Intel Community Must Reveal Case Behind the New “Make Everyone a Spy Law”

​There is a mystery at the heart of the recently enacted law that broadens the definition of an “electronic communications service provider” with a duty to carry out secret surveillance at the request of the government.
 
Such compelled surveillance requirements were once focused on major companies, like Verizon, AT&T, and Google. But then came a secret case that led the intelligence community to want to expand the law to cover, well, almost everyone in business. This new law, increasingly known by its moniker “Make Everyone a Spy Act,” can now enlist business owners into copying the communications of their customers and handing them over to the FBI or some other government agency.
 
What prompted the intelligence community to want such a dramatic expansion of covered entities? Senate Intelligence Committee Chairman Mark Warner said on the Senate floor in April:
 
“Now, why has this suddenly now become such an issue? Well, one of those communications providers – remember I talked about clouds, data centers, how these networks come together and how network traffic is intertangled at these data centers? One of these entities that controlled one of those new enterprises that didn’t exist in 2008 said:
​
Well, hold it. You can’t compel us to work with the American government because we don’t technically fit the definition of an electronic communications service provider. And the fact was, the company that raised that claim won in court. So what happened was, the FISA Court said to Congress: You guys need to close this loophole; you need to close this and change this definition.”
 
Yet the new law is insanely broad. It covers “any” service provider with access to communications equipment. The government can now enlist custodial services, landlords, owners of small office complexes, gyms, dentist offices, and small businesses of almost every kind, as government spies. And, as with the larger telecoms and tech companies, these small businesses will be held under a gag order, preventing them from alerting their customers that they’ve been spied on.
 
Worse, because few small business owners have the ability to neatly parse exact threads of communications from their equipment, they will likely just turn over the equipment itself – and every customers’ private data it contains – to the NSA.
 
Little wonder that Sen. Ron Wyden (D-OR) described this sweeping provision as “one of the most dramatic and terrifying expansions of government surveillance authority in history.” Sen. Warner admitted that the provision “could have been drafted better.” He promised that if the Senate passed the bill, he would support a redraft of this law’s language in the next Intelligence Authorization Act or the National Defense Authorization Act. The Senate took him at his word and passed the bill.
 
But how can such a redraft be done without some guidance as to the nature of the case that prompted this new law?
 
Without a public disclosure of the type of service provider at the heart of the case Sen. Warner referred to, Congress cannot effectively narrow the language. The administration must declassify the type of provider in the FISC case to guide Congress in making precise refinements in its narrowing of the law.
 
For that reason, PPSA is joining a host of civil liberties peer organizations – ranging from the American Civil Liberties Union and Brennan Center to the Due Process Institute and FreedomWorks – in an open letter to Attorney General Merrick Garland and Director of National Intelligence Avril Haines urging them to declassify the type of service provider at the heart of the FISC case.
 
The administration issued a written commitment to apply the new definition only to the type of provider at issue in the FISC decision. The recent history of American surveillance shows, however, that such commitments won’t bind future administrations. And time and again, we’ve seen one agency or another in the intelligence community resort to legal sophistry to break its word. 
 
Given that data centers were named by Sen. Warner on the Senate floor and even in a New York Times article, foreign spies are surely aware of the nature of the broad outlines of the case behind this new law. It is hard to imagine a stronger case for discretionary declassification. Disclosure must happen so Congress can curtail this new warrantless surveillance legislation in the narrowest way possible.