Shostack + Friends Blog Archive

What Was Wrong With the Old FISA?

The Get FISA Right group is publicizing our need to re-think the laws. They have discussion going on on their site, as well as on The Daily Kos. I recommend catching up there, or reading Adam’s recent post here.

I have to ask what was wrong with the old FISA? It wasn’t a bad system, had a lot tradeoffs as well as emergency provisions. The government could, for example, get a warrant after the fact in an emergency.

But the old FISA was very Cold War. It was also very much adapted to the previous century’s technology in which wired technologies were static and protected and wireless or mobile technologies were highly regulated.

So let’s look at some of the things that are indeed worth changing.

• I think it is important to note upfront that getting a warrant trumps all this discussion. We are talking about Fourth Amendment considerations, and that means what can be done without a warrant. But it also concerns a certain amount of how the government can operate when it has one, when they’re operating completely above board.
• In the past, FISA was overly concerned with devices rather than persons. Changing it so that it affects persons is a good idea. If there is permission to spy on a person, then it should be to spy on the person. Making it the person and device is awfully restrictive, especially when it’s hard to know what counts. Rather than debate about what happens when DHCP gives you a new address, it’s better to just make things apply to persons. That probably makes the law adapt better to changing technology.

  I would not want end up having interesting new technologies like femtocells end up in some odd legal limbo because of some peculiarity of the technology. It’s better for us all to just agree that when it is okay to spy on a person, it’s that person.

• In the past, FISA worried a lot about about where the pipes were. It also seems reasonable to have that abstracted away. This goes along with focusing on the persons. A phone call between non-US persons does not suddenly become a US thing just because some glass runs across the US.

  Now, this has consequences. I wouldn’t blame non-US telecom companies to proudly avoid the US as a result of that. It’s from the viewpoint of a civil libertarian who is trying to make sense out of the rules of spying that I think that.

  It is also the converse of thinking that when I am in another country, they’ll spy on me or not according to their rules, not mine.

• The flip side of this is that US persons are protected everywhere. It seems fair that if we’re going to tune the law to make it easier to spy on non-US persons no matter where they are, the US persons should get full protection. This strikes me as being the way that things ought to be. My government shouldn’t spy on me (without a warrant) just because I’m traveling outside the country. This may be as things ought to be, but it used to be at least de facto that if you were outside the country, your calls would be monitored.
• It is a point of our common law that non-US persons are subject to US law when they are in the US. If a foreigner is arrested in the US, they get a jury trial, for example. In this particular case, however, non-US persons in the US should have some extra measure of protection, the question is what.

I can go on, particularly about the new features of the new FISA. However, that strays away from this discussion. What didn’t work well in the old one.

Originally published by arthur on 11 Mar 2009
Last modified on 8 Jun 2017
Categories:   blogging   information security   national security   NSA Wiretaps   privacy