NSA Mass Surveillance Programs

Unnecessary and Disproportionate

David Greene, EFF Senior Staf Attorney
Katita !odrigue, EFF "nternational !ig#ts Director
This document was produced by the Electronic Frontier Foundation (EFF), an
international non-governmental organization with nearly 30,000 members worldwide
rom over !00 countries, dedicated to the protection o everyone"s right to privacy,
reedom o e#pression, and association$ Founded in !%%0, EFF engages in strategic
litigation, policy, and advocacy in the &nited 'tates and wor(s in a range o international
and national policy venues to promote balanced laws that protect human rights, oster
innovation, and empower consumers$ EFF is based in 'an Francisco and was one o the
(ey civil society groups involved in the drating o the )ecessary and *roportionate
+uiding *rinciples$
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &
Table of Contents
Foreword$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 3
E#ecutive 'ummary$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ,
- .rie 'urvey o /ngoing )'- 'urveillance -ctivities$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0
/rigins o the 1urrent *rograms$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0
2nown /ngoing 3ass 'urveillance -ctivities$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 4
F5'- 'ection 607 (00 &$'$1$ sec$ !88!a)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 4
9&pstream:$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 6
*;5'3$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 6
&'- *-T;5/T -ct 'ection 7!0$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 6
1-<< =ET-5< ;E1/;=' 1/<<E1T5/)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 8
E#ecutive /rder (E/) !7333$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 8
3>'T51$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %
3&'1&<-;$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %
?2E>'1/;E$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %
.&<<;&)$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ %
=5'@F5;E$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0
1/-T;-AE<E;$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0
&' <egal 1hallenges to )'- 'urveillance$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0
1hallenges to 9&pstream: 5nternet 'urveillance$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0
1hallenges to 'ection 7!0 Telephone 1all =etail ;ecords 1ollection$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$!!
-pplication o the *rinciples to &' 'urveillance$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !7
=eBinitions$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !7
93etadata:C:1ontent: =istinction$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !7
.ul( and *ersistent 'urveillance$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !,
91ollection: D 9'urveillance: D 5ntererence with *rivacy$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$!0
-pplying the *rinciples$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0
The <egality *rinciple$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !0
)ecessity and *roportionality in *ursuit o a <egitimate -im$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$!4
1ompetent Eudicial -uthority$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !6
=ue *rocess$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !8
&ser )otiBication$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !%
Transparency and *ublic /versight$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ !%
5ntegrity o 1ommunications and 'ystems$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 7!
E#traterritorial -pplication o @uman ;ights <aw$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 7!
EFual *rivacy *rotection For Everyone$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 73
1onclusion$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 73
ELECTRONIC FRONTIER FOUNDATION EFF$%!G '
Foreword
The ocus o this paper is to show how the publicly-(nown )ational 'ecurity -gency
()'-) surveillance operations constitute a violation o human rights as deBined by
international human rights norms$ EFF supports the concluding recommendation o the
70!, @uman ;ights 1ommittee
!
on the &nited 'tates" compliance with the 5nternational
1ovenant on 1ivil and *olitical ;ights (511*;), which calls upon the &nited 'tates to ta(e
measures to ensure that any intererence with the right to privacy comply with the
principles o legality, proportionality, and necessity regardless o the nationality or
location o individuals whose communications are under direct surveillance$
7
Ge have used the 5nternational *rinciples on the -pplication o @uman ;ights to
1ommunications 'urveillance (the 9)ecessary and *roportionate *rinciples: or
9Thirteen *rinciples:)
3
as a guiding ramewor( to e#plain how the &nited 'tates is
currently ailing to implement those e#isting human rights protections$ The *rinciples
have been endorsed by ,00 organizationsH they have also gathered support rom
European and 1anadian *arliamentarians, political parties in several 'tates,
,
and various
prominent domain e#perts$
0
The *rinciples were developed to apply e#isting human
rights law to the issues arising rom the technically sophisticated and pervasive digital
surveillance o ordinary individuals$ This is, o course, most relevant to the
communications surveillance
6
being conducted by the )'- and +1@I$ .ut similarly
intrusive practices are also achievable, and are li(ely currently practiced, by many 'tates$
EFF believes that, in order to restore the strong protections provided or by international
human rights law, we do not need a new human rights ramewor($ 5nstead, we need to
interpret and apply e#isting human rights protections appropriately in light o new
technological developments and changing patterns o communications, and do so with an
! The @uman ;ights 1ommittee is the treaty body that monitors 'tate implementation o the 511*;, the main human rights treaty$
7 The @uman ;ights 1ommitteeJs 1oncluding /bservations during its !!0
th
session$
httpKCCtbinternet$ohchr$orgCLlayoutsCtreatybodye#ternalC'ession=etails!$asp#M'ession5=D470N<angDen
3 95nternational *rinciples on the -pplication o @uman ;ights to 1ommunications 'urveillance$: -vailable in over thirty languages$ Euly
!0, 70!3$ httpsKCCnecessaryandproportionate$orgCte#t
, httpsKCCnecessaryandproportionate$orgCte#tOelectedLoBicialsLpoliticalLparties
0 httpsKCCnecessaryandproportionate$orgCte#tOe#perts
4 -ccording to the *rinciples, 91ommunications surveillanceP in the modern environment encompasses the monitoring, interception,
collection, analysis, use, preservation and retention o, intererence with, or access to inormation that includes, reBlects, arises rom or
is about a person"s communications in the past, present, or uture$ P1ommunicationsP include activities, interactions, and transactions
transmitted through electronic media, such as content o communications, the identity o the parties to the communications, location-
trac(ing inormation including 5* addresses, the time and duration o communications, and identiBiers o communication eFuipment
used in communications$
ELECTRONIC FRONTIER FOUNDATION EFF$%!G (
intention to protect human rights$ -s with all human rights protections, we need to
implement these steps in domestic laws to ensure everyone"s right o privacy remains
legally protected in the digital age$
Executive Suar!
-s set orth below, the &' mass communications surveillance programs, as conducted by
the )'- and e#posed by Edward 'nowden and other whistleblowers, violate several o
the )ecessary and *roportionate *rinciplesK
Q The )'- surveillance lac(s 9legality: in that )'- surveillance laws are largely
governed by a body o secret law developed by a secret court, the Foreign 5ntelligence
'urveillance 1ourt (F5'1), which selectively publishes its legal interpretations o the
lawH
Q The )'- surveillance programs are neither 9necessary,: nor 9proportionate,: in that
the various programs in which communications data are obtained in bul( violate the
privacy rights o millions o persons who are not suspected o having any connection
to international terrorismH
Q The )'- surveillance programs are not supported by competent judicial authority
because the only Rudicial approval, i any, comes rom the secret Foreign 5ntelligence
'urveillance 1ourt, and access to courts is largely denied to the individuals whose
data are collectedH
Q The )'- surveillance programs lac( due process because there is reFuently no
opportunity or a public hearingH
Q The )'- surveillance programs lac( user notificationH those whose data is obtained
do not (now that their communications have been monitored and thereore cannot
appeal the decision nor acFuire legal representation to deend themselvesH
Q The )'- surveillance programs operate in secret and thus rely on gag orders against
the entities rom whom the data is obtained$ The secret court proceedings, i there
are any, lac( necessary transparency and public oversightH
Q The )'- surveillance programs damage the integrity of communication systems
by undermining security systems (such as encryption), reFuiring the insertion o
surveillance bac( doors in communications technologies, including the installation o
Biber optic splitters in transmission hubsH and
Q The &' surveillance ramewor( is illegitimate because it applies less avorable
standards to non-&' persons than its own citizensH this discrimination places it in
violation o the 5nternational 1ovenant on 1ivil and *olitical ;ights (511*;) as well$
3oreover, the &nited 'tates RustiBies the lawulness o its communications surveillance by
reerence to distinctions that, considering modern communications technology, are
ELECTRONIC FRONTIER FOUNDATION EFF$%!G )
solely semantic rather than substantive$ The &' relies on the outmoded distinction
between 9content: and 9metadata,: alsely contending that the latter does not reveal
private acts about an individual$ The &' also contends that the collection o data is not
surveillanceSit argues, contrary to both international law and the )ecessary and
*roportionate *rinciples, that an individual"s privacy rights are not inringed as long as
her communications data are not analyzed by a human being$
A "rief Surve! of On#oin# NSA Surveillance
Activities
)'- surveillance ta(es place in a ramewor( o massive secrecy$ 5t is easy to view those
programs and activities,whose e#istence has been revealed in the press over the course
o the past year, as the primary or representative activities o the intelligence agencies$
-nd, indeed, much political commentary has ocused on the most widely-documented o
the programs, such as the collection o telephone calling records rom &' carriers$ .ut
the ull e#tent o these programs, and the percentage o total &' governmental
surveillance they comprise, remains un(nown$ The operations described in this paper,
then, represent only a very small selection o the overall pervasive surveillance activities
carried out by )'- and other intelligence agenciesSand even that view is limited in
terms o the details it conveys regarding the scope and content o each such operation$
'ome operations, or e#ample, may actually be sotware analysis tools or perorming
particular (inds o searches or analysis over data that has already been acFuired by some
other means$ 5n this scenario, 9surveillance programs: may not always involve gathering
any new data or obtaining any new access to devices, networ(s, or signalsH they might
Rust involve interpreting data that )'- or other intelligence agencies already have access
to or already have in their databases, and drawing new inerences rom those records or
combining them to reach new conclusions$
6
This scenario ma(es clear that a core privacy intererence occurs when 'tates Birst
acFuire, monitor, andCor collect inormation about people, even i the purpose o such
collection was highly general and did not contemplate speciBic intrusions$
Ori#ins of t$e Current %ro#ras
Following the terrorist attac(s against the &' on 'eptember !!, 700!, *resident +eorge
G$ .ush empowered the )'- and other components o the &' intelligence community to
conduct wide-ranging surveillance without court orders or oversight$ The surveillance
was collectively called the *resident"s 'urveillance *rogram (*'*)$ The *'* remained a
secret until 7000 when the e#istence o small parts o it were revealed by newspaper
6 - great deal o inormation about people, places, devices, and electronic communications seems to lac( privacy sensitivity when ta(en
in isolation, but when combined with other data may turn out to be e#tremely signiBicant and sensitive$ For instance, an individual
telephone call ta(es on a new signiBicance when we learn that the called party was a specialist medical clinic or a hotline or particular
medical, psychiatric, abuse, or Binancial problems$ 5ndividual records o logins to an 5nternet service ta(e on new signiBicance when
multiple users" records are read together to iner that those users did or did not spend the night in the same place$
ELECTRONIC FRONTIER FOUNDATION EFF$%!G *
reports$
8
.etween 700, and 7006, the &' government moved many o the *'* proRects
under the authority o the Foreign 5ntelligence 'urveillance 1ourt, via various legal
interpretations, and this continued with the passage o the F5'- -mendments -ct in
7008$ This, or the Birst time, e#posed those actions to any level o Rudicial review$
%
@owever, some o the current surveillance activities continue to operate without Rudicial
authorization$ -s discussed below, activities aimed at non-&' communications can
operate under the purported authority o E#ecutive /rder !7333 and are styled as
e#ecutive acts not subRected to Rudicial approval or review$ 5t is also not clear which o
these programs were in operation prior to the 'eptember !! attac(s$ -ttempts to use
technical means to gain access to massive amounts o private communications data are
not new$ 5t is (nown that the )'- conducted some orm o broad surveillance prior to
the attac(s, or e#ample, through the E1@E</) program$
!0
&nown On#oin# 'ass Surveillance Activities
The )'- is (nown to engage in the ollowing orms o mass surveillance o
communications, organized according to the purported legal authority or each program$
5n addition to raising human rights concerns or &' persons, an overarching issue,
especially or the international community, is that or each program noted below, the &'
government ta(es the position that any protections against surveillance, such as the
9minimization: steps ta(en ater the collection, are aimed at protecting the rights o &'
persons only, whose inormation may be collected as a by-product o the collection o
inormation rom non-&' persons$ @istorically, the &nited 'tates has asserted no legal
protection or the privacy rights o non-&' persons outside o the &nited 'tates and has
not recognized any normative limits on the &' governmentJs ability to monitor these
communications to any e#tent and or any reasons and this position should be soundly
reRected$
FISA Section ()* +,) U-S-C- sec- .//.a0
'ection 607 was added to the F5'- by the F5'- -mendments -ct in 7008$ The &' has
asserted that 'ection 607 authorizes the collection o communications o 9non-&'
persons: inside the &nited 'tates or oreign intelligence purposes, and that it, in its
8 Following these disclosures, the administration o *resident +eorge G$ .ush ac(nowledged the e#istence o some o these disclosed
*'* activities, collectively labeling them the 9Terrorist 'urveillance *rogram: or T'*$ .ut the term T'* appears to have no operational
deBinition or signiBicance$
% The Foreign 5ntelligence 'urveillance -ct o !%68 put into place procedures or the surveillance o oreign intelligence inormation$
-mong those procedures was the creation o the Foreign 5ntelligence 'urveillance 1ourt (F5'1)$ The F5'1 was created to provide some
level o Rudicial oversight o speciBic instances o surveillance when conducted inside the &', through approval o individual warrants$
-lthough the F5'1 is staed by ederal Rudges, it operates very dierently rom a ederal district court$ The proceedings o the F5'1 are
secret and non-adversarial$ The F5'1 has ound that it has no obligation to publish its opinions, although it does e#ercise its discretion
to publish its opinions when it so desires$ 5n 7008, 1ongress passed the F5'- -mendments -ct, which greatly e#panded the charge o
the F5'1, including granting it the ability to approve general procedures or surveillance, rather than merely approving a speciBic
investigation or individual warrant$
!0 European *arliamentK Temporary 1ommittee on the E1@E</) 5nterception 'ystemS;apporteur +erhard 'chmid$ 9/n the e#istence o
a global system or the interception o private and commercial communications (E1@E</) interception system) (700!C70%8(5)5))$:
httpKCCwww$europarl$europa$euCsidesCget=oc$doMpub;eD-CCE*CC)/)'+3<T;E*/;TT-0-700!-
074,T0T=/1T*=FTA0CCE)NlanguageDE)$ !! Euly 700!$
ELECTRONIC FRONTIER FOUNDATION EFF$%!G +
eorts to collect the communications o non-&' persons, may incidentally collect the
communications o &' persons as well$ The )'- has also asserted that this mass
collection o &' and non-&' persons" communications data is consistent with 'ection 607
because it only 9targets: the materials pertaining to non-&' persons$ The &' government
considers a 9target: a 9non-&' person: i it is more li(ely than not that the person is not a
9&' person$: (- 9&' person: is deBined as a citizen o the &nited 'tates, an alien lawully
admitted or permanent residence, an unincorporated association with a substantial
number o members who are citizens or lawul aliens, or a corporation incorporated in
the &nited 'tates)$
The F5'1 must approve general targeting and minimization proceduresSor e#ample,
any search terms used to Fuery the collected dataSbut it does not review actual targets$
These minimization procedures are designed primarily to protect &' persons$ The F5'1
review is e# parte, that is, conducted without the presence o an adversary, and the
approved surveillance is never made public$ Eust recently, in response to concerns raised
by the 'upreme 1ourt, the government has begun selectively notiying individuals who
are acing criminal prosecution that inormation collected under the 607 program has
been used in investigating them$
!!
The ollowing operations are only a small subset o those publicly-(nown and operated
under the purported authority o 'ection 607K
Upstream
Q 9&pstream: operations involve the installation o Biber optic splitters at numerous
sites operated by private telecommunications companies throughout the &'$ The
splitter provides the )'- with a complete copy o all 5nternet traBic (including
communications content such as emails, search and browsing records, and Ao5*
communications) that passes through the installations$
PRISM
Q *;5'3 was launched in 7006 as a means o collecting stored 5nternet
communications dataSsuch as email, video and video chat, photos, A/5*, Bile
transers, and social networ(ing interactionsSon demand rom the servers o
5nternet companies such as +oogle, 3icrosot, -pple, and >ahooU$
USA %ATRIOT Act Section *.,
'ection 7!0, also (nown as the 9business records: provision, was enacted as part o the
&'- *-T;5/T -ct in 700!, and then amended in 7008 by the F5'- -mendments -ct$ The
law authorizes the F5'1 to issue orders permitting the F.5 to collect 9tangible things: that
are 9relevant to an authorized investigation,: as might be obtained via a grand Rury
!! 9&dall, Gyden, @einrich &rge 'olicitor +eneral to 'et ;ecord 'traight on 3isrepresentations to &$'$ 'upreme 1ourt in 1lapper v$
-mnesty$: httpKCCwww$wyden$senate$govCnewsCpress-releasesCudall-wyden-heinrich-urge-solicitor-general-to-set-record-straight-
on-misrepresentations-to-us-supreme-court-in-clapper-v-amnesty
ELECTRONIC FRONTIER FOUNDATION EFF$%!G ,
subpoena$ 'ection 7!0 orders cannot be directed at &' persons solely on the basis o
activities protected by the First -mendment$
The ollowing are a small subset o publicly-(nown programs operated under the
purported authority o 'ection 7!0K
CALL DETAIL RECORDS COLLECTION
Q The &' government, through the )'-, is collecting the call detail records rom certain
telephone service providers o every domestic and international telephone call made
to or rom their networ(s$ The data collected include the telephone numbers on each
end o the call, the time and length o the call, and the routing inormation$ 5t is
unclear whether speciBic location data is also collected under this program or under
some other program$ The content o the calls is not collected (which is why the &'
labels this data 9metadata:)$ The records are retained or Bive years$
Q The program is subRect to re-approval by the F5'1 every %0 days$ The database is
Fueried by way o 9selectors,: such as telephone numbers, or which there is a
9reasonable articulable suspicion: o a lin( to terrorism$ The database is Fueried to
identiy every call made to or rom the selector, and then as a second 9hop,: every call
made to or rom those numbers$ *rior to Eanuary 70!,, the analysis was carried out
to a third 9hop: as well$ 'everal hundred selectors have been used since the
beginning o the program that have resulted in the 9selection: and urther analysis o
an un(nown number o calls, but li(ely well into the millions$
Executive Order +EO0 .*111
Q E#ecutive /rder !7333 authorizes surveillance conducted primarily outside the
&nited 'tates, although there are indications that the government maintains that
some amount o &'-based surveillance can also occur under this authority$
!7

*resident ;onald ;eagan issued E/ !7333 in =ecember !%8! to e#tend the powers
and responsibilities o the various &' intelligence agencies that e#isted under
previous e#ecutive orders$ The organizational structure established by E/ !7333 was
revised by e#ecutive orders in 700, and 7008, the latter o which consolidated power
under the *resident"s =irector o )ational 5ntelligence$ The &' government asserts
that programs conducted under the authority o E/ !7333 do not reFuire Rudicial
approval or non-e#ecutive oversight o any type$
!3

The ollowing is a small subset o publicly-(nown activities operated under the
purported authority o E/ !7333K
!7 E#ecutive /rder (E/) !7333 was amended on Eanuary 73, 7003 by E#ecutive /rder !378,, on -ugust 76, 700, by E#ecutive /rder
!3300, and urther amended on Euly 30, 7008 by E#ecutive /rder !3,60$ The resulting te#t o E#ecutive /rder !7333, ollowing the
7008 amendment, is available here httpKCCwww$as$orgCirpCodocsCeoCeo-!7333-7008$pd
!3 httpKCCwww$washingtonpost$comCworldCnational-securityCnsa-collects-millions-o-e-mail-address-boo(s-
globallyC70!3C!0C!,C8e08b0be-3,%-!!e3-80c4-6e4dd8d77d8Lprint$html
ELECTRONIC FRONTIER FOUNDATION EFF$%!G -
MYSTIC
Q &nder this operation, the )'- has built a surveillance system capable o recording
9!00 percent: o a oreign country"s telephone calls, enabling the agency to rewind
and review conversations as long as a month ater they ta(e place,$
!,
3>'T51 has
been used against one nation, according recent lea(s, and may have been
subseFuently used in other countries $$
MUSCULAR
Q This operation, which began in 700%, inBiltrates lin(s between global data centers o
technology companies, such as +oogle and >ahooU, not on &' soil$ These two
companies responded to the revelation o 3&'1&<-; by encrypting those e#changes$
XKEYSCORE
Q ?2E>'1/;E appears to be the name o the sotware interace through which )'-
analysts search vast databases o inormationScollected under various other
operationsScontaining emails, online chats, and the browsing histories o millions o
individuals anywhere in the world$ The ?2E>'1/;E data has been shared with other
secret services including -ustraliaJs =eence 'ignals =irectorate and )ew VealandJs
+overnment 1ommunications 'ecurity .ureau$
BULLRUN
Q )ot in and o itsel a surveillance program, .&<<;&) is an operation by which the
)'- undermines the security tools relied upon by users, targets and non-targets, and
&' persons and non-&' persons ali(e$ The speciBic activities include dramatic and
unprecedented eorts to attac( security tools, includingK
Q 5nserting vulnerabilities into commercial encryption systems, 5T systems,
networ(s, and endpoint communications devices used by targetsH
Q -ctively engaging &' and oreign 5T industries to covertly inBluence andCor
overtly leverage their commercial productsJ designsH
Q 'haping the worldwide commercial cryptography mar(etplace to ma(e it more
vulnerable to the )'-"s surveillance capabilitiesH
Q 'ecretly inserting design changes in systems to ma(e them more vulnerable to
)'- surveillance, and
Q 5nBluencing policies, international standards, and speciBications or commercial
public (ey technologies$
!, +ellman, .arton and -sh(an 'oltani$ 9)'- surveillance program reaches Winto the past" to retrieve, replay phone calls$: 78 3arch 70!,$
httpKCCwww$washingtonpost$comCworldCnational-securityCnsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-
callsC70!,C03C!8C774d74,4-ade%-!!e3-a,%e-64adc%7!0!%Lstory$html
ELECTRONIC FRONTIER FOUNDATION EFF$%!G .
DISHFIRE
Q The =ishBire operation is the worldwide mass collection o records including location
data, contact retrievals, credit card details, missed call alerts, roaming alerts (which
indicate border crossings), electronic business cards, credit card payment
notiBications, travel itinerary alerts, meeting inormation, te#t messages, and more$
1ommunications rom &' phones were allegedly minimized, although not necessarily
purged, rom this database$ The messages and associated data rom non-&' persons
were retained and analyzed$
CO-TRAELER
Q &nder this operation, the &' collects location inormation rom global cell tower, Gi-
Fi, and +*' hubs$ This inormation is collected and analyzed over time, in part, in
order to determine the traveling companions o targets$

5n addition to these programs, the )'- also surveilled messaging conducted through
9lea(y: mobile applications, monitored the mobile phone communications o 30 world
leaders, and monitored, or e#ample, appro#imately 60 million phone calls per month
originating in France and 40 million per month originating in 'pain$ -lso, the )'-
collected Binancial recordsS!80 million in 70!!Srom 'G5FT, the networ( used by
worldwide Binancial institutions to securely transmit interban( messages and
transactions$
US Le#al C$allen#es to NSA Surveillance
The &' +overnment has asserted that its current communications spying operations are
ully in compliance with international law, primarily by claiming that its practices are
conducted according to domestic &' law$ @owever, there are several ongoing legal
challenges in &' courts to )'- surveillance, including several in which EFF serves as
counsel$
!0
These lawsuits challenge the programs as being both unconstitutionalSunder
the ,th -mendment, !st -mendment, and in some places the 0th -mendment o the
&nited 'tates 1onstitutionSand illegal under the statutes used to Rustiy them$
There have thus ar been no legal challenges in &' courts to any o the &' actions under
the purported authority o E/ !7333 and no challenges directly regarding the rights o
non-&' persons$
C$allen#es to 2U3strea4 Internet Surveillance
The ollowing lawsuits are challenges to the collection o 5nternet data through the
installation o Biber optic splitters at transmission hubsK
!0 EFF"s statements and positions here are not those o its clients in the litigations where EFF is counsel and nothing said here shall be
construed as a statement or admission by any o those plaintis$
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &/
Jewel v. NSA (an action by -TNT customers in a ederal court in 1aliornia)H
!4
Shubert v. Obama (a class action on behal o all -mericans against the )'-Js
domestic dragnet surveillance)H
1riminal prosecutionsK 'ection 607 surveillance is being challenged in several cases
in which the government has brought criminal charges, largely terrorism-related$ The
deendants, many o whom only recently received notice o their prosecution despite
being charged long ago, are mounting challenges to the evidence used against them
on the grounds that it was illegally and unconstitutionally collected and used$
C$allen#es to Section *., Tele3$one Call Detail Records
Collection
The ollowing lawsuits challenge the mass collection o telephone call detail records rom
&' personsK
First Unitarian Church of os An!eles v. NSA (an action by 77 organizations in a ederal
court in 1aliornia)H
!6
Jewel v. NSA (see above)H
ACU v. Cla""er (an action by the -1<& and its )ew >or( chapter in a ederal court in
)ew >or(H the trial Rudge dismissed the lawsuit, that dismissal is currently on
appeal)H
#layman v. United States (a class action in the ederal court in the =istrict o
1olumbiaH the trial Rudge ound the call detail records surveillance unconstitutional
on ,th -mendment groundsH that decision has been appealed)H
Smith v. Obama (an action by an individual Biled in a ederal court in 5daho)H
$aul v. Obama (a class action Biled in ederal court in the =istrict o 1olumbia)H
$ere% v. Cla""er (an action by two individuals Biled in a ederal court in Te#as)$
These lawsuits all address the legality o the program with respect to &' persons$ These
lawsuits do not raise the non-discrimination rights o non-&' persons under the 511*;
and European law, or the 5nter--merican system$
!4 Eewel vs$ )'-, httpsKCCwww$e$orgCcasesCRewel
!6 First &nitarian 1hurch o <os -ngeles v$ )'-, httpsKCCwww$e$orgCcasesCBirst-unitarian-church-los-angeles-v-nsa
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &&
A33lication of t$e %rinci3les to US
Surveillance
The &' surveillance programs plainly violate international human rights law, especially
when compared to the )ecessary and *roportionate *rinciplesH the gaps between &'
surveillance programs and the standards or human rights are readily apparent$
The )ecessary and *roportionate *rinciples are based upon the e#istence o a
undamental human rightSthe right to privacySas recognized under international
human rights law$
!8
The right to privacy is not only a undamental right in and o itsel, it
bolsters other undamental rights as wellSincluding reedom o e#pression, reedom o
inormation, and reedom o association$
!%
De5nitions
2'etadata464Content4 Distinction
The *rinciples deBine 9protected inormation: to include 9all inormation that includes,
reBlects, arises rom or is about a person"s communications and that is not readily
available and easily accessible to the general public$: The deBinition is aimed at protecting
both privacy and reedom o e#pression, which in many cases Blourishes only with
assurances that communications and associations can remain ree rom governmental
trac(ing$ The *rinciples recognize that individuals, who believe that the government is
gaining access to records containing inormation that reveals, or e#ample, to whom they
are spea(ing, when they are spea(ing, and or how long, especially over time, they are
spea(ing, will be less willing to communicate about sensitive or political topics$
5n doing so, the *rinciples e#pressly recognize that the old distinctions between content
and 9non-content: or 9metadata: are 9no longer appropriate or measuring the degree o
intrusion that communications surveillance ma(es into individuals" private lives and
associations$: 5ndeed, 9metadata: is inormation-richH this inormation may reveal a
person"s identity, behavior, political and social associations, medical conditions, race, or
se#ual orientation$ The inormation may enable the mapping o an individual"s
movements and interactions over time, revealing whether the individual was present at a
!8 &niversal =eclaration o @uman ;ights -rticle !7, &nited )ations 1onvention on 3igrant Gor(ers -rticle !,, &) 1onvention o the
*rotection o the 1hild -rticle !4, 5nternational 1ovenant on 1ivil and *olitical ;ights, 5nternational 1ovenant on 1ivil and *olitical
;ights -rticle !6H regional conventions including -rticle !0 o the -rican 1harter on the ;ights and Gelare o the 1hild, -rticle !! o
the -merican 1onvention on @uman ;ights, -rticle , o the -rican &nion *rinciples on Freedom o E#pression, -rticle 0 o the
-merican =eclaration o the ;ights and =uties o 3an, -rticle 7! o the -rab 1harter on @uman ;ights, and -rticle 8 o the European
1onvention or the *rotection o @uman ;ights and Fundamental FreedomsH Eohannesburg *rinciples on )ational 'ecurity, Free
E#pression and -ccess to 5normation, 1amden *rinciples on Freedom o E#pression and EFuality$
!% The reedom o association and reedom o speech are inherently lin(ed$ The reedom o association recognizes that individuals may
have a stronger and more inBluential voice in public discussions by Roining with other li(e-minded persons and advocating as a group$
The right to privacy bolsters this right by allowing such groups to orm and communicate while permitting the individual associates to
remain anonymous$ This ability to remain anonymous is especially important where the group"s views are unpopular, dissenting, or
involve deeply personal private inormationSsituations in which one might choose not to spea( at all i the act o her association with
the group were to become (nown$
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &'
political demonstration, or e#ample$ .ecause o this, the *resident"s ;eview +roup cited
the *rinciples in noting that the distinction between content and non-content was
increasingly untenable$
70
&seul e#planations about how using metadata can reveal intimate and private
inormation about people are contained in a declarationSBiled by *rinceton proessor,
Edward FeltenSin support o one o the lawsuits challenging the telephone records
collection and recent research by a team rom 'tanord &niversity, which notes how
intimate details o a persons" lie can be discerned rom a relatively small amount o
metadata$
7!
The *rinciples also instruct that 9XwYhen adopting a new communications surveillance
techniFue or e#panding the scope o an e#isting techniFue, the 'tate should ascertain
whether the inormation li(ely to be procured alls within the ambit o Wprotected
inormation" beore see(ing it, and should submit to the scrutiny o the Rudiciary or other
democratic oversight mechanism$:
The &', particularly in Rustiying the 'ection 7!0 mass collection o call detail records,
has relied on this distinction between 9content: and 9metadata,: citing 'upreme 1ourt
authority rom over ,0 years ago.
&&
The &' has argued that there are no privacy interests
in non-content inormation protected by the ,th -mendment$ This position is
inconsistent with the *rinciples and inconsistent with the need to protect privacy and
reedom o e#pression in the digital age$
Metadata Matters
5* addresses collected by a web service can reveal whether two people spent the night in the
same place$
This is because an 5* address at a particular point in time will usually be uniFue to a
single residence$
5 two people both logged in to services rom the same 5* address late at night and
early in the morning, they probably spent the night together in the place distinguished
by that 5* address$
'tanord researchers ound (e#perimentally) that inormation about who people call can be
used to iner e#traordinarily sensitive acts about them, including the act that they sought and
received treatment or particular a medical condition, that they had an abortion, or that they
purchased Birearms, among other things$
73
70 9<iberty and 'ecurity in a 1hanging GorldH ;eport and ;ecommendations o The *resident"s ;eview +roup on 5ntelligence and
1ommunications Technologies$: !7 =ec$ 70!3$ httpKCCwww$whitehouse$govCsitesCdeaultCBilesCdocsC70!3-!7-!7LrgLBinalLreport$pd
7! Felton, Edward G$ 91ase !K!3-cv-03%%,-G@* =ocument 76,: Biled -ugust 74, 70!3$
httpsKCCwww$documentcloud$orgCdocumentsC68!,84-declaration-elten$html
77 'mith v$ 3aryland' ,,7 &$'$ 630 (!%6%)$ httpKCCcaselaw$lp$Bindlaw$comCscriptsCgetcase$plMcourtD&'NinvolD630NvolD,,7
73 3ayer, Eonathan and *atric( 3utchler$ 93eta*honeK The 'ensitivity o Telephone 3etadata$: !7 3arch 70!,$
httpKCCwebpolicy$orgC70!,C03C!7Cmetaphone-the-sensitivity-o-telephone-metadataC
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &(
;etail stores now have the ability to trac( individualsJ physical whereabouts by observing data
pac(ets transmitted rom smartphones and other mobile devices$
They can recognize when people return to a store (and how oten), see which part o
the store visitors spend their time in, and Bigure out how long people wait in lines$
'ome entities are in a position to associate this inormation with a personJs name
because the entities observe mobile device identiBiers together with other identiying
inormation$
<aw enorcement and intelligence agencies are using technology to trac( individualsJ
whereaboutsSon a massive scale, twenty-our hours a daySwhether by directly observing the
signals transmitted rom phones or by demanding that mobile carriers turn over inormation
about usersJ locations$
5normation about where people go reveals sensitive religious, medical, se#ual, and
political inormation about them, including the (inds o medical specialists, religious
services, or political meetings a person meets with or attends$
5normation about the pro#imity or lac( o pro#imity o multiple people to one another
can reveal individuals who attended a protest, the beginning or end o a romantic
relationship, or a personJs marital inBidelity$
5normation rom telephone companies has been repeatedly sought and used to
identiy the sources who gave inormation to Rournalists$
First <oo( 3ediaJs publication, (he )nterce"t, reported that the &nited 'tates is using
telecommunications metadata as a means o targeting lethal drone stri(es aimed at the cellular
phones o individual people, recognized by wireless signals that they transmit$
5n the &(raine, cell tower dumps were used to determine who had participated in the 3aidan
protests against the previous regime, and then to let them (now that the government was
watching$
The ability to automatically get a complete list o who attended a protest is an
e#tremely serious threat to the reedom o e#pression and association i people believe
that there is a potential or uture bac(lash (or violenceU) rom being identiBied as a
participant$
"ul7 and %ersistent Surveillance
-ccording to the *rinciples, in determining whether surveillance will sweep up
9protected inormation,: the orm, scope, and duration o the surveillance must be
consideredK 9.ecause pervasive or systematic monitoring has the capacity to reveal
private inormation ar in e#cess o its constituent parts, it can elevate surveillance o
non-protected inormation to a level o invasiveness that demands strong protection$:
7,
7, P3oreover, public inormation can all within the scope o private lie where it is systematically collected and stored in Biles held by the
authorities$ That is all the truer where such inormation concerns a personJs distant pastZ5n the 1ourtJs opinion, such inormation,
when systematically collected and stored in a Bile held by agents o the 'tate, alls within the scope o Jprivate lieJ or the purposes o
-rticle 8(!) o the 1onvention$P (;otaru v$ ;omania, X7000Y E1@; 783,!C%0, paras$ ,3-,,)$
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &)
The 'ection 7!0 program and signiBicant (inds o collection under 'ection 607 and E/
!7333 involve bul( or mass collection o communications data over an e#tended period
o time on a continuous or nearly continuous basis$ For the 'ection 7!0 program, at any
point in time, the )'- is li(ely to have Bive years worth o call detail records about an
individual$
2Collection4 8 2Surveillance4 8 Interference wit$ %rivac!
3uch o the e#pansive )'- surveillance revealed in the past year has been deended by
the &nited 'tates on the basis that the mere collection o communications data, even in
troves, is not 9surveillance: because a human eye never loo(s at it$ 5ndeed, under this
deBinition, the )'- also does not surveil a person"s data by subRecting it to computerized
analysis, again up until the point a human being lays eyes on it$ The *rinciples, reBlecting
the human right to privacy, deBines 9surveillance: to include the monitoring, interception,
collection, analysis, use, preservation, and retention o, intererence with, or access to
inormation that includes, reBlects, or arises rom or a person"s communications in the
past, present, or uture$ 'tates should not be able to bypass privacy protections on the
basis o arbitrary deBinitions$
A33l!in# t$e %rinci3les
T$e Le#alit! %rinci3le
The Birst o the )ecessary and *roportionate *rinciples is 9<egality$: -ny limitation to the
right to privacy must be prescribed by law$ The 'tate must not adopt or implement a
measure that intereres with the right to privacy in the absence o an e#isting publicly
reviewable legislative act, which meets a standard o clarity and precision that is
suBicient to ensure that individuals have advance notice o and can oresee its
application$
-s the European 1ourt o @uman ;ights has e#plained, 9Firstly, the law must be
adeFuately accessibleK the citizen must be able to have an indication that is adeFuate in
the circumstances o the legal rules applicable to a given case$ 'econdly, a norm cannot be
regarded as a Wlaw" unless it is ormulated with suBicient precision to enable the citizen
to regulate his conductK he must be ableSi need be with appropriate adviceSto oresee,
to a degree that is reasonable in the circumstances, the conseFuences which a given
action may entail$:
70
Thus the <egality principle reFuires that laws be non-secret and
subRect to oversight and that they not vest governmental oBicials with e#cessive
discretion$
74
70 Eudgment in The 'unday Times v$ The &nited 2ingdom, -pplication no$ 4038C6,, Eudgment o 74 -pril !%6%, para$,%$
74 'iver v$ the &2, *etra v$ ;omania, !%%8$ The @uman ;ights 1ommittee ta(es the very same approach$ +eneral 1omment )o$ 3,,
11*;C1C+1C3,, !7 'eptember 70!!, paras$ 7, [ 74$ httpKCCtbinternet$ohchr$orgCLlayoutsCtreatybodye#ternalC=ownload$asp#M
symbolnoD11*;\71\7+1\73,N<angDen
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &*
The <egality principle is not a mere reerence to domestic law$ 5t is thereore not
suBicient or the &' to contend that its surveillance programs are sanctioned by &' laws
(even i that lawulness were not subRect to ongoing litigation)$
The <egality principle is violated by the act that the &' surveillance programs are almost
all conducted in secret, and are largely governed by a body o secret law developed by a
secret courtSthe F5'1Swhich selectively publishes its legal interpretations o the law$
3any, i not most, o the F5'1"s rulings are not subRect to public review or oversightH
individuals are thus uninormed as to what their rights are vis-]-vis the &' surveillance
programs$ 3oreover, many o the programs, especially under E/ !7333 as described
above, are not subRect to any Rudicial oversight, and lac( any deBined standards o
implementation$ This position has been recently conBirmed by the &) @uman ;ights
1ommittee in its concluding observations rom the &nited 'tatesJ review on its
compliance with the 511*;$
Necessit! and %ro3ortionalit! in %ursuit of a Le#itiate Ai
The principle o 9)ecessity: reBlects the reFuirement under 5nternational law that
restrictions on undamental rights, such as the right o privacy, must be strictly and
demonstrably necessary to achieve a legitimate aim$
Each o these actorsSnecessity, legitimate aim, adeFuacy, and proportionalitySis
included in the *rinciples$ -s stated in the *rinciples, the 'tate must establish 9that (!)
other available less invasive investigative techniFues have been considered, (7)
inormation accessed will be conBined to what is reasonably relevant and any e#cess
inormation collected will be promptly destroyed or returned to the impacted individual,
and (3) inormation is accessed only by the speciBied authority and used or the purpose
or which the authorization was given$:
The &' mass surveillance programs under 'ection 7!0 and 607 and E/ !7333 ail to
meet these reFuirements in that the dragnet collection o inormation about non-
suspicious individuals is a ar too inclusive, and thus disproportionate, method$ The &'
government is accumulating a tremendous amount o data and, as the &' concedes, the
vast amount o it will ultimately prove to be wholly unrelated to international terrorism$
3oreover, the &' legal system ails to reFuire a threshold o showing or collection o any
communications or communications records or an individualized suspicion or targeting
non-&' persons$
-s 3artin 'cheinin, the ormer &nited )ations special rapporteur on human rights and
counterterrorism, has noted, mass surveillance is inherently a disproportionate
measure$
76
The collection o all data is seldom, perhaps never, a 9necessary: measure, by
76 Eoergensen, ;i((e Fran($ 91an human rights law bend mass surveillanceM: 76 Feb$ 70!,$
httpKCCpolicyreview$inoCarticlesCanalysisCcan-human-rights-law-bend-mass-surveillance
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &+
any deBinition o the word 9necessary$: 3ass surveillance will inevitably and unavoidably
sweep up masses o private inormation that will be o no use or relevance in anti-
terrorism investigations$
This lac( o necessity has been borne out, at least as to the 'ection 7!0 surveillance
programs, by the reports o two committees, hand-pic(ed by the *resident, the
*resident"s ;eview +roup, and the *rivacy and 1ivil <iberties /versight .oard$ Each
received classiBied inormation about the necessity and eBicacy o the program and each
concluded that it had not resulted in the prevention o any terrorist attac(s or had even
been more than marginally useul in a terrorism investigation$
Facts:
The &' is 9sitting on the wire,: that is, much o the global 5nternet traBic travels through wires
on &' territory$ The )'- accesses this traBic to illegitimately trac( who visits online
pornography websites, and use this inormation to discredit those it deems dangerous$
78
The F5'- surveillance law was originally intended to be used only in certain speciBic,
authorized national security investigations$ .ut inormation-sharing rules implemented ater
%C!! allow the )'- to hand over inormation to traditional domestic law-enorcement
agencies, without any connection to terrorism or national security investigations$
7%
-s the )'- scoops up phone records and other orms o electronic evidence while investigating
national security and terrorism leads, they have turned over PtipsP to a division o the =rug
Enorcement -gency, which is inappropriate to ulBill the speciBic <egitimate -im identiBied$
30
The telephone records program, at least, has now been evaluated by two hand-pic(ed
*residential panels to be unnecessary, since it has not had a signiBicant impact in preventing
terrorist attac(s or been more than marginally useul to terrorism investigations in the &nited
'tates$
3!
Co3etent 9udicial Aut$orit!
The *rinciples reFuire that 9determinations related to communications surveillance
must be made by competent Rudicial authority that is impartial and independent$ This
Rudicial authority must beK !) separate rom the authorities conducting communications
surveillanceH 7) conversant in issues related to and competent to ma(e Rudicial decisions
78 /psahl, 2urt$ 9The )'- is Trac(ing /nline *orn Aiewing to =iscredit J;adicalizers$J: 76 )ov$ 70!3$
httpsKCCwww$e$orgCdeeplin(sC70!3C!!Cnsa-trac(ing-online-porn-viewing-discredit-radicalizers
7% Fa(houry, @anni$ 9=E- and )'- Team &p to 'hare 5ntelligence, <eading to 'ecret &se o 'urveillance in /rdinary 5nvestigations$: 4 -ug$
70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C08Cdea-and-nsa-team-intelligence-laundering
30 )d.
3! ;eport and ;ecommendations o The *resident"s ;eview +roup on 5ntelligence and 1ommunications Technologies$ !7 =ec$ 70!3$
httpKCCwww$whitehouse$govCsitesCdeaultCBilesCdocsC70!3-!7-!7LrgLBinalLreport$pd 'ee EFFJs 9'tatement on *residentJs ;eview
+roupJs )'- ;eport$: !8 =ec$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C!7Ce-statement-presidents-review-groups-nsa-report 'ee
9*resident"s ;eview +roup *uzzlerK Ghy is 3assively /verbroad 'urveillance Grong under 7!0 but /2 under 'ection 607M$: !0 Ean$
70!,$ httpsKCCwww$e$orgCdeeplin(sC70!,C0!Cpresidents-review-group-puzzler-why-mass-surveillance-wrong-under-7!0-o(-under
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &,
about the legality o communications surveillance, the technologies used and human
rightsH and 3) have adeFuate resources in e#ercising the unctions assigned to them$:
'igniBicant doubts e#ist as to whether the mass surveillance operations are reviewed by
9competent: Rudicial authority$ Gith regard to surveillance under *atriot -ct section 7!0
or F5'- -mendments -ct section 607, there are serious Fuestions about whether the
F5'1 has a suBicient understanding o the technologies used, or has suBicient resources
to conduct the oversight reFuired o it$ The 1hie Eudge o the F5'1, Eudge Galton, has
recognized that the court is limited in its ability to scrutinize the )'-Js abusesK 9The F5'1
is orced to rely upon the accuracy o the inormation that is provided to the 1ourtZThe
F5'1 does not have the capacity to investigate issues o noncompliance$P
37

-nd as discussed above, there is no Rudicial oversight at all or )'- surveillance RustiBied
under under E/ !7333$
Facts:
E/ !7333 programs, consisting mainly o oreign collection, are conducted without any Rudicial
involvement$
33
/versight o domestic collection programs is conducted by a secret court, the Foreign
5ntelligence 'urveillance 1ourt$ The F5'1 is ully dependent on the authorities conducting the
surveillance to provide it with inormation about their activities$
Due %rocess
The *rinciples reFuire that every individual see(ing a determination about whether or
not her human rights are being inringed upon have access to 9a air and public hearing
within a reasonable time by an independent, competent and impartial tribunal
established by law$:
)'- surveillance violates this principle in that those whose inormation is gathered are
given neither notice nor any opportunity to contest the practice$ The F5'- and the F5'-
-mendments -ct speciBically limit Rudicial access to the F5'1 to the third-party entities
rom which the inormation is sought$ Those about whom the inormation pertains have
no opportunity to contest the demand made to the third party$ 3oreover, the &' has
stated that no telecommunication service provider who has been reFuired to produce
records under 'ections 7!0 or 607 has ever contested those demands in the F5'1$ -s a
result, the F5'1 proceedings have been non-adversarial within a traditionally adversarial
37 <eonnig, 1arol =$ 91ourtK -bility to police &$'$ spying program limited$: !0 -ug$ 70!3$ httpKCCwww$washingtonpost$comCpoliticsCcourt-
ability-to-police-us-spying-program-limitedC70!3C08C!0C,a8c8c,,-00cd-!!e3-a06-,%ddc6,!6!70Lprint$html$
33 Eayco#, 3ar( 3$ 9Three <ea(s, Three Gee(s, and Ghat GeJve <earned -bout the &' +overnmentJs /ther 'pying -uthorityK E#ecutive
/rder !7333$: 0 )ov$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C!0Cthree-lea(s-three-wee(s-and-what-weve-learned-about-
governments-other-spying
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &-
Rudicial systemSwith the government presenting its case, but with no one representing
the case against such surveillance practices$
Ghile the litigation described above is attempting to bring at least some process to bear
on the surveillance, the &' government"s position is that all such challenges should be
dismissed without a substantive review o its activities$
Facts:
)'- surveillance violates due process since, at least as the government currently maintains,
those subRect to it have no right to learn about it, much less challenge it$
(he New *or+ (imes reports that communications between an -merican law Birm and its
oreign client may have been among the inormation the -ustralian 'ignals =irectorate shared
with the )'-$ 'urveillance o attorney-client communications is anathema to the undamental
system o Rustice$
3,
User Noti5cation
The *rinciples, with certain e#ceptions, reFuire that individuals be notiBied o decisions
authorizing surveillance o their communications with enough time and inormation to
appeal the decision or see( other orms o remedial relie$ @owever, with ew e#ceptions,
the 'ection 7!0 and 607 programs are conducted in secret and individuals are never
notiBied that the )'- is collecting their communications data$ 'urveillance under E/
!7333 is similarly conducted without notice$ 3oreover, those telecommunications
service providers that do receive demands or business records, under 'ection 7!0, or
any materials as described in )ational 'ecurity <etters, are orbidden rom notiying
anyone o the demands$ These gags are perpetual$
Facts:
)'- surveillance prevents those surveilled to be notiBied about it, much less be notiBied in time
to either challenge it beorehand or see( some remedial relie aterwards$ The purported
governing legal authority ails to reFuire the )'- to provide notice, and reFuires that
permanent gag orders be placed on service providers who were ordered to disclose their
customers" data$
Trans3arenc! and %ublic Oversi#$t
The *rinciples reFuire that 'tates be transparent about their use and scope o
communications surveillance techniFues and powers, and that they publish enough
inormation to enable the public 9to ully comprehend the scope, nature and application
o the laws permitting communication surveillance$: 'ervice providers must be able to
3, 2ayyali, )adia$ 9The Tepid )'---merican .ar -ssociation 9=ialogue: -round 'pying on <awyers$: 7! 3arch 70!,$
httpsKCCwww$e$orgCdeeplin(sC70!,C03Ctepid-nsa-american-bar-association-dialogue-around-spying-lawyers
ELECTRONIC FRONTIER FOUNDATION EFF$%!G &.
publish the procedures they apply when addressing surveillance, adhere to those
procedures, and publish records o surveillance$
The *rinciples urther reFuire that, 9'tates should establish independent oversight
mechanisms to ensure transparency and accountability o communications surveillance$:
The *rinciples reFuire independent oversight mechanisms in addition to any oversight
provided through another branch o the government$
)'- surveillance does not meet these reFuirements$ The )'- surveillance programs
operate almost entirely in secret$ 5ndeed, much o what we (now now about the
programs was provided to the public by various whistleblowers$ The &' government,
until very recently, has steadastly wor(ed to ma(e sure that the public does not 9ully
comprehend the scope, nature and application o the laws permitting communications
surveillance$: 3oreover, service providers receiving demands or customer inormation
are typically gagged rom reporting even the act o the demand$
First, many o the )'- surveillance programs are subRect to no e#ternal oversight at all,
such as those under E/ !7333$
'econd, even the programs subRect to 1ongressional and Rudicial review ace problems
with transparency and accountability$
30
-lthough the programs run under the F5'- are
subRect to F5'1 reviewSwhich has not been completely toothlessH the F5'1 shut down
the phone records collection or % months in 700% because o the government"s ailure to
comply with minimization proceduresSthere is no oversight provided by an e#ternal
entity, as reFuired by the *rinciples$ 3oreover, because it lac(s technical e#pertise in
anti-terrorism, the F5'1 is oten orced to deer to the Rudgments made by the )'-
regarding the eectiveness and necessity o the surveillance operations$ The 'enate
5ntelligence 1ommittee, which provides 1ongressional oversight o the )'-, relies on the
inormation provided by the )'-$ 3any members o 1ongress have complained o a lac(
o candor and a ailure to provide suBicient inormation to allow them to conduct
genuine oversight$
34
Facts:
3embers o &' 1ongress conBirm that they were repeatedly misled about the mass surveillance
or denied reasonable access to inormation necessary to conduct oversight$
36
30 1ohn, 1indy and 3ar( 3$ Eayco#$ 9)'- 'pyingK The Three *illars o +overnment Trust @ave Fallen$: !0 -ug$ 70!3$
httpsKCCwww$e$orgCdeeplin(sC70!3C08Cnsa-spying-three-pillars-government-trust-have-allen
34 Timm, Trevor$ :- +uide to the =eceptions, 3isinormation, and Gord +ames /Bicials &se to 3islead the *ublic -bout )'- 'urveillance$:
!, -ug$ 70!3$ httpsKCCwww$e$orgCdeeplin(sC70!3C08Cguide-deceptions-word-games-obuscations-oBicials-use-mislead-public-
about-nsa
36 Electronic Frontier Foundation$ 9The +overnmentJs Gord +ames Ghen Tal(ing -bout )'- =omestic 'pying$: httpsKCCwww$e$orgCnsa-
spyingCwordgames
ELECTRONIC FRONTIER FOUNDATION EFF$%!G '/
'imilarly, the 1hie Eudge o the F5'1 has conBirmed that the court cannot conduct broad
oversight o the )'-$
38
;ecently the government has allowed service providers to release very general inormation
about reFuests or inormation by the )'-, but those are still grossly insuBicient$
Inte#rit! of Counications and S!stes
The )ecessary and *roportionate *rinciples state that, 9'tates should not compel service
providers or hardware or sotware vendors to build surveillance or monitoring capability
into their systems, or to collect or retain particular inormation purely or 'tate
surveillance purposes$:
The e#tent to which the )'-, +1@I, and others have done Rust that has been one o the
most signiBicant revelations this year$ They have secretly undermined the global
communications inrastructure and services, as speciBied in the 3&'1&<-; operation
described above$
3%
They have obtained private encryption (eys or commercial services
relied upon by individuals and have, in general, undermined international security
standards$ The assumption underlying such eortsSthat no communication can be
permitted to be truly secureSis inherently dangerous$ 5t leaves people vulnerable on
communication systems (nown to be under attac( by criminals and state actors ali(e$
=egrading or disabling the security o hundreds o millions o peopleSwho rely on
secure technologies or conBidential communication and Binancial transactionsSin order
to enhance the surveillance capabilities o the intelligence community is e#tremely
shortsighted and grossly inconsistent with the *rinciples$
Extraterritorial A33lication of :uan Ri#$ts Law
The &' contends that its human rights treaty obligations under the 511*; do not apply to
its actions abroad, a view that deeats the obRect and purpose o the treaty$ The @uman
;ights 1ommittee reRected the &nited 'tatesJ position and reiterated that the &nited
'tates has an e#traterritorial duty to protect human rightsSincluding the right to privacy
Sto its actions abroad regardless o the nationality or location o the individuals$
,0
The
&nited 'tates asserts control over any data held by companies based in the &nited 'tates
regardless o where the data may be physically stored$ Thus, the &' controls data located
outside the &', even as it argues that it is not responsible or any intererence with
privacy that results$
,!
38 <eonnig, 1arol =$ 91ourtK -bility to police &$'$ spying program limited$: !4 -ug$ 70!3$ httpKCCwww$washingtonpost$comCpoliticsCcourt-
ability-to-police-us-spying-program-limitedC70!3C08C!0C,a8c8c,,-00cd-!!e3-a06-,%ddc6,!6!70Lstory$html
3% -uerbach, =an and 2urt /psahl$ 91rucial &nanswered Iuestions about the )'-Js .&<<;&) *rogram$: % 'eptember, 70!3$
httpsKCCwww$e$orgCdeeplin(sC70!3C0%Ccrucial-unanswered-Fuestions-about-nsa-bullrun-program
,0 9@uman ;ights 1ommittee considers report o the &nited 'tates, !!0th session$: !, 3arch 70!,$
httpKCCwww$ohchr$orgCenC)ewsEventsC*agesC=isplay)ews$asp#M)ews5=D!,383N<ang5=DE
,! @uman ;ights Gatch and Electronic Frontier FoundationSEoint 'hadow ;eport to the @uman ;ights 1ommittee$ !, Feb$ 70!3$
httpsKCCwww$e$orgCBilesC70!,C03C!7ChrwesubmissionLonLprivacyLusLccprLBinal$pd
ELECTRONIC FRONTIER FOUNDATION EFF$%!G '&
+iven the e#traordinary capabilities and programs o the &' to monitor global
communications, it is essential that the protection o privacy applies e#traterritorially to
innocent persons whose communications the )'- scans or collects$ Githout such
protections, the obRect and purpose o the &nited 'tatesJ international human rights
obligationsSwith regard to the right o privacy in borderless global communicationsS
would be deeated$
,7
EFF and @uman ;ights Gatch have urged the @uman ;ights 1ommittee toSgiven the
e#traordinary capabilities and programs o the &nited 'tates to monitor global
communicationsSadvise the &nited 'tates that it must ac(nowledge its obligations, with
respect to the right o privacy, apply e#traterritorially to persons whose communications
it scans or collects$ To accept otherwise would deeat the obRect and purpose o the
511*; with regard to the privacy o borderless, global digital communications$ -lthough
the precise scope o &' surveillance programs is un(nown, a steady stream o press
revelations suggests that these programs may be sweeping in communications and
personal data o potentially millions o people worldwide$
Facts: Three major shifts in technology have made it especially easy for the
US to conduct broad, systematic surveillance of individuals outside its
borders.
4
3uch o the world"s digital communications Blow through Biber optic cables inside the &', even
when such communications do not involve a &'-based 5nternet user$ Through cooperative
agreements, the &' appears to have access to inormation gathered in bul( by oreign
intelligence services, including +1@I in the &$2$
3any o the world"s most popular 5nternet companies (email providers, social media services,
etc$) are &'-based companies$ These Birms store and process global user data inside the &',
ma(ing such data more readily available to the &' government$ The &' also believes that it has
Rurisdiction over all o these companies" operations, wherever they occur, since they are
incorporated in the &'$ This is true even when the user is not in the &' and is not
communicating with anyone in the &'$
+lobal communications have increased and shited a substantial degree to 5nternet-enabled
services such as email, social media, voice services, and other online tools$ 1ross-border
communication is now instant, commonplace, and cheap (compared to international phone
calls)$ The 5nternet has also enabled users to e#ercise the right to reedom o e#pression and
has provided access to (nowledge and inormation on an unprecedented global scale$ 'torage
and analysis o digital data across borders is also possible on an unprecedented scale, and at a
relatively low cost, lowering barriers to present and uture mass surveillance$
,7 )d.
,3 Electronic Frontier Foundation and @uman ;ights Gatch, 9'upplemental 'ubmission to the @uman ;ights 1ommittee =uring its
1onsideration o the Fourth *eriodic ;eport o the &nited 'tates$: !, Feb$ 70!,$ httpsKCCwww$e$orgCdocumentCe-and-human-rights-
watch-Roint-submission-human-rights-committee
ELECTRONIC FRONTIER FOUNDATION EFF$%!G ''
E;ual %rivac! %rotection For Ever!one
&' surveillance law violates the *rinciple o 5llegitimacy because it involves unRustiBied
discrimination against non-&' personsSproviding less avorable standards to them than
its own citizens$ @uman rights law must protect 9everyone,: meaning all human beings$
-s the &niversal =eclaration o @uman ;ights has stated, 99-ll human beings are born
ree and eFual in dignity and rights$: 5ndeed, everyone must be entitled to eFual
protection under the law and the 1onstitution$
Conclusion
This document can provide only the broadest overview o how )'- surveillance
programs ail to comport with their international human rights obligations, including the
)ecessary and *roportionate *rinciples$ There is still more analysis to be done$
)onetheless, we hope the *rinciples and this document will together serve as an initial
overview or understanding how the &', and any other state operating mass surveillance
programs on innocent citizens in secret, ail to meet current international human rights
standards$
Ge hope that the )ecessary and *roportionate *rinciples provide guidance to the 'tates
on how to implement their obligations to protect human rights in light o our new digital
environment, and allow our communication networ(s to live up to the promise o a
global interconnected inrastructure that protects, not undermines, our undamental
reedoms$
ELECTRONIC FRONTIER FOUNDATION EFF$%!G '(