The story of John Ashcroft and James Comey’s hospital-bed heroics has by now been told many times. On March 10, 2004, President Bush’s White House counsel, Alberto Gonzales, and chief of staff, Andrew Card, went to the intensive care unit of George Washington University Hospital to try to persuade the ill attorney general, Ashcroft, to sign off on continuing massive collection of Americans’ Internet “metadata,” a program started in October 2001. Comey, then the deputy attorney general, had refused to reauthorize the program; its most recent authorization was scheduled to expire the next day. Comey got to his boss first, and Ashcroft refused to sign. Though pushed hard by Gonzales and Card, and also by Vice President Dick Cheney and his counsel, David Addington, Comey and several of his Department of Justice (DOJ) colleagues stood their ground and declined to ratify this domestic metadata collection based on the President’s bare say-so.

Once leaked in 2006, this 2004 incident was the subject of much admiring press for the DOJ lawyers. It is part of what won Comey, a Republican, his current appointment by President Obama to head the FBI.

But what did this incident actually accomplish? The truth is that the dramatics were entirely out of scale to the actual, limited result, which was a pause—not a stop—to the challenged data collection. Four months after Ashcroft and Comey took their stand—and at their urging—the Foreign Intelligence Surveillance Act court reinterpreted FISA to allow the very same collection program. The authority under which the collection proceeded was new, and judges gained a supervisory role over the program, but as far as the impact on civil liberties, the change was little more than symbolic.

The mindset that underlay the 2004 showdown is something that I call “intelligence legalism.” In political theorist Judith Shklar’s classic work, legalism is defined as “the ethical attitude that holds moral conduct to be a matter of rule following” without paying enough attention to the content of the rules in question. Intelligence legalism brings that attitude into the realm of national security and surveillance. I see intelligence legalism’s three crucial and simultaneous features as: imposition of substantive rules given the status of law rather than mere policy; some limited court enforcement of those rules; and empowerment of lawyers. All three were in evidence in the 2004 drama.

Yet it is not a coincidence that that incident did not catalyze a civil liberties advance. In fact, intelligence legalism, though useful, gives systematically insufficient weight to individual liberty. Its dark side is that if the courts or the Congress have not clearly recognized a particular claim to civil liberties, that claim receives not just less attention, but no consideration at all. Our system, in other words, has made legal compliance a ceiling, not a floor, for the protection of individual liberty. The question “Is it lawful?” substitutes for “Is the cost or threat to individual liberty we are proposing worth the gain to security?” The intelligence community has learned to ask: “Can we?” What it needs to learn to ask is: “Should we?”

To strengthen civil liberties, more laws may be useful, but they are not enough. What we need as well are more—and more empowered—insiders who are attuned to civil liberties.

Disclosure, Legalism, and 9/11

Thanks to the flood of information leaked by Edward Snowden, and the disclosures the government has made in response, we have an opportunity, right now, to strengthen civil liberties against the intelligence state. We have seen a moment like this only once before, in the mid-1970s—after Watergate and the exposure of both the FBI’s COINTELPRO surveillance program and massive domestic surveillance by the CIA. The intelligence scandals of the 1970s arose out of programs remarkably similar to post-9/11 mass surveillance. Under Project Shamrock and Project Minaret, the National Security Agency (NSA) for decades collected the content of most international telegraph messages originating in the United States, and listened in on the phone calls of thousands of Americans on a secret government watch list. Under the CIA and FBI’s mail-opening program, millions of international letters were tracked and hundreds of thousands were steamed open and read. In public hearings in 1975, followed by volumes of comprehensive reports, the Pike Committee in the House and, especially, the Church Committee in the Senate documented and publicized abusive intelligence agency conduct beyond the reach of Congress and the law.

The Church Committee reports established that the intelligence community had since World War II operated outside any effective legal constraints. Consider, for example, the almost uncomprehending testimony of NSA Deputy Director Benson Buffham, facing questioning by Senator Walter Mondale, about the NSA’s warrantless surveillance of Americans’ phone calls:

Mondale: Were you concerned about its legality?
Buffham: Legality?
Mondale: Whether it was legal?
Buffham: In what sense? Whether that would have been a legal thing to do?
Mondale: Yes.
Buffham: That particular aspect didn’t enter into the discussion.

Reform took two basic approaches: disclosure—not to the public but within the executive branch and to Congress—and legalism. The most important legalistic text was FISA, enacted in 1978. FISA protects Americans’ liberty to some extent. As originally written, the act required individualized suspicion of each surveillance target, spelled out in voluminous legal papers and approved by a federal judge, to support electronic snooping on that target.

Even so, FISA authorized an enormous amount of surveillance of American non-targets—after all, most communications were bound to have non-targets on one side. And once surveillance has invaded an American citizen’s or resident’s privacy, FISA directs the intelligence community to “minimize the acquisition and retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons”—but only when such minimization is “consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information.” Thus, even in its initial version, FISA categorically gave security more weight than liberty.

And then came 9/11. In the aftermath of Al Qaeda’s attacks, the Bush Administration had little use for painstaking probable-cause files. Dick Cheney and his counsel, David Addington, wanted to know who was talking to whom and what they were saying—and they wanted to know fast, without involving either the judiciary or Congress. And so the President initiated three massive surveillance programs: Internet metadata collection, which beginning in 2001 tracked Americans’ email communications; telephone metadata collection, which did the same for Americans’ phone calls; and warrantless interception of international emails and phone calls from within the United States where one party was thought to be engaged in or preparing for international terrorism. It was the 1960s all over again.

But this time the White House’s initial enthusiasm for unilateral action ran into lawyers socialized into post-Church Committee intelligence legalism. Those Bush Administration lawyers were aghast—not at the idea of collecting network information on hundreds of millions of emails and phone calls of hundreds of millions of innocent Americans, but at doing so without proper legal authority. And so they tidied up. They first persuaded the FISA court to authorize the Internet metadata program, and then the telephone metadata program. The court went back and forth on whether FISA allowed the NSA’s ongoing massive foreign target content collection, too—but when the court eventually declined, the Administration persuaded Congress to amend FISA. By 2007, the FISA court and Congress had together, and mostly in secret, broadened FISA into a bulk surveillance statute. The NSA’s surveillance of Americans without individualized justification was no longer a go-it-alone presidential project. The FISA court’s analysis of the legality of the programs was classified; few members of Congress knew much about the programs, but in any event, their thoughts were, likewise, classified. For intelligence legalists, the necessary boxes were checked. Neither disclosure nor legalism, in other words, turned out to pose much of an obstacle to the “collect everything” ambitions of the post-9/11 security state.

Yet even when judges, acting in secret, aren’t prepared to hold a surveillance program illegal, and Congress, acting in secret, isn’t prepared to shut it down, that does not mean that bulk surveillance of Americans is a good idea. To decide what kind of surveillance we should all live under requires actual policy analysis: weighing the security gains against the liberty costs. Ideally, that weighing should occur in public. That’s where we are now.

Snowden and Intelligence Reform

Which brings us back to Edward Snowden. Since The Guardian broke the story of the NSA’s top-secret PRISM program in June 2013, dozens of reforms have been proposed for the NSA concerning the surveillance of Americans. The President appointed a blue-ribbon “Review Group on Intelligence and Communications Technologies” that offered him 46 recommendations. The independent Privacy and Civil Liberties Oversight Board, finally operational after years of Senate delays in confirming its members, issued its first two reports, with 22 recommendations between them. Advocacy organizations have weighed in, as have scholars, former government officials, journalists, and newspaper editorial boards. The President himself has responded by announcing a number of reforms and initiating a process to evaluate others. (In Congress, the so-called USA Freedom Act passed the House last May, but died in the Senate in November. Congressional proposals to end bulk collection of metadata and reform FISA courts will undoubtedly resurface.)

As they should, many reform proposals would change the rules that govern surveillance. For example, Congress should insist on tighter rules governing collection, and should require individual rather than group justifications for data acquisition, analysis, and use. Whatever steps are chosen can then be enforced by the courts, inspectors general, agency lawyers, and compliance staffs.

At the same time, there is an additional opportunity to strengthen individual liberty and privacy with interventions that are less legalistic. Several recent proposals attempt to build offices within the executive branch—with full access to highly classified information—that can advocate for civil liberties interests that are broader than those recognized by the courts or Congress:

What ties these initiatives together is that they all propose to police the intelligence community by amplifying civil liberties advocacy inside institutions hidden from the public eye. In most activities of government, outside scrutiny and accountability can promote good policy. In the secret world of the intelligence community, however, these methods are largely unavailable—there’s simply too much the public doesn’t, and can’t, know. Therefore, the proposals listed rely on the designation of in-house officials to prioritize privacy and civil liberties—values that otherwise lack advocates within the intelligence community’s governance structure.

Can such an approach actually work? Skeptics, who are many, say no. But I say maybe it can. Institutional design is important; civil liberties offices need deliberate and careful arrangements to safeguard their influence and commitment. The ideas here are no panacea, but they can play a useful role in filling the civil liberties gap that intelligence legalism creates. Here are ways to make them work.

NSA Office of Civil Liberties and Privacy

The NSA has a new Office of Civil Liberties and Privacy, which has the difficult assignment of decreasing the civil liberties impact of NSA operations. The new office’s procedures and role are still evolving. Its current staff allocation is just its director, Richards, and six others—probably too small for staff to be at every table where their perspective would be useful. Richards, who ran privacy compliance at the Department of Homeland Security (DHS), is respected by civil liberties advocates, but that hardly guarantees her success. This office faces twin dangers: impotence on the one hand, and capture or assimilation on the other.

Begin with impotence: Any internal governmental office whose mission is to constrain its agency (I have in my academic work given such shops the generic title “Offices of Goodness”) runs the risk of losing influence and being ignored, whether by being excluded from internal processes or by having its attempted contributions rebuffed.

There is already a large compliance staff at NSA, hundreds of people who are charged with ensuring the agency abides by the constraints imposed by statute and executive and court order. If the NSA’s civil liberties office is going to add anything distinctive, it will need to go beyond intelligence legalism. For example, the Supreme Court so far has not held that metadata surveillance violates the Constitution’s requirement that the government undertake only reasonable searches. Yet it is obvious that even if bulk metadata collection is legal, it still imposes major costs to Americans’ privacy. To advocate against bulk metadata surveillance because of those costs—arguing, perhaps, that the gain to security is too small to justify continuation of the program—instead of limiting the discussion to the letter of the law is to shift from a compliance framework to a policy framework, adding protection of interests on top of the existing respect for clearly established rights.

There are organizational risks involved in such a move. A compliance framework provides significant legitimation for the office’s activities. Intelligence legalism is powerful, and it dictates that government agencies must obey the rules. If the new office pushes for more liberty-protective policy, it will lack that legitimation. And so it will be especially vulnerable to being bureaucratically frozen out—disinvited to meetings, kept off distribution lists, or invited but ignored.

Moreover, many of the tools usually available to an Office of Goodness to augment its own influence will be unavailable because of the secrecy that surrounds NSA activities. In many circumstances, an Office of Goodness asked to publicly ratify specific agency choices can pressure agency leadership into making, or shading, particular choices in exchange for that ratification. But the NSA civil liberties office will often be unable to provide publicly visible ratification, because the programs in question are secret. That same secrecy hampers any attempt the office may make to cultivate external support from advocacy groups, or to shift public perception by releasing relevant documents. All this means that the NSA may be able to flout the new office’s views with little consequence.

And while the NSA civil liberties office can cultivate alternative allies (ones with security clearances) in Congress, the Office of the Director of National Intelligence (ODNI), the DOJ, and the White House, doing so will be a challenge. An NSA civil liberties office is unlikely to lean far enough in the pro-civil liberties direction to hold the support of the most vocal congressional critics of the NSA, and the most conservative members of the intelligence committees are not natural allies either. Meanwhile, within the executive branch, the most obvious potential sources of support will be from the chief civil liberties and privacy officials at ODNI and DOJ. Unfortunately, neither is able to carry much water: The ODNI Civil Liberties and Privacy Office has chosen to function more as a compliance office than a policy office, while at DOJ, the Office of Privacy and Civil Liberties lacks influence over foreign intelligence matters, which are allocated instead to the National Security Division, an office unlikely to be very sympathetic to policy arguments of the “Should we?” variety. White House civil liberties officials might be more promising partners, as I detail in the next section. But in total, an alliance-building strategy will probably provide only a little help to the NSA civil liberties and privacy staff as they try to build influence.

The office’s evolving institutional design should take account of these difficulties. Its mandate from the NSA’s director should include a stable set of situations in which it can gain access and opportunity to comment without needing sharper elbows than it is likely to have. One helpful, even vital, step would be to expand on the President’s Review Group’s recommendation that the government conduct Privacy and Civil Liberties Impact Assessments—policy papers that look at civil liberties risks and ways to mitigate them—for “big data and data-mining programs directed at communications.”

Other types of institutionalized access might also bolster the new civil liberties office’s influence. For example, perhaps the agency could be required to report every year to the new office how, precisely, each type of surveillance authority that touches American citizens and residents has contributed to the NSA’s foreign intelligence mission—intelligence requirements satisfied, leads generated, and so on. The office could use those reports to do an annual assessment of the costs and benefits of various programs for the NSA’s director. This could be shared with Congress and perhaps even in some limited form with the public. And certainly, one would want to ensure that the new office receives notice and an opportunity to comment on all changes that potentially affect privacy or civil liberties. Processes like these would legitimate the new office’s inquiries and its recommendation role, protecting it from accusations by NSA personnel of self-aggrandizement.

These all address the problem of impotence; but what about capture? The danger to all the access that NSA civil liberties staffers have is a special kind of capture—not, as the term usually indicates, by outsiders, but in this case by colleagues. The more involved in NSA decision-making the civil liberties office is, the more pressure it will get to go along, to ratify whatever program is being discussed.

What counters that pressure, if anything, is the new official’s commitment to her assigned values—to privacy and to civil liberties. Indeed, the NSA’s civil liberties office will be able to bolster individual liberty only if its leader and staff stay committed. Maintaining commitment means resisting both collegial and careerist pressures, born of normal desires to get along with colleagues and to earn their approbation.

Beyond civil liberties officials’ commitment to their mission, what is needed are multipronged efforts by those officials and staffers to maintain ties to a professional privacy and civil liberties community that can serve as a highly salient reference group. Such efforts can include a combination of hiring, networking, and fostering of career paths that value privacy and civil liberties expertise and commitment.

Again, the classified setting will make this more difficult than elsewhere. For example, bringing in new employees directly from advocacy groups is a common strategy for Offices of Goodness that seek to ensure staff commitment. But for the NSA civil liberties office, the top-secret clearance process can take many months, which puts pressure on hiring managers to hire already cleared federal employees, not external advocates. Even if civil liberties advocates get hired, they may well run into lengthy security-clearance delays. Office Director Rebecca Richards reports that five people she has so far brought on board are from within the NSA, to minimize hiring delays (as well as to help her get a better understanding of how the NSA works). She has so far hired just one privacy expert from outside the agency.

Even if staff were hired from a civil liberties organization, that affiliation is likely to fade—and the risk of eroding commitment to the civil liberties mission to rise—as time passes. To stave off that risk, an office’s head can connect its staff to current advocates by, for example, sending them to conferences or other public or private events. Doing so helps reinforce staff commitment to civil liberties simply by exposure and example. Moreover, outside events can have a disciplining function, penalizing capture with harsh questions or criticisms, both public and private. That said, the new civil liberties office’s staff will not be able to talk much about its work, which might limit the efficacy of this approach.

A more promising method for avoiding capture is to develop attractive career paths for civil liberties staffers. It will be far easier for the NSA civil liberties office staff to maintain their commitment to their mission if there are a sufficient number of national security jobs—both within the new office and outside—that require a demonstrated commitment to civil liberties. Perhaps that will happen; the Snowden disclosures, and the natural maturation of this new bureaucratic strategy of civil liberties offices, mean that numerous government institutions are gaining civil liberties staff. The independent Privacy and Civil Liberties Oversight Board has a tiny staff, for example, and may well grow. The White House has designated privacy and civil liberties staff. And there are already some such jobs scattered around the government, at ODNI, DOJ, and DHS, among others. Of course there are private opportunities, as well, at universities, advocacy organizations, and elsewhere. The success of the new NSA office and other offices like it may depend on whether this job network reaches critical mass—currently, national security civil liberties jobs within the government are extraordinarily scarce.

Civil Liberties and Privacy Officials in the White House

From 1999 to 2001, the Clinton Administration Office of Management and Budget (OMB) had a political appointee called the “Chief Counselor for Privacy.” Peter Swire, one of the members of President Obama’s Review Group, served in that position, and the Review Group proposed that it be recreated, with the fancier title of “Special Assistant to the President for Privacy” and the added authority that the appointee sit jointly in the OMB and the National Security Staff and chair a Chief Privacy Officer Council “to help coordinate privacy policy throughout the Executive branch.” The Review Group’s report explained:

There are several reasons for creating this position: First, the OMB-run clearance process is an efficient and effective way to ensure that privacy issues are considered by policymakers. Second, a political appointee is more likely to be effective than a civil servant. Third, identifying a single, publicly named official provides a focal point for outside experts, advocacy groups, industry, foreign governments, and others to inform the policy process. Fourth, this policy development role is distinct from that of ensuring compliance by the agencies.

Again, this is an Office of Goodness strategy seeking to foreground the contested values of privacy and civil liberties, this time in interagency processes. The President has agreed at least in part, directing designation of one or more senior “Privacy and Civil Liberties Policy Official[s]” on the National Security Staff, at the OMB, and at the Office of Science and Technology Policy. These officials were duly named in spring 2014.

The existence of White House civil liberties officials poses a risk: It would be nearly impossible, bureaucratically, for an agency’s civil liberties officer to sustain a position even a little bit to the left of such officials on any issue with a high enough profile to receive White House attention. So in a Ted Cruz Administration, all bets are off. But I think in a Democratic Administration, this risk is not too significant; White House officials are unlikely to be to an NSA officer’s right. After all, advocacy groups could complain vociferously if they deem the persons chosen unsuitable. In addition, White House officials are under less pressure to be collegial with agency staff, and also can meet more comfortably with outsiders. And finally, the fact that there are three such officials named might allow them to reinforce each others’ commitments, even in the face of pushback from the operational agencies. So the newly designated White House staffers may be able to maintain civil liberties values in the policy debate at the White House, countering the ever-present pressure to focus on the more limited realm of law, compliance, and rights.

If that succeeds, such staffers can serve as key allies to civil liberties officials within individual agencies, including the NSA. The point is to create a federal civil liberties bureaucracy that encourages its members to maintain their commitment to civil liberties, including by offering some career prospects for its members with backbone. Having several such people at the White House seems a useful piece of that strategy.

The President has not, so far, committed to leaving these officials in place. Their main assignment currently is overseeing the implementation of Presidential Policy Directive 28, a policy document stating that “all persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and that all persons have legitimate privacy interests in the handling of their personal information.” PPD-28 set a one-year deadline for the intelligence community agencies to issue policies implementing its new approach. The three White House civil liberties officials are marching the agencies towards that January 2015 deadline.

But the White House needs people like these, officially assigned a civil liberties role, permanently. Otherwise, as Morton Halperin, who served on the National Security Council staff from 1994 to 1996, explains, staffers with libertarian instincts are apt to get shut out of national security policy development. “The legitimacy of what you put forward is based on being able to say, well, that’s my role in the bureaucracy,” Halperin says; “even someone [on the NSC staff] with those instincts needs that mandate to participate.”

A Public Advocate in the FISA Court

Finally, it seems likely that in the near future, the FISA court will gain a new process for at least the occasional appearance of a public or special advocate. This proposal has been endorsed in its broadest terms by nearly everyone, including the President. There is, however, substantial disagreement about details—and the details matter.

The argument for such an advocate is straightforward: Even if the government exhibits exemplary candor as to facts, it cannot be relied upon to argue against its own authority. Because the issues are complex and important, full development of both sides is needed for good judicial decision-making. The arguments against a FISA court public advocate—which seem to me weak—are likewise easily summarized: There’s not enough for a special advocate to do, since most issues before the FISA court are not legally complex; adversarial process will be slower and more cumbersome without leading to better decision-making. Indeed, it might lead to worse decision-making, because the government might respond to the presence of a public advocate by writing less candid briefs.

The consensus for some form of public advocate does not encompass key details. The largest open question is about access. The House version of the USA Freedom Act allowed FISA court public advocates to be excluded from factual or even legal presentations by the government to FISA judges and their “legal advisers” (a sort of permanent senior law clerk position). The Senate version of the bill, by contrast, specified that public advocates would receive “access to all relevant legal precedent, and any application, certification, petition, motion, or such other materials as are relevant to the duties of the special advocate.” The Democrats were unable to break the Republican filibuster of the bill, but the issue will reappear next Congress, when the current telephony metadata authority expires. The Obama Administration, unfortunately, seems to be favoring limiting access: In a letter to Senator Patrick Leahy about the Senate bill, Attorney General Eric Holder and Director of National Intelligence James Clapper opined that “the appointment of an amicus in selected cases…need not interfere with…the process of ex parte [that is, one-party] consultation between the Court and the government.”

In fact, the FISA court and the public would be best served by a more empowered public advocate—one who is authorized to appear even without invitation from the government or the court, and, still more importantly, who is entitled to full access to information relevant to her duties. This would no doubt alter the current one-party procedures before the FISA court and potentially disrupt the cozy relationship between FISA court judges and the heads of the CIA, NSA, and FBI. But that would be all to the good. The salutary effect might be to reinforce the FISA judges’ role as arbiters of surveillance legality, not just referees ensuring compliance with court orders.

If designed properly, this variation of an Office of Goodness could be essentially free from the ordinary threats to that kind of organization’s influence and commitment. After all, we are all already used to the existence of government-paid court opponents from the criminal justice system. Unlike agencies, where staff must negotiate for a seat at decision-making tables, most courts have firm procedural norms requiring access for all parties. If Congress applies these norms to the FISA court, as it should, implementation will be very familiar. And there also seems far less reason to worry about capture in this setting than inside of agencies. If anything, the problem here might be too much single-minded commitment, a strict preference for civil liberties over security—but of course the court, which would remain the decider, is unlikely to become unduly single-minded.

Inside Job

In his opinion for the Supreme Court last term, holding that the Fourth Amendment forbids warrantless searches of cell phones absent exigent circumstances, Chief Justice John Roberts poked some mild fun at internal government processes as sufficient safeguards of constitutional rights. “[T]he Founders did not fight a revolution to gain the right to government agency protocols,” he wrote. Easy for the chief justice to say. If he thinks some additional protections for individual liberty would be useful, he can declare governmental action unreasonable, and therefore unconstitutional under the Fourth Amendment. For the rest of us, our views about policy are not so influential. In fact, in the secret world of the intelligence community, pro-civil liberties views have received all too little respect, unless transformed by a court or Congress into authoritative law.

In this post-Snowden moment, Congress can and should protect Americans’ privacy and civil liberties by clamping down on bulk surveillance, creating legal rules that can then be enforced by the courts and the intelligence community’s large compliance bureaucracy. But Congress and the President should not be limited by intelligence legalism. They should also follow the quite different strategy of amplifying voices inside the surveillance state who will give attention in internal deliberations and agency operations to civil liberties and privacy interests. If civil liberties and privacy officials inside the NSA, at the White House, and at the FISA court can walk the tightrope of maintaining both influence and commitment, they might well make a difference—both in debates we now know about and others that remain secret.

And they may help create documents useful for public oversight, too, flagging issues for congressional overseers and creating reports subject to public disclosure. Intelligence legalism has proven unequal to the task of opposing the “collect everything” mindset. We need to add civil libertarians inside the surveillance state to nurture its civil liberties ecology. If that ecology doesn’t improve, the next big leak, in five or ten or 20 years, may reveal invasions of Americans’ privacy that dwarf anything we’ve heard about so far.