(Photography by Drew Reynolds)

Into the breach

A law professor offers an inside look at his experience on a presidential panel reviewing how the government protects national security and preserves civil liberties.

In August 2013, I was sitting in my office working on a book, minding my own business, when I got a phone call from the White House. I was told that, in the wake of Edward Snowden’s revelations, President Obama was appointing a review group to study national security and information privacy issues and asked if I would be willing to serve.

My first thought was, “Oh, shit.” This would be a time-consuming process that would distract me from my writing and, like so many previous committees, the group would end up producing a report that would inevitably disappear into somebody’s desk, never to be heard from again.

When the president asks, though, you can’t say no, especially when you were the one who, as dean, first appointed him to the Law School faculty. So I kept my first thought to myself and said, “Sure, happy to do it,” confident that I had an ace in the hole that would prevent me from serving.

I knew I would need top-secret clearance, and I figured there was more than enough in my background to preclude that. But, somewhat to my dismay, I expeditiously received a top-secret security clearance and was hustled off to Washington for a meeting in the White House situation room with President Obama, national security advisor Susan Rice, and several other people, including my former student, assistant attorney general Lisa Monaco, JD’97.

In that first meeting President Obama told the five of us serving on the review panel that he wanted us to serve as an independent group to advise him about how to restore public trust and strike an appropriate balance between protecting national security and preserving civil liberties. We were a diverse group in terms of our professional backgrounds and ways of thinking about these issues.

There was Michael Morell, who spent his career with the Central Intelligence Agency (CIA), including two stints as acting director, and Richard Clarke, a veteran of the State and Defense Departments. Also serving were Georgia Tech professor Peter Swire, who worked in the Clinton and Obama administrations on privacy and information technology, and my former Law School colleague Cass Sunstein, who had worked in Obama’s Office of Management and Budget.

Then there was me, who has served for decades on the American Civil Liberties Union’s National Advisory Council. It was quite clear there was nothing we were going to agree upon. As Rice put it, we were “five highly egotistical, high-testosterone guys” who were being “thrown in a room together, with nobody in charge, and expected to solve a set of intractable problems.”

Yet what happened was exactly that. As we spent five months together, working four or five days a week in a secure facility in Washington, we came to trust, respect, and learn from each other so much that, to our amazement, we produced 46 unanimous recommendations. Not unanimous in the sense of, “I’ll give you this one if you give me that one,” but in the sense that we all agreed on every recommendation that the review group made to the president in our 300-page report.

None of us would have imagined that was possible when we began.

I discovered on the first day that I didn’t know anything. Unlike the other four members, who had extensive experience in government, I had none except as a law clerk to a Supreme Court justice 40 years earlier. My inexperience immediately became apparent in the use of acronyms. Nary a sentence was uttered where somebody didn’t say “DARPA” or “NIST,” and I had no idea what they were talking about.

With some sense of mortification, I raised my hand and said, “Excuse me, what does that mean?” I decided I wasn’t going to be able to live with raising my hand all the time, so I was busily scribbling down acronyms all the time. By the end of the first week, I had a list of 279 I’d never heard before.

I Googled them and wrote down the full names. The first weekend, when I got back from Washington, I started trying to memorize them. After about six, I realized it wasn’t going to happen. That captures the experience of being thrown into a world that was strange for each of us in different ways, but probably more for me than anyone else.

We were quickly overwhelmed with requests for meetings. We met with all of the intelligence agencies on multiple occasions. We also met with Rice and cabinet secretaries and other representatives from the Justice, State, Defense, and Commerce Departments. We testified several times before Senate and House intelligence and judiciary committees.

We also had many meetings with individual members of Congress who had particular agendas they wanted to pursue with us. We met with a wide range of privacy and civil liberties groups. We met with European Union representatives. It was an extensive listening and learning process about a broad range of statutory provisions and practices—almost all of which were secret.

Because much of what we were dealing with was classified, members of the review panel could not review documents or have discussions about that information outside a secure facility. That meant I couldn’t work on the report from my home or office in Chicago. On weekends I had to go to a secure facility at the Federal Bureau of Investigation (FBI) office on Roosevelt Road.

It was like being in a cave for five months. Everything was consumed with the fascinating, exhausting work of producing our final 300-page report.

The report contains 46 recommendations, but that understates the number of issues addressed. Many have subparts, so there are about 200 recommendations in all.

To offer a sense of the group’s thought processes and President Obama’s response to our recommendations, I will focus on three main areas: the collection of telephone metadata, the use of national security letters to obtain private information, and the role of the Foreign Intelligence Surveillance Court.

Section 215 telephony metadata program

Before 1978, when the government engaged in foreign intelligence surveillance, whether in the United States or abroad, it was subject only to the discretion of the president as commander in chief. There was no legislative restriction and there was no judicial involvement in anything the president did in the name of foreign intelligence surveillance. If the president wanted to wiretap a phone call between people in the United States on the belief that it was relevant to foreign intelligence, the president could do that without probable cause, without a warrant, without any oversight whatsoever outside the executive branch.

In the 1970s, grave abuses by the FBI, the CIA, the National Security Agency (NSA), and Army Intelligence under the auspices of J. Edgar Hoover, Lyndon Johnson, and Richard Nixon came to light. They had engaged in what was understood to be inappropriate, and in some instances illegal, surveillance of American citizens for a variety of reasons, mostly political, and often highly invasive of privacy beyond the scope of any agency’s authority.

Congress decided to do something to rein this in, instituting the Church Committee, named after Senator Frank Church, to establish oversight of the executive branch. The Church Committee Report, one of the truly great documents in the history of Congress, made a series of complex recommendations, which ultimately resulted in the Foreign Intelligence Surveillance Act of 1978. That legislation did many things, but most importantly, it brought various elements of foreign intelligence surveillance under the rule of law through the creation of the Foreign Intelligence Surveillance Court.

Ordinary federal courts do not have security clearances and a great deal of foreign intelligence information is classified. Therefore, you could not have an ordinary federal judge deciding whether the executive branch could undertake a foreign intelligence wiretap. The Foreign Intelligence Surveillance Court enabled judges to play their traditional role in overseeing what the executive branch did in the classified realm. The court was authorized to deal with foreign intelligence surveillance that took place inside the United States. What the president did outside the United States was regarded as beyond the scope of even Congress’s business at that time.

From the late 1970s until 9/11, that process worked reasonably well, and, for the most part, people considered it effective. There was obviously a wake-up call on 9/11, and public support grew for granting intelligence agencies greater capacity to prevent such attacks.

Congress made a number of modifications to the Foreign Intelligence Surveillance Act in the wake of 9/11 to strengthen the agencies’ ability to ferret out information about terrorist activity. One of the provisions was Section 215 of the Foreign Intelligence Surveillance Act, which authorized the agencies to go to the Foreign Intelligence Surveillance Court and get an order based on reasonable and articulable suspicion that a suspect was engaged in international terrorist activity. If the agencies demonstrated that, the court could issue an order that authorized them to go to banks, credit card companies, telephone companies, internet companies, etc., and serve the equivalent of a subpoena demanding records about the individual in question.

In 2006, as technology changed, the NSA came to the Foreign Intelligence Surveillance Court and proposed a new program to gather telephone metadata from huge numbers of phone calls that took place in the United States—and to hold that data for five years.

That metadata consists of phone numbers—every phone number covered by the order, every number called by every phone number covered by the order, and every number that calls every phone number covered by the order. It doesn’t include names, it doesn’t include geographical locations, and it doesn’t include content, but it involves huge amounts of numbers.

The NSA wanted this information because it now had the technological capability to manage a database of that magnitude. The Foreign Intelligence Surveillance Court, the Senate and House intelligence committees, and the Department of Justice approved the program. It enabled the NSA, when it had reasonable and articulable suspicion that a particular telephone number—almost invariably a number outside the United States—was associated with a person suspected of terrorist activity, to query the database. That is, an NSA analyst could type in the phone number of the suspected terrorist and the database would spit out information about the numbers with which the suspect’s number was in contact.

The idea was to connect the dots. Although the program collected massive amounts of data, it was carefully designed not to reveal that data to the NSA indiscriminately. When the analysts queried a suspected number, the information they received reflected only the numbers associated with other suspected terrorists that the queried number had been in contact with. The goal, in other words, was to determine whether a suspected terrorist outside the United States was speaking to a suspected terrorist inside the United States.

In 2012, the most recent year for which full data was then available, the NSA queried the database for 288 numbers. Those 288 numbers yielded 12 tips. That is, in 12 instances based on those 288 queries, agents discovered that the suspected terrorists outside the United States were communicating with numbers associated with terrorist suspects in the United States. In those 12 instances, the NSA turned the information over to the FBI for further investigation.

None of the 12 tips in 2012 produced information that was useful in preventing a planned terrorist attack. In fact, in the seven years in which the program existed, there had not been an instance in which the metadata program had led directly to the prevention of a terrorist attack. Many other programs employed by the NSA have had very productive results, but not this one.

Defenders of the program argued, I think persuasively, that the fact that the program had yet to turn up information that prevented a terrorist attack did not represent a failure. An effort to prevent attacks on the scale of 9/11—such as nuclear, chemical, biological attacks—might yield meaningful information only once in a decade. Failing to prevent such an attack, though, would be catastrophic. Thus, the program was analogous to a fire alarm in one’s home. It might save your life only once a decade, but that doesn’t mean you toss it out.

In evaluating the program, we determined that it was not as draconian as the public has been led to believe. It is much more carefully targeted and managed, and its potential value is real. Nonetheless, we concluded that the program was not limited adequately to protect the legitimate privacy interests of Americans.

With that in mind, we made three fundamental recommendations with regard to the program:

1. The government should not hold the database. One of the grave dangers, historical experience teaches, is the risk of some misguided public official—whether a J. Edgar Hoover or a Richard Nixon—using this extraordinary data to do harm, to learn information about free speech, about political associations, about political enemies. Although the metadata consists only of phone numbers, if you look at the pattern of a person’s calls over an extended period of time, you can learn a lot that can be put to nefarious use. Therefore, we recommended that the information should remain in the hands of the telephone service providers, who already have it for billing purposes. But the government itself should not hold the data.

2. The NSA should not be able to query the database without a court order. Human nature being what it is, the people engaged in the enterprise of finding bad guys are likely to err on the side of suspicion where a neutral or detached observer might not. That’s why we ordinarily require search warrants issued by neutral and detached judges in criminal investigations. We therefore recommended that the NSA should not be allowed to query the database on the basis of its own analysts’ judgment. The Foreign Intelligence Surveillance Court should have to determine independently and in each instance whether the standard of reasonable and articulable suspicion is met. This requirement would also reduce substantially the risk of unlawful access to the database. 3. The data should not be held for more than two years. We concluded that five years is unnecessary. The data gets stale, its value depreciates, and the risks of misuse increase as the information accumulates.

President Obama has endorsed these recommendations, and they are reflected in the USA Freedom Act, which is currently pending before Congress. The USA Freedom Act was successfully filibustered by Republicans in the Senate last November. Although it received 58 votes, it failed to achieve the 60 votes needed to win cloture. The bill will likely be back before Congress again this spring.

National security letters

Another recommendation involved an investigatory tool called national security letters (NSLs). In another post-9/11 action, the government authorized the FBI to issue NSLs when, in the course of a national security investigation, it wants to obtain information such as bank records, credit card records, telephone records, and travel records about a person it suspects of being involved in terrorist activity. Using these letters, the FBI itself issues such orders to the companies directing them to turn over the relevant information.

NSLs have been controversial ever since they came into existence, in part because they are highly secretive. The whole process is classified and there have been abuses in the use of NSLs, which have been reported to Congress.

Although the abuses have been addressed in various ways, they have been a source of some concern. Our view was that, in the absence of a situation where time is so much of the essence that going before a judge would pose a danger to the nation, a court order should be required for the use of NSLs.

When we discussed this issue with FBI director James Comey, JD’85, another of my former students, he was adamantly opposed to this recommendation. His view was that the inefficiency of such a requirement would interfere with the prompt use of NSLs. Moreover, he argued that there was no reason why the government should be forced to jump through more hoops in a terrorist investigation than, say, a prosecutor would have to jump through in a drug investigation. In a drug investigation, a prosecutor can issue a subpoena, which functions in much the same way as an NSL, without judicial approval.

Our view was that there is a big difference between the use of subpoenas and the use of NSLs. Subpoenas are largely transparent. They’re not classified. They’re not secret. They’re often at issue in criminal prosecutions when the government wants to introduce evidence, and their legality can therefore be openly challenged.

The NSLs, on the other hand, are classified. A phone company or a bank that receives an NSL can’t say anything about it, under threat of criminal prosecution.

We considered that lack of transparency a serious problem that invites the kind of abuse that we were charged with preventing. The absence of a judicial check, we felt, creates an inevitable temptation to err on the side of finding suspicion where it doesn’t exist.

On this score, President Obama did not accept our recommendation to require a court order for the issuance of NSLs. Apparently, at the Law School we taught Comey how to make a persuasive legal argument too well.

Foreign intelligence surveillance court

A third issue involved the operations of the Foreign Intelligence Surveillance Court.

The FISC was designed primarily to issue search warrants and to limit the ability of presidents to authorize foreign intelligence wiretaps in the United States without judicial oversight. With the enactment of the Foreign Intelligence Surveillance Act of 1978, the government would have to establish probable cause before a judge on the FISC would issue a warrant, even for the purpose of foreign intelligence surveillance.

What became evident over time, though, was that on rare occasions the FISC would have to decide not only whether the government could show probable cause for a particular investigation but whether and how certain novel methods of surveillance were governed by the law. Sometimes these involved complex questions of statutory or constitutional interpretation. This was illustrated by the FISC’s decision to permit the Section 215 metadata program.

The review group’s judgment was that when such issues arise, the FISC judges should hear arguments not only from the government, but also from advocates for the other side, just as would any other court.

We therefore recommended the creation of a privacy and civil liberties advocate to represent the other side when these sorts of complex legal and constitutional issues arise.

The FISC judges objected to this recommendation. They argued that they were responsible jurists who could sort through the legal issues on their own.

President Obama compromised on this. He adopted the recommendation that there should be a privacy and civil liberties advocate, but he concluded that this advocate should be authorized to participate in the proceedings of the FISC only if the judges of that court invited such participation. This recommendation, too, is incorporated into the pending USA Freedom Act.

In the end, this was a truly extraordinary experience. Not only did it provide me and my colleagues on the review group with remarkable insights into the inner workings of our national security state, but it also resulted —somewhat to my surprise—in a series of important and far-reaching recommendations that will likely help shape the structure and operation of many of these programs in the future.

Geoffrey R. Stone, JD’71, is the Edward H. Levi Distinguished Service Professor at the University of Chicago Law School. This essay is adapted from a February 2014 lecture at the Law School. To hear more about Stone’s service on the presidential review panel and his conclusions on the state of the nation in the age of the NSA, register to attend his Harper Lecture, “The View from Inside the NSA,” on April 1 in New York City. Details are available at alumniandfriends.uchicago.edu/harper.