NSA PRISM Scandal: Should We Be Asking About Principles, Or Efficiency?

Impact

Recently revealed NSA programs that record telephone call metadata and intercept emails and other internet communications raise important questions regarding privacy and the Fourth Amendment. Should we consider this a violation of privacy on principle, or should we treat it in terms of costs and benefits? Can the government be trusted with this kind of information? Are these programs necessary to keep us safe (and if something like them is, what are the alternatives)?

Another facet of these revelations, though, is the fact that the companies involved are likely immune to prosecution. This is because the FISA Amendments Act of 2008, challenged and upheld by the courts, granted the executive branch the power to give telecom companies immunity in exchange for cooperating with intelligence agencies.

It all began back in 2005, when the New York Times revealed that the NSA was secretly conducting widespread wiretapping without any kind of warrant from a court. Shortly thereafter, a number of telecom customers sued their providers for privacy violations, saying that by granting the wiretaps, they had violated the law. In what amounted to a tacit acknowledgment that the law had, in fact, been violated, Congress passed the FISA Amendments Act of 2008. This granted retroactive immunity to these telecoms for cooperating with the government. That law was challenged back in 2011 in Hepting vs. AT&T, where the plaintiffs argued that Congress was overstepping its authority by effectively deciding cases and denying the plaintiffs of the right to sue. This argument was eventually rejected by the Ninth Circuit court of appeals (and the Supreme Court refused to review it last year).

So we probably can’t sue Verizon and Google for violating our privacy — heck, we sacrifice plenty of privacy voluntarily by signing Google’s terms of service — but aside from the legal question, what is the policy question? In other words, is this a question of principle, or is it more of a practical cost/benefit question? Many in the media (on both sides of the issue) seem to think it’s the former, and they mostly take a pretty strong stance against it. Some in the national security establishment seem to think that it’s no big deal, and no different (again, in principle) from other U.S. surveillance programs or similar programs in other countries.

But being something of a policy nerd, I’m inclined to also consider the practical side. How effective is the program? How many terrorist plots have been disrupted, and how many incidents of abuse have there been? And importantly, what are we willing to accept as the trade-off? Can the thousands of government employees (and contractors) that have access to this data be trusted with it?

Granting the telecoms immunity raises a more special philosophical question, though: Should we rely on these companies to safeguard our privacy using their own legal resources, or should we instead demand accountability from our government? For all the hackles raised about the retroactive immunity granted by Congress … it was granted by Congress. Elected by many of the same people who are the furious customers of telecom companies. For those who feel their privacy has been violated, it’s important to consider carefully: Is the enemy is truly the telecom companies, or is it us?