What's really wrong with the new FISA bill

The FISA "compromise" bill passed the House last week and will likely be taken up by the Senate soon. The measure seeks to resolve the controversies surrounding the FISA court (which approves requests from the government for domestic spying), immunity for telecom companies that have previously cooperated with the government on illegal warrantless wiretaps, and those wiretaps themselves.

Much of the focus has been on the bill's provision which amounts to immunity for the telcos.

But Kevin Drum describes the real problem with the bill in his Political Animal blog:

At this point we have to engage in a bit of guesswork since the details of the NSA program are classified, but the basic problem is the same as it's always been: NSA's program isn't targeted at particular people or even particular organizations. Nor is it targeted solely at foreign-to-foreign communications since modern communications technology makes it very difficult to be sure where a particular message originates or terminates. Rather, it's based on complex computer algorithms, something that's genuinely uncharted territory.

To repeat something I said a couple of years ago, the nice thing about probable cause and reasonable suspicion and other similar phrases is that they have a long history behind them. There are hundreds of years of statutory definition and case law that define what they mean, and human judges interpret them in ways that most of us understand, even if we disagree about which standard ought to be used for issuing different kinds of wiretap warrants.

But the NSA's domestic spying program doesn't rely on the ordinary human understanding of these phrases. Instead, it appears to rely primarily on software algorithms that determine whether or not a person is acting in a way that merits eavesdropping. The details are still murky, but what the NSA appears to be doing is very large scale data mining on virtually every phone call and email between the United States and overseas, looking for patterns that fit a profile of some kind. Maybe twice or three-times removed links to suspected terrorist phone numbers. Or anyone who makes more than 5% of their calls to Afghanistan. Or people who make a suspiciously large volume of calls on certain dates or from certain mosques. Stuff like that.

In short, the FISA bill suggests that monitoring U.S. phone calls, emails, and other electronically-transmitted communications is acceptable. And further, that the process for selecting who is monitored is no longer based on some evidence suggesting that a particular individual may be doing something wrong but rather on computer software written by a few nameless programmers.

Who is to say that the software works as specified? What happens to all the calls and emails that are analyzed and flagged as potentially related to terrorist activity, but turn out to be benign? If the process is so opaque, how do we ensure it's not abused? What's to stop the government from using the same techniques to sniff out data on other illegal activities?

Do you care if someone is listening in?

Contact your Senators if you do.