In response to the remarkable news that the National Security Agency was routinely cataloging the metadata of millions of Verizon customers, many Americans simply shrugged their shoulders and carried on. Sadly, they readied their bromides too. On HBO’s Real Time with Bill Maher last week, the comedian Dana Gould revealed that when he sends an e-mail, he presumes that “it’s just gone.” The audience nodded knowingly.
In truth, neither Gould nor anybody else should assume any such thing. “I have read and agree to the Terms and Conditions,” is, the joke has it, the biggest lie of the modern era. But that you didn’t bother to take note of the regime does not mean that you did not acquiesce to it. Whether you were aware of it or not, when you clicked “Accept” you entered yourself into a legal contract. Unless you have a particularly disreputable e-mail provider, your missives have certainly not “just gone” into the ether. Their fate is strictly governed.
for legal reasons we will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process or enforceable governmental request.
Were the United States a banana republic, this would not be a greatly reassuring proviso. Indeed, in much of the world one could presumably read this as a guarantee that the government had unlimited access to your data. But this is not a banana republic. In America, the state comes with terms and conditions, too, and those conditions have engendered certain expectations among the citizenry.
We may disclose information that individually identifies our customers or identifies customer devices in certain circumstances, such as:
to comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law;
“Authorized by law” is a term of extreme latitude; its meaning depends entirely on what the law says. But in the context of modern American law, almost nobody reading Verizon’s T&Cs would reasonably expect that the National Security Agency would end up tapping their records, because they understand what “court order” and “search warrant” mean. They also know that the NSA is a body established to spy on foreigners who are not protected by the Fourth Amendment, and that by law it is allowed to acquire “information concerning the domestic activities of United States persons” only if a FISA court agrees that the target of surveillance is “a foreign power or agent of a foreign power.” When, as has apparently happened, the definitions of “search warrant,” “foreign power,” and “court order” are stretched so far as to include millions or hundreds of millions of people for whom there is no probable cause of wrongdoing, these words become meaningless — and the trust breaks down. As Orin Kerr wrote at the Volokh Conspiracy recently:
It turns out that the FISA court order disclosed yesterday — the one forcing Verizon to turn over all telephone metadata — was just the latest renewal of a court order that the government first obtained seven years ago. So I gather that every 90 days, they go back and say, “yes, getting the entire database of all call records is still relevant,” and they get a new 90-day order.
Whether this is technically legal or not is a matter of debate. But if it is, it changes the expectations game considerably. As Jonathan Turley wrote in USA Today last week:
Even accepting that ill-conceived decision in Smith v. Maryland, the Court was addressing government seizure of numbers to individuals who become material to investigations. The government previously used “national security letters” to get such information. What the Obama administration has done is effectively issue a national security letter for every citizen in America.
Worse than those who accept this new state of affairs with alacrity are those who are quick to conflate one’s personal behavior with one’s expectations of privacy. “Monitoring isn’t so bad as long as you accept privacy doesn’t exist. We’re all public figures,” Larry Dignan glibly charged on ZDNet on June 7. “Let’s face it,” he continued, ”the NSA is no different than that jackass you can’t remember and friended anyway.” In Dignan’s view, as we spend our days willfully sharing everything online, we have no reason to care if the government gets involved.
This is a bizarre, imbecilic, and even dangerous idea. That many are reckless with the information they choose to share online is true. But it is also utterly irrelevant to the debate at hand. To argue that a narcissistic teenager who willingly shares the intimate details of his life on social media is, in consequence, not entitled to Fourth Amendment protections of the information that he elects not to share is tantamount to arguing that a willingly promiscuous individual is not entitled to be protected from sexual assault. What you choose to give away and what may be taken from you by force — or in secret — are utterly different things. Should a reckless spender be asked to accept an arbitrarily imposed tax bill? (“But you already waste your money!”) Should a renowned blabbermouth expect to be wiretapped? (“But you already tell everyone everything!”)
So what if you have granted Facebook permission to use your photographs in its marketing campaign? So what if you have agreed that Gmail may tailor its advertising to the texts of your correspondence? You certainly haven’t agreed that, as a matter of course, they will hand over the details of when you logged in and how long you spent online. You did not expect that, except in truly exceptional circumstances, your behavior would be collected and collated by the state. This distinction is crucial. Human history teaches us that the NSA is an awful lot different from “that jackass you friended and can’t remember.” For a start, the jackass doesn’t have a paramilitary wing.
— Charles C. W. Cooke is a staff writer at National Review.