The Supreme Court declined to hear an appeal of the Sixth Circuit’s ruling that the plaintiffs in the NSA suit here in Michigan lacked standing. The hard part, of course, is it’s extremely difficult to prove standing here – that’s the whole point of a covert surveillance regime.

So, AT&T is safe legally (especially if President Bush gets his way, and the telcos are immunized from liability), but they deserve this type of ridicule for complying so eagerly with the government’s rather broad surveillance requests. (Diverting all traffic so the NSA can monitor seems, well, overbroad.) Keep your eye on the negotiations in the House.

Intelligence officials who have examined these systems say they’re convinced that the qualities that many computer users find so attractive about virtual worlds — including anonymity, global access and the expanded ability to make financial transfers outside normal channels — have turned them into seedbeds for transnational threats.
[snip]
The government’s growing concern seems likely to make virtual worlds the next battlefield in the struggle over the proper limits on the government’s quest to improve security through data collection and analysis and the surveillance of commercial computer systems.

O’Harrow quotes from a U.S. intelligence study that says something like: “All the kids today are dancing and ‘jiving’ to this new rock-and-roll music on their jukeboxes, leading to increased lascivious behavior and moral decay.”

Now, I understand the possible dangers inherent in a global digital network that facilitates anonymity and allows users to make financial transactions. But that system is called the internet. It isn’t clear to me why those portions of the internet taken up by Second Life are necessarily more threatening than somewhat more familiar problems such as encrypted e-mail or money-transfer systems like PayPal. These innovations can be used for crime. My guess is that the novelty of flying avatars and virtual buildings drives the government’s fear, rather than a significant increase in actual risk from Second Life over and above the internet as a whole.

Even conceding that Second Life could be an especially attractive haven for Bad Guys, the potential for an over-reaction is very high. After all, regular old telephones help criminals and terrorists to communicate too, but that does not necessarily justify routinely monitoring them on a massive scale. (As Jim Dempsey of CDT aptly notes, “When the government is finished, every new technology becomes a more powerful surveillance tool than the technology before it.”)

I certainly hope we won’t see a rush to install monitoring or data-mining in these environments, either as a legal requirement or — perhaps more likely — though the eager cooperation of their proprietors. In a somewhat ominous sign, O’Harrow reports that Linden Lab is already hurrying to reassure the spooks that there is plenty of monitoring already in place:

Officials from Linden Lab have initiated meetings with people in the intelligence community about virtual worlds. They try to stress that systems to monitor avatar activity and identify risky behavior are built into the technology, according to Ken Dreifach, Linden’s deputy general counsel.

Is Linden Lab headed down the well-trodden path, already taken by many airlines, phone companies, and search engines, of voluntarily handing over their customers’ information to the government’s data-mining machine? Let’s hope not.

I found the op-ed very powerful because it moves beyond the typical dichotomous arguments between “fighting terrorism” and “protecting civil liberties” to examine the collateral impact of such pervasive secrecy on innocent bystanders such as the pseudonynomous author. The op-ed tells us that “John Doe” runs a small internet business and received a national security letter demanding information about a client. Rather than comply with what seemed like a fishy request, he courageously went to the ACLU. The secrecy rules mean he still can’t tell us why he was suspicious, although he does say that the FBI later dropped the request. But during the whole fight, he was forced to live a double life:

Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case — including the mere fact that I received an NSL — from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been. I hide any papers related to the case in a place where she will not look. When clients and friends ask me whether I am the one challenging the constitutionality of the NSL statute, I have no choice but to look them in the eye and lie.

Even now, with the request for information withdrawn, he is forbidden to speak. That is a huge burden to place on someone. Forcing third parties into the role of involuntary government spies might be justified in highly exceptional circumstances, but the inspector general’s report demonstrates that their use has been anything but exceptional. As the better books by John le Carre demonstrate, there is a great personal toll to living a double life.

Of course, there are other systemic reasons why such secrecy is corrosive. My colleague Heidi Kitrosser has written about this issue in related circumstances, and John Doe points out that he could have warned Congress and the public about the likelihood of FBI abuses years ago if not for the gag order. If these practices had been reined in sooner, maybe our society would have created many fewer involuntary liars.

Until recently, the same was not true for info/law issues. The problems were often seen as based almost entirely on some combination of legal regulation and technological architecture. Tech companies were regarded as ideals by many socially responsible investors — they had low environmental impacts, typically they had progressive employment policies and benefits, and their supply chains did not involve the sorts of entanglements with corrupt regimes and human rights problems that beset industries from oil to global agriculture.

Until recently, I said. Then came this and this and this, and lots more of the same sort.

We already heard long ago from Larry Lessig about the regulatory role of markets in info/law, and from James Boyle promoting an ethos of “cultural environmentalism” that learned lessons from the success and struggle of the environmental movement. And now, at last, there are signs of serious attention to the role of corporations and their investors in preserving values such as privacy, data security, free speech, and open access to content.

As Derek noted previously in this space, an industry-wide initiative is forming to help companies develop ethical business standards for promoting free expression and privacy online. The Berkman Center is one of the leaders of the effort, along with a wide range of investors, civil society groups, academic institutions, and, of course, companies operating in this space. One of the investors really thinking about these issues is F&C Asset Management, a London-based manager of over $200 billion. The F&C Governance & Sustainable Investment Team recently released a thoughtful report directed at managers in companies who need to think about access, security, and privacy issues in the digital environment. [Disclosure: my wife works on the F&C GSI Team, though she wasn't really involved in this report.] Because it’s written on behalf of investors and directed at corporate managers, its tone is different from some of the advocacy you see elsewhere — which is exactly the point. Investor dialogue will be one of the keys to helping companies contribute to solutions in these areas. Law is important too, but not the only component. We are learning, once again, from environmentalism.

The Sixth Circuit has been brain-dead on copyright, so it was reassuring that the judges focused on what I believe to be the two key issues. First, do the plaintiffs have standing? This is a hard puzzle – there’s no guarantee that their communications were monitored (and the government isn’t saying), so it’s not clear that they have a real stake in the case. However, as their attorney argued in response to close questioning by the judges, it’s difficult to find plaintiffs with concrete standing since the targets of surveillance are secret, and classified. The court could dispose of the case on these grounds, but that would be a cop-out.

Second, does the Bush administration’s voluntary decision to have the federal court set up by the Foreign Intelligence Surveillance Act oversee the program cause the case to be moot? After all, even Congress is getting some information about this new approach. This argument is also flawed – the government hasn’t conceded the underlying legal question (whether the executive branch has inherent authority for this surveillance, or must follow FISA), and could easily opt to end oversight whenever it chooses. Constitutional scholars have a term for this problem – it’s a case “capable of repetition yet evading review.” (Think abortion – by the time a court hears a woman’s suit about whether she can have one, the issue is moot, but future women will face the same issue.) Again, the court would duck the real controversy by dismissing on these grounds.

I found Judge Taylor’s opinion unconvincing – long on rhetoric, short on careful legal analysis. (Other views, pro and con…) The FISA issue presents hard questions of the balance of power among our branches of government and of the scope of the statute. The standing question is similarly difficult. So, there seem to be two good options for the Sixth Circuit (in my opinion). First, the court could remand the decision to Judge Taylor in light of the changed circumstances – vacating the opinion, and providing some guidance about what questions she should address (more thoroughly). Second, the court could take up these questions itself; additional fact-finding by the District Court doesn’t seem terribly necessary here since most of the issues are about legal interpretation, not figuring out the contours of the program. The latter option has the virtue of being more rapid and potentially more definitive; the former is more pragmatic and gives Congress and the administration more time to unwind these issues without relying on judges to resolve hard questions of institutional power and competence.

A final point: treat analyses (including this one!) of the case, and Judge Taylor’s opinion, with great care. There’s a lot of rhetoric out there and relatively little close legal analysis. It’s not helpful to declare ringingly that the program violates our constitutional rights, or threatens a program certain to have saved lives.  It is helpful to explicate FISA or explore the balance between executive and legislative authority. Beware blowhards.
I’d love comments on what you think the Sixth Circuit should do.

First, Judge Taylor’s reasoning on the state secrets doctrine may not be fully convincing. She rightly, and smartly, cites both the Sixth Circuit’s take on the issue (Tenenbaum v. Simonini, 372 F.3d 776) and the Supreme Court’s ruling on the Army’s domestic surveillance program in the 1970s (Laird v. Tatum, 408 U.S. 1 (1972)). Since both cases dismissed the plaintiff’s claims based on state secrets, Judge Taylor has some lifting to do. She distinguishes the cases on two points. First, unlike in Tenenbaum, the government has already confirmed information about the electronic surveillance program; the plaintiffs, she finds, need no more information (and carefully are not seeking any more) to meet their initial burden of proof. Second, unlike in Laird, the plaintiffs (including lawyers and journalists) are injured not by a theoretical “chilling effect” on their activities, but by actual injury: reduced communication with foreign persons who meet the definition for inclusion in the surveillance program, and increased financial burdens from traveling to meet with these persons, since electronic communication might be insecure. (She notes that professional ethics require an attorney to protect the confidentiality of communications with a client; as such, discussing privileged information on a line that may be tapped could well violate this duty.)

Judge Taylor’s reasoning on state secrets seems sound regarding the first prong (really a question about justiciability).  Her second point, though, seems more debatable.  We don’t know – and it would violate the state secrets doctrine to find out – whether these specific plaintiffs (or their communicants) have been targeted by the NSA program.  This would seem to bring the case much closer to Laird, where the plaintiffs claimed Army surveillance of demonstrations with “some potential for civil disorder” chilled their expressive activities and their participation in such disorders. (Quote from the opinion at 19, citing 408 U.S. at 6.)  Note that they weren’t claiming that they were specifically targeted; rather, it was the threat that they would fall within the ambit of this surveillance program that caused the harm.  To me, this seems very close to what plaintiffs here are alleging.

This is also different, in important respects, from the situation Judge Taylor discusses in Presbyterian Church v. U.S., 870 F.2d 518 (9th Cir. 1989), where government agents entered a church to conduct unlawful surveillance.  Physical monitoring can be established much more readily than electronic surveillance, and is thus less likely to run afoul of the state secrets rule.

In short, there’s at least a plausible argument, under the state secrets doctrine and the “standing” doctrine, that the plaintiffs don’t have standing: the fact that they could be subject to surveillance, without knowing whether they are, isn’t enough.  In short, to prove standing, they might need information that is blocked (perhaps fatally so for their case) by state secrets.

This is an initial response, and I’m eager to see what people who are more knowledgeable think.

Second, most of the discussion by plaintiffs in these cases (see also Hepting v. AT&T, 2006 WL 2038464 (E.D. Cal. 2006)) has focused on telephone monitoring, not e-mail.  This ironically makes the case easier for the government. It’s relatively straightforward, in a circuit-based system like telephones use, where the caller is and where the recipient is – effectively, the phone system creates a direct link between the two parties.  With e-mail, though, the sender’s location can be determined with reasonable accuracy, but the recipient’s location is not clear – and neither is the path that the message takes to that recipient.  If a phone call between two people – whether U.S. citizens or not – is entirely within the U.S., then domestic wiretap rules apply. Once it’s outside the U.S., though, the rules change.

E-mail isn’t so simple, though.  The “location” of the recipient may be uncertain, or it may not clarify which legal rules should apply.  A message from me (in Michigan) to Bill (in Minnesota) might conceivably route through China.  What about a message from me to someone who might be affiliated with al Qaeda, but who stores his e-mail on a Hotmail account here in the U.S.?  How can we determine, based on an e-mail address, where a recipient is located and, in some cases, even who the recipient is?  E-mail is a new ballgame for some of the legal aspects of surveillance and surveillance control, and I would be very glad indeed to see the courts address this angle.

On state secrets, the judge here (Anna Diggs Taylor) followed the lead of Judge Vaughn Walker in the EFF litigation against AT&T. As discussed previously by both Derek and yours truly, in that case the government sought dismissal under the state secrets privilege and Judge Walker held that the government had already revealed enough about the program to allow EFF to make its claims without relying on any classified information. Here, Judge Taylor reached the same conclusion (but she did dismiss another claim about the NSA’s parallel data mining program because the Administration has said much less about it so the state secrets privilege applied). There is also a very important ruling that the plaintiffs have demonstrated enough injury from the possibility that they were surveilled in order to have standing to sue (I will need to read that analysis more carefully before commenting on it).

The most newsworthy aspect of the decision, of course, is that it strikes down the NSA program. The court finds the program unconstitutional under the First and Fourth Amendments as well as the Separation of Powers Doctrine, and also finds that it violates both the Administrative Procedure Act and other statutes. As a result, the court issued an injunction against the program — essentially, an order that the program be suspended.

Obviously, expect an immediate appeal, which will go to the Sixth Circuit Court of Appeals, which covers Michigan, Ohio, Kentucky, and Tennesee.

Put aside the merits of the case for a moment. The judge’s decision to deny the motion to dismiss seems correct – I have always believed the state secrets claim was, at best, implausible – but I’m not sure I like the reasoning. The government’s, and AT&T’s, disclosures came in response to information leaked to the Times. This information was the grounds for the lawsuit itself. Responding to it, even in “broad terms” (Judge Walker’s words), apparently nullified the state secrets argument. Hence, for the plaintiff here (EFF), the leaked information was both sword (enabling the lawsuit) and shield (protecting against dismissal due to general responses by the government / AT&T to the Times article). If the government had issued a “no comment” on the article, it would have invited yet more criticism for being opaque on a key civil liberties issue.

In short, this type of situation presents the government with an extremely tricky decision. I haven’t read Judge Walker’s ruling yet, but I would hope that it at least grapples with this tension.

Or have I missed the boat on this aspect of the case?