A high-profile group of technologists and privacy advocates is attempting to halt domestic surveillance of Americans through a clever twist: using federal bureaucratic rules against federal bureaucrats.
In a request today to National Security Agency director Keith Alexander and Defense Secretary Chuck Hagel, the group argues that the NSA's recently revealed domestic surveillance program is "unlawful" because the agency neglected to request public comments first. A federal appeals court previously ruled that was necessary in a lawsuit involving airport body scanners.
"In simple terms, a line has been crossed," Marc Rotenberg, executive director of the Electronic Privacy Information Center, told CNET. "The agency's function has been transformed, and we think the public should have an opportunity to say something about that."
It's an ambitious -- and untested -- legal argument. No court appears to have ever ruled that the Administrative Procedure Act, which can require agencies to solicit public comment, has applied to the supersecret intelligence community. The APA explicitly excludes from judicial review, for instance, "military authority exercised in the field in time of war."
EPIC is relying on a July 2011 decision (PDF) it obtained from the U.S. Court of Appeals for the D.C. Circuit dealing with installing controversial full-body scanners at airports. The Transportation Security Agency, the court said, was required to obtain comment on a rule that "substantively affects the public."
Today's request to the NSA and Defense Department, which was coordinated by EPIC, also claims the recently disclosed "collection of domestic communications contravenes the First and Fourth Amendments to the United States Constitution," and several other federal laws. That includes but is not limited to, Rotenberg said, an order the NSA obtained from a secret court permitting it to vacuum up all Verizon customers' phone call records on a daily basis.
The request was organized by EPIC and signed by a list of technical experts including:
• James Bamford, author of the first book on the NSA and a Wired cover story last year that was the first to disclose details about the NSA's Utah data center.
• Whitfield Diffie, a pioneer in public key cryptography that today protects many Internet communications and is known by security engineers as a Diffie-Hellman key exchange.
• David Farber, a professor of computer science at Carnegie Mellon University who was a pioneer in distributed computing and is an IEEE Fellow and an ACM Fellow.
• Peter Neumann, a researcher at SRI International in Menlo Park, Calif., and editor of RISKS Digest.
• Ronald Rivest, a professor at MIT who co-invented the RSA algorithm, which bears his initial.
• Bruce Schneier, a cryptographer and chief technology officer of BT Managed Security Solutions, who has written books on computer security including "Liars and Outliers: Enabling the Trust that Society Needs to Thrive" (2012).
• Barbara Simons, the past president of the Association for Computing Machinery, the largest membership organization of computer scientists.