Back to News & Commentary

The NSA's Other Privacy Loophole

NSA Building
NSA Building
Alex Abdo,
Former Senior Staff Attorney,
ACLU Speech, Privacy, and Technology Project
Share This Page
July 18, 2014

Earlier today, a former State Department civil servant named John Tye published an important op-ed in the Washington Post, explaining that the NSA has created a giant loophole in Americans’ right to privacy. While we now know a good deal about the NSA’s spying on American soil, Tye explains, the NSA’s powers to conduct surveillance on foreign soil should trouble us even more.

Surveillance on foreign soil takes place under Executive Order 12,333, an authority that contains few meaningful protections for the privacy of Americans. For example, if the NSA is spying abroad on foreigners and happens to pick up an American’s international call, the NSA can keep listening without a warrant. It can also keep a recording of that call for a long time – even indefinitely, if any of a number of broad exceptions applies.

What’s more, the meager protections for Americans in the executive order are not subject to meaningful oversight. Not even the Foreign Intelligence Surveillance Court approves the government’s activities under the order, and earlier this year, Sen. Dianne Feinstein (D-Calif.) – the chair of the Senate Intelligence Committee – acknowledged that Congress has not been able to “sufficiently” oversee those activities.

We have long been concerned about the use of Executive Order 12,333 to circumvent traditional protections for Americans’ right to privacy. Last year, just two weeks before the Snowden disclosures, we filed a Freedom of Information Act request seeking to learn more about the government’s use of the executive order. In the lawsuit we filed to enforce the request, we explained “that the NSA is collecting vast quantities of data worldwide pursuant to EO 12,333,” inevitably “sweep[ing] up the communications of U.S. persons.”

Tye’s op-ed, unfortunately, only confirms our fears. Here is how he explains it:

A legal regime in which U.S. citizens’ data receives different levels of privacy and oversight, depending on whether it is collected inside or outside U.S. borders, may have made sense when most communications by U.S. persons stayed inside the United States. But today, U.S. communications increasingly travel across U.S. borders—or are stored beyond them. For example, the Google and Yahoo e-mail systems rely on networks of “mirror” servers located throughout the world. An e-mail from New York to New Jersey is likely to wind up on servers in Brazil, Japan and Britain. The same is true for most purely domestic communications.

In other words, Executive Order 12,333 is a loophole in Americans’ right to privacy: so long as the NSA is targeting foreigners abroad, it can sweep up Americans’ communications, too. We already know that the NSA has created and is exploiting a similar loophole under the FISA Amendments Act (which you can read about here). But the executive-order loophole is even more troubling, Tye explains, because it is subject to even less oversight than the FAA.

So, is the NSA exploiting the loophole created by Executive Order 12,333? On this question, Tye’s Post op-ed is highly suggestive. He raises the possibility that the NSA might have revived its bulk internet-metadata program under the executive order:

Gen. Keith Alexander, a former NSA director, has said publicly that for years the NSA maintained a U.S. person e-mail metadata program similar to the Section 215 telephone metadata program. And he has maintained that the e-mail program was terminated in 2011 because “we thought we could better protect civil liberties and privacy by doing away with it.” Note, however, that Alexander never said that the NSA stopped collecting such data—merely that the agency was no longer using the Patriot Act to do so. I suggest that Americans should dig deeper.

Tye also implies that the NSA could use the executive order even more broadly, making surveillance authorities like Section 215 of the Patriot Act – which the government relies upon for its bulk phone-records program – pale in comparison:

Consider the possibility that Section 215 collection does not represent the outer limits of collection on U.S. persons but rather is a mechanism to backfill that portion of U.S. person data that cannot be collected overseas under 12333.

Perhaps the most important lesson we should draw from Tye’s op-ed is that we have yet to get a full and clear explanation from the NSA of its various surveillance authorities, particularly as they impact U.S. citizens and residents. Instead, we have received half-answers and artfully crafted denials. At a time when Congress is attempting to reform the NSA, it’s time to demand more. Again, in Tye’s words:

I am coming forward because I think Americans deserve an honest answer to the simple question: What kind of data is the NSA collecting on millions, or hundreds of millions, of Americans?

Learn more about government surveillance and other civil liberties issues: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook.