Congress is debating the USA FREEDOM Act in the next days. The House approved Representative Jim Sensenbrenner’s version of the law on Wednesday and the Senate is expected to vote on Senator Mike Lee’s companion bill next week. The law requires the American Intelligence Community to fulfill its important mandate within a legal framework of limits and oversight that shows greater concern for Americans’ privacy. The Act aims to prevent the mass collection of Americans’ communications data by requiring that such programs be limited to more carefully targeted anti-terror efforts. The Act also reforms the secretive Foreign Intelligence Surveillance Act Court. The Court’s undisclosed, expansive interpretation of the law gave the National Security Agency (NSA) legal justification for its most controversial programs. The Act would require the Court to appoint outside counsel to counter government lawyers’ arguments for new interpretations of the law. It requires the Director of National Intelligence to declassify and publicize the Court’s most significant decisions. Finally, the Act requires the Inspectors General of the Department of Justice and the Intelligence Community to audit the effectiveness and utility of the government’s data collection programs over the last half-decade. The law would be a significant reform, even if it falls short of the demands of many privacy advocates.
The USA FREEDOM Act also might have been a timely, redemptive signal to our German partners. But it will disappoint the Germans, too. This missed opportunity is profound because the Germans have just turned a new, more troubling corner in the twisting saga they refer to as the NSA-Affäre. Edward Snowden’s disclosures revealed that the Germans have been the objects of the NSA’s ravenous gaze, leaving them outraged and disillusioned. But in the last days, thanks in part to the discoveries of the special parliamentary committee investigating the NSA-Scandal, Germans have learned that their Foreign Intelligence Service (Bundesnachrichtendienst – BND) has been a willing facilitator of the NSA’s surveillance and data collection in Europe, including operations that targeted European defense firms and French government officials. And it seems that the BND has been dissembling, if not dishonest, about all of this in its responses to the German parliament’s demands for an accounting of its role in the NSA-Scandal. The fraying German-American relationship, now strained by resentment over the possibility that the NSA has made marionettes of the BND, may have reached its nadir.
For several reasons, the USA FREEDOM Act won’t do much to repair this old partnership.
First, the Act doesn’t reform the parts of the law most relevant to the German experience. The USA FREEDOM Act seeks to limit the Intelligence Community’s ability to make use of the authority under the USA PATRIOT Act to obtain “business records.” The Section 215 power allowed the NSA to collect, in bulk and for more than a decade, Americans’ “telephony metadata” from telecommunications service providers. But the Germans are most upset about the NSA’s PRISM program. Under the authority of Section 702 of the 2008 Amendments to the Foreign Intelligence Surveillance Act, the NSA has been collecting the content of foreigners’ Internet communications for years. PRISM has become synonymous in Germany with NSA abuses. The change.org petition (“Angmessene Reaktion auf die NSA-Affäre”) organized by the German novelist Juli Zeh resulted in an open letter to Chancellor Angela Merkel—with 65,000 signatures. The letter opens with a reference to Edward Snowden’s revelation of the PRISM program.
The USA FREEDOM Act, which leaves Section 702 untouched, will do nothing to limit the NSA’s foreign operations that do not implicate Americans. It remains steadfastly the view of a broad spectrum of policymakers that American law does not and should not restrict America’s foreign intelligence initiatives.
Second, the Act’s focus on reining in the American Intelligence Community (even in its interaction with private sector Internet and telecommunications providers) isn’t broad enough to address Germans’ more general concerns about privacy. For Germans the issue is not just about the state’s power to investigative and conduct surveillance. They see the NSA’s activities—implicating as they do our thoroughly digitized and networked reality—as just one facet of an abstract, holistic, and inclusive human right they call “data protection.” This comprehensive liberty interest encompasses, simultaneously, private sector uses of our data and the government’s security (or welfare state) interest in our data. The German legal system, conditioned as it is by the civil law tradition’s orientation toward abstract legal principles, is uniquely susceptible to this conceptual approach. The USA FREEDOM Act doesn’t—and can’t—speak to such a broad framing of the issue. American law is characterized by the common law’s orientation to facts and context. This justifies the distinct legal regimes American law applies to privacy interests relative to the state’s collection and use of our data, on one hand, and the private sector’s collection and use of our data, on the other hand. Further evidence of this deep split between Germany and the United States is the fact that data protection in the commercial arena in the United States is itself given different treatment across various industrial sectors, each with its unique interests and parameters. To Germans the USA FREEDOM Act will look unsatisfyingly narrow in its discrete approach to the issue but that has less to do with the Act, than it does with the two societies’ distinct approaches to privacy.
Third, the USA FREEDOM Act’s emphasis on internal audits and enhanced legislative oversight will not reassure Germans. Following the abuses of the Nazi tyranny, the German postwar constitutional order shifted heavily toward the judicial enforcement of an “objective order of values” to protect against the spectral failures of democratic processes. It is often noted—with an eye toward the Gestapo and the Stasi—that this distrust has special force with respect to the state’s security and intelligence activities. The German Federal Constitutional Court pioneered the concept of “informational self-determination” and in recent years it has aggressively enforced Germans’ privacy and data-protection interests. But Americans have made completely different experiences. We have not passed through the searing trauma of a tyrannical, murderous state regime. And we have seen the corrective potential of the democratic process at those moments when we’ve neared those gates. In part, this is why the story of American policy on these issues cannot be told through landmark Supreme Court decisions, as is the case in nearly every other segment of American life. Instead, the story consists in courageous legislative reactions, none more historic than the Church Committee in the mid-1970s. The USA FREEDOM Act undeniably participates in this unique tradition. But it won’t persuade the Germans, who will be unconvinced by non-judicial checks on the state’s power.
The USA FREEDOM Act will be a disappointment to Germans. Still, it might do the tattered transatlantic relationship some service. If not for what it does, then perhaps for what it doesn’t do.
First, the shortcomings in the Act might provide Germans with valuable comparative insight as they consider reform of their intelligence community oversight regime. The Germans will face similar challenges.
German law, for example, also does not limit foreign intelligence activities. If these operations involve surveillance of telecommunications, then Article 10 of the Grundgesetz (Basic Law or constitution) would seem to guarantee their secrecy. But Article 10 was amended in 1968 to allow for telecommunications surveillance pursuant to a federal statutory framework. That regime, known as the G10 Act, authorizes but also strictly limits the German intelligence community’s telecommunications surveillance. A central component of that regime is the establishment of the G10 Commission, an auxiliary organ of the parliament that is charged with reviewing and authorizing all of the intelligence community’s planned telecommunications surveillance initiatives. The G10 Commission reviews all of these operations—except those involving foreign telecommunications activities. The BND, with the blessing of the Federal Government, has concluded that the G10 Act does not apply to the surveillance of telecommunications that take place outside Germany. The Federal Government confirmed this in its presentation of facts in an important challenge to the G10 Act that was decided by the German Federal Constitutional Court in 1999. In that case the Federal Minister of the Interior explained that, of the approximately 15,000 telecommunications acts the BND screened each day, only approximately 700 fell “under the authority of the G10 Act,” which provides for the G10 Commission’s oversight. The Federal Government more recently confirmed the BND’s pursuit of unregulated surveillance outside Germany in the answers it provided to a set of formal parliamentary questions presented to it by the Left Party. The Government explained that, in those circumstances, the BND pursues strategic telecommunications surveillance under the exclusive authority of Paragraph 1(2) of the BND Act and need not conform its operations to the G10 Act. On these terms the BND can monitor and collect data on the telecommunications traffic of whole states or world-regions without constitutional or statutory limits so long as the German territory or a German citizen is not implicated.
A growing chorus of scholars and commentators thinks the Federal Government’s position on foreign telecommunications surveillance violates German constitutional law. They argue that the telecommunications privacy secured by Article 10 of the Basic Law must apply outside the German territory, including the G10 Act’s strict framework for exceptional departures from that constitutional guarantee. These critics wonder if the technology involved in the contemporary telecommunications infrastructure has rendered territorial distinctions of this kind obsolete. The critics also argue that the Federal Government’s stance involves a troubling misreading of the Basic Law, which they say does not recognize territorial parameters on the limits it imposes on German state power. Instead, these commentators argue that all German state authority, regardless of where in the world it is exercised, must show respect for the rights secured by the Basic Law.
The USA FREEDOM Act does nothing new to limit American intelligence gathering outside the United States. This jealously held position is based on the notions that American law does not require it and that, as a practical matter, limits on American foreign intelligence operations could be fatally contradictory to the whole purpose of maintaining an intelligence capability. It will be interesting to see if German privacy advocates can overcome these notions—both legal and practical—and do more to limit the authority of the German intelligence community to pursue foreign telecommunications intelligence gathering.
All the structural barriers that bedevil effective legislative oversight of the NSA also exist in Germany, including deficiencies in legislators’ technical competence, the risk-averse logic of a democratic system that would hold elected representatives accountable for deadly terror attacks or security lapses, and the power of an entrenched and self-justifying intelligence community. The secretive G10 Commission, for example, does no better than the FISA Court to protect privacy. Some commentators have raised questions about the intensity with which the G10 Commission pursues its mandate, just as the FISA Court’s rigor has come to be questioned. In 2013, for example, the G10 Commission considered a total of 25,526 monitoring measures (including all facets of its authority to review and authorize targeted and strategic monitoring). That is a staggering average of 2,127 actions considered at each of its monthly sessions. Of course, many of these individual requests are grouped as part a single ministerial order. Still, in a four or five hour session, the Commission must work through as many as 70 of these orders. One media report estimated that, at most, the Commission devotes five minutes to each order it reviews. The Commission’s proceedings also are not adversarial. This means that the Commissioners themselves, despite their regular and close work with the relevant ministries and intelligence community representatives, are the sole voices for Germans’ privacy interests. The insularity of the FISA Court’s proceedings is loosened marginally by the USA FREEDOM Act. This will be no easier to achieve with respect to the G10 Commission. Some observers have also wondered whether the integrity of the G10 Commission’s scrutiny may be undermined by the limits on the resources at its disposal. The practical effect of the constraints on the G10 Commission’s review is that the Commission simply “waves through everything the intelligence community wants.” Former Commission Chairman Hans de With has offered only a modest correction of this critique. He guessed that the Commission disallows fewer than 10 percent of the orders it reviews. Even this nominal rejection rate is less reassuring than de With may have intended it to be. In the few cases in which the Commission does not get adequate answers to its questions, former Chairman de With explained that the Commission simply urges the BND to “come back next month,” presumably with the information needed to permit the Commission to authorize the order. All of this has led some commentators to characterize the review provided by the G10 Commission as structurally inadequate.
Second, the USA FREEDOM Act dramatically highlights some of the fundamental, structural differences between Germans and Americans on these issues. It would be a considerable service to German-American relations if the Act helped us to grapple—in respectful but realistic terms—with the kinds of dissimilarities the USA FREEDOM Act exposes. Only from that more informed posture will we be able to identify the areas and issues about which we can hope for genuine cooperation.
Russell A. Miller is a Professor of Law at Washington & Lee University. He is also a DAAD/AICGS Research Fellow, a former Fellow at the Center for Security and Society at the University of Freiburg, and the Editor-in-Chief of the German Law Journal. He is the author/editor of a number of books, including: Privacy and Power: Transatlantic Relations in the Shadow of the NSA-Affair (forthcoming 2016); The Constitutional Jurisprudence of the Federal Republic of Germany (Duke University Press 2012), and U.S. National Security, Intelligence and Democracy (Routledge 2009).
Made possible by the support of German Academic Exchange Service (DAAD) with funds from the German Foreign Office (Auswärtiges Amt - AA)