We are Jameel Jaffer of the ACLU, Wikipedia founder Jimmy Wales, and Lila Tretikov, executive director of the Wikimedia Foundation – and we are suing the NSA over its mass surveillance of the international communications of millions of innocent people. AUA.
Our lawsuit, filed last week, challenges the NSA’s “upstream” surveillance, through which the U.S. government intercepts, copies, and searches almost all international and many domestic text-based communications. All of the plaintiffs in the lawsuit are educational, legal, human rights, and media organizations who depend on confidential communications to advocate for human and civil rights, unimpeded access to knowledge, and a free press.
We encourage you to learn more about our lawsuit here: https://www.aclu.org/blog/national-security/nsa-has-taken-over-internet-backbone-were-suing-get-it-back
And to learn more about why the Wikimedia Foundation is suing the NSA to protect the rights of Wikimedia users around the world: https://blog.wikimedia.org/2015/03/10/wikimedia-v-nsa/
Proof that we are who we say we are:
Jameel Jaffer: https://twitter.com/JameelJaffer/status/578948449099505664
Go ahead and AUA.
What can we, as a community, an internet, and as non-lawyers, be doing to help raise awareness of this?
[Jameel Jaffer] Here’s a partial answer to this question for the Americans out there: a few provisions of the USA Patriot Act are scheduled to sunset in June. Congress has to consider, between now and then, whether to reauthorize the provisions, amend them, or let them expire. You should make sure your representatives in Congress know that you want some commonsense limits to be imposed on the NSA’s surveillance activities.
[Lila Tretikov] As an individual, or a non-lawyer, you can help make the internet more secure by raising awareness through your personal networks, using encryption and tools like HTTPS Everywhere and supporting organizations that support your rights on the internet. Talk about why privacy matters to your local or national politics to support privacy reform.
[Jimmy Wales] Talk about it outside our usual tech/geek circles – make sure that people who ordinarily are prone to “fall for” silly rhetoric about terrorists and pedophiles are aware of the real issues. A lot of politicians think that the general public doesn’t care about this issue – we need to make sure the general public knows about and and that they do care about it – and that they make their voices heard.
What is the minimum acceptable outcome for your lawsuit?
[Jimmy Wales] That the world is made perfect for everyone for the entire future of the world. 🙂
Seriously, from our complaint, here is the relief that we ask for in the lawsuit:
WHEREFORE Plaintiffs respectfully request that the Court: 1. Exercise jurisdiction over Plaintiffs’ Complaint; 2. Declare that Upstream surveillance violates 50 U.S.C. § 1881a and 5 U.S.C. § 706; 3. Declare that Upstream surveillance is unconstitutional under the First and Fourth Amendments, and under Article III; 4. Permanently enjoin Defendants from continuing Upstream surveillance; 5. Order Defendants to purge all records of Plaintiffs’ communications in their possession obtained pursuant to Upstream surveillance; 6. Award Plaintiffs fees and costs pursuant to 28 U.S.C. § 2412; 7. Grant such other and further relief as the Court deems just and proper
The minimum acceptable for me personally would be #2 – finding that their activity violates the law as passed by Congress. #3 is much better, of course, finding that it’s actually unconstitutional.
[Jameel Jaffer] Just to add a couple more points, I think there’s broad agreement that the government has a legitimate interest in monitoring the communications of suspected terrorists. This kind of dragnet surveillance, though, constitutes a gross invasion of the privacy of innocent people, and it will inevitably have a chilling effect on the freedoms of speech and inquiry. (There is some evidence that the NSA’s surveillance activities are already having this effect.) We don’t think the NSA should be looking over innocent people’s shoulders when they’re surfing the web. I should emphasize that the NSA’s practice is to retain communications that include “foreign-intelligence information,” a term that is defined so broadly as to include, for example, any information relating to the foreign affairs of the United States. No one should be under the misimpression that the NSA is interested in collecting information about terrorism and nothing else. Former NSA director Michael Hayden has been forthcoming about this. He said recently: “NSA doesn’t just listen to bad people. NSA listens to interesting people. People who are communicating information.” We would like the NSA’s surveillance activities to be more narrowly focused on individuals who are actually and reasonably thought to present threats.
[Lila Tretikov] The NSA will end its unconstitutional surveillance practices. Filing this suit has raised awareness and continued a conversation about mass surveillance.
I gather the public at large is vaguely upset, and don’t likely realize the full implications of what’s been going on.
How would you explain this issue to a neighbor who isn’t an internet denizen?
[Lila Tretikov] Would you like your phone to be tapped without a warrant? Today, your internet connection can be.
[Jameel Jaffer] Also, perhaps refer them to this Human Rights Watch / ACLU report, which documents the way that government surveillance is already inhibiting journalism that’s crucial to open societies. http://www.hrw.org/reports/2014/07/28/liberty-monitor-all-0
I’m really happy to see Wikimedia standing up to various governments using legal tools. Is there anything to be done or that you plan on rolling out on the tech side to protect the identity of wikipedia editors in other countries?
[Lila Tretikov] We take privacy and its protection seriously. People today often get their first — and sometimes only identity — online. It is critical that our users’ sensitive information is protected, secure, and under end-user control. The Wikimedia Foundation is in a unique, neutral position to support this level of privacy online. We are definitely thinking about product and technical implications of this.
If your lawsuit is successful, do you believe the NSA will actually comply with the verdict? Is the NSA still under the control of the US government? Also, since the NSA has potentially infected the very hardware of the internet’s infrastructure, how can we verify if they are being compliant?
[Jimmy Wales] I’m an optimist. I don’t think there is any actual evidence that the NSA is not under the control of the US government.
And as to compliance, I think the key point is that if we are successful, it will be clear that what they are doing is not legal. So if “infected” hardware is discovered, someone is going to be in big trouble, possibly jail.
I think it’s unwise in life to become too cynical – cynicism can lead to paralysis under a theory that “well, we’re all fucked anyway so why bother.” I think a lawsuit victory here will make a meaningful difference, even in an imperfect world.
[Jameel Jaffer] I don’t think the NSA would refuse to comply. I do think it would exploit ambiguities in any court order. Which is part of why we’re pressing Congress to require the NSA to be more transparent about its activities and to ensure that the NSA’s activities are subject to meaningful judicial review on an ongoing basis.
Let’s suppose this lawsuit is successful, and the NSA is legally barred from collecting upstream data. What about controlling/regulating the same sort of data collection by corporate entities, and other governments (e.g., China)? Does a successful outcome here protect privacy only with respect to the US government, or would it affect of influence privacy rights in other contexts?
[Jameel Jaffer] This suit is about surveillance by the US government. The ACLU is involved in other efforts relating to surveillance by other governments–see, e.g., this case against the GCHQ in the UK: http://www.theguardian.com/uk-news/2014/dec/05/uk-mass-surveillance-laws-human-rights-tribunal-gchq. But the truth is that a more global solution to the problem of mass surveillance will require diplomacy, not just lawsuits.
What is different about this suit against the NSA’s surveillance than the other lawsuits that have failed?
[Jameel Jaffer] This is a good question. As you probably know, in Clapper v. Amnesty, the U.S. Supreme Court held, in a 5-4 vote, that the ACLU’s plaintiffs in that case lacked standing to challenge the constitutionality of the 2008 FISA Amendments Act—the same statute the government now invokes to justify the NSA’s “upstream” surveillance. The Court reasoned that the plaintiffs didn’t have the right to challenge the statute because they couldn’t show a sufficient likelihood that their communications were being monitored. The plaintiffs couldn’t make that showing, of course, because the government refused to disclose, even in the most general terms, how the statute was being used.
I think Clapper v. Amnesty was wrongly decided (I argued the case, so this shouldn’t be surprising), but more importantly, I don’t think Clapper v. Amnesty forecloses our new case. I say this for a few reasons. First, thanks to Snowden, we know much more about the government’s surveillance practices now than we did when Clapper v. Amnesty was argued and decided. (It was argued in the fall of 2012 and decided in February 2013, just a few months before the first Snowden revelations began to appear in the Guardian and Washington Post.) Second, the government itself has now acknowledged and confirmed many of the key facts about the NSA’s upstream surveillance. Third, the volume of Wikimedia’s communications is so incredibly large that there is simply no way the government could conduct upstream surveillance without sweeping up a substantial number of those communications.
I’m sure the government will argue that Clapper v. Amnesty forecloses this suit, but I don’t think this will be a very compelling argument.
How do we, as privacy advocates, convince our fellow Americans that we should care about and protect the privacy of normal citizens in other countries?
[Lila Tretikov] In the age of the internet, we are all interconnected. If you don’t have privacy in Brazil, you don’t have privacy in the U.S. Our internet traffic doesn’t respect national borders — it crosses them millions of times a day. An email that starts in New York and is intended for someone in Miami may end up in Amsterdam along the way.
It’s simple: we believe that universal human rights are universal. But our lawsuit isn’t just about the privacy of normal citizens in other countries. It’s also about the communications of American citizens. On the internet, we are all truly connected. These surveillance efforts exploit those connections, to collect communications from everywhere. In this instance, it’s clear that the interests of Americans and non-Americans are aligned.
Why haven’t you made any claim that non-Americans have privacy rights? Do you think Verdugo-Urquidez is incontestable, and a binding precedent for the rest of the world’s privacy rights on the Internet? If you win, and establish stronger but unequal rights only for Americans, that will further damage international human rights law based on equality without regard to national origin.
[Jameel Jaffer] We’re deeply concerned about the government’s indiscriminate surveillance of non-U.S. persons’ communications, and we’ve pressed this issue in other forums, including the Privacy & Civil Liberties Oversight Board, the Inter-American Commission, and the U.N. Human Rights Committee. Wikimedia and many of the other plaintiffs in this lawsuit share our concerns. We’ve focused on Americans’ international communications in this suit only because American law limits (unreasonably and unjustly, in our view) the kinds of claims we can bring on behalf of non-U.S. persons outside the United States. But we’re hopeful that any new safeguards that the government is forced to adopt (or adopts of its own accord) as a result of this suit will have the effect of protecting everyone, not just Americans.
[Lila Tretikov] True — jurisdiction means that we’re litigating based on American law. But we believe this lawsuit will help protect the privacy of non-Americans too. Because the traffic is going over the backbone of the internet, all traffic is vulnerable and affected. Since the policies around in-country networks belong to local governments, we have to challenge legislation in its own jurisdiction. Governments can and do share intelligence with each other. Ensuring privacy protection in one country is a step towards helping the rest of the world.
[Jimmy Wales] Probably best for Jameel to answer this more formally, but I can speak to this in a general way. Legal cases tend to focus quite narrowly on particular issues that are winnable in a particular context. Not arguing for it doesn’t mean that we don’t agree with it, nor does it prejudice any future cases which may argue that. We aren’t going to get everything done in this case, which is a shame of course, but that’s the way courts work.
Jimmy Wales: Have you guys started banning police IPs that have been editing their own pages removing they’re criticisms?
[Jimmy Wales] We treat all IPs the same – if they misbehave then yes, they will ultimately get banned. But we warn first and try to work with people to help them to understand the right way to approach Wikipedia.
I remember several years ago there was a news story when we temporarily banned the IP address of the US House of Representatives. I joked then, and it was true as well, that we would treat them the same way we would treat any high school – if they behave they can stay.
In an ideal ruling, other than remedying wikipedia’s probkem, what binding precedent do you hope to set?
[Jimmy Wales] That this type of behavior is not just illegal under current law, but actually unconstitutional.
If the lawsuit fails–which it won’t, of course–what are the next steps?
[Lila Tretikov] As Jameel said, we’re doing everything possible to win. But we are taking and will continue to take steps to protect our users’ privacy. We are constantly working on these issues from a technical and policy standpoint. This is just one of them.
I’ve seen a lot of stuff about “talk to laymen about why internet privacy matters”. While I completely agree that privacy is important, trying to explain why that is to someone can be difficult. Could you list off a few reasons/example that would be easy to rattle off to someone and make sure they get the idea?
[Lila Tretikov] In spirit of the First Amendment, we believe that privacy makes it possible for people to speak freely, or think freely. Imagine you’re in a place where you disagree with popular public opinion: perhaps there is corruption in your government, but people are too intimidated to speak up. Privacy could give you the protection to blow the whistle. Perhaps you live in a religious community, but have questions. Privacy can protect your right to explore controversial ideas or other teachings. Maybe you’re a member of a minority group that is discriminated against where you live. Privacy is a right that could allow you to seek resources or support. Privacy allows people to share information freely, without the fear of being watched, censored, or persecuted. This matters everywhere in the world, even in our own country.
[Jameel Jaffer] It’s a really important question. I find this analogy that Bruce Schneier gave at SXSW a couple of days ago useful: Would you want a cop car driving next to you, watching you, at all times even if you weren’t doing anything wrong? Would you want to remove all of the curtains or shutters in your home? The persistent monitoring of our communications by the government has the same effect, even if it seems less evident. There is too much information about innocent people in government databases – about their movements, whom they choose to talk to and associate with, and where they spend their time. This erodes the liberties we all take for granted. And I think someone already linked to this TED talk on the issue by Glenn Greenwald. I highly recommend it: http://www.ted.com/talks/glenn_greenwald_why_privacy_matters?language=en
Whenever I try to convince people around me that the surveillance going on is serious, a lot of responses I get are “I am okay with what the NSA does to protect us.” Do you have any thought provoking responses I can parrot back?
[Jameel Jaffer] For more than a decade, the NSA told the Foreign Intelligence Surveillance Court that its call-records program was not just effective but “the only effective means” of monitoring the calls of suspected terrorists. After the Snowden revelations, the Privacy and Civil Liberties Oversight Board and the President’s Review Group both concluded that the program had never been pivotal in any investigation. And the President himself acknowledged that the NSA could track terrorists’ calls without collecting everyone’s call records. More: http://justsecurity.org/6159/privacy-board-debunks-justification/
How likely is this to succeed, and on a note I think is highly related, how much are you doing to grow press attention for this?
[Jameel Jaffer] It’s a hard case. But we wouldn’t have brought it if we didn’t think we had a real chance of convincing the courts to rule our way. I think the Snowden revelations have led many people–including many judges–to realize for the first time that government surveillance has become a real threat not just to individual privacy but to the freedoms of speech, association, and inquiry as well.
How long do you think the law suit will take until we will see some results? Are we talking month, years?
[Jameel Jaffer] I expect we’ll be filing legal briefs over the next few months and that the district court in Maryland will hear oral argument in the fall.
How long has this lawsuit been in the works? Has it been thought about ever since the leaks, or has it only recently been thought of and worked on?
[Lila Tretikov] We have cared for privacy for a long time. With recent revelations we decided to take a more active role (since last summer).
How can I as an ACLU member further help you in this cause?
[Jameel Jaffer] There are a lot of things you can do. For starters, we’re planning a big fight against the reauthorization of Section 215 of the Patriot Act, which the government uses to conduct bulk surveillance of Americans’ phone records. You can make clear to your representatives that you expect them to oppose reauthorization. Here’s a petition you can sign: https://www.aclu.org/secure/stopnsa. Thanks for your support!
How do you see the standing argument shaping up? Will it matter from an organizational versus individual basis? How do you keep Jewell from happening again?
[Lila Tretikov] We believe that Wikimedia’s case is factually different from the Jewell decision (Jameel can speak more). One thing to note is that it is a question of scale. We have tens of billions of user requests every month that we are aiming to protect.
What do you guys make of the reported apathy of the public re: surveillance?
[Lila Tretikov] People are trading privacy for convenience. All of our lives are now digital. More of our data online == more incentive to break into it == more end users care.
[Jimmy Wales] I’m not so sure that the public is all that apathetic. I think and hope that it is a mistake for politicians to think that way, and that ending mass surveillance is a vote-getter.
My best life advice is this: wake up every day and do the most interesting thing that you can.
As someone who likes net neutrality but is wary of government regulation, I have mixed feelings about the FCC’s decision to reclassify the Internet as a public utility. Could this decision have an impact on how Internet usage data is surveilled and shared with spy agencies?
[Jameel Jaffer] This issue requires a longer answer than I can provide here. But here’s a recent blog post from one of my colleagues on this topic: https://www.aclu.org/blog/technology-and-liberty-free-speech/after-decades-fight-net-neutrality-huge-win-free-speech-onli
Why should Wikipedia editors feel confident that company brass is doing whatever it can to avoid snooping?
What do you believe will be the biggest barrier in suing the government? What do you believe is the most corrosive element that exists within politics today, and how do we root it out?
[Jimmy Wales] Well, we are suing them, so the barriers have already been overcome. 🙂
As to the second question, I can answer in my personal capacity. The most corrosive element in politics is a media more interested in click-bait (or viewer-bait) mock conflict about trivialities rather than serious journalism.
[Jameel Jaffer] Standing and state secrets have been hurdles in many other surveillance suits. As I explained in response to other questions, though, we are optimistic that we will be able to overcome those hurdles here. There is a lot more information in the public domain now than there was when those other surveillance cases were litigated.
What do you think of the idea of a UN treaty for ensuring privacy and freedom in modern communications?
[Jameel Jaffer] We’ve drafted a proposed “General Comment” to the International Covenant on Civil and Political Rights that would flesh out the right to privacy for the digital age. Our proposal is here: https://www.aclu.org/sites/default/files/assets/jus14-report-iccpr-web-rel1.pdf
How strong do you think your case is in the corrupt justice system? It’s pretty blatant that they are violating the constitution but that doesn’t stop the NSA from constantly violating it. Are there any worries that the trial might be unfair?
[Jimmy Wales] I do have concerns in general about the justice system, I don’t think that Federal courts can be rightly characterized as generally corrupt. There are problems everywhere, but the US federal judiciary is quite independent. People do routinely win cases against the government.
How would you make the Internet more Secure Free and Safe?
[Jimmy Wales] I’d like to see much more widespread use of encryption. I would like to have a web browser that doesn’t even support ‘http’ as a protocol, using only ‘https’. A few years ago that was thought to be impractical because of the cost of encryption. That cost has fallen dramatically, though, so I think now it’s possible to get there.
And it is the direction we are headed, I believe, as more and more people understand that it’s silly to go around spewing data when we don’t have to.
Jimmy Wales: What were your main intentions when you first created Wikipedia? Are you happy with how it is currently? Where do you wish for it to be in the future?
[Jimmy Wales] Well, a free encyclopedia for everyone on the planet in their own language was the intention, and still is. I’m happy with how it is currently… at least in terms of “progress so far”. There is still a huge amount of work to do, especially in the languages of the developing world.
I want to see 250,000 articles in every language that has at least 1,000,000 native speakers… which is approximately 330 languages I believe. We aren’t there yet.
What you believe will happen if you fail in your cause?
[Jameel Jaffer] Well, let me start by saying that we’re going to do everything we can to win the case. But we are pressing for reform on other fronts as well–including in Congress, before the U.N. Human Rights Committee, and before the U.N. Human Rights Council. We are also urging technology companies to do more to protect their users’ privacy–and some technology companies have started to respond to that call.
I would like to know why the ACLU is not partnering with the Electronic Frontier Foundation (EFF) for this lawsuit?
[Jameel Jaffer] EFF is a super organization and we work together all the time. For example, we’re working together on Smith v. Obama, a challenge to the NSA’s dragnet call-records program (see https://www.aclu.org/national-security/smith-v-obama-challenge-nsa-mass-call-tracking-program). We’re also working together in Klayman v. Obama (see https://www.eff.org/document/eff-and-aclu-amicus-brief-klayman).
Why is this lawsuit only being presented now? What was the change that made it so you just took up the case? Why not earlier, especially when there was a higher public outcry against it back in 2013?
[Lila Tretikov] This was an important decision for us. After the mass surveillance revelations, everyone became aware of the vastness of these programs. We began to think carefully about what this meant for the Wikimedia mission and community. We started conversations with the ACLU in May 2014 about the possibility of filing this suit against the NSA and other defendants.
Is Wikipedia ever going to implement HTTPS encryption by default on all its language versions?
[Lila Tretikov] We would like to see all internet traffic encrypted. On Wikipedia, logged-in users get HTTPS by default. All Wikimedia users can enable HTTPS. HTTPS has performance implications for users especially in low bandwidth or poor connections areas. Our Engineering team calibrates forcing HTTPS configuration on a case-by-case basis to minimize negative impacts for these readers.
When you first started Wikipedia did you ever expect to get so big that you would challenge an entire government program?
[Jimmy Wales] I’m a pathological optimist so I always think everything is going to be amazing. But even so, no, it never occurred to me that we’d end up suing the NSA.
How do you feel about the popularity of the Pirate Party in Iceland? Are you considering strengthening ties with the Iceland (e.g. regional HQ, or data center, etc) and with the Icelandic government if/when this popularity translates into an electoral win for the Pirate party?
[Jimmy Wales] I can only speak in a personal capacity on this one.
I’m happy to see the popularity of the Pirate Party in Iceland and I hope that many jurisdictions elect governments with better understanding of the importance of Internet freedoms. But I also think that “Pirate Party” is a bad name that does a great deal of harm. I prefer dot-com’s “Internet party” as a name. This isn’t the time or place to argue about the name of the party, though, so I just throw that out there to be informative.
Finally, I think I can say that although the decision would be up to the staff, there are many competing considerations about where data centers and offices should be put, and the legal risks of different venues is one of the considerations that we should take into account. But there’s also more mundane stuff about cost, capacity, location (for offices), etc. So it’s hard to say.
What are your thoughts on Wikipedia pages regarding ‘sensitive’ content that has been purported to have been doctored by U.S. Gov’t departments, and to this day continues?
[Lila Tretikov] The policies of Wikipedia apply to everyone, including the US Government.
[Jimmy Wales] The community tends to be very vigilant about such things and there’s a great deal of transparency around who is doing what at Wikipedia.
Our policies on sourcing help a lot, too. You can’t really “doctor” Wikipedia in the way that most people think, because we require high quality third party sourcing.
Does having servers outside the United States solve the problem? Temporarily at least?
[Lila Tretikov] Government surveillance is pervasive in all the world. By remaining in the United States, we retain the protections and freedoms of the United States Constitution, including the freedom to challenge government actions that violate those protections. The fact that we can bring up this law suite is a testimony to that.
[Jimmy Wales] No, and I actually think it would make the problem much worse. Why? Because foreign communications are currently considered absolutely fair game. The NSA has plenty of budget to do their spying anywhere in the world.
Anything us Europeans can do?
[Lila Tretikov] Definitely. First, support your local digital rights groups. There are groups in many European countries. The European Digital Rights network (EDRi.org) is a good place to start. There are other groups challenging mass surveillance, too. Privacy International in the UK just successfully sued the UK government for sharing intelligence between the GCHQ and the NSA (https://www.privacyinternational.org/?q=node/485)
Second, help secure the internet. Use encryption. HTTPS Everywhere (https://www.eff.org/Https-Everywhere) is a great tool offered by the Electronic Frontier Foundation (EFF) that encrypts the sites you visit. We believe that all web traffic should move towards encryption. It’s a good way for everyone to do their part.
Third, share why privacy matters. You can talk about your personal experiences of why privacy matters to you, or ask your network about times they’ve needed privacy in their personal lives. Make it more real.
[Jimmy Wales] Awareness raising among US voters can be conducted from just about anywhere.
But also it would be good to see activism and lawsuits and so forth in many many countries. Here in the UK (where I live) GCHQ is trying to get even more powers to expand their surveillance.
There’s a lot to fight everywhere. 🙂
Why should I be worried about the data the NSA is collecting on me if I’m not doing anything that would harm the general public when I’m online or on the phone?
[Lila Tretikov] This is not about having something to hide. You wouldn’t want the government to come into your house just to check through your belonging, even if you had nothing to hide there either, or would you? It’s about protecting our rights. Moreover — would you care if what they found was shared with others without your knowledge?
[Jimmy Wales] You should worry about the potential whistleblower who decides it is unsafe to move forward due to the NSA spying on everyone, for example. The chilling effects on freedom of speech really do matter to each of us, even if we are not the ones doing the speaking.