reducing human-to-human contact. In the face of an
otherwise devastating epidemic, businesses can keep supply chains running with the maximum number
of employees working from home. This can reduce host density below the tipping point required for an
epidemic. If we are well prepared when an epidemic arrives, we can fluidly shift into a self-quarantined
society in which microbes fail due to host scarcity. Whatever the social ills of isolation, they are worse
for the microbes than for us.
The internet will predict natural disasters
We are witnessing the downfall of slow central control in the media: news stories are increasingly
becoming user-generated nets of up-to-the-minute information. During the recent California wildfires,
locals went to the TV stations to learn whether their neighbourhoods were in danger. But the news
stations appeared most concerned with the fate of celebrity mansions, so Californians changed their
tack: they uploaded geotagged mobile-phone pictures, updated Facebook statuses and tweeted. The
balance tipped: the internet carried news about the fire more quickly and accurately than any news
station could. In this grass-roots, decentralised scheme, there were embedded reporters on every block,
and the news shockwave kept ahead of the fire. This head start could provide the extra hours that save
us. If the Pompeiians had had the internet in 79AD, they could have easily marched 10km to safety, well
ahead of the pyroclastic flow from Mount Vesuvius. If the Indian Ocean had the Pacific’s networked
tsunami-warning system, South-East Asia would look quite different today.
Discoveries are retained and shared
Historically, critical information has required constant rediscovery. Collections of learning -- from the
library at Alexandria to the entire Minoan civilisation -- have fallen to the bonfires of invaders or the
wrecking ball of natural disaster. Knowledge is hard won but easily lost. And information that survives
often does not spread. Consider smallpox inoculation: this was under way in India, China and Africa
centuries before it made its way to Europe. By the time the idea reached North America, native
civilisations who needed it had already collapsed. The net solved the problem. New discoveries catch on
immediately; information spreads widely. In this way, societies can optimally ratchet up, using the latest
bricks of knowledge in their fortification against risk.
Tyranny is mitigated
Censorship of ideas was a familiar spectre in the last century, with state-approved news outlets ruling
the press, airwaves and copying machines in the USSR, Romania, Cuba, China, Iraq and elsewhere. In
many cases, such as Lysenko’s agricultural despotism in the USSR, it directly contributed to the collapse
of the nation. Historically, a more successful strategy has been to confront free speech with free speech
-- and the internet allows this in a natural way. It democratises the flow of information by offering
access to the newspapers of the world, the photographers of every nation, the bloggers of every
political stripe. Some posts are full of doctoring and dishonesty whereas others strive for independence
and impartiality -- but all are available to us to sift through. Given the attempts by some governments to
build firewalls, it’s clear that this benefit of the net requires constant vigilance.
Human capital is vastly increased
Crowdsourcing brings people together to solve problems. Yet far fewer than one per cent of the world’s
population is involved. We need expand human capital. Most of the world not have access to the
education afforded a small minority. For every Albert Einstein, Yo-Yo Ma or Barack Obama who has
educational opportunities, uncountable others do not. This squandering of talent translates into
reduced economic output and a smaller pool of problem solvers. The net opens the gates education to
anyone with a computer. A motivated teen anywhere on the planet can walk through the world’s
knowledge -- from the webs of Wikipedia to the curriculum of MIT’s OpenCourseWare. The new human
capital will serve us well when we confront existential threats we’ve never imagined before.
Energy expenditure is reduced
Societal collapse can often be understood in terms of an energy budget: when energy spend outweighs
energy return, collapse ensues. This has taken the form of deforestation or soil erosion; currently, the
worry involves fossil-fuel depletion. The internet addresses the energy problem with a natural ease.
Consider the massive energy savings inherent in the shift from paper to electrons -- as seen in the
transition from the post to email. Ecommerce reduces the need to drive long distances to purchase
products. Delivery trucks are more eco-friendly than individuals driving around, not least because of
tight packaging and optimisation algorithms for driving routes. Of course, there are energy costs to the
banks of computers that underpin the internet -- but these costs are less than the wood, coal and oil
that would be expended for the same quantity of information flow.
The tangle of events that triggers societal collapse can be complex, and there are several threats the net
does not address. But vast, networked communication can be an antidote to several of the most deadly
diseases threatening civilisation. The next time your coworker laments internet addiction, the banality of
tweeting or the decline of face-to-face conversation, you may want to suggest that the net may just be
the technology that saves us.
Surveillance overreach spills over to gut overall US global legitimacy
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
Broader Foreign Policy Costs
Beyond Internet Freedom, the NSA disclosures “have badly undermined U.S. credibility with many of its
allies,” Ian Bremmer argued in Foreign Policy in November 2013.214 Similarly, as Georg Mascolo and
Ben Scott point out about the post-Snowden world, “the shift from an open secret to a published secret
is a game changer… it exposes the gap between what governments will tolerate from one another under
cover of darkness and what publics will tolerate from other governments in the light of day.”215 From
stifled negotiations with close allies like France and Germany to more tense relations with emerging
powers including Brazil and China, the leaks have undoubtedly weakened the American position in
international relations, opening up the United States to new criticism and political maneuvering that
would have been far less likely a year ago.216
U.S. allies like France, Israel, and Germany are upset by the NSA’s actions, as their reactions to the
disclosures make clear.217 Early reports about close allies threatening to walk out of negotiations with
the United States—such as calls by the French government to delay EU-U.S. trade talks in July 2013 until
the U.S. government answered European questions about the spying allegations218—appear to be
exaggerated, but there has certainly been fallout from the disclosures. For months after the first
Snowden leaks, German Chancellor Angela Merkel would not visit the United States until the two
countries signed a “no-spy” agreement—a document essentially requiring the NSA to respect German
law and rights of German citizens in its activities. When Merkel finally agreed come to Washington, D.C.
in May 2014, tensions rose quickly because the two countries were unable to reach an agreement on
intelligence sharing, despite the outrage provoked by news that the NSA had monitored Merkel’s own
communications.219 Even as Obama and Merkel attempted to present a unified front while they
threatened additional sanctions against Russia over the crisis in the Ukraine, it was evident that relations
are still strained between the two countries. While President Obama tried to keep up the appearance of
cordial relations at a joint press conference, Merkel suggested that it was too soon to return to
“business as usual” when tensions still remain over U.S. spying allegations.220 The Guardian called the
visit “frosty” and “awkward.”221 The German Parliament has also begun hearings to investigate the
revelations and suggested that it is weighing further action against the United States.222
Moreover, the disclosures have weakened the United States’ relationship with emerging powers like
Brazil, where the fallout from NSA surveillance threatens to do more lasting damage. Brazilian President
Dilma Rousseff has seized on the NSA disclosures as an opportunity to broaden Brazil’s influence not
only in the Internet governance field, but also on a broader range of geopolitical issues. Her decision not
to attend an October 2013 meeting with President Barack Obama at the White House was a direct
response to NSA spying—and a serious, high-profile snub. In addition to cancelling what would have
been the first state visit by a Brazilian president to the White House in nearly 20 years, Rousseff’s
decision marked the first time a world leader had turned down a state dinner with the President of the
United States.223 In his statement on the postponement, President Obama was forced to address the
issue of NSA surveillance directly, acknowledging “that he understands and regrets the concerns
disclosures of alleged U.S. intelligence activities have generated in Brazil and made clear that he is
committed to working together with President Rousseff and her government in diplomatic channels to
move beyond this issue as a source of tension in our bilateral relationship.”224
Many observers have noted that the Internet Freedom agenda could be one of the first casualties of the
NSA disclosures. The U.S. government is fighting an uphill battle at the moment to regain credibility in
international Internet governance debates and to defend its moral high ground as a critic of
authoritarian regimes that limit freedom of expression and violate human rights online. Moreover, the
fallout from the NSA’s surveillance activities has spilled over into other areas of U.S. foreign policy and
currently threatens bilateral relations with a number of key allies. Going forward, it is critical that
decisions about U.S. spying are made in consideration of a broader set of interests so that they do not
impede—or, in some cases, completely undermine—U.S. foreign policy goals.
Legitimacy key to global stability - prevents great power war
Fujimoto 12 (Kevin Fujimoto 12, Lt. Colonel, U.S. Army, January 11, 2012, "Preserving U.S. National
Security Interests Through a Liberal World Construct," online:
http://www.strategicstudiesinstitute.army.mil/index.cfm/articles/Preserving-US-National-SecurityInterests-Liberal-World-Construct/2012/1/11)
The emergence of peer competitors, not terrorism, presents the greatest long-term threat to our
national security. Over the past decade, while the United States concentrated its geopolitical focus on
fighting two land wars in Iraq and Afghanistan, China has quietly begun implementing a strategy to
emerge as the dominant imperial power within Southeast Asia and the Indian Ocean. Within the next 2
decades, China will likely replace the United States as the Asia-Pacific regional hegemonic power, if not
replace us as the global superpower.1 Although China presents its rise as peaceful and non-hegemonic,
its construction of naval bases in neighboring countries and military expansion in the region contradict
that argument.
With a credible threat to its leading position in a unipolar global order, the United States should adopt a
grand strategy of “investment,” building legitimacy and capacity in the very institutions that will protect
our interests in a liberal global construct of the future when we are no longer the dominant imperial
power. Similar to the Clinton era's grand strategy of “enlargement,”2 investment supports a world order
predicated upon a system of basic rules and principles, however, it differs in that the United States
should concentrate on the institutions (i.e., United Nations, World Trade Organization, ASEAN, alliances,
etc.) that support a world order, as opposed to expanding democracy as a system of governance for
other sovereign nations.
Despite its claims of a benevolent expansion, China is already executing a strategy of expansion similar
to that of Imperial Japan's Manchukuo policy during the 1930s.3 This three-part strategy involves: “(i)
(providing) significant investments in economic infrastructure for extracting natural resources; (ii)
(conducting) military interventions (to) protect economic interests; and, (iii) . . . (annexing) via
installation of puppet governments.”4 China has already solidified its control over neighboring North
Korea and Burma, and has similarly begun more ambitious engagements in Africa and Central Asia
where it seeks to expand its frontier.5
Noted political scientist Samuel P. Huntington provides further analysis of the motives behind China's
imperial aspirations. He contends that “China (has) historically conceived itself as encompassing a “‘Sinic
Zone'. . . (with) two goals: to become the champion of Chinese culture . . . and to resume its historical
position, which it lost in the nineteenth century, as the hegemonic power in East Asia.”6 Furthermore,
China holds one quarter of the world's population, and rapid economic growth will increase its demand
for natural resources from outside its borders as its people seek a standard of living comparable to that
of Western civilization.
The rise of peer competitors has historically resulted in regional instability and one should compare “the
emergence of China to the rise of. . . Germany as the dominant power in Europe in the late nineteenth
century.”7 Furthermore, the rise of another peer competitor on the level of the Soviet Union of the Cold
War ultimately threatens U.S. global influence, challenging its concepts of human rights, liberalism, and
democracy; as well as its ability to co-opt other nations to accept them.8 This decline in influence, while
initially limited to the Asia-Pacific region, threatens to result in significant conflict if it ultimately leads to
a paradigm shift in the ideas and principles that govern the existing world order.
A grand strategy of investment to address the threat of China requires investing in institutions,
addressing ungoverned states, and building legitimacy through multilateralism. The United States must
build capacity in the existing institutions and alliances accepted globally as legitimate representative
bodies of the world's governments. For true legitimacy, the United States must support these
institutions, not only when convenient, in order to avoid the appearance of unilateralism, which would
ultimately undermine the very organizations upon whom it will rely when it is no longer the global
hegemon.
The United States must also address ungoverned states, not only as breeding grounds for terrorism, but
as conflicts that threaten to spread into regional instability, thereby drawing in superpowers with
competing interests. Huntington proposes that the greatest source of conflict will come from what he
defines as one “core” nation's involvement in a conflict between another core nation and a minor state
within its immediate sphere of influence.9 For example, regional instability in South Asia10 threatens to
involve combatants from the United States, India, China, and the surrounding nations. Appropriately,
the United States, as a global power, must apply all elements of its national power now to address the
problem of weak and failing states, which threaten to serve as the principal catalysts of future global
conflicts.11
1ac – economy
Contention 2 – the economy
The perception of NSA overreaching wrecks global trust in the US tech sector – that
wrecks the US economy and competitiveness
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
“It is becoming clear that the post-9/11 surveillance apparatus may be at cross-purposes with our hightech economic growth,” declared Third Way’s Mieke Eoyang and Gabriel Horowitz in December 2013.
“The economic consequences [of the recent revelations] could be staggering.”25 A TIME magazine
headline projected that “NSA Spying Could Cost U.S. Tech Giants Billions,” predicting losses based on the
increased scrutiny that economic titans like Google, Microsoft, Facebook, and Yahoo have faced both at
home and abroad since last June.26 The NSA’s actions pose a serious threat to the current value and
future stability of the information technology industry, which has been a key driver of economic growth
and productivity in the United States in the past decade.27 In this section, we examine how emerging
evidence about the NSA’s extensive surveillance apparatus has already hurt and will likely continue to
hurt the American tech sector in a number of ways, from dwindling U.S. market share in industries like
cloud computing and webhosting to dropping tech sales overseas. The impact of individual users turning
away from American companies in favor of foreign alternatives is a concern. However, the major losses
will likely result from diminishing confidence in U.S. companies as trustworthy choices for foreign
government procurement of products and services and changing behavior in the business-to-business
market.
Costs to the U.S. Cloud Computing Industry and Related Business
Trust in American businesses has taken a significant hit since the initial reports on the PRISM program
suggested that the NSA was directly tapping into the servers of nine U.S. companies to obtain customer
data for national security investigations.28 The Washington Post’s original story on the program
provoked an uproar in the media and prompted the CEOs of several major companies to deny
knowledge of or participation in the program.29 The exact nature of the requests made through the
PRISM program was later clarified,30 but the public attention on the relationship between American
companies and the NSA still created a significant trust gap, especially in industries where users entrust
companies to store sensitive personal and commercial data. “Last year’s national security leaks have
also had a commercial and financial impact on American technology companies that have provided
these records,” noted Representative Bob Goodlatte, a prominent Republican leader and Chairman of
the House Judiciary Committee, in May 2014. “They have experienced backlash from both American and
foreign consumers and have had their competitive standing in the global marketplace damaged.”31
Given heightened concerns about the NSA’s ability to access data stored by U.S. companies, it is no
surprise that American companies offering cloud computing and webhosting services are among those
experiencing the most acute economic fallout from NSA surveillance. Within just a few weeks of the first
disclosures, reports began to emerge that American cloud computing companies like Dropbox and
Amazon Web Services were starting to lose business to overseas competitors.32 The CEO of Artmotion,
one of Switzerland’s largest offshore hosting providers, reported in July 2013 that his company had seen
a 45 percent jump in revenue since the first leaks,33 an early sign that the country’s perceived neutrality
and strong data and privacy protections34 could potentially be turned into a serious competitive
advantage.35 Foreign companies are clearly poised to benefit from growing fears about the security
ramifications of keeping data in the United States. In a survey of 300 British and Canadian businesses
released by PEER 1 in January 2014,36 25 percent of respondents indicated that they were moving data
outside of the U.S. as a result of the NSA revelations. An overwhelming number of the companies
surveyed indicated that security and data privacy were their top concerns, with 81 percent stating that
they “want to know exactly where their data is being hosted.” Seventy percent were even willing to
sacrifice performance in order to ensure that their data was protected.37
It appears that little consideration was given over the past decade to the potential economic
repercussions if the NSA’s secret programs were revealed.38 This failure was acutely demonstrated by
the Obama Administration’s initial focus on reassuring the public that its programs primarily affect nonAmericans, even though non-Americans are also heavy users of American companies’ products.
Facebook CEO Mark Zuckerberg put a fine point on the issue, saying that the government “blew it” in its
response to the scandal. He noted sarcastically: “The government response was, ‘Oh don’t worry, we’re
not spying on any Americans.’ Oh, wonderful: that’s really helpful to companies [like Facebook] trying to
serve people around the world, and that’s really going to inspire confidence in American internet
companies.”39 As Zuckerberg’s comments reflect, certain parts of the American technology industry are
particularly vulnerable to international backlash since growth is heavily dependent on foreign markets.
For example, the U.S. cloud computing industry has grown from an estimated $46 billion in 2008 to $150
billion in 2014, with nearly 50 percent of worldwide cloud-computing revenues coming from the U.S.40
R Street Institute’s January 2014 policy study concluded that in the next few years, new products and
services that rely on cloud computing will become increasingly pervasive. “Cloud computing is also the
root of development for the emerging generation of Web-based applications—home security,
outpatient care, mobile payment, distance learning, efficient energy use and driverless cars,” writes R
Street’s Steven Titch in the study. “And it is a research area where the United States is an undisputed
leader.”41 This trajectory may be dramatically altered, however, as a consequence of the NSA’s
surveillance programs.
Economic forecasts after the Snowden leaks have predicted significant, ongoing losses for the cloudcomputing industry in the next few years. An August 2013 study by the Information Technology and
Innovation Foundation (ITIF) estimated that revelations about the NSA’s PRISM program could cost the
American cloud computing industry $22 to $35 billion over the next three years.42 On the low end, the
ITIF projection suggests that U.S. cloud computing providers would lose 10 percent of the foreign
market share to European or Asian competitors, totaling in about $21.5 billion in losses; on the highend, the $35 billion figure represents about 20 percent of the companies’ foreign market share. Because
the cloud computing industry is undergoing rapid growth right now—a 2012 Gartner study predicted
global spending on cloud computing would increase by 100 percent from 2012 to 2016, compared to a 3
percent overall growth rate in the tech industry as a whole43—vendors in this sector are particularly
vulnerable to shifts in the market. Failing to recruit new customers or losing a competitive advantage
due to exploitation by rival companies in other countries can quickly lead to a dwindling market share.
The ITIF study further notes that “the percentage lost to foreign competitors could go higher if foreign
governments enact protectionist trade barriers that effectively cut out U.S. providers,” citing early calls
from German data protection authorities to suspend the U.S.-EU Safe Harbor program (which will be
discussed at length in the next section).44 As the R Street Policy Study highlights, “Ironically, the NSA
turned the competitive edge U.S. companies have in cloud computing into a liability, especially in
Europe.”45
In a follow up to the ITIF study, Forrester Research analyst James Staten argued that the think tank’s
estimates were low, suggesting that the actual figure could be as high as $180 billion over three years.46
Staten highlighted two additional impacts not considered in the ITIF study. The first is that U.S.
customers—not just foreign companies—would also avoid US cloud providers, especially for
international and overseas business. The ITIF study predicted that American companies would retain
their domestic market share, but Staten argued that the economic blowback from the revelations would
be felt at home, too. “You don’t have to be a French company, for example, to be worried about the US
government snooping in the data about your French clients,” he wrote.47 Moreover, the analysis
highlighted a second and “far more costly” impact: that foreign cloud providers, too, would lose as much
as 20 percent of overseas and domestic business because of similar spying programs conducted by other
governments. Indeed, the NSA disclosures “have prompted a fundamental re-examination of the role of
intelligence services in conducting coordinated cross-border surveillance,” according to a November
2013 report by Privacy International on the “Five Eyes” intelligence partnership between the United
States, the United Kingdom, Canada, Australia, and New Zealand.48 Staten predicts that as the
surveillance landscape around the world becomes more clear, it could have a serious negative impact on
all hosting and outsourcing services, resulting in a 25 percent decline in the overall IT services market, or
about $180 billion in losses.49
Recent reports suggest that things are, in fact, moving in the direction that analysts like Castro and
Staten suggested.50 A survey of 1,000 “[Information and Communications Technology (ICT)] decisionmakers” from France, Germany, Hong Kong, the UK, and the USA in February and March 2014 found
that the disclosures “have had a direct impact on how companies around the world think about ICT and
cloud computing in particular.”51 According to the data from NTT Communications, 88 percent of
decision-makers are changing their purchasing behavior when it comes to the cloud, with the vast
majority indicating that the location of the data is very important. The results do not bode well for
recruitment of new customers, either—62 percent of those currently not storing data in the cloud
indicated that the revelations have since prevented them from moving their ICT systems there. And
finally, 82 percent suggested that they agree with proposals made by German Chancellor Angela Merkel
in February 2014 to have separate data networks for Europe, which will be discussed in further detail in
Part III of this report. Providing direct evidence of this trend, Servint, a Virginia-based webhosting
company, reported in June 2014 that international clients have declined by as much as half, dropping
from approximately 60 percent of its business to 30 percent since the leaks began.52
With faith in U.S. companies on the decline, foreign companies are stepping in to take advantage of
shifting public perceptions. As Georg Mascolo and Ben Scott predicted in a joint paper published by the
Wilson Center and the New America Foundation in October 2013, “Major commercial actors on both
continents are preparing offensive and defensive strategies to battle in the market for a competitive
advantage drawn from Snowden’s revelations.”53 For example, Runbox, a small Norwegian company
that offers secure email service, reported a 34 percent jump in customers since June 2013.54 Runbox
markets itself as a safer email and webhosting provider for both individual and commercial customers,
promising that it “will never disclose any user data unauthorized, track your usage, or display any
advertisements.”55 Since the NSA revelations, the company has touted its privacy-centric design and
the fact that its servers are located in Norway as a competitive advantage. “Being firmly located in
Norway, the Runbox email service is governed by strict privacy regulations and is a safe alternative to
American email services as well as cloud-based services that move data across borders and
jurisdictions,” company representatives wrote on its blog in early 2014.56 F-Secure, a Finnish cloud
storage company, similarly emphasizes the fact that “its roots [are] in Finland, where privacy is a fiercely
guarded value.”57 Presenting products and services as ‘NSA-proof’ or ‘safer’ alternatives to Americanmade goods is an increasingly viable strategy for foreign companies hoping to chip away at U.S. tech
competiveness.58
It has ripple effects that will destroy global economic growth
Chandler and Le, 15 - * Director, California International Law Center, Professor of Law and Martin Luther
King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School
AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D.,
University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J.
677, lexis)
C. Economic Development
Many governments believe that by forcing companies to localize data within national borders, they will
increase investment at home. Thus, data localization measures are often motivated, whether explicitly
or not, by desires to promote local economic development. In fact, however, data localization raises
costs for local businesses, reduces access to global services for consumers, hampers local start-ups, and
interferes with the use of the latest technological advances.
In an Information Age, the global flow of data has become the lifeblood of economies across the world.
While some in Europe have raised concerns about the transfer of data abroad, the European
Commission has recognized "the critical importance of data flows notably for the transatlantic
economy." n209 The Commission observes that international data transfers "form an integral part of
commercial exchanges across the Atlantic including for new growing digital businesses, such as social
media or cloud computing, with large amounts of data going from the EU to the US." n210 Worried
about the effect of constraints on data flows on both global information sharing and economic
development, the Organisation for Economic Co-operation and Development (OECD) has urged nations
to avoid "barriers to the location, access and use of cross-border [*722] data facilities and functions"
when consistent with other fundamental rights, in order to "ensure cost effectiveness and other
efficiencies." n211
The worry about the impact of data localization is widely shared in the business community as well. The
value of the Internet to national economies has been widely noted. n212 Regarding Brazil's attempt to
require data localization, the Information Technology Industry Council, an industry association
representing more than forty major Internet companies, had argued that "in-country data storage
requirements would detrimentally impact all economic activity that depends on data flows." n213 The
Swedish government agency, the National Board of Trade, recently interviewed fifteen local companies
of various sizes across sectors and concluded succinctly that "trade cannot happen without data being
moved from one location to another." n214
Data localization, like most protectionist measures, leads only to small gains for a few local enterprises
and workers, while causing significant harms spread across the entire economy . The domestic benefits
of data localization go to the few owners and employees of data centers and the few companies
servicing these centers locally. Meanwhile, the harms of data localization are widespread, felt by small,
medium, and large businesses that are denied access to global services that might improve productivity.
In response to Russia's recently passed localization law, the NGO Russian Association for Electronic
Communications stressed the potential economic consequences, pointing to the withdrawal of global
services and substantial economic losses caused by the passing of similar laws in other countries. n215
For example, besides the loss of international social media platforms, localization would make it
impossible for [*723] Russians to order airline tickets or consumer goods through online services.
Localization requirements also seriously affect Russian companies like Aeroflot because the airline
depends on foreign ticket-booking systems. n216
Critics worried, at the time, that the Brazilian data localization requirement would "deny[] Brazilian
users access to great services that are provided by US and other international companies." n217 Marilia
Marciel, a digital policy expert at Fundacao Getulio Vargas in Rio de Janeiro, observes, "Even Brazilian
companies prefer to host their data outside of Brazil." n218 Data localization affects domestic
innovation by denying entrepreneurs the ability to build on top of global services based abroad.
Brasscom, the Brazilian Association of Information Technology and Communication Companies, argues
that such obligations would "hurt[] the country's ability to create, innovate, create jobs and collect taxes
from the proper use of the Internet." n219
Governments implementing in-country data mandates imagine that the various global services used in
their country will now build infrastructure locally. Many services, however, will find it uneconomical and
even too risky to establish local servers in certain territories. n220 Data centers are expensive, all the
more so if they have the highest levels of security. One study finds Brazil to be the most expensive
country in the Western hemisphere in which to build data centers. n221 Building a data center in Brazil
costs $ 60.9 million on average, [*724] while building one in Chile and the United States costs $ 51.2
million and $ 43 million, respectively. n222 Operating such a data center remains expensive because of
enormous energy and other expenses - averaging $ 950,000 in Brazil, $ 710,000 in Chile, and $ 510,000
in the United States each month. n223 This cost discrepancy is mostly due to high electricity costs and
heavy import taxes on the equipment needed for the center. n224 Data centers employ few workers,
with energy making up three-quarters of the costs of operations. n225 According to the 2013 Data
Centre Risk Index - a study of thirty countries on the risks affecting successful data center operations Australia, Russia, China, Indonesia, India, and Brazil are among the riskiest countries for running data
centers. n226
Not only are there significant economic costs to data localization, the potential gains are more limited
than governments imagine. Data server farms are hardly significant generators of employment,
populated instead by thousands of computers and few human beings. The significant initial outlay they
require is largely in capital goods, the bulk of which is often imported into a country. The diesel
generators, cooling systems, servers, and power supply devices tend to be imported from global
suppliers. n227 Ironically, it is often American suppliers of servers and other hardware that stand to be
the beneficiaries of data localization mandates. n228 One study notes, "Brazilian suppliers of
components did not benefit from this [data localization requirement], since the imported products
dominate the market." n229 By increasing capital purchases from abroad, data localization
requirements can in fact increase merchandise trade deficits. Furthermore, large data farms are [*725]
enormous consumers of energy, n230 and thus often further burden overtaxed energy grids . They
thereby harm other industries that must now compete for this energy, paying higher prices while
potentially suffering limitations in supply of already scarce power.
Cost, as well as access to the latest innovations, drives many e-commerce enterprises in Indonesia to use
foreign data centers. Daniel Tumiwa, head of the Indonesian E-Commerce Association (IdEA), states that
"the cost can double easily in Indonesia." n231 Indonesia's Internet start-ups have accordingly often
turned to foreign countries such as Australia, Singapore, or the United States to host their services. One
report suggests that "many of the "tools' that start-up online media have relied on elsewhere are not
fully available yet in Indonesia." n232 The same report also suggests that a weak local hosting
infrastructure in Indonesia means that sites hosted locally experience delayed loading time. n233
Similarly, as the Vietnamese government attempts to foster entrepreneurship and innovation, n234
localization requirements effectively bar start-ups from utilizing cheap and powerful platforms abroad
and potentially handicap Vietnam from "joining in the technology race." n235
Governments worried about transferring data abroad at the same time hope, somewhat contradictorily,
to bring foreign data within their borders. Many countries seek to become leaders in providing data
centers for companies operating across their regions. In 2010, Malaysia announced its Economic
Transformation Program n236 to transform Malaysia into a world-class data [*726] center hub for the
Asia-Pacific region. n237 Brazil hopes to accomplish the same for Latin America, while France seeks to
stimulate its economy via a "Made in France" digital industry. n238 Instead of spurring local investment,
data localization can lead to the loss of investment. First, there's the retaliation effect. Would countries
send data to Brazil if Brazil declares that data is unsafe if sent abroad? Brasscom notes that the Brazilian
Internet industry's growth would be hampered if other countries engage in similar reactive policies,
which "can stimulate the migration of datacenters based here, or at least part of them, to other
countries." n239 Some in the European Union sympathize with this concern. European Commissioner for
the Digital Agenda, Neelie Kroes, has expressed similar doubts, worrying about the results for European
global competitiveness if each country has its own separate Internet. n240 Then there's the avoidance
effect. Rio de Janeiro State University Law Professor Ronaldo Lemos, who helped write the original
Marco Civil and is currently Director of the Rio Institute for Technology and Society, warns that the
localization provision would have caused foreign companies to avoid the country altogether: "It could
end up having the opposite effect to what is intended, and scare away companies that want to do
business in Brazil." n241 Indeed, such burdensome local laws often lead companies to launch overseas,
in order to try to avoid these rules entirely. Foreign companies, too, might well steer clear of the country
in order to avoid entanglement with cumbersome rules. For example, Yahoo!, while very popular in
Vietnam, places its servers for the [*727] country in Singapore. n242 In these ways we see that data
localization mandates can backfire entirely, leading to avoidance instead of investment.
Data localization requirements place burdens on domestic enterprises not faced by those operating in
more liberal jurisdictions. Countries that require data to be cordoned off complicate matters for their
own enterprises, which must turn to domestic services if they are to comply with the law. Such
companies must also develop mechanisms to segregate the data they hold by the nationality of the data
subject. The limitations may impede development of new, global services. Critics argue that South
Korea's ban on the export of mapping data, for example, impedes the development of next-generation
services in Korea: Technology services, such as Google Glass, driverless cars, and information programs
for visually-impaired users, are unlikely to develop and grow in Korea. Laws made in the 1960s are
preventing many venture enterprises from advancing to foreign markets via location/navigation
services. n243
The harms of data localization for local businesses are not restricted to Internet enterprises or to
consumers denied access to global services. As it turns out, most of the economic benefits from Internet
technologies accrue to traditional businesses. A McKinsey study estimates that about seventy-five
percent of the value added created by the Internet and data flow is in traditional industries, in part
through increases in productivity. n244 The potential economic impact across the major sectors healthcare, manufacturing, electricity, urban infra-structure, security, agriculture, retail, etc. - is
estimated at $ 2.7 to $ 6.2 trillion per year. n245 This is particularly important for emerging economies,
in which traditional industries remain predominant. The Internet raises profits as well, due to increased
revenues, lower costs of goods sold, and lower administrative costs. n246 With data localization
mandates, traditional businesses [*728] will lose access to the many global services that would store or
process information offshore.
Data localization requirements also interfere with the most important trends in computing today. They
limit access to the disruptive technologies of the future, such as cloud computing, the "Internet of
Things," and data-driven innovations (especially those relying on "big data"). Data localization sacrifices
the innovations made possible by building on top of global Internet platforms based on cloud
computing. This is particularly important for entrepreneurs operating in emerging economies that might
lack the infrastructure already developed elsewhere. And it places great impediments to the
development of both the Internet of Things and big data analytics, requiring costly separation of data by
political boundaries and often denying the possibility of aggregating data across borders. We discuss the
impacts on these trends below.
That causes World War 3
James, 14 - Professor of history at Princeton University’s Woodrow Wilson School who specializes in
European economic history (Harold, “Debate: Is 2014, like 1914, a prelude to world war?” 7/3,
http://www.theglobeandmail.com/globe-debate/read-and-vote-is-2014-like-1914-a-prelude-to-worldwar/article19325504/)
Some of the dynamics of the pre-1914 financial world are now re-emerging. Then an economically
declining power, Britain, wanted to use finance as a weapon against its larger and faster growing
competitors, Germany and the United States. Now America is in turn obsessed by being overtaken by
China – according to some calculations, set to become the world’s largest economy in 2014.
In the aftermath of the 2008 financial crisis, financial institutions appear both as dangerous weapons of
mass destruction, but also as potential instruments for the application of national power.
In managing the 2008 crisis, the dependence of foreign banks on U.S. dollar funding constituted a major
weakness, and required the provision of large swap lines by the Federal Reserve. The United States
provided that support to some countries, but not others, on the basis of an explicitly political logic, as
Eswar Prasad demonstrates in his new book on the “Dollar Trap.”
Geo-politics is intruding into banking practice elsewhere. Before the Ukraine crisis, Russian banks were
trying to acquire assets in Central and Eastern Europe. European and U.S. banks are playing a much
reduced role in Asian trade finance. Chinese banks are being pushed to expand their role in global
commerce. After the financial crisis, China started to build up the renminbi as a major international
currency. Russia and China have just proposed to create a new credit rating agency to avoid what they
regard as the political bias of the existing (American-based) agencies.
The next stage in this logic is to think about how financial power can be directed to national advantage
in the case of a diplomatic tussle. Sanctions are a routine (and not terribly successful) part of the
pressure applied to rogue states such as Iran and North Korea. But financial pressure can be much more
powerfully applied to countries that are deeply embedded in the world economy.
The test is in the Western imposition of sanctions after the Russian annexation of Crimea. President
Vladimir Putin’s calculation in response is that the European Union and the United States cannot
possibly be serious about the financial war. It would turn into a boomerang: Russia would be less
affected than the more developed and complex financial markets of Europe and America.
The threat of systemic disruption generates a new sort of uncertainty, one that mirrors the decisive
feature of the crisis of the summer of 1914. At that time, no one could really know whether clashes
would escalate or not. That feature contrasts remarkably with almost the entirety of the Cold War,
especially since the 1960s, when the strategic doctrine of Mutually Assured Destruction left no doubt
that any superpower conflict would inevitably escalate.
The idea of network disruption relies on the ability to achieve advantage by surprise, and to win at no or
low cost. But it is inevitably a gamble, and raises prospect that others might, but also might not be able
to, mount the same sort of operation. Just as in 1914, there is an enhanced temptation to roll the dice,
even though the game may be fatal.
1ac - plan
Plan:
The United States federal government should limit domestic surveillance of information in the custody
of American companies exclusively to authority under section 702 of the FISA Amendments Act, subject
to the additional use restrictions in Presidential Policy Directive 28.
1ac – solvency
Contention 3 – Solvency
The plan’s curtailment of surveillance of U.S. companies to exclusive section 702
authority is vital to restoring domestic and international trust in surveillance
Eoyang and Bishai, 15 - *Mieke Eoyang is the Director of the National Security Program at Third Way, a
center-left think tank. She previously served as Defense Policy Advisor to Senator Edward M. Kennedy,
and a subcommittee staff director on the House Permanent Select Committee on Intelligence, as well as
as Chief of Staff to Rep. Anna Eshoo (D-Palo Alto); **Chrissy Bishai is a Fellow at Third Way (“Restoring
Trust between U.S. Companies and Their Government on Surveillance Issues” 3/19,
http://www.thirdway.org/report/restoring-trust-between-us-companies-and-their-government-onsurveillance-issues
Fixing the Problem Means Changing the Existing Legal Framework
Currently, the U.S. collects electronic communications under four main authorities.
Four Main Authorities on Electronic Communication
For collection occurring under both 215 and 702, the companies would have been served with an order
compelling production of their data. But outside the U.S., Executive Order 12333,15 the long-standing
guidance for foreign intelligence activities, would govern the kind of collection that has caused
international outrage.
E.O. 12333, signed by President Reagan, set the ground rules and authorization for foreign intelligence
collection when the nation’s primary security threat was the Soviet Union. At that time, traditional
intelligence activities would have been focused on other nation-states—identifying their spies, trying to
recruit spies for the U.S., and trying to steal other countries’ secrets while protecting our own. But the
growth of terrorist groups’ capabilities, and particularly the 9/11 attacks, helped dissolve the separation
between traditional overseas espionage and counter-terrorism.
As the nation was grappling with new threats posed by terrorism, people around the world were sharing
more and more of their information online and using mostly American companies to do so. Yet the legal
framework that had once recognized privacy rights was ill-suited to the Internet Age. The Intelligence
Community’s traditional position that constitutional rights like the Fourth Amendment’s privacy
protections didn’t apply to non-Americans outside the U.S. might have been clear when travelling and
communicating internationally were more difficult. But today’s free-flowing movement of people and
data means that the “nationality” of an individual’s communications is far less obvious.16
While extending constitutional or privacy protections to foreigners abroad is a tricky legal proposition,
for many their data is being held by entities that are entitled to the due process and privacy protections
of the U.S. Constitution: American companies. Our tech firms often act as custodians of other people’s
data, and as such don’t have the same heightened privacy interests as the targets of that data. But
accessing the companies’ data without even giving notice to the owner of the servers raises serious
constitutional questions.
As a politician once famously noted, “corporations are people too.”17 As a legal (if not political) matter,
he was right— these American tech companies are “U.S. Persons ,” and they therefore should know
when the government seeks to access the data they possess. The companies should be entitled to
notice, especially since they can be compelled to cooperate with law enforcement requests to hand over
user data. Those protections should hold true regardless of whether the user data sought by the U.S.
government is that of Americans or non-Americans.
In addition to those privacy protections that all U.S. persons enjoy under the Constitution, both at home
and abroad, surveillance reform should meet the following principles when dealing with information
about or from Americans:
The U.S. government should have a process, consistent with the Constitution, to acquire from
companies the information that it needs to secure the country.
The U.S. government should have a national security reason to collect the information that it requests.
U.S. companies should not have to fear unauthorized access to their data or products from their own
government.
Any process to acquire information from U.S. companies should have safeguards to prevent misuse or
intentional over-collection.
The Solution
Include Overseas Collection from American Companies in Existing Statutory Frameworks
In order to meet the principles above, we propose that FAA’s 702 framework be the exclusive means
for conducting electronic surveillance when the information is in the custody of an American company
(“FAA Exclusivity”). Section 702 of FAA provides procedures to authorize data collection of foreign
targets reasonably believed to be outside the U.S. It empowers the Attorney General (AG) and Director
of National Intelligence (DNI) to jointly certify a high volume of targeting and does not require the
requesters to identify specific non-U.S. persons who will be targeted. Under this 702 framework,
information on foreigners that’s in the custody of a U.S. company should be subject to the following
rules:
The data must relate to targets “reasonably believed” to be outside the U.S. (can include foreign
persons, governments or their factions and similar entities).
The AG and DNI must jointly submit annual “certifications” to the Foreign Intelligence Surveillance Court
(FISC).
Certifications must identify categories of foreign intelligence targets that the Government wants to
surveil electronically; they do not need to identify specific persons to be targeted.
Certifications may include information or representations from other federal agencies authorized to
cooperate with the AG, DNI, or Director of the NSA.
Certifications must be reviewed by the FISC, which can authorize the targeting if they deem that the
statutory requirements have been met.
After the certifications are approved, the AG and DNI issue (written) “directives” to the providers,
ordering them to assist the government.
Collection should be executed with the appropriate “minimization procedures” in place to limit the
acquisition, retention, and dissemination of any non–publicly available U.S. person information acquired
through the Section 702 program.
The AG, in consultation with the DNI, must adopt FISC-approved targeting and minimization procedures
that are “reasonably designed” to ensure that the Government does not collect wholly domestic
communications, and that only persons outside the U.S. are surveilled.
The AG and DNI must also create acquisition guidelines (which are not subject to FISC approval).
Advantages of an FAA Framework
Shifting the legal authority for collection of data in the custody of an American company from E.O.
12333 to an FAA framework would have a number of advantages. Most importantly, it would create a
way for the government to get the data it needs from American companies while giving those firms
assurances that their data would not be accessed in other unauthorized ways. In particular, the FAA
framework would create specific purposes for which the information could be sought, rather than allow
the indiscriminate scooping up of every aspect of a person’s communications. FAA’s stated purpose is to
acquire foreign intelligence information, which it defines as "information that relates to the ability of the
U.S. to protect against an actual or potential attack by a foreign power; sabotage, international
terrorism, or the proliferation of weapons of mass destruction by a foreign power; or clandestine
intelligence activities by a foreign power."
The FAA framework would also create a requirement that the Executive Branch explain how the
information sought meets the statutory purposes. And there would be the additional check of an
independent judge who would review the certifications and issue directives. Though this process is ex
parte, and therefore a potential rubber stamp for the government, there have been no documented
instances of intentional abuses of the system in seeking information beyond the statutory purposes.
Finally, the FAA framework would subject information sought from U.S. companies to the statutory
oversight requirements of the law. These are extensive and explicit.18
In addition to FAA’s inherent protections, FAA Exclusivity would send a powerful message to the rest of
the world : when the U.S. conducts electronic surveillance overseas from American companies, it is
doing so for a particular national security purpose. The FAA structure with FISC review provides an
independent check that the statutory purposes are met. Through transparency agreements with the
government, the American companies would be able to provide their customers with some sense of
how many requests are made.
FAA Exclusivity would not change the E.O. 12333 authorities with respect to non-U.S. companies. It
would not change E.O. 12333 authorities when the Executive Branch seeks to obtain the information in
some way other than through a U.S. company that holds the data (i.e. traditional espionage, like
breaking into a target’s laptop, parking a surveillance van outside their house, or sending a spy, would
still be permissible).
Of course, FAA Exclusivity wouldn’t solve every problem. It would not prevent foreign governments from
collecting information themselves and then providing it to U.S. intelligence agencies, as U.S. law cannot
bind a foreign government. And some may argue that FAA provides inadequate civil liberties protections
for Americans. This proposal says nothing about the adequacy of that statute in this respect. What it
says is that for data held by an American company about a target that is not a U.S. person, the checks
within FAA are stronger than those solely under E.O. 12333.
Others have argued that the FAA shifts the burden of cooperation solely onto the company, which will
suffer greater reputational harm as a more witting participant in affirmatively granting the government’s
requests. However, companies have suffered reputational harm as a result of allegations of unwitting
cooperation. Making the cooperation known, even if it’s secret, gives the companies the opportunity to
account for it in their own planning.
The move by certain U.S. companies to place subsidiaries in foreign ownership to resist requests by the
U.S. government presents an interesting twist on this idea. In shifting the balance back to increased
protections for U.S. companies, this legislation would change the incentives so that claiming U.S. law
would have operational advantages in giving companies uniformity of law for all their data. This would
also encourage the use of a single choice of law for all data governed by a company—that of the
nationality of incorporation—rather than encouraging a choice of law patchwork to govern the data as it
flows around the world.
Finally, some foreign multinational companies operating in the U.S. and abroad may argue that this is
inconsistent with principles that we treat all companies operating in the U.S. the same way for purposes
of law. While that would remain true under this proposal, it would create a difference in how the U.S.
treats U.S. companies operating abroad compared to how it treats foreign companies abroad. But
stretching the U.S. Constitution to foreign companies abroad is to stretch the document too far. If, on
the other hand, those companies see advantage in changing their nationality to U.S. in order to claim
protections of those laws, then that is the corporate version of the kind of immigration patterns that
America has seen since its founding.
Conclusion
Using FAA’s framework as the exclusive means to access data that U.S. companies are holding will give
the Intelligence Community a statutory framework to be able to get the intelligence information that it
needs to protect the nation while restoring the trust relationship between the companies and our
government. In addition, it will help restore the faith of foreign governments and customers that when
American companies are acting overseas, they bring with them American values, including those of
privacy protections.
Applying the restrictions of PPD-28 to section 702 eliminates all negative perceptions
of overbreadth
Nojeim, 14 - Director, Project on Freedom, Security & Technology at the Center for Democracy &
Technology (Greg, “COMMENTS TO THE PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD REGARDING
REFORMS TO SURVEILLANCE CONDUCTED PURSUANT TO SECTION 702 OF FISA” 4/11)
To address the problem of overbreadth in Section 702 collection, PCLOB should recommend that Section
702 surveillance be conducted only for carefully defined national security purposes. While there are
different ways to do this, the best way would be to turn the “use restrictions” in PPD-28 that govern
bulk collection into the permissible purposes for Section 702 surveillance.
This would require that collection pursuant to Section 702 only occur for purposes of detecting and
countering: (1) espionage and other threats and activities directed by foreign powers or their
intelligence services against the United States and its interests, (2) threats to the United States and its
interests from terrorism, (3) threats to the United States and its interests from the development,
possession, proliferation, or use of weapons of mass destruction, (4) cybersecurity threats, (5) threats to
U.S. or allied Armed Forces or other U.S or allied personnel, and (6) transnational criminal threats,
including illicit finance and sanctions evasion related to the other purposes named above. This change
would provide significant comfort to non-U.S. persons abroad who are concerned about the impact on
their human rights that Section 702 surveillance would otherwise have. Indeed, it would increase the
likelihood that Section 702 surveillance would meet human rights standards.
It would also focus Section 702 surveillance on true national security threats and still provide significant
leeway to intelligence officials. We note that each time intelligence officials at the March 19 PCLOB
hearings on Section 702 described the DNI certifications that identify the categories of foreign
intelligence information that may be collected pursuant to Section 702, they mentioned one of these six
categories of information.
Another way to limit to national security the purposes for collection pursuant to Section 702 would be
to remove “the conduct of foreign affairs” as a basis for collection. If adopted, this reform would permit
collection under Section 702 for the purpose of obtaining (1) information that relates to the ability of
the U.S. to protect against a hostile attack, espionage, sabotage or international terrorism or
proliferation of weapons of mass destruction, or (2) information with respect to a foreign territory or
foreign power (a foreign government, political party, or entity controlled by a foreign government, or a
foreign terrorist organization) that relates to the security of the U.S. Such a change would be consistent
with the stated counterterrorism purpose of Section 702. Refining the purpose for which surveillance
under Section 702 may be conducted would not prevent the Intelligence Community from gathering
information related to the conduct of foreign affairs, but rather would merely remove the highly
invasive practice of compelled company disclosure of communications content absent judicial review as
a means of doing so.
Curtailing the use of surveillance on US-based servers to national security interests
and increasing transparency regarding surveillance is vital to restoring trust and US
credibility
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
The NSA mass surveillance programs described in the introduction, conducted domestically pursuant to
USA PATRIOT Act Section 215 and FISA Amendments Act Section 702 and conducted outside the U.S.
under Executive Order 12333, have arguably had the greatest and most immediate impact on America’s
tech industry and global standing. Strictly limiting the scope and purpose of surveillance under these
authorities—not just in regard to surveillance of Americans but of non-Americans as well —will be
critical to regaining the trust of individuals, companies and countries around the world, as well as
stemming the economic and political costs of the NSA programs.
The President’s NSA Review Group acknowledged the need for such reform in its report on surveillance
programs, affirming that “the right of privacy has been recognized as a basic human right that all nations
should respect,” and cautioned that “unrestrained American surveillance of non-United States persons
might alienate other nations, fracture the unity of the Internet, and undermine the free flow of
information across national boundaries.”324 In addition to recommending a variety new protections for
U.S. persons, the Review Group urged in its Recommendation 13 that surveillance of non-U.S. persons
under Section 702 or “any other authority”—a reference intended to include Executive Order 12333325
— should be strictly limited to the purpose of protecting national security, should not be used for
economic espionage, should not be targeted based solely on a person’s political or religious views, and
should be subject to careful oversight and the highest degree of transparency possible.326 Fully
implementing this recommendation—and particularly restricting Section 702 and Executive Order 12333
surveillance to specific national security purposes rather than foreign intelligence collection generally—
would indicate significant progress toward addressing the concerns raised in the recent Report of the
Office of the United Nations High Commissioner for Human Rights on “The Right to Privacy in the Digital
Age.” The UN report highlights how, despite the universality of human rights, the common distinction
between “‘foreigners’ and ‘citizens’…within national security surveillance oversight regimes” has
resulted in “significantly weaker – or even non-existent – privacy protection for foreigners and noncitizens, as compared with those of citizens.”327
The leading legislative reform proposal in the U.S. Congress, the USA FREEDOM Act, would go a long way
to protecting both U.S. and non-U.S. persons against the bulk collection under Section 215 of records
held by American telephone and Internet companies.328 On that basis, passage of the law would very
much help address the trust gap that the NSA programs have created. However, with regard to Section
702, the bill as originally introduced only added new protections for U.S. persons or for wholly domestic
communications,329 and even those protections were stripped out or weakened in the version of the
bill that was passed by the House of Representatives in May 2014.330 Meanwhile, neither the bill as
introduced nor as passed by the House addresses surveillance conducted extraterritorially under
Executive or 12333. Therefore, even if USA FREEDOM is eventually approved by both the House and the
Senate and signed into law by the President, much more will ultimately need to be done to reassure
foreign users of U.S.-based communications networks, services, and products that their rights are being
respected.
Provide for increased transparency around government surveillance, both from the government and
companies.
Increased transparency about how the NSA is using its authorities, and how U.S. companies do—or do
not—respond when the NSA demands their data is critical to rebuilding the trust that has been lost in
the wake of the Snowden disclosures. In July 2013, a coalition of large Internet companies and advocacy
groups provided a blueprint for the necessary transparency reforms, in a letter to the Obama
Administration and Congress calling for “greater transparency around national security-related requests
by the US government to Internet, telephone, and web-based service providers for information about
their users and subscribers.”331 Major companies including Facebook, Google, and Microsoft—joined
by organizations such as the Center for Democracy and Technology, New America’s Open Technology
Institute, and the American Civil Liberties Union—demanded that the companies be allowed to publish
aggregate numbers about the specific types of government requests they receive, the types of data
requested, and the number of people affected. They also also urged the government to issue its own
transparency reports to provide greater clarity about the scope of the NSA’s surveillance programs.332
“This information about how and how often the government is using these legal authorities is important
to the American people, who are entitled to have an informed public debate about the appropriateness
of those authorities and their use, and to international users of US-based service providers who are
concerned about the privacy and security of their communications,” the letter stated.333
Two months later, many of the same companies and organizations issued another letter supporting
surveillance transparency legislation proposed by Senator Al Franken (D-MN) and Representative Zoe
Lofgren (D-CA) that would have implemented many of the original letter’s recommendations.334
Elements of both bills, consistent with the coalition’s recommendations, were included in the original
version of the USA FREEDOM Act introduced in the House and the Senate—as were new strong
transparency provisions requiring the FISA court to declassify key legal opinions to better educate the
public and policymakers about how it is interpreting and implementing the law. Such strong new
transparency requirements are consistent with several recommendations of the President’s Review
Group335 and would help address concerns about lack of transparency raised by the UN High
Commissioner for Human Rights.336
Unfortunately, all of these transparency provisions from the original USA FREEDOM Act were
substantially weakened in the version of the bill that was passed by the House of Representatives in May
2014.337 Congress will need to include stronger transparency provisions in any final version of the USA
FREEDOM Act if it intends to meaningfully restore trust in the U.S. Internet and telecommunications
industries and stem the loss of business that has begun as a result of the NSA programs. As
commentator Mieke Eoyang put it, “If reforms do not deliver sufficient protections and transparency for
[tech companies’] customers, especially those abroad who have the least constitutional protections,
they will vote with their feet.”338
Recommit to the Internet Freedom agenda in a way that directly addresses issues raised by NSA
surveillance, including moving toward international human-rights based standards on surveillance.
The United States must act immediately to restore the credibility of the Internet Freedom agenda, lest it
become another casualty of the NSA’s surveillance programs. As described in Part IV, various agencies
within the U.S. government have taken initial steps to demonstrate goodwill in this area, particularly
through the NTIA’s announcement that it intends to transition stewardship of the IANA functions to a
global multistakeholder organization and the State Department’s speech outlining six principles to guide
signals intelligence collection grounded in international human rights norms. However, it will take a
broader effort from across the government to demonstrate that the United States is fully committed to
Internet Freedom, including firmly establishing the nature of its support for the evolving
multistakeholder system of Internet governance and directly engaging with issues raised by the NSA
surveillance programs in international conversations.
Supporting international norms that increase confidence in the security of online communications and
respect for the rights of Internet users all around the world is integral to restoring U.S. credibility in this
area. “We have surveillance programmes that abuse human rights and lack in transparency and
accountability precisely because we do not have sufficiently robust, open, and inclusive debates around
surveillance and national security policy,” writes Matthew Shears of the Center for Democracy &
Technology.339 It is time to begin having those conversations on both a national and an international
level, particularly at key upcoming Internet governance convenings including the 2014 Internet
Governance Forum, the International Telecommunications Union’s plenipotentiary meeting, and the
upcoming WSIS+10 review process.340 Certainly, the United States will not be able to continue
promoting the Internet Freedom agenda at these meetings without addressing its national security
apparatus and the impact of NSA surveillance on individuals around the world. Rather than being a
problem, this presents an opportunity for the U.S. to assume a leadership role in the promotion of
better international standards around surveillance practices.
Case extensions
Internet freedom
Surveillance kills Internet freedom
NSA surveillance wrecks US cred in promoting Internet Freedom and spills over to
larger foreign policy cred
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
Mandatory data localization proposals are just one of a number of ways that foreign governments have
reacted to NSA surveillance in a manner that threatens U.S. foreign policy interests, particularly with
regard to Internet Freedom. There has been a quiet tension between how the U.S. approaches freedom
of expression online in its foreign policy and its domestic laws ever since Secretary of State Hillary
Clinton effectively launched the Internet Freedom agenda in January 2010.170 But the NSA disclosures
shined a bright spotlight on the contradiction: the U.S. government promotes free expression abroad
and aims to prevent repressive governments from monitoring and censoring their citizens while
simultaneously supporting domestic laws that authorize surveillance and bulk data collection. As
cybersecurity expert and Internet governance scholar Ron Deibert wrote a few days after the first
revelations: “There are unintended consequences of the NSA scandal that will undermine U.S. foreign
policy interests – in particular, the ‘Internet Freedom’ agenda espoused by the U.S. State Department
and its allies.”171 Deibert accurately predicted that the news would trigger reactions from both
policymakers and ordinary citizens abroad, who would begin to question their dependence on American
technologies and the hidden motivations behind the United States’ promotion of Internet Freedom. In
some countries, the scandal would be used as an excuse to revive dormant debates about dropping
American companies from official contracts, score political points at the expense of the United States,
and even justify local monitoring and surveillance. Deibert’s speculation has so far proven quite
prescient. As we will describe in this section, the ongoing revelations have done significant damage to
the credibility of the U.S. Internet Freedom agenda and further jeopardized the United States’ position
in the global Internet governance debates. Moreover, the repercussions from NSA spying have bled over
from the Internet policy realm to impact broader U.S. foreign policy goals and relationships with
government officials and a range of other important stakeholders abroad. In an essay entitled, “The End
of Hypocrisy: American Foreign Policy in the Age of Leaks,” international relations scholars Henry Farrell
and Martha Finnemore argue that a critical, lasting impact of information provided by leakers like
Edward Snowden is “the documented confirmation they provide of what the United States is actually
doing and why. When these deeds turn out to clash with the government’s public rhetoric, as they so
often do, it becomes harder for U.S. allies to overlook Washington’s covert behavior and easier for U.S.
adversaries to justify their own.”172 Toward the end of the essay, Farrell and Finnemore suggest, “The
U.S. government, its friends, and its foes can no longer plausibly deny the dark side of U.S. foreign policy
and will have to address it head-on.” Indeed, the U.S. is currently working to repair damaged bilateral
and multilateral relations with countries from Germany and France to Russia and Israel,173 and it is
likely that the effects of the NSA disclosures will be felt for years in fields far beyond Internet
policy .174
Wrecks overall internet freedom globally
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
The effects of the NSA disclosures on the Internet Freedom agenda go beyond the realm of Internet
governance . The loss of the United States as a model on Internet Freedom issues has made it harder
for local civil society groups around the world—including the groups that the State Department’s
Internet Freedom programs typically support203—to advocate for Internet Freedom within their own
governments.204 The Committee to Protect Journalists, for example, reports that in Pakistan, “where
freedom of expression is largely perceived as a Western notion, the Snowden revelations have had a
damaging effect. The deeply polarized narrative has become starker as the corridors of power push back
on attempts to curb government surveillance.”205 For some of these groups, in fact, even the
appearance of collaboration with or support from the U.S. government can diminish credibility, making
it harder for them to achieve local goals that align with U.S. foreign policy interests.206 The gap in trust
is particularly significant for individuals and organizations that receive funding from the U.S. government
for free expression activities or circumvention tools. Technology supported by or exported from the
United States is, in some cases, inherently suspect due to the revelations about the NSA’s surveillance
dragnet and the agency’s attempts to covertly influence product development.
Moreover, revelations of what the NSA has been doing in the past decade are eroding the moral high
ground that the United States has often relied upon when putting public pressure on authoritarian
countries like China, Russia, and Iran to change their behavior. In 2014, Reporters Without Borders
added the United States to its “Enemies of the Internet” list for the first time, explicitly linking the
inclusion to NSA surveillance. “The main player in [the United States’] vast surveillance operation is the
highly secretive National Security Agency (NSA) which, in the light of Snowden’s revelations, has come to
symbolize the abuses by the world’s intelligence agencies,” noted the 2014 report.207 The damaged
perception of the United States208 as a leader on Internet Freedom and its diminished ability to
legitimately criticize other countries for censorship and surveillance opens the door
for foreign leaders to justify—and even expand—their own efforts.209 For example, the Egyptian
government recently announced plans to monitor social media for potential terrorist activity, prompting
backlash from a number of advocates for free expression and privacy.210 When a spokesman for the
Egyptian Interior Ministry, Abdel Fatah Uthman, appeared on television to explain the policy, one
justification that he offered in response to privacy concerns was that “the US listens in to phone calls,
and supervises anyone who could threaten its national security.”211 This type of rhetoric makes it
difficult for the U.S. to effectively criticize such a policy. Similarly, India’s comparatively mild response to
allegations of NSA surveillance have been seen by some critics “as a reflection of India’s own aspirations
in the world of surveillance,” a further indication that U.S. spying may now make it easier for foreign
governments to quietly defend their own behavior.212 It is even more difficult for the United States to
credibly indict Chinese hackers for breaking into U.S. government and commercial targets without fear
of retribution in light of the NSA revelations.213 These challenges reflect an overall decline in U.S. soft
power on free expression issues.
Surveillance kills soft power
NSA overreach wrecks US smart power
Donahoe, 14 - Eileen Donahoe served as U.S. ambassador to the United Nations Human Rights Council.
She is a visiting scholar at Stanford University's Freeman Spogli Institute for International Studies (“Why
the NSA undermines national security” Reuters, 3/6, http://blogs.reuters.com/greatdebate/2014/03/06/why-nsa-surveillance-undermines-national-security/
But this zero-sum framework ignores the significant damage that the NSA’s practices have done to U.S.
national security. In a global digital world, national security depends on many factors beyond
surveillance capacities, and over-reliance on global data collection can create unintended security
vulnerabilities.
There’s a better framework than security-versus-privacy for evaluating the national security implications
of mass-surveillance practices. Former Secretary of State Hillary Clinton called it “smart power.”
Her idea acknowledges that as global political power has become more diffuse, U.S. interests and
security increasingly depend on our ability to persuade partners to join us on important global security
actions. But how do we motivate disparate groups of people and nations to join us? We exercise smart
power by inspiring trust and building credibility in the global community.
Developing these abilities is as important to U.S. national security as superior military power or
intelligence capabilities.
I adopted the smart-power approach when serving as U.S. ambassador to the United Nations Human
Rights Council. Our task at the council was to work with allies, emerging democracies and human rightsfriendly governments to build coalitions to protect international human rights. We also built alliances
with civil society actors, who serve as powerful countervailing forces in authoritarian systems. These
partnerships can reinforce stable relationships, which enhances U.S. security.
The NSA’s arbitrary global surveillance methods fly in the face of smart power. In the pursuit of
information, the spy agency has invaded the privacy of foreign citizens and political leaders,
undermining their sense of freedom and security. NSA methods also undercut U.S. credibility as a
champion of universal human rights.
The U.S. model of mass surveillance will be followed by others and could unintentionally invert the
democratic relationship between citizens and their governments. Under the cover of preventing
terrorism, authoritarian governments may now increase surveillance of political opponents.
Governments that collect and monitor digital information to intimidate or squelch political opposition
and dissent can more justifiably claim they are acting with legitimacy.
For human rights defenders and democracy activists worldwide, the potential consequences of the
widespread use by governments of mass surveillance techniques are dark and clear.
Superior information is powerful, but sometimes it comes at greater cost than previously recognized.
When trust and credibility are eroded, the opportunity for collaboration and partnership with other
nations on difficult global issues collapses. The ramifications of this loss of trust have not been
adequately factored into our national security calculus.
What is most disconcerting is that the NSA’s mass surveillance techniques have compromised the
security of telecommunication networks, social media platforms, private-sector data storage and public
infrastructure security systems. Authoritarian governments and hackers now have a roadmap to
surreptitiously tap into private networks for their own nefarious purposes.
By weakening encryption programs and planting backdoor entries to encryption software, the NSA has
demonstrated how it is possible to infiltrate and violate information-security systems. In effect, the spy
agency has modeled anarchic behavior that makes everyone less safe.
Some have argued, though, that there is a big difference between the U.S. government engaging in
mass-surveillance activities and authoritarian governments doing so. That “big difference” is supposed
to be democratic checks and balances, transparency and adherence to the rule of law. Current NSA
programs, however, do not operate within these constraints.
With global standards for digital surveillance now being set, our political leaders must remember that
U.S. security depends upon much more than unimpeded surveillance capabilities. As German Chancellor
Angela Merkel, one of President Barack Obama’s most trusted international partners, has wisely
reminded us, just because we can do something does not mean that we should do it.
National security policies that fail to calculate the real costs of arbitrary mass surveillance threaten to
make us less secure. Without trusted and trusting partners, U.S. priority initiatives in complex global
negotiations will be non-starters.
The president, his advisers and our political leaders should reassess the costs of the NSA’s spy programs
on our national security, our freedom and our democracy. By evaluating these programs through a
smart-power lens, we will be in a stronger position to regain the global trust and credibility so central to
our national security.
Data localization kills internet
Mandatory data localization wrecks US internet company competitiveness and US
internet freedom – also threatens the functioning of the internet itself
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
Some analysts have questioned whether data localization and protection proposals are politically
motivated and if they would actually enhance privacy and security for ordinary individuals living in
foreign countries,160 especially given the existence of similar laws in a number of countries and Mutual
Legal Assistance Treaties (MLATs) between nations that provide cross-border access to data stored for
lawful investigations.161 Yet there is no doubt that American companies will pay a steep price if these
policies move forward. Mandatory data localization laws could lead to soaring costs for major Internet
companies such as Google, Facebook, and Twitter, who would be faced with the choice of investing in
additional, duplicative infrastructure and data centers in order to comply with new regulations or pulling
their business out of the market altogether.162 In testimony before Congress last November, for
example, Google’s Director of Law Enforcement and Information Security suggested that requirements
being discussed in Brazil could be so onerous that they would effectively bar Google from doing business
in the country.163 The penalties that companies face for violating these new rules are also significant. In
some cases, unless U.S. policy changes , it may be virtually impossible for American companies to avoid
violating either domestic or foreign laws when operating overseas.164 The costs and legal challenges
could easily prevent firms from expanding in the first place or cause them to leave existing markets
because they are no longer profitable.165 ITIF’s Daniel Castro has suggested that data privacy rules and
other restrictions could slow the growth of the U.S. technology-services industry by as much as four
percent.166
Data localization proposals also threaten to undermine the functioning of the Internet, which was built
on protocols that send packets over the fastest and most efficient route possible, regardless of physical
location. If actually implemented, policies like those suggested by India and Brazil would subvert those
protocols by altering the way Internet traffic is routed in order to exert more national control over
data.167 The localization of Internet traffic may also have significant ancillary impacts on privacy and
human rights by making it easier for countries to engage in national surveillance, censorship, and
persecution of online dissidents, particularly where countries have a history of violating human rights
and ignoring rule of law.168 “Ironically, data localization policies will likely degrade – rather than
improve – data security for the countries considering them, making surveillance, protection from which
is the ostensible reason for localization, easier for domestic governments, if not foreign powers, to
achieve,” writes Jonah Force Hill.169 The rise in data localization and data protection proposals in
response to NSA surveillance threatens not only U.S. economic interests, but also Internet Freedom
around the world.
Data localization kills internet freedom
Data localization threatens internet freedom – creates a bordered internet
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
The NSA disclosures have prompted some foreign leaders to propose new policies for data localization
and data protection that could have serious ramifications for the Internet ecosystem. In the name of
strengthening privacy and security, many of these changes could hurt American tech companies, impact
the future growth of the network as a whole, and endanger human rights and Internet Freedom.99 In
particular, proposals that would require data localization or strengthen data protection laws could
fundamentally alter the way traffic flows over the Internet and create significant additional compliance
costs for American technology companies operating overseas. Major economic powers such as
Germany, Brazil, and India have discussed requiring that all Internet traffic be routed or stored locally.
Various leaders in these countries have also urged government agencies and their citizens to stop using
American tools altogether because of concerns about backdoors or other arrangements with the
NSA.100 Meanwhile, legislators in the European Union have passed strict new data protection rules for
the continent and considered various privacy-focused proposals, including the development of “national
clouds” and the suspension of key trade agreements with the United States.101 “The vast scale of online
surveillance revealed by Edward Snowden is leading to the breakup of the Internet as countries
scramble to protect privacy or commercially sensitive emails and phone records from UK and US security
services,” reported The Guardian in November 2013.102 In combination, these various proposals could
threaten the Internet economy while endangering privacy and free expression.
Mandatory Data Localization and the Costs of a Bordered Internet
Internet jurisdiction and borders were contentious issues long before the Snowden leaks, but the debate
has become significantly more complex in the past year. For decades, the borderless nature of
cyberspace103 has raised concerns about sovereignty and how governments can regulate and access
their citizens’ personal information or speech when it is stored on servers that may be located all over
the world.104 Various data localization and national routing proposals have been put forth by
governments that seek greater control of the information that flows within their borders, often in order
to make censorship and surveillance over the local population easier.105 On the other side, free speech
advocates, technologists, and civil society organizations generally advocate for a borderless cyberspace
governed by its own set of internationally-agreed upon rules that promote the protection of human
rights, individual privacy, and free expression.106 The revelations about NSA surveillance have
heightened concerns on both sides of this debate. But the disclosures appear to have given new
ammunition to proponents of greater governmental control over traffic and network infrastructure,
accelerating the number and scope of national control proposals from both long-time advocates as well
as governments with relatively solid track records on human rights.107
There are now more than a dozen countries that have introduced or are actively discussing data
localization laws.108 Broadly speaking, data localization can be defined as any measures that
“specifically encumber the transfer of data across national borders,” through rules that prevent or limit
these information flows.109 The data localization proposals being considered post-Snowden generally
require that foreign ICT companies maintain infrastructure located within a country and store some or
all of their data on that country’s users on local servers.110 Brazil, for example, has proposed that
Internet companies like Facebook and Google must set up local data centers so that they are bound by
Brazilian privacy laws.111 The Indian government’s draft policy would force companies to maintain part
of their IT infrastructure in-country, give local authorities access to the encrypted data on their servers
for criminal investigations, and prevent local data from being moved out of country.112 Germany,
Greece, Brunei, and Vietnam have also put forth their own data sovereignty proposals. Proponents
argue that these policies would provide greater security and privacy protection because local servers
and infrastructure can give governments both physical control and legal jurisdiction over the data being
stored on them—although the policies may come with added political and economic benefits for those
countries as well. “Home grown and guaranteed security in data storage, hardware manufacture, cloud
computing services and routing are all part of a new discussion about ‘technological sovereignty,’” write
Mascolo and Scott. “It is both a political response and a marketing opportunity.” 113 At the same time,
data localization can also facilitate local censorship and surveillance, making it easier for governments to
exert control over the Internet infrastructure.
Data localization kills democracy
Data localization rolls back global democracy
Chandler and Le, 15 - * Director, California International Law Center, Professor of Law and Martin Luther
King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School
AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D.,
University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J.
677, lexis)
E. Freedom
Information control is central to the survival of authoritarian regimes. Such regimes require the
suppression of adverse information in order to maintain their semblance of authority. This is because
"even authoritarian governments allege a public mandate to govern and assert that the government is
acting in the best interests of the people." n280 Information that disturbs the claim of a popular
mandate and a beneficent government is thus to be eliminated at all costs. Opposition newspapers or
television is routinely targeted, with licenses revoked or printing presses confiscated. The Internet has
made this process of information control far more difficult by giving many dissidents the ability to use
services based outside the country to share information. The Internet has made it harder, though not
impossible, for authoritarian regimes to suppress their citizens from both sharing and learning
information. n281 Data localization will erode that liberty-enhancing feature of the Internet.
The end result of data localization is to bring information increasingly under the control of the local
authorities, regardless of whether that was originally intended. The dangers inherent in this are plain.
Take the following cases. The official motivation for the Iranian Internet, as set forth by Iran's [*736]
head of economic affairs Ali Aghamohammadi, was to create an Internet that is "a genuinely halal
network, aimed at Muslims on an ethical and moral level," which is also safe from cyberattacks (like
Stuxnet) and dangers posed by using foreign networks. n282 However, human rights activists believe
that "based on [the country's] track record, obscenity is just a mask to cover the government's real
desire: to stifle dissent and prevent international communication." n283 An Iranian journalist agreed,
"this is a ploy by the regime," which will "only allow[] [Iranians] to visit permitted websites." n284 More
recently, even Iran's Culture Minister Ali Janati acknowledged this underlying motivation: "We cannot
restrict the advance of [such technology] under the pretext of protecting Islamic values." n285
Well aware of this possibility, Internet companies have sought at times to place their servers outside the
country in order to avoid the information held therein being used to target dissidents. Consider one
example: when it began offering services in Vietnam, Yahoo! made the decision to use servers outside
the country, perhaps to avoid becoming complicit in that country's surveillance regime. n286 This
provides important context for the new Vietnamese decree mandating local accessibility of data. While
the head of the Ministry of Information's Online Information Section defends Decree 72 as
"misunderstood" and consistent with "human rights commitments," n287 the Committee to Protect
Journalists worries that this decree will require "both local and foreign companies that provide Internet
services ... to reveal the identities of users who violate numerous vague prohibitions against certain
speech in Vietnamese law." n288 As Phil Robertson of Human Rights Watch argues, "This is a law that
has been established for selective persecution. This [*737] is a law that will be used against certain
people who have become a thorn in the side of the authorities in Hanoi." n289
Data localization efforts in liberal societies thus offer cover for more pernicious efforts by authoritarian
states. When Brazil's government proposed a data localization mandate, a civil society organization
focused on cultural policies compared the measure to the goals of China and Iran:
[SEE FIGURE IN ORIGNIAL]
Translated, this reads as follows: "Understand this: storing data in-country is the Internet dream of
China, Iran, and other totalitarian countries, but it is IMPOSSIBLE #MarcoCivil." n290
Thus, perhaps the most pernicious and long-lasting effect of data localization regulations is the template
and precedent they offer to continue and enlarge such controls. When liberal nations decry efforts to
control information by authoritarian regimes, the authoritarian states will cite our own efforts to bring
data within national control . If liberal states can cite security, privacy, law enforcement, and social
economic reasons to justify data controls, so can authoritarian states. Of course, the Snowden
revelations of widespread U.S. surveillance will themselves justify surveillance efforts by other states.
For example, Russia has begun to use NSA surveillance to justify increasing control over companies such
as Facebook and Google. n291 Such rules have led critics to worry about increasing surveillance powers
of the Russian state. n292 Critics caution, "In the future, Russia may even succeed in splintering the web,
[*738] breaking off from the global Internet a Russian intranet that's easier for it to control." n293 Even
though officials describe such rules as being antiterrorist, others see a more sinister motive. The editor
of Agentura.ru, Andrei Soldatov, believes that Zheleznyak's proposal is motivated by the government's
desire to control internal dissent. n294 Ivan Begtin, the director of the group Information Culture,
echoes this, arguing that Zheleznyak's surveillance power "will be yet another tool for controlling the
Internet." n295 Begtin warns, "In fact, we are moving very fast down the Chinese path." n296
Finally, creating a poor precedent for more authoritarian countries to emulate is not the only impact on
liberty of data localization by liberal states. Even liberal states have used surveillance to undermine the
civil rights of their citizens and residents. n297 The proposal for a German "Internetz" has drawn worries
that national routing would require deep packet inspection, raising fears of extensive surveillance. n298
The newspaper Frankfurter Allgemeine argues that not only would a state-sanctioned network provide
"no help against spying," it would lead to "a centralization of surveillance capabilities" for German spy
agencies. n299 India's proposed localization measures in combination with the various surveillance
systems in play - including Aadhaar, CMS, National Intelligence Grid (Natgrid), and Netra - have raised
concerns for human rights, including freedom of expression. n300
[*739] In addition to concerns regarding human rights violations based on surveillance and censorship,
data localization measures also interfere with the freedom of expression - particular the "freedom to
seek, receive and impart information and ideas of all kinds, regardless of frontier[]." n301 Preventing
citizens from using foreign political forums because such use might cause personal data to be stored or
processed abroad might interfere with an individuals' right to knowledge. n302 Armed with the ability to
block information from going out and to filter the information coming in, data location consolidates
power in governments by making available an infrastructure for surveillance and censorship.
Data localization kills cybersecurity
Data localization wrecks cybersecurity
Chandler and Le, 15 - * Director, California International Law Center, Professor of Law and Martin Luther
King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School
AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D.,
University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J.
677, lexis)
Closely related to the goal of avoiding foreign surveillance through data localization is the goal of
protecting the privacy and security of personal information against nongovernmental criminal activities.
As the country studies above show, the laws of many countries make it difficult to transfer personal data
outside of national borders in the name of privacy and security. While these laws are not explicitly
designed to localize data, by creating significant barriers to the export of data, they operate as data
localization measures.
[*719] The irony is that such efforts are likely to undermine, not strengthen, the privacy and security of
the information. n195 First, localized data servers reduce the opportunity to distribute information
across multiple servers in different locations. As we have noted above, the information gathered
together in one place offers a tempting jackpot, an ideal target for criminals. As some computer experts
have noted, "Requirements to localize data ... only make it impossible for cloud service providers to take
advantage of the Internet's distributed infrastructure and use sharding and obfuscation on a global
scale." n196 Sharding is the process in which rows of a database table are held separately in servers
across the world - making each partition a "shard" that provides enough data for operation but not
enough to re-identify an individual. n197 "The correct solution," Pranesh Prakash, Policy Director with
India's Centre for Internet and Society suggests, "would be to encourage the creation and use of decentralised and end-to-end encrypted services that do not store all your data in one place." n198
Second, as we noted above, the Protected Local Provider offering storage and processing services may
be more likely to have weak security infrastructure than companies that continuously improve their
security to respond to the ever-growing sophistication of cyberthieves. As a recent cover feature of the
IEEE Computer Society magazine observes, "The most common threats to data in the cloud involve
breaches by hackers against inadequately protected systems, user carelessness or lack of caution, and
engineering errors." n199 Information technology associations from Europe, Japan, and the United
States have echoed this observation, arguing that "security is a function of how a product is made, used,
and maintained, not by whom or where it is made." n200 When Australia was contemplating a rule
requiring health data to [*720] remain in the country (a rule that was subsequently implemented),
Microsoft made a similar argument. Microsoft argued that the rule might undermine the security of
Australian health information by limiting consumer choice among potential providers and wrote,
"Consumers should have the ability to personally control their [personal electronic health records] by
choosing to have their [personal electronic health records] held by an entity not located within
Australia's territorial boundaries if they believe that entity can provide to them a service that meets
their individual needs." n201
Indeed, countries pushing for data localization themselves are sometimes hotbeds of cybercrimes.
According to experts, "Cyber security is notoriously weak in Indonesia." n202 Indeed, the nation has
been called a "hacker's paradise." n203 One 2013 report on Vietnam suggests that "2,045 agency and
business websites were hacked this year, but the number of cyber security experts was too small to
cope with all of them." n204 Another account suggests that "Brazil is among the main targets of virtual
threats such as malware and phishing." n205 For example, in 2011, hackers stole one billion dollars from
companies in Brazil, as Forbes put it, the "worst prepared nation to adopt cloud technology." n206 At
times, a cybertheft can begin with a domestic burglary, as in the case of one recent European episode.
n207 Or cyberthefts can [*721] be accomplished with a USB "thumb" drive. In January 2014,
information about more than 100 million South Korean credit cards was stolen, likely through an "inside
job" by a contractor armed with a USB drive. n208
Most fundamentally, there is little reason to believe that the personal information of British Columbians
is more secure just because it is stored on a government computer in Vancouver than one owned by
IBM, a few miles further south.
AT: Data localization solves surveillance
Data localization increases the risk of surveillance
Chandler and Le, 15 - * Director, California International Law Center, Professor of Law and Martin Luther
King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School
AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D.,
University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J.
677, lexis)
Fourth, far from making surveillance more difficult for a foreign government, localization requirements
might in fact make it easier. By compelling companies to use local services rather than global ones, there
is a greater likelihood of choosing companies with weak security measures. By [*717] their very nature,
the global services are subject to intense worldwide competition, while local services - protected by the
data localization requirements - might have less need to offer stronger security to attract customers,
and fewer resources to do so, than companies with a global scale. Weaker security makes such systems
easier targets for foreign surveillance. This is what we call the "Protected Local Provider" problem.
Fifth, data localization might actually facilitate foreign surveillance. Centralizing information about users
in a locality might actually ease the logistical burdens of foreign intelligence agencies, which can now
concentrate their surveillance of a particular nation's citizens more easily. We call this the "Jackpot"
problem.
AT: Data localization helps law enforcement
Data localization doesn’t aid law enforcement
Chandler and Le, 15 - * Director, California International Law Center, Professor of Law and Martin Luther
King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School
AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D.,
University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J.
677, lexis)
Equally important, it seems unlikely that data localization will prove an effective means to ensure that
data about their residents is available to law enforcement personnel when they want it. Moreover,
other alternatives are reasonably available to assist law enforcement access to data - alternatives that
are both less trade restrictive and more speech-friendly than data localization.
Data localization will not necessarily provide law enforcement better access to a criminal's data trail
because localization requirements are extremely hard to enforce. They might simply end up driving
potential wrongdoers abroad to less compliant and more secretive services. Indeed, the most lawabiding companies will follow costly data localization rules, while others will simply ignore them,
comforted by the knowledge that such laws are difficult to enforce. Any success with gaining
information from these companies will likely prove temporary, as, over time, potential scofflaws will
become aware of the monitoring and turn to services that intentionally skirt the law. The services
avoiding the law will likely be foreign ones, lacking any [*733] personnel or assets on the ground
against which to enforce any sanction. Thus, understood dynamically, the data localization requirement
will only hamper local and law-abiding enterprises, while driving some citizens abroad.
Law enforcement is, without doubt, a laudable goal, so long as the laws themselves do not violate
universal human rights. Many governments already have authority under their domestic laws to compel
a company operating in their jurisdictions to share data of their nationals held by that company abroad.
A recent study of ten countries concluded that the government already had the right to access data held
extraterritorially in the cloud in every jurisdiction examined. n268 Although the process varied, "every
single country ... vests authority in the government to require a Cloud service provider to disclose
customer data in certain situations, and in most instances this authority enables the government to
access data physically stored outside the country's borders." n269
Even if companies refuse to comply with such orders, or if the local subsidiary lacks the authority to
compel its foreign counterpart to share personal data, governments can resort to information-sharing
agreements. For example, the Convention on Cybercrime, which has been ratified by forty-four
countries including the United States, France, and Germany, n270 obliges Member States to adopt and
enforce laws against cybercrimes and to provide "mutual assistance" to each other in enforcing
cyberoffenses. n271 Many states have entered into specific Mutual Legal Assistance Treaties (MLATs)
with foreign nations. These treaties establish a process that protects the rights of [*734] individuals yet
gives governments access to data held in foreign jurisdictions. Currently, the United States has MLATs in
force with fifty-six countries. n272 The United States also entered into a Mutual Legal Assistance
Agreement (MLAA) with China and Taiwan. n273 All the countries discussed in the country studies
above, with the exception of Indonesia, Kazakhstan, and Vietnam, have MLAT arrangements in force
with the United States. Generally, MLATs "specify which types of requested assistance must be
provided, and which may be refused." n274 Requests for assistance may be refused typically when the
execution of such request would be prejudicial to the state's security or public interest; the request
relates to a political offense; there is an absence of reasonable grounds; the request does not conform
to the MLAT's provisions; or the request is incompatible with the requested state's law. n275 The
explanatory notes to the MLAT between the United States and the European Union observe that a
request for data shall only be denied on data protection grounds in "exceptional cases." n276 At the
same time, there are procedural requirements to help ensure that the information gathering is
supporting a proper governmental investigation. For example, Article 17 of the U.S.-Germany MLAT
provides that the government requesting assistance must do [*735] so in writing and must specify the
evidence or information sought, authorities involved, applicable criminal law provisions, etc. n277
An effective MLAT process gives governments the ability to gather information held on servers across
the world. The International Chamber of Commerce has recognized the crucial role of MLATs in
facilitating the lawful interception of cross-border data flow and stressed the need to focus on MLATs
instead of localization measures. n278 Similarly, the European Commission has recently stressed that
the rebuilding of trust in the U.S.-E.U. relationship must focus in part on a commitment to use legal
frameworks such as the MLATs. n279 Mutual cooperation arrangements are far more likely to prove
effective in the long run to support government information gathering efforts than efforts to confine
information within national borders.
AT: PPD 28 solves
Obama PPD doesn’t solve section 702 perception problems – it’s not applied to it
Nojeim, 14 - Director, Project on Freedom, Security & Technology at the Center for Democracy &
Technology (Greg, “COMMENTS TO THE PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD REGARDING
REFORMS TO SURVEILLANCE CONDUCTED PURSUANT TO SECTION 702 OF FISA” 4/11)
The Presidential Policy Directive that President Obama issued on January 17, 2014 (PPD-28),7 while
remarkable in many ways, does not sufficiently address this problem. It prohibits the government from
collecting signals intelligence for the purpose of suppressing or burdening criticism or dissent, but that
prohibition permits the continued collection of information about such expressive activities merely
because they are relevant to U.S. foreign affairs.
On the other hand, PPD-28 does include very important restrictions on the use of information collected
in bulk for foreign intelligence purposes. They seem carefully thought out, and each permitted use of
information collected in bulk would directly advance U.S. national security interests. These are among
the most significant provisions of PPD-28, but they do not apply to Section 702 because it is not
considered a bulk collection program.8
AT: USA Freedom Act solves
The Freedom Act doesn’t change section 702
Froomkin, 6/2/15 - Dan Froomkin is a reporter, columnist, and editor with a focus on coverage of U.S.
politics and media. During a nearly three-decade long career in journalism, which started in local news,
he has served as the senior Washington correspondent and bureau chief for The Huffington Post, as
editor of WashingtonPost.com, and as deputy editor of NiemanWatchdog.org (Dan, “USA FREEDOM
ACT: SMALL STEP FOR POST-SNOWDEN REFORM, GIANT LEAP FOR CONGRESS” The Intercept,
https://firstlook.org/theintercept/2015/06/02/one-small-step-toward-post-snowden-surveillancereform-one-giant-step-congress/
And while the Freedom Act contains a few other modest reform provisions‚ such as more disclosure and
a public advocate for the secretive Foreign Intelligence Surveillance Court, it does absolutely nothing to
restrain the vast majority of the intrusive surveillance revealed by Snowden.
It leaves untouched formerly secret programs the NSA says are authorized under section 702 of the FISA
Amendments Act, and that while ostensibly targeted at foreigners nonetheless collect vast amounts of
American communications. It won’t in any way limit the agency’s mass surveillance of non-American
communications.
Economy advantage
NSA killing tech competitiveness
Loss of overseas markets wrecks tech competitiveness
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
The economic impact of NSA spying does not end with the American cloud computing industry.
According to The New York Times, “Even as Washington grapples with the diplomatic and political
fallout of Mr. Snowden’s leaks, the more urgent issue, companies and analysts say, is economic.”59 In
the past year, a number of American companies have reported declining sales in overseas markets like
China (where, it must be noted, suspicion of the American government was already high before the NSA
disclosures), loss of customers including foreign governments, and increased competition from non-U.S.
services marketing themselves as ‘secure’ alternatives to popular American products.
There is already significant evidence linking NSA surveillance to direct harm to U.S. economic interests.
In November 2013, Cisco became one of the first companies to publicly discuss the impact of the NSA on
its business, reporting that orders from China fell 18 percent and that its worldwide revenue would
decline 8 to 10 percent in the fourth quarter, in part because of continued sales weakness in China.60
New orders in the developing world fell 12 percent in the third quarter, with the Brazilian market
dropping roughly 25 percent of its Cisco sales.61 Although John Chambers, Cisco’s CEO, was hesitant to
blame all losses on the NSA, he acknowledged that it was likely a factor in declining Chinese sales62 and
later admitted that he had never seen as fast a decline in an emerging market as the drop in China in
late 2013.63 These numbers were also released before documents in May 2014 revealed that the NSA’s
Tailored Access Operations unit had intercepted network gear—including Cisco routers—being shipped
to target organizations in order to covertly install implant firmware on them before they were
delivered.64 In response, Chambers wrote in a letter to the Obama Administration that “if these
allegations are true, these actions will undermine confidence in our industry and in the ability of
technology companies to deliver products globally.”65
Much like Cisco, Qualcomm, IBM, Microsoft, and Hewlett-Packard all reported in late 2013 that sales
were down in China as a result of the NSA revelations.66 Sanford C. Bernstein analyst Toni Sacconaghi
has predicted that after the NSA revelations, “US technology companies face the most revenue risk in
China by a wide margin, followed by Brazil and other emerging markets.”67 Industry observers have also
questioned whether companies like Apple—which hopes to bring in significant revenue from iPhone
sales in China—will feel the impact overseas.68 Even AT&T reportedly faced intense scrutiny regarding
its proposed acquisition of Vodafone, a European wireless carrier, after journalists revealed the extent
of AT&T’s collaboration with the NSA.69
American companies are also losing out on business opportunities and contracts with large companies
and foreign governments as a result of NSA spying. According to an article in The New York Times,
“American businesses are being left off some requests for proposals from foreign customers that
previously would have included them.”70 This refers to German companies, for example, that are
increasingly uncomfortable giving their business to American firms. Meanwhile, the German
government plans to change its procurement rules to prevent American companies that cooperate with
the NSA or other intelligence organizations from being awarded federal IT contracts.71 The government
has already announced it intends to end its contract with Verizon, which provides Internet service to a
number of government departments.72 “There are indications that Verizon is legally required to provide
certain things to the NSA, and that’s one of the reasons the cooperation with Verizon won’t continue,” a
spokesman for the German Interior Ministry told the Associated Press in June.73
The NSA disclosures have similarly been blamed for Brazil’s December 2013 decision to award a $4.5
billion contract to Saab over Boeing, an American company that had previously been the frontrunner in
a deal to replace Brazil’s fleet of fighter jets.74 Welber Barral, a former Brazilian trade secretary,
suggested to Bloomberg News that Boeing would have won the contract a year earlier,75 while a source
in the Brazilian government told Reuters that “the NSA problem ruined it for the Americans.”76 As we
will discuss in greater depth in the next section, Germany and Brazil are also considering data
localization proposals that could harm U.S. business interests and prevent American companies from
entering into new markets because of high compliance costs.
Wrecks the economy and industry reforms alone won’t solve
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
It is abundantly clear that the NSA surveillance programs are currently having a serious, negative impact
on the U.S. economy and threatening the future competitiveness of American technology companies.
Not only are U.S. companies losing overseas sales and getting dropped from contracts with foreign
companies and governments—they are also watching their competitive advantage in fast-growing
industries like cloud computing and webhosting disappear, opening the door for foreign companies who
claim to offer “more secure” alternative products to poach their business. Industry efforts to increase
transparency and accountability as well as concrete steps to promote better security by adopting
encryption and other best practices are positive signs, but U.S. companies cannot solve this problem
alone. “It’s not blowing over,” said Microsoft General Counsel Brad Smith at a recent conference. “In
June of 2014, it is clear it is getting worse, not better .”98 Without meaningful government reform and
better oversight, concerns about the breadth of NSA surveillance could lead to permanent shifts in the
global technology market and do lasting damage to the U.S. economy .
Perception key
The widespread perception that the NSA is acting beyond the established legislative
framework is destroying the reputation of U.S. tech companies
Eoyang and Bishai, 15 - *Mieke Eoyang is the Director of the National Security Program at Third Way, a
center-left think tank. She previously served as Defense Policy Advisor to Senator Edward M. Kennedy,
and a subcommittee staff director on the House Permanent Select Committee on Intelligence, as well as
as Chief of Staff to Rep. Anna Eshoo (D-Palo Alto); **Chrissy Bishai is a Fellow at Third Way (“Restoring
Trust between U.S. Companies and Their Government on Surveillance Issues” 3/19,
http://www.thirdway.org/report/restoring-trust-between-us-companies-and-their-government-onsurveillance-issues
Allegations of intrusive U.S. government electronic surveillance activities have raised international
outcry and created antagonism between U.S. technology companies and the government. Without a
bold and enduring reform, American companies will continue to suffer a competitive disadvantage from
perceptions of U.S. government intrusion into their data. We propose bringing electronic surveillance
collection from U.S. companies into an existing statutory framework in order to reassure international
customers and to respect the rights of U.S. companies operating abroad.
The Problem
In the wake of the Snowden revelations, people around the world have become uneasy about the
security of their communications that flow through the servers of American companies.1 They now
fear—not without reason—that the NSA has broad access to a wide range of their data that may not
have any direct relevance to the core foreign policy or security concerns of the United States.2
Snowden has also alleged that the NSA accessed American companies’ data without their knowledge.3
American technology companies reacted with outrage to media reports that, unbeknownst to them, the
U.S. government had intruded onto their networks overseas and spoofed their web pages or products.4
These stories suggested that the government created and snuck through back doors to take the data
rather than come through well-established front doors.5
Beyond the broad implications for civil liberties and diplomacy, these fears led to two immediate
consequences for the industry: First, many U.S. companies shifted to an adversarial relationship with
their own government. They moved to secure and encrypt their data to protect the privacy rights of
their customers.6 They are pushing for reform.7 They are building state-of-the-art data centers in
Europe and staffing their high-paying jobs with Europeans, not Americans.8 They are challenging the
government in court.9
Second, international customers of U.S. technology and communications companies began taking their
business elsewhere. Brazil decided against a $4.5 billion Boeing deal and cancelled Microsoft
contracts.10 Germany dropped Verizon in favor of Deutsche Telekom.11 Both of these examples suggest
that if even friendly governments can go to the expense and trouble of dropping American companies,
foreign individual and corporate customers could certainly decide to switch their data providers for
greater privacy protection. Simply put, the reputational harm had a direct impact on American
companies’ competitiveness—some estimate that it has cost U.S. tech firms $180 billion thus far.12
Defenders of the programs may argue that the Snowden allegations are overblown or that foreign
companies are just using the revelations for their own protectionist purposes. But it doesn’t matter if
the allegations are actually true because the global public believes them to be true , and they are
therefore real in their consequences.
In many ways, the Snowden revelations have created a sense of betrayal among American companies.
Some had been providing information to the NSA through existing legislative means – either under
Section 215 of the USA Patriot Act,13 or under Section 702 of the FISA Amendments Act (FAA).14 It was
unsettling to read stories that, outside of this statutorily compelled cooperation, the government had
been getting access to huge amounts of their data in other unauthorized ways. As one tech employee
said, “the back door makes a mockery of the front door.”
Privacy key to competitiveness
Failure to provide privacy protections to US persons wrecks US competitiveness
Donohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE
COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117,
Winter, lexis)
The difficulty, for Section 702 purposes, enters in regard to Kennedy's reliance on the rule that he saw as
most consistent with the United States' role as a sovereign nation. n447 "[W]e must interpret
constitutional protections," he wrote, "in light of the undoubted power of the United States to take
actions to assert its legitimate power and authority abroad." n448 What is the scope of the United
States' legitimate power and authority abroad? To what degree is it rooted in the legal status of the
individual against whom the state is acting? And what is the relationship between different forms of
legal relationships and membership in the political community?
Let us focus here on the types of relationships most at issue with regard to Section 702: global electronic
communications. One danger in according non-U.S. persons Fourth Amendment rights via (substantial)
virtual contact with the United States is that individuals could use such contacts to evade detection.
n449 Foreign persons could become members of Amazon Prime, communicate with associates in the
United States via Verizon, and take Massive Open Online Courses (MOOCs) from the latest American
university to offer them, perhaps even in the process obtaining a U.S. college or graduate degree. This
could then become a shield to mask behavior that may undermine U.S. national security.
One response to this might be that in a global communications environment, privacy protections must
be thought about in a broader sense. It matters little whether a customer is French, English, or
American. Privacy rights should be extended to customers by nature of their dual status with U.S.
persons qua customers--or even as a concomitant of their rights as people. This was the thrust of part of
Privacy and Civil Liberties Oversight Board's (PCLOB) analysis that suggested privacy be regarded as a
human right.
There is a realpolitic argument to be made here as well, which ties more directly to U.S. foreign
interests. Namely, U.S. failure to [*228] ensure privacy protections may lead to a loss in U.S.
competitiveness. And economic concerns are central to U.S. national security. Consider the impact of
the public release of information about NSA Section 702 surveillance on the U.S. cloud computing
industry. There was an immediate, detrimental impact on the strength of the U.S. economy. Billions of
dollars are now on the line because of concerns that the services provided by U.S. information
technology companies are neither secure nor private. n450 The Information Technology and Innovation
Foundation estimates that declining revenues of corporations that focus on cloud computing and data
storage alone could reach $ 35 billion over the next three years. n451 Other commentators, such as
Forrester Research analyst James Staten, have put actual losses as high as $ 180 billion by 2016, unless
something is done to restore overseas' confidence in data held by U.S. companies. n452
Failure to extend privacy protections to individuals with substantial connections to the country via
industry would, in this view, make it harder, not easier for the United States to assert its legitimate
power and authority abroad. So, under Kennedy's reasoning, one could argue that Fourth Amendment
rights should be extended to individuals economically tied to U.S. entities. This determination, however,
is ultimately one of policy--not law. Deciding whether a greater national security threat is entailed in loss
of competitiveness of U.S. industry, versus loss of protections extended to non-U.S. persons in the
interests of privacy, is part of the weighing that must be done by the executive branch in pursuing its
interests abroad. In this way, the Rehnquist opinion and [*229] the Kennedy concurrence can be read
as compatible with not extending Fourth Amendment rights to individuals lacking a legal relationship (in
other words, those stemming directly from the individual's status as a member of the political
community). n453
AT: Doesn’t hurt cloud computing
Data localization is an independent internal link
Chandler and Le, 15 - * Director, California International Law Center, Professor of Law and Martin Luther
King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School
AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D.,
University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J.
677, lexis)
Cloud Computing. Data localization requirements will often prevent access to global cloud computing
services. As we have indicated, while governments assume that global services will simply erect local
data server farms, such hopes are likely to prove unwarranted. Thus, local companies will be denied
access to the many companies that might help them scale up, or to go global. n247 Many companies
around the world are built on top of existing global services. Highly successful companies with Indian
origins such as Slideshare and Zoho relied on global services such as Amazon Web Services and Google
Apps. n248 A Slideshare employee cites the scalability made possible by the use of Amazon's cloud
services, noting, "Sometimes I need 100 servers, sometimes I only need 10." n249 A company like Zoho
can use Google Apps, while at the same time competing with Google in higher value-added services.
n250 [*729] Accessing such global services thus allows a small company to maintain a global presence
without having to deploy the vast infrastructure that would be necessary to scale as needed.
The Internet of Things. As the world shifts to Internet-connected devices, data localization will require
data flows to be staunched at national borders, requiring expensive and cumbersome national
infrastructures for such devices. This erodes the promise of the Internet of Things - where everyday
objects and our physical surroundings are Internet-enabled and connected - for both consumers and
businesses. Consumer devices include wearable technologies that "measure some sort of detail about
you, and log it." n251 Devices such as Sony's Smartband allied with a Lifelog application to track and
analyze both physical movements and social interactions n252 or the Fitbit n253 device from an
innovative start-up suggest the revolutionary possibilities for both large and small manufacturers. The
connected home and wearable computing devices are becoming increasingly important consumer
items. n254 A heart monitoring system collects data from patients and physicians around the world and
uses the anonymized data to advance cardiac care. n255 Such devices collect data for analysis typically
on the company's own or outsourced computer servers, which could be located anywhere across the
world. Over this coming decade, the Internet of Things is estimated to generate $ 14.4 trillion in value
that is "up for grabs" for global enterprises. n256 Companies are also adding Internet sensors not just to
consumer products but to their own equipment and facilities around the world through RFID tags or
through other devices. The oil industry has embraced what has come to be known as the "digital oil
field," where real-time [*730] data is collected and analyzed remotely. n257 While data about oil flows
would hardly constitute personal information, such data might be controlled under laws protecting
sensitive national security information. The Internet of Things shows the risks of data localization for
consumers, who may be denied access to many of the best services the world has to offer. It also shows
the risk of data localization for companies seeking to better monitor their systems around the world.
Data Driven Innovation (Big Data). Many analysts believe that data-driven innovations will be a key basis
of competition, innovation, and productivity in the years to come, though many note the importance of
protecting privacy in the process of assembling ever-larger databases. n258 McKinsey even reclassifies
data as a new kind of factor of production for the Information Age. n259 Data localization threatens big
data in at least two ways. First, by limiting data aggregation by country, it increases costs and adds
complexity to the collection and maintenance of data. Second, data localization requirements can
reduce the size of potential data sets, eroding the informational value that can be gained by crossjurisdictional studies. Large-scale, global experiments technically possible through big data analytics,
especially on the web, may have to give way to narrower, localized studies. Perhaps anonymization will
suffice to comport with data localization laws and thus still permit cross-border data flow, but this will
depend on the specifics of the law.
Solvency
Solvency – global modeling
The plan restores US cred as a global leader on privacy by limiting the FAA
Edgar, 4/13/15 - visiting fellow at the Institute and adjunct professor of law at the Georgetown
University Law Center (Timothy, “The Good News About Spying”
https://www.foreignaffairs.com/articles/united-states/2015-04-13/good-news-about-spying
NEXT STEPS
Has surveillance reform gone far enough? Hardly. Obama has taken the first steps, but the government
should take six more to enhance public confidence in surveillance programs.
First, the intelligence community should do even more to increase transparency. IC on the Record is a
good start, but it is mostly reactive, providing context to programs that Snowden had already leaked.
The intelligence community should continue to release as much as it possibly can about surveillance
programs without compromising sources and methods—even if they have not been leaked. Given
Snowden’s widespread public acclaim, coming clean about such controversial intelligence programs is
not just good government, but also provides the surest way to preserve vital intelligence capabilities.
With greater transparency, intelligence agencies can stay one step ahead of future leakers and earn
back the trust of a skeptical public.
The United States should also pivot from its defensive position and take the lead on global privacy. The
United States has an impressive array of privacy safeguards, and it has even imposed new ones that
protect citizens of every country. Despite their weaknesses, these safeguards are still the strongest in
the world. The U.S. government should not be shy about trumpeting them, and should urge other
countries to follow its lead. It could begin by engaging with close allies, like the United Kingdom,
Germany, and other European countries, urging them to increase transparency and judicial supervision
of their own communications surveillance activities.
The government also needs to finish the job on telephone records. The law that allows for bulk
collection of telephone records is set to expire on June 1, 2015. Congress should act now to pass
sensible reforms that would replace bulk collection with a privacy-preserving alternative. The only truly
viable option remains the bill that died in November last year.
Washington also needs to work with U.S. technology companies to reform PRISM and other surveillance
programs that have been an embarrassment for U.S. companies. Congress should narrow the FISA
Amendments Act of 2008 that authorizes PRISM. That law allows the government to obtain secret court
orders targeting communications that include foreign participants of interest to the NSA with the
compelled assistance of U.S. companies. Congress could start by limiting such orders to the same six
specific serious security threats that are included in Obama’s policy directive for bulk signals intelligence
collection.
AT: Companies suffer reputational costs
FAA exclusivity on balance protects companies from reputational consequences
Eoyang and Bishai, 15 - *Mieke Eoyang is the Director of the National Security Program at Third Way, a
center-left think tank. She previously served as Defense Policy Advisor to Senator Edward M. Kennedy,
and a subcommittee staff director on the House Permanent Select Committee on Intelligence, as well as
as Chief of Staff to Rep. Anna Eshoo (D-Palo Alto); **Chrissy Bishai is a Fellow at Third Way (“Restoring
Trust between U.S. Companies and Their Government on Surveillance Issues” 3/19,
http://www.thirdway.org/report/restoring-trust-between-us-companies-and-their-government-onsurveillance-issues
Others have argued that the FAA shifts the burden of cooperation solely onto the company, which will
suffer greater reputational harm as a more witting participant in affirmatively granting the government’s
requests. However, companies have suffered reputational harm as a result of allegations of unwitting
cooperation. Making the cooperation known, even if it’s secret, gives the companies the opportunity to
account for it in their own planning.
AT: Foreign servers
Plan reverses incentives for companies to shift to foreign subsidiaries
Eoyang and Bishai, 15 - *Mieke Eoyang is the Director of the National Security Program at Third Way, a
center-left think tank. She previously served as Defense Policy Advisor to Senator Edward M. Kennedy,
and a subcommittee staff director on the House Permanent Select Committee on Intelligence, as well as
as Chief of Staff to Rep. Anna Eshoo (D-Palo Alto); **Chrissy Bishai is a Fellow at Third Way (“Restoring
Trust between U.S. Companies and Their Government on Surveillance Issues” 3/19,
http://www.thirdway.org/report/restoring-trust-between-us-companies-and-their-government-onsurveillance-issues
The move by certain U.S. companies to place subsidiaries in foreign ownership to resist requests by the
U.S. government presents an interesting twist on this idea. In shifting the balance back to increased
protections for U.S. companies, this legislation would change the incentives so that claiming U.S. law
would have operational advantages in giving companies uniformity of law for all their data. This would
also encourage the use of a single choice of law for all data governed by a company—that of the
nationality of incorporation—rather than encouraging a choice of law patchwork to govern the data as it
flows around the world.
Off-case answers
AT: T – domestic
A US persons standard avoids the problems with geographic limits on the internet
Donohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE
COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117,
Winter, lexis)
To the extent that the interception of U.S. persons' communications constitutes a search or seizure
within the meaning of the Fourth Amendment, it would appear that, at least at the front [*230] end,
U.S. persons are entitled to protections. n456 The inspection and collection of content falls within the
meaning of a search and seizure under the Fourth Amendment.
Just as virtual entry into the United States should not matter for purposes of setting a threshold for
application of the Fourth Amendment to aliens, use of global communications should not thereby divest
U.S. persons of their constitutional protections. This approach is consistent with the geographic focus of
the Courts in regard to the Fourth Amendment. It does not hinge constitutional protections on
movement along global communications networks--itself an untenable proposition in light of how
information flows over the Internet.
If the courts, for instance, were to construct a rule that said that U.S. persons sending information
outside the United States lose the protections of the Fourth Amendment in the privacy afforded those
communications, it would be difficult to police. This rule assumes that individuals have control over
whether their communications leave domestic bounds. They do not. The Internet is constructed to find
the most efficient route between two ISP addresses. This means that even domestic communications
may be routed internationally. Individuals have no control over how their messages are conveyed. At
the back end, the government would have to be able to ascertain which messages originated within the
United States and then left U.S. bounds. But the NSA claims that it does not have the appropriate
technologies to make this call.
As a result, the effect of this rule would essentially be to assume that every time a U.S. person
communicates, she loses constitutional protections in the content of those communications. This would
eviscerate the meaning of the Fourth Amendment. It would assume that U.S. persons have no
reasonable expectation of privacy in their communications, regardless of whether they flow across
international borders.
The Supreme Court can avoid this conclusion by underscoring the status of the individual as Rehnquist
articulated for the majority in Verdugo-Urquidez: emphasizing membership in the political community .
Where established, the protection of the Fourth Amendment applies.
The NSA intercepts upstream data by tapping directly into US service providers
Donohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE
COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117,
Winter, lexis)
A follow-up article two days later printed another slide depicting both PRISM and "upstream" collection
of communications on fiber cables and infrastructure ("[c]ollection directly from the servers of . . . U.S.
Service Providers.") n8 Upstream interception allowed the NSA to acquire Internet communications "as
they [*121] transit the 'internet backbone' facilities." n9 The NSA could collect all traffic crossing
Internet cables--not just information targeted at specific Internet Protocol (IP) addresses or telephone
number. The potential yield was substantial: in the first six months of 2011, the NSA acquired more than
13.25 million Internet transactions through its upstream collection. n10 The slide urged analysts to use
both PRISM and upstream collection to obtain information. n11
Within days of the releases, the intelligence community acknowledged the existence of the programs.
n12 In August 2013 the Director of National Intelligence, James Clapper, offered further confirmation,
noting that PRISM had been in operation since Congress had passed the 2008 FISA Amendments Act.
n13 He declassified eight documents, n14 and by the end of the month, he had announced that the
intelligence community would release the total [*122] number of Section 702 orders issued, and
targets thereby affected, on an annual basis. n15
NSA interpretation of the FAA means in practice PRISM targets domestic
communications
Donohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE
COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117,
Winter, lexis) FAA = 2008 FISA Amendments Act
The Article next turns to statutory issues related to targeting, post-targeting analysis, and the retention
and dissemination of information. It argues that the NSA has sidestepped FAA restrictions by adopting
procedures that allow analysts to acquire information not just to or from, but also "about" targets. In its
foreignness determination the agency assumes, absent evidence to the contrary, that the target is a
non-U.S. person located outside domestic bounds. And weak standards mark the foreign intelligence
purpose determination. Together, these elements allow for the broad collection of U.S. persons'
international communications, even as they open the door to the interception of domestic
communications . In regard to post-targeting analysis, the Article draws attention to the intelligence
community's use of U.S. person information to query data obtained under Section 702, effectively
bypassing protections Congress introduced to prevent reverse targeting. The Article further notes in
relation to retention and dissemination that increasing consumer and industrial reliance on
cryptography means that the NSA's retention of encrypted data may soon become the exception that
swallows the rule.
In its constitutional analysis, the Article finds certain practices instituted under Section 702 to fall
outside acceptable Fourth Amendment bounds. Although lower courts had begun to recognize a
domestic foreign intelligence exception to the warrant clause, in 1978 Congress introduced FISA to be
the sole means via which domestic foreign intelligence electronic intercepts could be undertaken.
Consistent with separation of powers doctrine, this shift carried constitutional meaning. Internationally,
practice and precedent prior to the FAA turned on a foreign intelligence exception. But in 2008 Congress
altered the status quo, introducing individualized judicial review into the process. Like FISA, the FAA
carried constitutional import.
[*124] If that were the end of the story, one could argue that the incidental collection of U.S. persons'
information, as well as the interception of domestic conversations ought to be regarded in Justice
Jackson's third category under Youngstown Sheet & Tube Co. v. Sawyer. n18 Renewal in 2012, however,
points in the opposite direction. The NSA's actions, for purposes of the warrant clause, appear to be
constitutionally sufficient insofar as foreign intelligence gathering to or from non-U.S. persons is
concerned. The tipping point comes with regard to criminal prosecution. Absent a foreign intelligence
purpose, there is no exception to the warrant requirement for the query of U.S. persons' international
or domestic communications.
Although a warrant is not required for foreign intelligence collection overseas, the interception of
communications under Section 702 must still comport with the reasonableness requirements of the
Fourth Amendment. A totality of the circumstances test, in which the significant governmental interest
in national security is weighed against the potential intrusion into U.S. persons' privacy, applies. The
incidental collection of large quantities of U.S. persons' international communications, the scanning of
content for information "about" non-U.S. person targets, and the interception of non-relevant and
entirely domestic communications in multi-communication transactions, as well as the query of data
using U.S. person identifiers, fall outside the reasonableness component of the Fourth Amendment.
The Article concludes by calling for renewed efforts to draw a line between foreign intelligence
gathering and criminal law and to create higher protections for U.S. persons, to ensure that the United
States can continue to collect critical information, while remaining consistent with the right to privacy
embedded in the Fourth Amendment.
NSA overreach means it inevitably monitors domestic internet communications –
rerouting, MCTs, and ‘about’ communications
Donohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE
COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117,
Winter, lexis)
Three points related to the volume and intrusiveness of the resulting surveillance deserve notice. First,
to obtain "about" communications, because of how the Internet is constructed, the NSA must monitor
large amounts of data. n180 That is, if the NSA may [*163] collect not just e-mail to or from the target's
e-mail account (badguy@ISP.com), but, in addition, other communications happening to mention
badguy@ISP.com that pass through the collection point, then the NSA is monitoring a significant
amount of traffic. And the agency is not just considering envelope information (for example, messages
in which the selector is sending, receiving, or copied on the communication) but the actual content of
messages. n181
Second, wholly domestic conversations may become swept up in the surveillance simply by nature of
how the Internet is constructed. Everything one does online involves packets of information. Every Web
site, every e-mail, every transfer of documents takes the information involved and divides it up into
small bundles. Limited in size, these packets contain information about the sender's IP address, the
intended receiver's IP address, something that indicates how many packets the communication has
been divvied up into, and what number in the chain is represented by the packet in question. n182
Packet switched networks ship this information to a common destination via the most expedient route-one that may, or may not, include the other packets of information contained in the message. If a
roadblock or problem arises in the network, the packets can then be re-routed, to reach their final
destination. Domestic messages may thus be routed through international servers, if that is the most
efficient route to the final destination.
What this means is that even if the NSA applies an IP filter to eliminate communications that appear to
be within the United States, it may nevertheless monitor domestic conversations by nature of them
being routed through foreign servers. In this manner, a student in Chicago may send an e-mail to a
student in Boston [*164] that gets routed through a server in Canada. Through no intent or design of
the individual in Chicago, the message becomes international and thus subject to NSA surveillance.
Third, further collection of domestic conversations takes place through the NSA's intercept of what are
called multi-communication transactions, or MCTs. It is important to distinguish here between a
transaction and a communication. Some transactions have only single communications associated with
them. These are referred to as SCTs. Other transactions contain multiple communications. If even one of
the communications in an MCT falls within the NSA's surveillance, all of the communications bundled
into the MCT are collected.
The consequence is of significant import. FISC estimated in 2011 that somewhere between 300,000 and
400,000 MCTs were being collected annually on the basis of "about" communication--where the "active
user" was not the target. So hundreds of thousands of communications were being collected that did
not include the target as either the sender or the recipient of the communication. n183
PRISM allows reverse-targeting: targeting someone outside the United States to
collect information about someone in the United States
Donohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE
COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117,
Winter, lexis)
B. Post-Targeting Analysis
Section 702 makes it illegal to target someone outside the United States, where the purpose of the
acquisition is to obtain information about a person known to be within domestic bounds. This practice,
known as "reverse targeting," was central to Congressional debates. n308 Representative Langevin
explained that the insertion of FISC would "ensure that the government's efforts are not aimed at
targeting Americans, the so-called reverse targeting that we're all concerned about; and that if an
American's communications is [sic] inadvertently intercepted, it is dealt with in a manner that
guarantees legal protections." n309
Despite Congress' concern about reverse targeting, the NSA instituted and the FISC approved a rule
change in October 2011 to make it possible to query the content of communications obtained under
Section 702 using U.S. person names and identifiers for information obtained via PRISM and upstream
telephony collection. n310 [*196] The relevant definition in the 2011 minimization procedures is
largely consistent with its 2009 predecessor:
Identification of a United States person means the name, unique title, address, or other personal
identifier of a United States person in the context of activities conducted by that person or activities
conducted by others that are related to that person. A reference to a product by brand name, or
manufacturer's name or the use of a name in a descriptive sense, e.g., "Monroe Doctrine," is not an
identification of a United States person. n311
The NSA may query data obtained under Section 702 by using the names, titles, or addresses of U.S.
persons, or any other information that may be related to the individual and his or her activities. If the
intelligence community would like to query the data based on, for instance, membership in the Council
on Foreign Relations--on the grounds that such queries are likely to yield foreign intelligence
information--it may now do so.
In March 2014, the Director of National Intelligence, James Clapper, confirmed in a letter to Senator Ron
Wyden that the [*197] NSA had queried Section 702 data "using U.S. person identifiers." n312 The
following month, the NSA's Privacy and Civil Liberties Officer reiterated Clapper's statement. n313
Pressed during a June 2014 hearing for the number of queries using U.S. person identifiers, Clapper
responded by noting that in 2013, the NSA approved 198 U.S. person identifiers for querying the content
of Section 702 communications, even as it queried Section-702-acquired metadata approximately 9,500
times. n314
FISC has upheld the reading of the statute supporting use of U.S. person identifiers. n315 In its October
2011 opinion, the Court explained:
The procedures previously approved by the Court effectively impose a wholesale bar on queries using
United States-Person identifiers. The government has broadened Section 3(b)(5) to allow NSA to query
the vast majority of its Section 702 collection using United States-Person identifiers, subject to approval
pursuant to internal NSA procedures and oversight by the Department of Justice. Like all other NSA
queries of the Section 702 collection, queries using United States-person identifiers would be limited to
those reasonably likely to yield foreign intelligence information. n316
The Court did not find this problematic. Because the collection of the information centered on non-U.S.
persons located outside the country, it would be less likely, in the aggregate, "to result in the acquisition
of nonpublic information regarding nonconsenting United States persons." n317
[*198] As a practical matter, what this rule change means is that U.S. person information that is
incidentally collected via Section 702 can now be mined using U.S. person information as part of the
queries. This circumvents Congress's requirements in Sections 703 and 704 that prior to U.S. person
information being obtained (and therefore prior to it being analyzed), the government be required to
appear before a court to justify placing a U.S. person under surveillance.
Section 702 authorizes a broad bulk collection of data – inevitably includes collection
from U.S. persons on a large scale
Donohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE
COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117,
Winter, lexis)
II. PROGRAMMATIC COLLECTION n143
Almost immediately after passage of the FAA, members of Congress, scholars, and others began
criticizing Section 702 because [*154] of the potential for the government to use the authorities to
engage in programmatic surveillance. n144
In 2009 prominent national security law Professor William Banks explained, "the FAA targets do not
have to be suspected of being an agent of a foreign power or, for that matter, they do not have to be
suspected of terrorism or any national security offense, so long as the collection of foreign intelligence is
a significant purpose of the surveillance." n145 Surveillance could be directed at a person, organization,
e-mail address, or even "an entire ISP or area code." n146 He noted, "the surveillance permitted under
the FAA does not require that the Government identify a particular known facility where the intercepted
communications occur." n147 These provisions represented a sea change from how FISA had previously
worked (albeit introducing, for the first time, statutory restrictions in an area previously governed by
Executive Order). U.S. persons' communications now could be incidentally collected under the statute,
on a large scale, without many of the protections in traditional FISA. n148
Banks presciently pointed out the most likely way in which the new authorities would be used:
Although details of the implementation of the program . . . are not known, a best guess is the
Government uses a broad vacuum cleaner -like first stage of collection, focusing on transactional data,
where wholesale interception occurs following the development and implementation of filtering criteria.
Then the NSA engages in a more particularized collection of content after analyzing mined data . . .
[A]ccidental or incidental acquisition of U.S. persons inside the United States [will] surely occur[],
especially in light of the difficulty of ascertaining a target's location. n149
For Professor Banks, part of the problem was that the nature of international information flows meant
that it would be impossible [*155] to tell if an individual is located overseas or within domestic bounds.
n150
The NSA circumvents Section 702 by adopting a presumption that targets are non-U.S.
persons and not determining whether they are located domestically
Donohue, 15 - Professor of Law, Georgetown University Law Center (Laura, “SECTION 702 AND THE
COLLECTION OF INTERNATIONAL TELEPHONE AND INTERNET CONTENT” 38 Harv. J.L. & Pub. Pol'y 117,
Winter, lexis)
[*158] A. Targeting
As aforementioned, Section 702 places four limitations on acquisition, each of which is meant to restrict
the amount of information that can be obtained by the government. n166 The NSA has sidestepped
these statutory restrictions in three important ways: first, it has adopted procedures that allow analysts
to acquire information "about" selectors (that is, communications modes used by targets) or targets,
and not merely communications to or from targets (or selectors employed by targets), or information
held by targets themselves. Second, it has created a presumption of non-U.S. person status: That is, if an
individual is not known to be a U.S. person (and thus exempted from Section 702 and treated either
under Sections 703 and 704 or under traditional FISA, depending on the location), then the NSA assumes
that the individual is a non-U.S. person. Third, the NSA has failed to adopt standards that would require
it to ascertain whether a target is located within domestic bounds. Instead, the agency, having looked at
the available evidence, absent evidence to the contrary, assumes that the target is located outside the
United States. These interpretations work together to undermine Congress's addition of Sections 703
and 704, even as they open the door to more extensive collection of domestic communications.
In 2008 Congress anticipated that U.S. person information would inadvertently be collected under
Section 702. This is in part why it included minimization procedures, as well as limits on what could be
collected. Most Members, however, do not appear to have contemplated broad, programmatic
collection that would undermine protections introduced in Sections 702 and 703. n167 Those who did
articulate this possibility voted against the bill.
[*159] Even if Congress did not initially appreciate the potential for programmatic collection, however,
certainly by 2012 the intelligence community had made enough information available to Congress for
Members to make an informed decision. This does not mean that all Members were fully informed. But
to the extent that Members selected not to access the material or to take a public stand on the matter,
particularly in light of the legislature's reading of its authorities with regard to classification, fault lies
with Congress.
The Foreign Intelligence Surveillance Court failed to step into the gap. In 2011, FISC realized the
implications of the NSA's interpretation of to, from or about (TFA) collection. However, in light of the
seriousness of the NSA's aim (protecting national security), and the limitations imposed by the types of
technologies being used, the Court read the statute in a manner that found the targeting procedures to
be consistent with the statute.
To the extent that NSA's TFA and assumptions regarding the target's foreignness undermine the law as it
is written, the legislature failed to perform effective oversight. Congress similarly neglected to uphold
the limit placed on the intelligence community to not knowingly collect domestic conversations. Instead,
it relied on FISC to do so--a task that the Court failed to do. In a classified environment, when so much
information is cloaked from public view, it becomes even more important for the government to ensure
that the authorities as they are publicly presented are consistent with the manner in which they are
being exercised.
PRISM allows the NSA to access the records of US domestic telecomm companies –
also it eliminates a warrant requirement if people are ‘reasonably believed’ to be
outside the USA
Greenwald, 13 – Glenn Greenwald is a fomer columnist on civil liberties and US national security issues
for the Guardian. An ex-constitutional lawyer, he was until 2012 a contributing writer at Salon. (Glenn,
“NSA Prism program taps in to user data of Apple, Google and others” The Guardian, 6/7,
http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data
The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and
other US internet giants, according to a top secret document obtained by the Guardian.
The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect
material including search history, the content of emails, file transfers and live chats, the document says.
The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation –
classified as top secret with no distribution to foreign allies – which was apparently used to train
intelligence operatives on the capabilities of the program. The document claims "collection directly from
the servers" of major US service providers.
Although the presentation claims the program is run with the assistance of the companies, all those who
responded to a Guardian request for comment on Thursday denied knowledge of any such program.
In a statement, Google said: "Google cares deeply about the security of our users' data. We disclose user
data to government in accordance with the law, and we review all such requests carefully. From time to
time, people allege that we have created a government 'back door' into our systems, but Google does
not have a back door for the government to access private user data."
Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme.
They said they would never have been involved in such a program. "If they are doing this, they are doing
it without our knowledge," one said.
An Apple spokesman said it had "never heard" of Prism.
The NSA access was enabled by changes to US surveillance law introduced under President Bush and
renewed under Obama in December 2012.
The program facilitates extensive, in-depth surveillance on live communications and stored information.
The law allows for the targeting of any customers of participating firms who live outside the US, or those
Americans whose communications include people outside the US.
It also opens the possibility of communications made entirely within the US being collected without
warrants.
Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court
order compelling telecoms provider Verizon to turn over the telephone records of millions of US
customers.
The participation of the internet companies in Prism will add to the debate, ignited by the Verizon
revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call
records, this surveillance can include the content of communications and not just the metadata.
Some of the world's largest internet brands are claimed to be part of the information-sharing program
since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the
slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007.
It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and
AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand,
with other providers due to come online.
Collectively, the companies cover the vast majority of online email, search, video and communications
networks.
The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA,
which prides itself on maintaining a high level of secrecy.
The Prism program allows the NSA, the world's largest surveillance organisation, to obtain targeted
communications without having to request them from the service providers and without having to
obtain individual court orders.
With this program, the NSA is able to reach directly into the servers of the participating companies and
obtain both stored communications as well as perform real-time collection on targeted users.
The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of
Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a "home-field advantage"
due to housing much of the internet's architecture. But the presentation claimed "Fisa constraints
restricted our home-field advantage" because Fisa required individual warrants and confirmations that
both the sender and receiver of a communication were outside the US.
"Fisa was broken because it provided privacy protections to people who were not entitled to them," the
presentation claimed. "It took a Fisa court order to collect on foreigners overseas who were
communicating with other foreigners overseas simply because the government was collecting off a wire
in the United States. There were too many email accounts to be practical to seek Fisas for all."
The new measures introduced in the FAA redefines "electronic surveillance" to exclude anyone
"reasonably believed" to be outside the USA – a technical change which reduces the bar to initiating
surveillance.
The act also gives the director of national intelligence and the attorney general power to permit
obtaining intelligence information, and indemnifies internet companies against any actions arising as a
result of co-operating with authorities' requests.
In short, where previously the NSA needed individual authorisations, and confirmation that all parties
were outside the USA, they now need only reasonable suspicion that one of the parties was outside the
country at the time of the records were collected by the NSA.
The document also shows the FBI acts as an intermediary between other agencies and the tech
companies, and stresses its reliance on the participation of US internet firms, claiming "access is 100%
dependent on ISP provisioning".
In the document, the NSA hails the Prism program as "one of the most valuable, unique and productive
accesses for NSA".
It boasts of what it calls "strong growth" in its use of the Prism program to obtain communications. The
document highlights the number of obtained communications increased in 2012 by 248% for Skype –
leading the notes to remark there was "exponential growth in Skype reporting; looks like the word is
getting out about our capability against Skype". There was also a 131% increase in requests for Facebook
data, and 63% for Google.
The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also
seeks, in its words, to "expand collection services from existing providers".
The revelations echo fears raised on the Senate floor last year during the expedited debate on the
renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act
expired.
Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various
surveillance programs meant there was no way to know if safeguards within the act were working.
"The problem is: we here in the Senate and the citizens we represent don't know how well any of these
safeguards actually work," he said.
"The law doesn't forbid purely domestic information from being collected. We know that at least one
Fisa court has ruled that the surveillance program violated the law. Why? Those who know can't say and
average Americans can't know."
Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find
out any information on how many phone calls or emails had been intercepted under the program.
When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the
NSA's inability to obtain electronic communications without the consent of the telecom and internet
companies that control the data. But the Prism program renders that consent unnecessary, as it allows
the agency to directly and unilaterally seize the communications off the companies' servers.
Upstream intercepts foreign data only as it enters domestic internet connections
Gellman, 14 – staff writer for the Washington Post; won 3 Pullitzer Prizes (Barton, Washington Post, “In
NSA-intercepted data, those not targeted far outnumber the foreigners who are” 7/5,
http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targetedfar-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-85724b1b969b6322_story.html
Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702
of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had
required probable cause and a warrant from a judge. One program, code-named PRISM, extracts
content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet
companies. Another, known inside the NSA as Upstream, intercepts data on the move as it crosses the
U.S. junctions of global voice and data networks.
No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance
Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board,
has delved into a comparably large sample of what the NSA actually collects — not only from its targets
but also from people who may cross a target’s path.
Among the latter are medical records sent from one family member to another, résumés from job
hunters and academic transcripts of schoolchildren. In one photo, a young girl in religious dress beams
at a camera outside a mosque.
Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed
by their mothers. In some photos, men show off their physiques. In others, women model lingerie,
leaning suggestively into a webcam or striking risque poses in shorts and bikini tops.
“None of the hits that were received were relevant,” two Navy cryptologic technicians write in one of
many summaries of nonproductive surveillance. “No additional information,” writes a civilian analyst.
Another makes fun of a suspected kidnapper, newly arrived in Syria before the current civil war, who
begs for employment as a janitor and makes wide-eyed observations about the state of undress
displayed by women on local beaches.
By law, the NSA may “target” only foreign nationals located overseas unless it obtains a warrant based
on probable cause from a special surveillance court. For collection under PRISM and Upstream rules,
analysts must state a reasonable belief that the target has information of value about a foreign
government, a terrorist organization or the spread of nonconventional weapons.
Most of the people caught up in those programs are not the targets and would not lawfully qualify as
such. “Incidental collection” of third-party communications is inevitable in many forms of surveillance,
but in other contexts the U.S. government works harder to limit and discard irrelevant data. In criminal
wiretaps, for example, the FBI is supposed to stop listening to a call if a suspect’s wife or child is using
the phone.
There are many ways to be swept up incidentally in surveillance aimed at a valid foreign target. Some of
those in the Snowden archive were monitored because they interacted directly with a target, but others
had more-tenuous links.
If a target entered an online chat room, the NSA collected the words and identities of every person who
posted there, regardless of subject, as well as every person who simply “lurked,” reading passively what
other people wrote.
“1 target, 38 others on there,” one analyst wrote. She collected data on them all.
In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer
server used by hundreds of people.
The NSA treats all content intercepted incidentally from third parties as permissible to retain, store,
search and distribute to its government customers. Raj De, the agency’s general counsel, has testified
that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for
one analyst to know what might become relevant to another.
The Obama administration declines to discuss the scale of incidental collection. The NSA, backed by
Director of National Intelligence James R. Clapper Jr., has asserted that it is unable to make any
estimate, even in classified form, of the number of Americans swept in. It is not obvious why the NSA
could not offer at least a partial count, given that its analysts routinely pick out “U.S. persons” and mask
their identities, in most cases, before distributing intelligence reports.
If Snowden’s sample is representative, the population under scrutiny in the PRISM and Upstream
programs is far larger than the government has suggested. In a June 26 “transparency report,” the Office
of the Director of National Intelligence disclosed that 89,138 people were targets of last year’s collection
under FISA Section 702. At the 9-to-1 ratio of incidental collection in Snowden’s sample, the office’s
figure would correspond to nearly 900,000 accounts, targeted or not, under surveillance.
AT: Terrorism DA
The perception of NSA overreach destroys law enforcement cooperation – it’s a larger
internal link to terrorism
Schulhofer, 13 – professor of law at NYU (Stephen, ““Making Sense of the NSA Metadata Collection
Program (Part II)”, 11/8, http://justsecurity.org/2985/making-sense-nsa-metadata-collection-programpart-ii/)
Efforts like the NSA sweeps actually undermine the counterterrorism effort itself. The reason is that
these types of programs generate profound mistrust of government in general and of law enforcement
in particular. We have already seen dramatic examples in the way that the Snowden revelations of our
spying on allies has angered European leaders and endangered our working relationships with them.
Although this breach eventually will be healed, alienation and mistrust among ordinary citizens is
equally important, and it will not be so easily remedied. That mistrust, in turn, has a strong chilling effect
on the willingness of law-abiding, loyal citizens to cooperate in the counterterrorism effort – for
example by working with officials in local counterterrorism programs or by alerting law enforcement to
various kinds of suspicious behavior. This dynamic has been demonstrated in several decades of
extensive law enforcement research, including research focused specifically on counterterrorism policies
and their impact on Muslim communities in the West. In one study, for example, Muslim-Americans in
New York City were 61% less likely to report potentially suspicious precursors of terrorism when they
felt that counterterrorism policies were being unfairly set and implemented. (See Schulhofer, Tyler &
Huq, American Policing at a Crossroads: Unsustainable Policies and the Procedural Justice Alternative,
101 J. Crim. L. & Criminology 335, 364-74 (2011).)
This last point underscores the most important, but least appreciated, “given” of the counterterrorism
enterprise. Because the consequences of a terrorist attack could be so catastrophic, citizens and public
officials alike tend to support strong law enforcement more readily than they do in ordinary times. The
perception is that strong measures are acceptable because the top priority must be to reduce the risk of
attack. And strong measures, whatever their drawbacks, at least seem to offer ways to reduce that risk.
The central lesson of smart law enforcement, however, is that there are no risk-free choices.
Strengthening the powers of the executive enhances some of our defenses against terrorism, but it
weakens others – many of which, including community trust and cooperation, are absolutely essential to
reducing the dangers of terrorism.
Against this background, we must – for the sake of our democracy and even for the sake of our physical
security – find ways to dissipate the cloud of mistrust that now hangs over NSA surveillance.
Mass surveillance causes information overload
Eddington, 15 - Patrick Eddington is a policy analyst in homeland security and civil liberties at the Cato
Institute. He was formerly a senior policy advisor to Rep. Rush Holt (D-N.J.) and a military imagery
analyst at the CIA’s National Photographic Interpretation Center (“No, Mass Surveillance Won't Stop
Terrorist Attacks” Reason, 1/27, http://reason.com/archives/2015/01/27/mass-surveillance-andterrorism#.ltrezi:U8Io
No, mass surveillance does not prevent terrorist attacks.
It’s worth remembering that the mass surveillance programs initiated by the U.S. government after the
9/11 attacks—the legal ones and the constitutionally-dubious ones—were premised on the belief that
bin Laden’s hijacker-terrorists were able to pull off the attacks because of a failure to collect enough
data. Yet in their subsequent reports on the attacks, the Congressional Joint Inquiry (2002) and the 9/11
Commission found exactly the opposite. The data to detect (and thus foil) the plots was in the U.S.
government’s hands prior to the attacks; the failures were ones of sharing, analysis, and dissemination.
That malady perfectly describes every intelligence failure from Pearl Harbor to the present day.
The Office of the Director of National Intelligence (created by Congress in 2004) was supposed to be the
answer to the "failure-to-connect-the-dots" problem. Ten years on, the problem remains, the IC
bureaucracy is bigger than ever, and our government is continuing to rely on mass surveillance
programs that have failed time and again to stop terrorists while simultaneously undermining the civil
liberties and personal privacy of every American. The quest to "collect it all," to borrow a phrase from
NSA Director Keith Alexander, only leads to the accumulation of masses of useless information, making
it harder to find real threats and costing billions to store.
A recent Guardian editorial noted that such mass-surveillance myopia is spreading among European
political leaders as well, despite the fact that "terrorists, from 9/11 to the Woolwich jihadists and the
neo-Nazi Anders Breivik, have almost always come to the authorities’ attention before murdering."
Mass surveillance is not only destructive of our liberties, its continued use is a virtual guarantee of
more lethal intelligence failures . And our continued will to disbelieve those facts is a mental dodge we
engage in at our peril.
Mass surveillance makes it less likely to detect terrorism – overload,
Tufekci, 15 - Zeynep Tufekci is an assistant professor at the University of North Carolina (“Terror and the
limits of mass surveillance” Financial Times, 2/3, http://blogs.ft.com/the-exchange/2015/02/03/zeyneptufekci-terror-and-the-limits-of-mass-surveillance/
But the assertion that big data is “what it’s all about” when it comes to predicting rare events is not
supported by what we know about how these methods work, and more importantly, don’t work.
Analytics on massive datasets can be powerful in analysing and identifying broad patterns, or events
that occur regularly and frequently, but are singularly unsuited to finding unpredictable, erratic, and rare
needles in huge haystacks. In fact, the bigger the haystack — the more massive the scale and the wider
the scope of the surveillance — the less suited these methods are to finding such exceptional events,
and the more they may serve to direct resources and attention away from appropriate tools and
methods.
After Rigby was killed, GCHQ, Britain’s intelligence service, was criticised by many for failing to stop his
killers, Michael Adebolajo and Michael Adebowale. A lengthy parliamentary inquiry was conducted,
resulting in a 192-page report that lists all the ways in which Adebolajo and Adebowale had brushes with
data surveillance, but were not flagged as two men who were about to kill a soldier on a London street.
GCHQ defended itself by saying that some of the crucial online exchanges had taken place on a platform,
believed to be Facebook, which had not alerted the agency about these men, or the nature of their
postings. The men apparently had numerous exchanges that were extremist in nature, and their
accounts were suspended repeatedly by the platform for violating its terms of service.
“If only Facebook had turned over more data,” the thinking goes.
But that is misleading, and makes sense only with the benefit of hindsight. Seeking larger volumes of
data, such as asking Facebook to alert intelligence agencies every time that it detects a post containing
violence, would deluge the agencies with multiple false leads that would lead to a data quagmire,
rather than clues to impending crimes.
For big data analytics to work, there needs to be a reliable connection between the signal (posting of
violent content) and the event (killing someone). Otherwise, the signal is worse than useless. Millions of
Facebook’s billion-plus users post violent content every day, ranging from routinised movie violence to
atrocious violent rhetoric. Turning over the data from all such occurrences would merely flood the
agencies with “false positives” — erroneous indications for events that actually will not happen. Such
data overload is not without cost, as it takes time and effort to sift through these millions of strands of
hay to confirm that they are, indeed, not needles — especially when we don’t even know what needles
look like. All that the investigators would have would be a lot of open leads with no resolution, taking
away resources from any real investigation. Besides, account suspensions carried out by platforms like
Facebook’s are haphazard, semi-automated and unreliable indicators. The flagging system misses a lot
more violent content than it flags, and it often flags content as inappropriate even when it is not, and
suffers from many biases. Relying on such a haphazard system is not a reasonable path at all.
So is all the hype around big data analytics unjustified? Yes and no. There are appropriate use cases for
which massive datasets are intensely useful, and perform much better than any alternative we can
imagine using conventional methods. Successful examples include using Google searches to figure out
drug interactions that would be too complex and too numerous to analyse one clinical trial at a time, or
using social media to detect national-level swings in our mood (we are indeed happier on Fridays than
on Mondays).
In contrast, consider the “lone wolf” attacker who took hostages at, of all things, a “Lindt Chocolat Café”
in Sydney. Chocolate shops are not regular targets of political violence, and random, crazed men
attacking them is not a pattern on which we can base further identification. Yes, the Sydney attacker
claimed jihadi ideology and brought a black flag with Islamic writing on it, but given the rarity of such
events, it’s not always possible to separate the jihadi rhetoric from issues of mental health — every era’s
mentally ill are affected by the cultural patterns around them. This isn’t a job for big data analytics. (The
fact that the gunman was on bail facing various charges and was known for sending hate letters to the
families of Australian soldiers killed overseas suggests it was a job for traditional policing).
When confronted with their failures in predicting those rare acts of domestic terrorism, here’s what
GCHQ, and indeed the NSA, should have said instead of asking for increased surveillance capabilities:
stop asking us to collect more and more data to perform an impossible task. This glut of data is making
our job harder, not easier, and the expectation that there will never be such incidents, ever, is not
realistic.
Attention should instead be focused on the causal chain that led the Kouachi brothers on their path. It
seems that the French-born duo had an alienated, turbulent youth, and then spent years in French
prisons, where they were transformed from confused and incompetent wannabe jihadis to hardliners
who were both committed and a lot more capable of carrying out complex violence acts than when they
entered the prison. Understanding such paths will almost certainly be more productive for preventing
such events, and will also spare all of us from another real danger: governments that know too much
about their citizens, and a misguided belief in what big data can do to find needles in too-large
haystacks.
Significant surveillance reform now disproves the link
Edgar, 4/13/15 - visiting fellow at the Institute and adjunct professor of law at the Georgetown
University Law Center (Timothy, “The Good News About Spying”
https://www.foreignaffairs.com/articles/united-states/2015-04-13/good-news-about-spying
Despite high hopes for a fresh start on civil liberties, during his first term in office, Obama ratified and
even expanded the surveillance programs that began under former President George W. Bush. After
NSA contractor Edward Snowden began revealing the agency’s spying programs to The Guardian in
2013, however, Obama responded with a clear change of direction. Without great fanfare, his
administration has made changes that open up the practices of the United States intelligence
community and protect privacy in the United States and beyond. The last year and a half has been the
most significant period of reform for national security surveillance since Senator Frank Church led the
charge against domestic spying in the late 1970s.
In 2013, at Obama’s direction, the Office of the Director of National Intelligence (ODNI) established a
website for the intelligence community, IC on the Record, where previously secret documents are
posted for all to see. These are not decades-old files about Cold War spying, but recent slides used at
recent NSA training sessions, accounts of illegal wiretapping after the 9/11 attacks, and what had been
highly classified opinions issued by the Foreign Intelligence Surveillance Court about ongoing
surveillance programs.
Although many assume that all public knowledge of NSA spying programs came from Snowden’s leaks,
many of the revelations in fact came from IC on the Record, including mistakes that led to the
unconstitutional collection of U.S. citizens’ emails. Documents released though this portal total more
than 4,500 pages—surpassing even the 3,710 pages collected and leaked by Snowden. The Obama
administration has instituted other mechanisms, such as an annual surveillance transparency report,
that will continue to provide fodder for journalists, privacy activists, and researchers.
The transparency reforms may seem trivial to some. From the perspective of an intelligence community
steeped in the need to protect sources and methods, however, they are deeply unsettling. At a Brown
University forum, ODNI Civil Liberties Protection Officer Alexander Joel said, “The intelligence
community is not designed and built for transparency. Our culture is around finding our adversaries’
secrets and keeping our own secrets secret.” Accordingly, until only a few years ago, the intelligence
community resisted making even the most basic information public. The number of FISA court opinions
released to the public between 1978 and 2013 can be counted on one hand.
Beyond more transparency, Obama has also changed the rules for surveillance of foreigners. Until last
year, privacy rules applied only to “U.S. persons.” But in January 2014, Obama issued Presidential Policy
Directive 28 (PPD-28), ordering intelligence agencies to write detailed rules assuring that privacy
protections would apply regardless of nationality. These rules, which came out in January 2015, mark
the first set of guidelines for intelligence agencies ordered by a U.S. president—or any world leader—
that explicitly protect foreign citizens’ personal information in the course of intelligence operations.
Under the directive, the NSA can keep personal information in its databases for no more than five years.
It must delete personal information from the intelligence reports it provides its customers unless that
person’s identity is necessary to understand foreign intelligence—a basic rule once reserved only for
Americans.
The new rules also include restrictions on bulk collection of signals intelligence worldwide—the practice
critics call “mass surveillance.” The NSA’s bulk collection programs may no longer be used for
uncovering all types of diplomatic secrets, but will now be limited to six specific categories of serious
national security threats. Finally, agencies are no longer allowed simply to “collect it all.” Under PPD-28,
the NSA and other agencies may collect signals intelligence only after weighing the benefits against the
risks to privacy or civil liberties, and they must now consider the privacy of everyone, not just U.S.
citizens. This is the first time any U.S. government official will be able to cite a written presidential
directive to object to an intelligence program on the basis that the intelligence it produces is not worth
the costs to privacy of innocent foreign citizens.
No data proves surveillance reduces terrorism risks
Kehl, 14 – Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The
NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July,
https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/
So far, the purported benefits of the programs remain unsubstantiated. While intelligence officials and
representatives of the Obama Administration have defended the merits of the NSA programs,18 they
have offered little hard evidence to prove their value. To the contrary, initial analyses of the NSA’s bulk
records collection program suggest that its benefits are dubious at best, particularly compared to the
program’s vast breadth. A January 2014 study from the New America Foundation’s International
Security Program, for example, concluded that “the government’s claims about the role that NSA ‘bulk’
surveillance of phone and email communications records has had in keeping the United States safe from
terrorism… are overblown and even misleading.”19 Similarly, in its review of the telephone records
collection program under Section 215 of the USA PATRIOT Act, the Privacy and Civil Liberties Oversight
Board (PCLOB) could not identify a single instance in which the telephone records program made a
concrete difference in the outcome of a counterterrorism investigation.20 The President’s Review Group
concurred, emphasizing that “there is always a possibility that acquisition of more information—
whether in the US or abroad—might ultimately prove helpful. But that abstract possibility does not, by
itself, provide a sufficient justification for acquiring more information.”21 Although the PCLOB did find in
a separate report that “the information the [Section 702] program collects has been valuable and
effective in protecting the nation’s security and producing useful foreign intelligence,”22 it provided no
details and did not weigh those purported benefits against the various costs of the surveillance.
Furthermore, its conclusions were undermined just days later when The Washington Post revealed that
nine out of ten of the Internet users swept up in the NSA’s Section 702 surveillance are not legally
targeted foreigners.23
Current counter-terrorism fails – lack of human intelligence outweighs
Eddington, 15 - Patrick G. Eggerton worked as a military imagery analyst at the CIA. He is policy analyst
in homeland security and civil liberties at Cato Institute. (Patrick, “US wants to hack your phone because
it doesn’t have real spies it needs” Reuters, http://blogs.reuters.com/great-debate/2015/02/23/the-fbiwas-for-encryption-before-it-was-against-it/
The best way to disrupt any organized criminal element is to get inside of it physically. But the U.S.
government’s counterterrorism policies have made that next to impossible.
The FBI, for example, targets the very Arab-American and Muslim-American communities it needs to
work with if it hopes to find and neutralize home-grown violent extremists, including promulgating new
rules on profiling that allow for the potential mapping of Arab- or Muslim-American communities. The
Justice Department’s refusal to investigate the New York Police Department’s mass surveillance and
questionable informant-recruitment tactics among immigrants in the Arab- and Muslim-American
communities has only made matters worse.
Overseas, the Cold War style of spying — relying on U.S. embassies as bases from which CIA and other
U.S. government intelligence personnel operate — is increasingly difficult in the areas of the Middle East
and southwest Asia undergoing often violent political change.
Steinbach testified about this before the House Homeland Security Committee earlier this month. “The
concern is in Syria,” he explained, “the lack of our footprint on the ground in Syria — that the databases
won’t have the information we need.”
Notice his reference to technology “databases” rather than the importance of the human element. The
U.S. intelligence community’s emphasis should be on the spy on the ground who actually gathers critical
information and makes any penetration of a terrorist organization possible.
This problem is true for Yemen as well, as a recent Washington Post story highlighted:
The spy agency has pulled dozens of operatives, analysts and other staffers from Yemen as part of a
broader extraction of roughly 200 Americans who had been based at the embassy in Sana, officials said.
Among those removed were senior officers who worked closely with Yemen’s intelligence and security
services to target al-Qaeda operatives and disrupt terrorism plots often aimed at the United States.
The CIA’s failure to field agents under nonofficial cover, or to recruit enough reliable local informants on
the ground who could communicate securely with CIA handlers outside Yemen, is symptomatic of the
agency’s failure to break with its reliance on embassy-based operations throughout that part of the
world. Compromising encryption technology will do nothing to solve the intelligence community’s
human-intelligence deficit. This is a problem the agency must address if it is ever going to be successful
in finding and neutralizing terrorist cells overseas.
It boils down to the fact that the FBI and the U.S. intelligence community have failed to adapt their
intelligence-collection practices and operations to meet the challenges of the “new world disorder” in
which we live. As former CIA officer Philip Giraldi has noted:
[I]ntelligence agencies that were created to oppose and penetrate other nation-state adversaries are
not necessarily well equipped to go after terrorists, particularly when those groups are ethnically
cohesive or recruited through family and tribal vetting, and able to operate in a low-tech fashion to
negate the advantages that advanced technologies provide.
The CIA has repeatedly attempted — occasionally at high cost — to penetrate militant organizations like
al Qaeda and Islamic State. Nonetheless, Washington’s overall counterterrorism bias in funding and
manpower has been toward using the most sophisticated technology available as the key means of
battling a relatively low-tech enemy.
The FBI’s new anti-encryption campaign is just the latest phase in the government’s attempt to deny
Islamic State and related groups the ability to shield their communications. If these militant groups were
traditional nation-states with their own dedicated communications channels, we’d all be cheering on the
FBI’s efforts. But the Internet has become the primary means for global, real-time communications for
individuals, nonprofits, businesses and governments. So it should not be treated as just another
intelligence target, which is certainly the FBI’s and Natural Security Agency’s current mindset.
Using the legislative process to force companies to make defective electronic devices with exploitable
communications channels in the hope that they will catch a tiny number of potential or actual terrorists
is a self-defeating strategy. If implemented, the FBI’s proposal would only make all Americans more
vulnerable to malicious actors online and do nothing to stop the next terrorist attack.
The government greatly exaggerates PRISM’s ability to stop terrorism
Sanchez, 13 – senior fellow on technology, privacy and national security and intelligence surveillance at
Cato (Julian, “Epstein on NSA (Again) Part I: PRISM & the FISA Amendments Act” 6/28,
http://www.cato.org/blog/epstein-nsa-again-part-i-prism-fisa-amendments-act
Finally, Epstein and Loyola rather uncritically repeat the claim that the PRISM program surveillance
pursuant to FAA authorities “is responsible for foiling about 40 of the 50 terrorist plots which the
administration recently disclosed to Congress in classified briefings.” If we scrutinize the government’s
claims a bit more closely, we see that in fact NSA Director Keith Alexander claimed that PRISM intercepts
had “contributed” to the disruption of 40 of 50 terrorist “events,” mostly overseas, and judged this
contribution to have been “critical” in 50 percent of these cases.
When we examine some of the specific “events” government officials have discussed, however, it
becomes clear that not all of these are “plots” at all—many seem to have involved funding or other
forms of “material support” for radical groups, though in at least one such case the government appears
to have claimed a “plot” to bomb the New York Stock Exchange where none really existed. (FBI Deputy
Sean Joyce further told Congress that the “plot” must have been serious given that a jury convicted the
plotters. But federal prosecutors themselves emphasized that the men “had not been involved in an
active plot” and there was no jury trial: they were charged with “material support” and pled guilty.)
Presumably at least some of these “events” did involve actual planned attacks, but knowing that PRISM
surveillance was “critical” to disrupting half of them doesn’t in itself tell us much. The question is
whether the same surveillance could have been conducted in these cases using authorities that existed
before the FISA Amendments Act, or under narrower amendments to FISA. Since the bulk of these
“events” appear to have been overseas, the traditional authority to intercept purely foreign
communications without a warrant would seem to have sufficed, or at most required a legal tweak to
accommodate stored data on U.S. servers used by foreigners to communicate with other foreigners.
There is no evidence to suggest that the actually controversial part of the FAA—the revocation of the
warrant requirement for interception of U.S.-to-foreign wire communications—made a necessary
contribution in these cases. Indeed, as national security expert Peter Bergen has documented, the public
record in the overwhelming majority of terror plots we know about shows that they were “uncovered by
traditional law enforcement methods, such as the use of informants, reliance on community tips about
suspicious activity and other standard policing practices.”
There is certainly such a thing as too much skepticism about government. But when officials make vague
allusions to vital, secret successes in an effort to justify their own broad powers, there is also such a
thing as too much credulity.
So much for PRISM and the FISA Amendments Act. I’ll discuss what Epstein and Loyola say about the
NSA’s metadata dragnet in a separate post.
Soft power turns terror
Soft power solves all global problems – including terrorism
Stanley, 7 (Elizabeth Stanley, Ass Prof @ Georgetown, 7 “International Perceptions of US Nuclear Policy”
Sandia Report, http://www.prod.sandia.gov/cgi-bin/techlib/access-control.pl/2007/070903.pdf)
How important is soft power, anyway? Given its vast conventional military power, does the United
States even need soft power? Some analysts argue that US military predominance is both possible and
desirable over the long term, and thus soft power is not important. But a growing consensus disagrees.
These analysts argue that soft power is critical for four reasons. First, soft power is invaluable for
keeping potential adversaries from gaining international support, for “winning the peace” in
Afghanistan and Iraq, and for convincing moderates to refrain from supporting extremist terrorist
groups. Second, soft power helps influence neutral and developing states to support US global
leadership. Third, soft power is also important for convincing allies and partners to share the
international security burden.14 Finally, and perhaps most importantly, given the increasing
interdependence and globalization of the world system, soft power is critical for addressing most
security threats the United States faces today. Most global security threats are impossible to be
countered by a single state alone. Terrorism, weapons of mass destruction (WMD) proliferation, failed
and failing states, conflicts over access to resources, are not confined to any one state. In addition,
disease, demographic shifts, environmental degradation and global warming will have negative security
implications as well.15 All of these potential threats share four traits: (1) they are best addressed
proactively, rather than after they develop into full-blown crises; (2) they require multi-lateral
approaches, often under the umbrella of an international institution; (3) they are not candidates for a
quick fix, but rather require multi-year, or multi-decade solutions; and, (4) they are “wicked” problems.
Given these four traits, soft power is critical for helping to secure the international, multi-lateral
cooperation that will be necessary to address such threats effectively.
AT: Presidential powers DA
The perception of protection alone prevents a larger backlash against presidential
power
Small, 8 - United States Air Force Academy (Matthew, “His Eyes are Watching You: Domestic
Surveillance, Civil Liberties and Executive Power during Times of National Crisis”
http://cspc.nonprofitsoapbox.com/storage/documents/Fellows2008/Small.pdf
In fact, reasonable arguments can be made that there is no clearly formed public mandate demanding
the consideration of an American citizen’s right to privacy as important, if not more so, than national
security. There exists only a concern of abridgement of their right, but this concern does not equate to
motivating factor for government constraint. Studies show that from 1974 to 1983 Americans perceived
little impact of privacy invasion, in its rare instances, on their lives (Katz and Tassone 1990, 125).
Simultaneously, however, Americans did not, and still do not,17 favor wiretaps regardless of the
presence of warrants (Katz and Tassone 1990, 130-131). Despite this, it appears that the public realizes
the necessity of the power of the president to abridge certain rights in order to ensure national security.
The public voices its concern but stops far short of forcing the government to restrain itself. Legislatures
listen to the “broad climate of opinion” (Gandy Jr. 2003, 285) and that climate allows President Bush to
act as he did.18 Like Abraham Lincoln, President Bush realized inadequacy within the government
institutions tasked with keeping America safe through the collection of information on internal threats.
In order to effectively combat terrorism, the NSA needed the ability to expand operations within the US.
President Bush, in the manner of his Civil War predecessor, expanded his power to better equip the NSA
to handle the threat. Court cases and legislation concerning wiretapping and intrusive domestic
surveillance techniques only establish guidelines to give degrees of protection, but more importantly
the perception of protection .19 This still leaves the president with the room to maneuver within these
guidelines to maintain national security at the expense of complete civil liberty.
Justice Black’s dissensions shed more light on this paradox that even though the courts deemed
warrantless wiretaps an invasion of privacy, they still continue. There remains those of the persuasion
that wiretapping is a viable information gathering tool and admissible in court with or without an
accompanying warrant because the Forth Amendment is not a protection of privacy. In American
history, domestic surveillance, later to include electronic surveillance, proved necessary to enforce those
laws passed by Congress that quelled rebellion and silenced dissidents. Presently, the USA Patriot Act
and other similar legislation requires an increase in domestic electronic surveillance in order to combat
terrorism; so in the interest of adhering to the letter and the spirit of the law, President Bush must
expand the use of domestic electronic surveillance.
President Bush took the precedent set by his predecessors and acted accordingly when the United
States plummeted into turmoil. What is important now is for the president to realize when his power
has reached its limit. The crux of the problem lies in justifying the remainder of a threat to American
citizens. While the attacks of 9/11 still linger within the American psyche and legislation supports
executive action, this task is less daunting. American citizens can stand some breaches in privacy but
those breaches must not be permanent. Popular sentiment and legislation may currently favor
expanded presidential power but President Bush, or any subsequent president, would be remiss in
assuming that it will remain as such for the duration of the struggle against international terrorism. The
fickle nature of public and Congressional support in the domestic intelligence realm thus requires a
great deal of prudence on the part of the president.
There are some indicators, albeit vague ones, of when domestic surveillance policy should yield to
citizens’ right to privacy. Following the progression witnessed during the Cold War it would be
reasonable to expect that opposition to presidential power would first come in the form of Supreme
Court rulings striking down certain powers as unconstitutional followed by public opinion more heavily
favoring the right to privacy and finally, legislation codifying judicial rulings in accordance with public
opinion. Court cases challenging the president’s power under the USA Patriot Act have already surfaced.
Both the American Civil Liberties Union (ACLU) and the Center for Constitutional Rights (CCR) have
already filed formal complaints against the executive branch. The CCR, in particular, directly attacked
the president’s power to conduct electronic surveillance without a court order as criminal under the
provisions of FISA. Similarly, the Electronic Frontier Foundation sued AT&T for violating free speech and
the right to privacy by aiding the NSA. Although the president has fought these allegations, fighting most
vehemently in the AT&T case, none of the cases reached the Supreme Court. The legal actions
precipitated neither legislative response nor changes in executive policy. If, however, the populous feels
so compelled as to bring the matter before the Supreme Court, the president risks losing the policy
initiative as one or more unfavorable rulings may force Congress to act on behalf of the right to privacy.
The president must take care to ensure that domestic surveillance policies are commensurate with the
actual national security threat.
Although the war has no foreseeable end, the president’s actions must have one. That end must be in
concert with Congress and must demonstrate to the American people that the security of the US, and by
default their own freedom, is better because of it. If not, the president risks losing all legitimacy and
having his power constrained to the point where neither he nor the agencies below him can effectively
protect the nation.
AT: Ex post CP
Perm do both – the FAA includes ex post review mechanisms that solve the link
Blum, 9 (Stephanie, “WHAT REALLY IS AT STAKE WITH THE FISA AMENDMENTS ACT OF 2008 AND IDEAS
FOR FUTURE SURVEILLANCE REFORM” 18 B.U. Pub. Int. L.J. 269, Spring, lexis)
If the Note's assertions are true, the FAA has one advantage over the traditional FISA in that the FAA
relies more on ex post mechanisms. For example, the FAA imposes reporting requirements to Congress
n253 and inspector general reviews, n254 rather than relying solely on ex ante warrants issued by a
secret court. While under the FAA the FISC issues ex ante certifications concerning the executive's
targeting and minimization procedures, these are programmatic reviews and not based on
individualized suspicion of suspects as is required by traditional FISA. Given the arguably limited
effectiveness of ex ante warrants issued by a secret court based on one-sided evidence, the FAA's
greater reliance on ex post review mechanisms could be viewed as a significant improvement over
traditional FISA. As Georgetown law professor Neal Katyal observed, "reporting requirements are
powerful devices" that promote external checks on excessive executive power. n255
In contrast, the high degree of judicial deference in ex ante review may simply result from quality
applications. Applications for traditional FISA warrants must survive considerable review by the
executive branch prior to submission to the FISC; hence, it can be presumed that some, if not many,
applications are not brought. As Alan Dershowitz notes, "although the FISA court has only rarely denied
requests for national security wiretaps, the very existence of this court and the requirement of sworn
justification serves as a check on the improper use of the powerful and intrusive technologies that are
permitted in national security cases." n256 Hence, there are two ways to look at ex ante review: one
could either argue that FISA "forces the executive to self-censor its requests," or that the judiciary is
"acting merely as a 'rubber stamp.'" n257 The reality is probably a little of both.
The FAA contains both ex ante and newly imposed ex post review mechanisms. While the ex ante review
under the FAA is not based on individualized determinations about suspects, but rather focuses on
programmatic reviews, because of its heavy ex post reporting mechanisms, it seems that the FAA
creates [*308] a balanced structure that may prevent executive branch abuse while still protecting the
nation from another terrorist attack.
Ex post review alone fails – courts lack institutional expertise to review surveillance
risks
Harvard Law Review, 8 – no author cited, “SHIFTING THE FISA PARADIGM: PROTECTING CIVIL LIBERTIES
BY ELIMINATING EX ANTE JUDICIAL APPROVAL” http://cdn.harvardlawreview.org/wpcontent/uploads/pdfs/shifting_the_FISA_paradigm.pdf
2. Judicially Ordered Notice to Wrongfully Surveilled Persons. — Another approach would provide a
stronger statutory cause of action for improper surveillance, adding an ex post review function to the
FISC. Such a scheme would “provide compensation to individuals subject to the most grievous instances
of unlawful electronic surveillance” by giving the FISC power to “screen for these violations and
discretionarily notify an individual,” and then compensate him or her if appropriate.82 This approach is
commendable for attempting to remedy the lack of adversariality and the fact that improper
surveillance that occurs after a FISC order is issued — when either changed circumstances or invalid
governmental motives never come to light because the government does not attempt criminal
prosecution — may go unchecked.83 But the suggested remedy, to broaden notice by making a
“distinction . . . between disclosure that concretely threatens national security and disclosure that would
merely embarrass the government,” 84 seems unworkable. Such line drawing necessarily involves
crucial policy determinations that the courts are in a bad institutional position to make. Moreover, the
ability of the remedy to provide a check on the government seems at best dubious and could even be
viewed as permitting the government to purchase the ability to invade constitutional liberties.
Ex post is impossible to enforce and amounts to a rubber stamp
Berman, 14 - Visiting Assistant Professor of Law, Brooklyn Law School (Emily Berman, Regulating
Domestic Intelligence Collection, 71 Wash. & Lee L. Rev. 3,
http://scholarlycommons.law.wlu.edu/wlulr/vol71/iss1/5
The suggestion that the FISC approximate the role of traditional judicial review of agency decision
making to impose constraints on discretion will also fail to result in the preservation of civil liberties. As
an initial matter, it is unclear what the extent of the FISC’s review might be. Traditional judicial review of
administrative rules asks whether an agency’s action is consistent with the Constitution and its statutory
mandate or whether it is arbitrary or capricious.319 But when it comes to most intelligence-collection
rules, there is no constitutional or statutory standard against which a court could measure agency
compliance.320 One proposed solution to this baseline problem is to have the FISC review policy for
whether it is consistent with the intelligence agencies’ own stated objectives.321 Again, this proposal
fails to account for the fact that when the intelligence community is left to determine the rules of its
own conduct, concerns other than security will get short shrift. By asking intelligence agencies to
identify their own objectives and then subjecting their efforts to meet those objectives to judicial review
would replicate the current situation—where the constraints on agencies are limited to those that they
agree to place on themselves—but with the added legitimating feature of judicial imprimatur.
Another barrier to enlisting the FISC in intelligencecollection governance is that the intelligencecollection activities governed by the Guidelines extend beyond the scope of the FISC’s jurisdiction. The
FISC oversees electronic foreign intelligence surveillance and physical searches of premises connected
with foreign powers.322 It has no role in overseeing purely domestic surveillance of Americans absent
probable cause that those Americans are agents of a foreign power.323 The content of the Guidelines
and the activities they regulate—such as physical surveillance of Americans, infiltration of religious or
political groups, the use of informants, requests for internet history— rarely fall within the FISC’s
jurisdiction. Individuals who wish to challenge FBI activity—if they can establish standing—do not have
access to the FISC.324 Thus, it is unclear what role the FISC could play in reviewing many activities in
which the FBI engages.
The FISC, too, is likely to share the FBI and ODNI’s bias toward the security mission. Unless a recipient of
a FISC order challenges the legitimacy of that order, proceedings in the FISC are not subject to an
adversarial process.325 Instead, like magistrate judges considering whether to issue traditional search
warrants, FISC judges review unopposed government applications for surveillance orders.326 The FISC
thus receives only the Justice Department’s perspective—heavily informed by the FBI’s perspective—
about any given rule. This concern is compounded by the fact that even the judges themselves largely
hail from the law enforcement community—twelve of the fourteen judges who have served this year
are former prosecutors and one is a former state police director.327 Moreover, once selected by the
Chief Justice of the Supreme Court for FISC service, these judges are exposed to a constant stream of
government applications to engage in foreign intelligence collection detailing just how dangerous the
world can be and the important role that intelligence collection plays in combating those dangers.328
FISC involvement thus serves only to reinforce the pro-security perspective already embedded in the
development of domesticintelligence- collection policies.
Empirically true
Brand, 15 - Dean and Professor Emeritus and Chairman of the Center for Law and Global Justice,
University of San Francisco School of Law (Jeffrey, “Eavesdropping on Our Founding Fathers: How a
Return to the Republic's Core Democratic Values Can Help Us Resolve the Surveillance Crisis” 6 Harv.
Nat'l Sec. J. 16 Harv. Nat'l Sec. J. 1, lexis)
That prediction also came to pass. In 2005, the New York Times revealed the Bush Administration's
Terrorist Surveillance Program (TSP) that authorized warrantless surveillance on a massive scale that
clearly violated the dictates of FISA and the Patriot Act. Initially, the Bush Administration argued that the
program was legal, citing the 9/11 attacks and national security emergencies. Ultimately, a simpler path
was taken: the Administration went to and received ex post facto approval from the FISA court. n189 A
moment of accountability--the Bush Administration's acknowledgement that it had engaged in illegal
surveillance--was side-stepped by simply seeking the approval of the court charged with monitoring the
illegal activity, thereby making the Executive Branch unaccountable yet again. n190
The structure of the FISA court--shrouded in secrecy and devoid of any opposition to the government's
position--also took its toll on the accountability of the Executive Branch to the Congress, a consequence
that also had been roundly predicted during the FISA debates. Senators Abourezk, Hart, and Mathias
candidly acknowledged throughout the debates over S. 3197, "In depth congressional oversight is a
crucial element of the safeguards which justify embarking on the [FISA] legislative scheme." n191
Representative Ertel hoped that [*47] FISA's congressional reporting requirements would serve that
end. n192
Secrecy makes meaningful ex post review impossible
Setty, 15 - Professor of Law and Associate Dean for Faculty Development & Intellectual Life, Western
New England University School of Law (Sudha, “Surveillance, Secrecy, and the Search for Meaningful
Accountability” 51 Stan. J Int'l L. 69, Winter, lexis)
The extent of congressional knowledge regarding the NSA Metadata Program is not fully known to the
public and has been the subject of significant debate. Nonetheless, even assuming that Congress was
sufficiently informed as to the potential reach of the PATRIOT Act with regard to surveillance n59 and,
therefore, that the statutory authority for the bulk data collection and storage was sound, the ability of
Congress to effect significant and meaningful ex post oversight appears to be severely limited .
Historically, congressional hearings and investigations have been a powerful tool to rein in executive
branch overreaching. n60 However, it seems that the extreme secrecy surrounding the NSA surveillance
programs undermined the efficacy of these oversight powers, to the point that they may have been
reduced to an ersatz form of accountability. One prominent example stems from a Senate oversight
hearing on March 12, 2013, in which Senator Ron Wyden specifically asked Director of National
Intelligence James Clapper if the NSA was systematically gathering information on the communications
of millions of Americans. n61 Clapper denied this, yet subsequent revelations confirmed that the broad
scope of the data collection included metadata for telephonic communications, as well as content data
for emails, texts, and other such writings. n62 After public discussion of the discrepancy in his testimony,
Clapper commented that he gave the "least most untruthful" answer possible under the circumstances.
n63 Senator Wyden expressed disappointment and frustration that even while under oath at an
oversight hearing, Clapper misled the Senate. n64
The ability for congressional oversight is further hampered by a general lack of access to information
about the details of the NSA Metadata Program n65 and [*82] lack of ability to discuss publicly
whatever knowledge is shared with Congress. n66 In fact, it remains unclear whether senators, including
Dianne Feinstein, Chair of the Senate Intelligence Committee, knew of the lapses in NSA procedure until
after such information was leaked to news sources. n67 Further revelations indicate that administration
statements made to Congress even after the Snowden disclosures were not entirely accurate. n68 These
examples are not determinative, but taken together, they raise significant doubt to the extent of
accurate information regarding surveillance programs being made available to congressional oversight
committees, and whether the oversight committees can function as effective accountability measures
n69 without the benefit of illegally leaked information such as the Snowden disclosures.
FISC review only has a weak effect on executive deterrence
Setty, 15 - Professor of Law and Associate Dean for Faculty Development & Intellectual Life, Western
New England University School of Law (Sudha, “Surveillance, Secrecy, and the Search for Meaningful
Accountability” 51 Stan. J Int'l L. 69, Winter, lexis)
The FISC differs from Article III courts in numerous ways: Its statutory scope is limited to matters of
foreign intelligence gathering; its judges are appointed in the sole discretion of the Chief Justice of the
United States Supreme Court; its proceedings are secret; its opinions are often secret or are published in
heavily [*83] redacted form; and its process is not adversarial as only government lawyers make
arguments defending the legality of the surveillance being contemplated. n70 Many of these differences
bring into doubt the legitimacy of the court, its ability to afford adequate due process regarding civil
liberties concerns, and its ability to uphold the rule of law in terms of government accountability.
Compounding this legitimacy deficit is the FISC's own loosening of the relevance standard under
Section 215 of the PATRIOT Act such that the FISC has found that bulk data collection without any
particularized threat or connection to terrorism is legally permissible. n71
Historically, the FISC has rejected NSA surveillance applications too infrequently to be considered a
substantial check on government overreach as an ex ante matter. n72 As an ex post matter, it is unclear
to what extent the FISC's work guarantees any meaningful accountability over NSA surveillance
activities. On the one hand, because the FISC lacks an adversarial process and has no independent
investigatory authority, the FISC only addresses ex post compliance problems when the government
itself brings the problem to the court's attention. n73 As such, FISC judges rely on the statements of the
government as to the government's own behavior and lack the authority to investigate the veracity of
the government's representations. n74 For example, in 2011, the FISC found one aspect of the
surveillance program - brought to its attention months after the program went into effect n75 - to be
unconstitutional. n76 Additionally, in one declassified opinion, the FISC critiques the NSA's sloppy over-
collection of metadata of U.S. communications, and questions the efficacy of bulk data collection as a
national security measure. n77 At one point, the FISC sanctioned the NSA for overreaching in [*84]
saving all metadata and running daily metadata against an "alert list" of approximately 17,800 phone
numbers, only 10% of which had met FISC's legal standard for reasonable suspicion. n78 On such
occasions, the administration has modified problematic aspects of the surveillance and continued
forward without further impediment by the FISC. n79
On the other hand, the fact that the NSA itself has brought potential compliance incidents to the notice
of the FISC n80 indicates at least some internal policing of these programs. However, this is hardly an
effective substitute for external review and accountability mechanisms that would ensure that
consistent controls are in place. Further, the self-reporting of these compliance incidents does not in any
way allow for discourse over the larger structural questions surrounding the surveillance programs.
Finally, the ability of the FISC to act as an effective check on NSA overreaching is severely limited by the
secrecy and lack of information available to the FISC judges. Judge Reggie B. Walton, formerly the Chief
Judge of the FISC, lamented that "the FISC is forced to rely upon the accuracy of the information that is
provided to the Court ... . The FISC does not have the capacity to investigate issues of noncompliance ...
." n81 The ability of the NSA to not only gather and retain bulk metadata, but also to build in backdoor
access into data files despite private encryption efforts has been largely sanctioned by the FISC based on
NSA representations as to the seriousness of the security threats posed to the nation. n82 In an
environment in which there is a tremendous fear of being held responsible for any future terrorist
attack that might occur on U.S. soil, n83 and in which there is a [*85] information deficit for those
outside of the intelligence community, the FISC has consistently deferred to the NSA's assertions and
has not been able to act as an effective accountability mechanism.
Ex post fails – hindsight bias and secrecy
Morgan, 8 - Law Clerk to the Honorable Samuel H. Mays, Jr., United States District Court for the Western
District of Tennessee. J.D., 2007, New York University School of Law (Alexander, “A BROADENED VIEW
OF PRIVACY AS A CHECK AGAINST GOVERNMENT ACCESS TO E-MAIL IN THE UNITED STATES AND THE
UNITED KINGDOM” 40 N.Y.U. J. Int'l L. & Pol. 803, Spring, lexis)
Ex post judicial review is compromised by hindsight bias. n192 Strict reliance on ex post approaches
presupposes that judges charged with determining the sufficiency of original [*836] search
justifications are capable of ignoring potentially inculpatory evidence since uncovered. As with the
notion of a disinterested Home Secretary, this appears at odds with human nature. n193
The delay or outright denial of notice to search targets minimizes the efficacy of judicial review. Without
notice, "the majority of interferences with privacy will be undetected," and most will only learn that
they were surveillance targets if criminal charges follow. n194 By implication, the true extent of
surveillance (and any abuse) remains unknown. n195 Untimely notice also compromises the value of
judicial review because the court will be privy to the fruits of a search already conducted and thus
susceptible to hindsight bias. In the United Kingdom, the Home Secretary never gives notification, n196
and delayed notice is fast growing in the United States through the use of "sneak and peek" warrants.
n197 Gauging the scope of surveillance in the United Kingdom is further frustrated by non-responsive
Tribunal decisions which "simply state whether the determination is favourable ... thus, not necessarily
revealing [if] there has been any interception or its details." n198
[*837] Independent monitors such as the Interception of Communications Commissioner are prone to
hindsight bias and also suffer from distinct shortcomings due to their generalized function. Their general
charge allows them to uncover and address (through recommendations to Parliament) systemic defects
more easily, unlike courts, which are limited to case-by-case review. The converse is that monitors lack
authority to remedy any specific abuses they uncover. n199 Above all, commentators characterize
monitors as helpless because there are too many authorizations to oversee, such that "not all
authorisations are subject to scrutiny; only those selected at random." n200 In sum, the government's
power to withhold notice precludes targets from seeking judicial review, and the result is that many
authorizations are never held "to any form of independent scrutiny." n201
AT: Exclude PPD-28
Section 702 is overbroad – can’t solve reputational costs without curtailing surveilance
Nojeim, 14 - Director, Project on Freedom, Security & Technology at the Center for Democracy &
Technology (Greg, “COMMENTS TO THE PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD REGARDING
REFORMS TO SURVEILLANCE CONDUCTED PURSUANT TO SECTION 702 OF FISA” 4/11)
Section 702 permits the government to compel communications service providers to assist with
intelligence surveillance that targets non-U.S. persons (persons other than U.S. citizens and lawful
permanent residents) reasonably believed to be abroad. Though it is defended as a necessary
counterterrorism and national security power, Section 702 broadly authorizes collection, retention, and
use of communications content unnecessary for national security and unrelated to counterterrorism.
The overbroad use of Section 702 infringes upon the privacy rights of both U.S. persons, and of non-U.S.
persons abroad, has already caused some damage to the American tech industry globally, and could
cause much more.3
Section 702 monitors any foreign target regardless of national security interest –
creates an enormous perception of abuse
Nojeim, 14 - Director, Project on Freedom, Security & Technology at the Center for Democracy &
Technology (Greg, “COMMENTS TO THE PRIVACY AND CIVIL LIBERTIES OVERSIGHT BOARD REGARDING
REFORMS TO SURVEILLANCE CONDUCTED PURSUANT TO SECTION 702 OF FISA” 4/11)
The FISA provisions that govern intelligence surveillance of targets in the U.S. permit the government to
engage in electronic surveillance to collect “foreign intelligence information.” For purposes of
surveillance that targets a non-U.S. person, it is defined broadly as: (1) information that relates to the
ability of the U.S. to protect against a hostile attack, espionage, sabotage or international terrorism or
proliferation of weapons of mass destruction; or (2) information with respect to a foreign territory or
foreign power (a foreign government, political party, or entity controlled by a foreign government, or a
foreign terrorist organization) that relates to the security of the U.S. or to the conduct of U.S. foreign
affairs.4 When the government applies to the Foreign Intelligence Surveillance Court (FISC) for
permission to conduct surveillance of targets in the U.S., it must certify that a significant purpose of the
surveillance it will conduct is to collect foreign intelligence information.5
Because “foreign intelligence information” is defined so broadly, and because the FISC never actually
rules on whether the significant purpose test is met, the purpose limitation that governs FISA
surveillance of targets in the U.S. is easily met. FISA surveillance in the U.S. is instead effectively
constrained by an additional requirement: the requirement that the government prove to the FISC that
there is probable cause to believe the target of surveillance is a terrorist, spy, or other agent of a foreign
power. Thus, Congress effectively constrained FISA surveillance of targets in the U.S. by permitting that
surveillance to target only a narrow class of persons and entities.
For surveillance of people reasonably believed to be outside the U.S., Section 702 adopts the broad
purpose requirement, but couples it with a broad class of surveillance targets. Section 702 is not
constrained by the requirement that the target be an agent of a foreign power. Instead, the target need
only be a non-U.S. person reasonably believed to be abroad. Effectively, Congress borrowed the broad
purpose for FISA intelligence surveillance (collect “foreign intelligence information”) and applied it to
surveillance abroad without limiting the class of potential targets to “agents of a foreign power.”
This has prompted concern globally that surveillance under Section 702 is broadly directed at individuals
not suspected of wrongdoing, and could include targeting based at least in part on political activities. A
peaceful protest at a U.S. base in Germany or a demonstration against rising food prices in India “relate
to” U.S. foreign policy; non-U.S. persons involved in those protests could be monitored under Section
702. A 2012 cloud computing report to the European Parliament included a finding that under Section
702, it is lawful in the U.S. to conduct purely political surveillance on non-U.S. persons’ data stored by
U.S. cloud companies.6 Such actions raise serious human rights concerns. Further, fear of the mere
possibly that this overbroad surveillance is occurring has significantly damaged the U.S. tech industry
abroad.