All posts by Lawrence Christopher Skufca, J.D.

My name is Lawrence Christopher Skufca. I am a civil rights activist and community organizer in the Camden, New Jersey area. I hold a Juris Doctor from Rutgers School of Law; a B.A. in Political Science from Furman University; and an A.A. in the Social Sciences from Tri-County Technical College.

The Pros and Cons of Using Tor

Camden Civil Rights Project

Researched, compiled and edited by L. Christopher Skufca

With the numerous methods incorporated by malicious hackers, the NSA, the FBI and even local law enforcement agencies to access your private data, Tor is the best alternative for anonymously surfing the internet. Fundamentally, Tor is secure; however, Tor itself can’t guarantee your privacy and security. Additional security measures must be taken to protect your anonymity. The experts at Information Security Stack Exchange provide guidance on best practices for preserving your online anonymity while using Tor.

 What is Tor and How Does it Work?

Tor is free software for enabling anonymous online communication. Tor is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential communication, by keeping their Internet activities from being monitored. Tor protects anonymity by directing Internet traffic through a free, worldwide, volunteer network consisting of more than six thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. It is legally used by millions worldwide to circumvent censorship and to stay safe from online snooping.

What Is Tor and Should I Use It?

Tor is an acronym for The Onion Router, encryption technology which was  developed in the mid-1990s by United States Naval Research Laboratory for the purpose of protecting U.S. intelligence communications online. In 2004, the Naval Research Laboratory released the code for Tor under a free license, and in 2006 a Massachusetts-based 501(c)(3)  research-education nonprofit organization called The Tor Project was founded. Its stated purpose is the research and development of online privacy tools.

The routing method utilized by the Tor network disguises your identity by moving traffic across different Tor servers, and encrypting that traffic, making it difficult to trace communications back to the original source. In an onion network, like that used by Tor, electronic data, including the destination IP address, is encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is then transmitted through a series of network nodes called onion routers, each of which “peels” away a single layer, uncovering the data’s next destination. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit in order to pass the remaining encrypted data on to it. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address.

Anyone who tries to identify the user would see traffic coming from random nodes on the Tor network, rather than the source computer. Because the routing of the communication is partly concealed at every hop in the Tor circuit, this method eliminates any single point at which the communicating peers can be determined through network surveillance that relies upon knowing its source and destination.

To access the Tor network, you simply need to download the Tor browser. Everything you do in the browser goes through the Tor network and doesn’t need any setup or configuration from you. One drawback of using Tor is that users experience a much more sluggish internet experience since their data is being transferred through multiple relays.

What Tor Is Good For

Tor is most useful for concealing internet browsing habits. Used in conjunction with additional security measures Tor can also be useful in protecting the anonymity of your communications with a third party. Tor has been utilized by researchers, journalists, whistleblowers, attorneys and even law enforcement officers hoping to conceal their IP address from detection.

There are several legitimate purposes for wanting to protect your online anonymity. Much of the Tor Project’s funding comes from federal grants issued by agencies, such as the U.S. State Department, that claim a vested interest in supporting safe, anonymous speech for dissidents living under oppressive regimes. It is used by human rights workers, activists, journalists and whistleblowers worldwide. Tor is also a useful tool for legal practitioners seeking to protect privileged attorney client communications and has been used as an effective tool for protecting the anonymity of undercover law enforcement officers and police informants.

However, in the wrong hands, Tor has also been used for more nefarious purposes. Tor’s technology can be utilized to provide anonymity to websites and other servers configured to receive inbound connections which are only accessible by other Tor users. These are called hidden services. Rather than revealing a server’s IP address (and thus its network location), a hidden service is accessed through its onion address. The Tor network understands these addresses and can route data to and from hidden services, even those hosted behind firewalls or network address translators (NAT), while preserving the anonymity of both parties. These hidden service sites create an opening for criminal activity, such as happened with the Silk Road exchange site caught which was shut down for trafficking illicit drugs. Tor’s hosting capabilities have also served as platforms for  child pornography and illegal arms trading.

The Limitations of Tor

Anonymity is not the same as security. While it is difficult to hack the encryption of the Tor network, a network is only as secure as the technology used to access the network.

Exploiting Applications

In a 2012 child pornography sting, the FBI utilized a hacking tool created by Metasploit called a “Decloaking Engine” to infect the servers of three different hidden Tor sites, which would then target anyone who happened to access them. The network investigative technique (NIT) used a Flash application that would ping a user’s real IP address back to an FBI controlled server, rather than routing their traffic through the Tor network and protecting their identity.

Again, in June 2013, network security analyst, Professor Alan Woodward of University of Surrey,  highlighted the danger of using JavaScript and other add-in applications:

“Be aware, a browser’s JavaScript engine, plug-ins like Adobe Flash, external applications like Adobe Reader or even a video player could all potentially “leak” your real IP address to a website that tries to acquire it. The Tor browser bundle has JavaScript disabled by default and plug-ins can’t run. If you try to download and open a file on another application the browser will warn you.  However, anyone who has spent any time browsing the web knows that there is a great temptation to install add-ins or enable JavaScript in order to access content. Don’t succumb to the temptation if you are serious about remaining anonymous.”

Woodward’s warning proved to be timely; in August 2013, the FBI was able to exploit  a security flaw in the modified Firefox 17 browser included with the Tor Browser Bundle, a collection of programs designed to make it easy for people to install and use the software. Representatives of Tor responded to the breach with the following statement:

“From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the Web pages delivered to users. This exploit is used to load a malware payload to infect user’s computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR [extended support release], on which our Tor Browser is based. We’re investigating these bugs and will fix them if we can.”

The good news is that they went for a browser exploit, meaning there’s no indication they can break the Tor protocol or do traffic analysis on the Tor network. Infecting the laptop, phone, or desktop is still the easiest way to learn about the human behind the keyboard.

Tor still helps here: you can target individuals with browser exploits, but if you attack too many users, somebody’s going to notice. So even if the NSA aims to surveil everyone, everywhere, they have to be a lot more selective about which Tor users they spy on.

Two months later, in October 2013, The Guardian released an NSA presentation,  provided by  whistleblower Edward Snowden, revealing an NSA program targeting Tor users by exploiting the Tor browser bundle. The NSA attacks were designed to identify Tor users and the hidden sites they visited.

As The Guardian reported, this type of “man-on-the-side” style attack on Tor users cannot be pulled off by just anyone because it requires the assistance of internet service providers (ISP’s):

“(man-on-the-side attacks)  are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a “race condition” between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack…

According to a top-secret operational management procedures manual provided by Snowden, once a target is successfully exploited it is infected with one of several payloads. Two basic payloads mentioned in the manual, are designed to collect configuration and location information from the target computer so an analyst can determine how to further infect the computer.

These decisions are made in part by the technical sophistication of the target and the security software installed on the target computer; called Personal Security Products or PSP, in the manual.”

Motherboard points to a 2013 FBI sting which utilized this method:

The FBI’s big child porn bust this summer also raised some suspicion from privacy advocates over how easy it is for the Feds to infiltrate Tor. The FBI managed to crack the anonymous network by injecting malware into the browser, in order to identify what it called “the “largest child porn facilitator on the planet.” In the process, the malware revealed the IP addresses of hundreds of users.

On January 05, 2016, Motherboard reported that the FBI conducted a network attack which targeted over a thousand computers and was was able to deanonymize visitors to a Tor hidden site called Playpen, allegedly one of the largest sites hosting child pornography on the Darkweb. According to the article, “the FBI ran Playpen from its own servers in Newington, Virginia, from February 20 to March 4,” during which time, “the FBI deployed what is known as a network investigative technique (NIT), the agency’s term for a hacking tool.” According to the complaint filed by the FBI, “approximately 1300 true internet protocol (IP) addresses were identified during this time.”

Tor explicitly warns against installing or enabling browser plugins. The Tor Browser is configured to block browser plugins such as Flash, RealPlayer, and Quicktime, because they can be manipulated into revealing your IP address. Therefore, Tor does not recommend installing additional addons or plugins into their Browser, as these may harm your anonymity and privacy by bypassing network protocols.

End Node Decryption

Tor has a known weakness: The last node through which traffic passes in the network has to decrypt the communication before delivering it to its final destination. Someone operating that node can see the communication passing through this server.

In 2007, Swedish security researcher, Dan Egerstad was able to intercept passwords and email messages from government agencies by running Tor exit nodes. According to Egerstad, many who use Tor mistakenly believe it is an end-to-end encryption tool. As a result, they aren’t taking the precautions they need to take to protect their web activity. University of Surrey professor, Alan Woodward, cautions that Tor volunteers are anonymous and therefore, users “do not choose which exit node you use so you cannot guarantee who it is that is actually running that node.”  Woodward also remarked that Tor’s random routing between nodes makes it unlikely that anyone could target a specific individual in this way, unless they run a large proportion of the Tor nodes that are out there. Taking additional steps to encrypt data could also mitigate this risk.

Study on Traffic Correlation Attacks

In August 2013, Tor accounts increased by over 100%, leading many to suspect that Edward Snowden’s  June 2013 revelations of the vast NSA surveillance program had led more internet users to protect their privacy. However, the sudden uptick in Tor users may be better explained by a joint research project designed to identify the effectiveness of these type of end node relay attacks.

In November of 2013, the US Naval Research Laboratory and Georgetown University in Washington, D.C. issued a joint report entitled “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries.”  The report focuses on traffic correlation attacks against Tor users,  by network adversariessuch as such as corporations, intelligence and law enforcement agencies, or governments.  

A network adversary is a network operator with ample network resources to observe a large portion of the underlying network over which Tor traffic is transported through controlling one or more autonomous systems or internet exchange points. Within the Internet, an autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the Internet. An Internet exchange point (IXP) is a physical infrastructure through which Internet service providers (ISPs) and Content Delivery Networks (CDNs) exchange Internet traffic between their networks (autonomous systems or ASes).

In layman’s terms, the study found that the more entrance and exit nodes a network adversary is capable of controlling, either through Tor exit relays or the destination servers themselves, the greater the probability the targeted communications will pass through a resource controlled by the attacker, exposing a Tor user (and their communications) to identification.

According to the report, “A network adversary leverages their position as a carrier of network traffic to correlate Tor traffic streams that cross their network at some point between the client and guard and exit and destination pairs.” As the researchers remark, “Tor does not currently implement any protection against adversaries who operate ASes or IXPs.”

In traffic correlation attacks, an adversary has the bandwidth capacity to run voluminous relays in the Tor network in order to deanonymize  an individual user. The researchers report:

“Onion routing is vulnerable to an adversary who can monitor a user’s traffic as it enters and leaves the anonymity network; correlating that traffic using traffic analysis links the observed sender and receiver of the communication. Øverlier and Syverson first demonstrated the practicality of the attack in the context of discovering Tor Hidden Servers. Later work by Murdoch and Danezis show that traffic correlation attacks can be done quite efficiently against Tor.”

Since network adversaries can monitor entrance and exit traffic on any of the routers they control, the more points within their control, the greater their ability to expose a Tor users’ identity. Researchers found that, “sending many streams over Tor induces higher rates of circuit creation, increasing the number of chances the adversary has to compromise one. Alternatively, the specific destination addresses and ports that users connect to affect the probability a malicious exit is chosen because allowed exit policies differ from relay to relay.”

This is important because information travels through the encrypted layers of the Tor network through Internet Exchange Points (IXPs) or autonomous systems (ASes) that control multiple routers, such as ISPs. Since attackers can theoretically see exit or entrance traffic on any of the routers they control, logically, the more points of control, the faster and easier it is to expose a Tor users’ identity. As Meghan Neal at Motherboard points out, “Hypothetically, a state-sponsored cyberattacker could control all of the routers in the country.” Therefore, US intelligence agencies which have innumerable routers at their disposal would have a tremendous advantage in deanonymizing users and tracking their communications across the Tor network.

The Tor Project, itself, openly acknowledges:

“Just using Tor isn’t enough to keep you safe in all cases. Browser exploits, large-scale surveillance, and general user security are all challenging topics for the average internet user. These attacks make it clear that we, the broader internet community, need to keep working on better security for browsers and other internet-facing applications.”

Therefore, it is highly recommended that Tor users always take additional security precautions by using an anonymous proxy tool, such as a  virtual private network (VPN) and HTTPS encryption whenever possible as added layers of protection.

If you are not already using a VPN or HTTPS, you should be. If a site offers HTTPS, just go to instead of just plain old http. To help ensure private encryption to websites, the Tor Browser includes HTTPS Everywhere to force the use of HTTPS encryption with major websites that support it. However, you should still watch the browser URL bar to ensure that websites you provide sensitive information to display a blue or green URL bar button, include https:// in the URL, and display the proper expected name for the website.

Using Tor Could Increase the Possibility that You are Targeted

Edward Snowden revealed in October 2013, the online anonymity Tor network is a high-priority target for the National Security Agency. In support, The Guardian released “Tor Stinks,” an NSA presentation (vintage June 2012) outlining current and proposed strategies for exploiting the network. The work of attacking Tor is done by the NSA’s application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.” Therefore, someone like the NSA or FBI can tell if you’re a Tor user making them more likely to target you.

Furthermore, an NSA document obtained by the Guardian in June 2013, titled Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence, reveals that using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for US-based communications to be retained by the National Security Agency even when they’re inadvertently collected.

Of concern, the NSA Minimization Procedures provide no ascertainable guidelines for protecting against warrantless domestic surveillance. Section 5 clearly reveals domestic communications are being monitored en masse and allows for the collection and dissemination of information relating to “evidence of a crime” to law enforcement agencies, whether or not a warrant has been obtained or an individual is the target of a current investigation. The procedures make no distinction between suspected terrorist or non-terrorist activity, or violent and non-violent offenses.

In August 2013, Reuters reported that law enforcement officers have been instructed to mislead judges and prosecutors by recreating the investigative trail to effectively cover up where the information obtained through NSA surveillance originated. An internal Special Operations Division (SOD) document obtained by Reuters reads: “Remember that the utilization of SOD cannot be revealed or discussed in any investigative function.” The document specifically directs agents to omit the SOD’s involvement from investigative reports, affidavits, discussions with prosecutors and courtroom testimony. Agents are also instructed to use a deceptive technique known as parallel construction to misrepresent that the evidence provided by SOD was collected through “normal investigative techniques.”

Likewise, Section 4, which deals with attorney-client communications, provides scarce safeguards for protecting attorney client privilege. Section 4 specifies that an analyst must cease monitoring communications between a person “known to be indicted in the United States” and their legal representative. However, there is no such protection for suspects who have not yet been indicted and the instruction or for privileged communications in civil or commercial proceedings.

Finally, a 2014 report published by German security researchers revealed the NSA internet database program XKeyscore, contains a piece of source code with rules for automatically capturing information about people who used Tor and privacy-focused operating system Tails. One rule seems to “fingerprint” people who visit the Tor website, as well as people who search for information about Tails or visit places known to have information on it, including the Linux Journal, where anything in the “Linux” category of articles is flagged. Fingerprints are flags that allow NSA agents to identify and track users across the web.

Tor As a Tool for Journalists and Whistleblowers

In 2014, The Guardian launched a secure platform for whistleblowers to confidentially submit sensitive documents to the newspaper’s reporters. According to The Guardian:

The SecureDrop open-source whistleblowing platform provides a way for sources, who can choose to remain anonymous, to submit documents and data while avoiding virtually all of the most common forms of online tracking.

It makes use of well-known anonymising technology such as the Tor network and the Tails operating system, which was used by journalists working on the Snowden files.

The SecureDrop platform was initially developed by the US developer and open source activist, Aaron Swartz, who committed suicide in 2013 after facing criminal prosecution under the Computer Fraud and Abuse Act for downloading mass quantities of academic research articles. To Date, the SecureDrop directory includes such familiar media sources as The Guardian, The Intercept, The New Yorker, The Sun and the Washington Post.

Is Tor Simply a Honeypot Run by U.S. Intelligence and Law Enforcement?

There is a legitimate concern among privacy advocates that Tor may simply be a honeypot for identifying illicit activities due to its historical and financial ties with the U.S. intelligence and law enforcement communities. Onion routing was originally developed in the mid-1990s by United States Naval Research Laboratory for the purpose of protecting U.S. intelligence communications online. Yasha Levine of Panda points out:

“Tor’s original — and current — purpose is to cloak the online identity of government agents and informants while they are in the field: gathering intelligence, setting up sting operations, giving human intelligence assets a way to report back to their handlers — that kind of thing. This information is out there, but it’s not very well known, and it’s certainly not emphasized by those who promote it.”

In addition, Tor’s own website states, “A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently.” The site adds, “Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.”

Furthermore, Tor’s onion routing technology was originally funded by the Office of Naval Research and DARPA. Early development was spearheaded by Paul Syverson, Michael Reed and David Goldschlag — all military mathematicians and computer systems researchers working for the Naval Research Laboratory, located within the Anacostia-Bolling military base in Washington, D.C.

In 2004, the Naval Research Laboratory released the code for onion routing under a free license, and in 2006 a Massachusetts-based 501(c)(3)  research-education nonprofit organization called The Tor Project was founded. Since its inception, the vast majority of Tor Project funding has been provided by the Department of Defense and the US State Department:

  • In 2006, Tor was funded was through a no-bid federal contract awarded to Roger Dingledine’s consulting firm, Moria Labs;
  • In 2007, all of Tor’s funding came from the federal government via two grants.  $250,000 came from the International Broadcasting Bureau (IBB), a CIA spinoff that now operates under the Broadcasting Board of Governors,  and just under $100,000 came from Internews, an NGO aimed at funding and training dissidents and activists abroad. Tor’s subsequent tax filings show that grants from Internews were conduits for “pass through” grants from the US State Department;
  • In 2008, Tor received $527,000 from IBB and Internews, which represented 90% of its funding;
  • In 2009,  approximately 90% of Tor’s funding came from the State Department, through a $632,189 grant described in tax filings as a “Pass-Through from Internews Network International.” Another $270,000 came via the CIA-spinoff IBB. In addition, the Swedish government contributed $38,000, while Google provided another $29,000;
  • In 2010,  Tor received $913,000 from the State Department and $180,000 from IBB— representing 84% of Tor’s $1.3 million in total funds listed on tax filings.
  • In 2011, Tor received  $730,000  via Pentagon and State Department grants, $150,000 came from IBB and Swedish International Development Cooperation Agency (SIDA), Sweden’s version of USAID, gave Tor $279,000;
  • In 2012, Tor’s funding nearly doubled, as it recieved $876,099 from the DoD, $353,000 from the State Department, $387,800 from the IBB, $318,000 from SIDA and $150,000 from an RFA grant for Tor’s OONI Project.

The question is whether you can trust that a program which originated within the U.S. intelligence community, for use by US intelligence and law enforcement agencies and receives the majority of its funding from the Department of Defense and the State Department is sufficiently independent from these agencies to reasonable protect the privacy and anonymity of dissident journalists, activists and government whistle blowers.  Your level of trust is most likely commensurate with the severity of the penalty that exposure would bring about.

For those of you not involved in criminal activity, exposing high level corruption or seeking to disclose state secrets, the following recommendations submitted on an Answers forum for network analysts should suffice in protecting your privacy.


A Guide for Safe Tor Use

by Michael Hampton

As a very long time Tor user, the most surprising part of the NSA documents for me was how little progress they have made against Tor. Despite its known weaknesses, it’s still the best thing we have, provided it’s used properly and you make no mistakes.

Since you want security of “the greatest degree technically feasible”, I’m going to assume that your threat is a well-funded government with significant visibility or control of the Internet, as it is for many Tor users (despite the warnings that Tor is not sufficient to protect you from such an actor.

Consider whether you truly need this level of protection. If having your activity discovered does not put your life or liberty at risk, then you probably do not need to go to all of this trouble. But if it does, then you absolutely must be vigilant if you wish to remain alive and free.

I won’t repeat Tor Project’s own warnings here, but I will note that they are only a beginning, and are not adequate to protect you from such threats.

Your Computer

To date, the NSA‘s and FBI’s primary attacks on Tor users have been MITM attacks (NSA) and hidden service web server compromises (FBI) which either sent tracking data to the Tor user’s computer, compromised it, or both. Thus you need a reasonably secure system from which you can use Tor and reduce your risk of being tracked or compromised.

  1. Don’t use Windows. Just don’t. This also means don’t use the Tor Browser Bundle on Windows. Vulnerabilities in the software in TBB figure prominently in both the NSA slides and FBI’s recent takedown of Freedom Hosting.
  2. If you can’t construct your own workstation capable of running Linux and carefully configured to run the latest available versions of Tor, a proxy such as Privoxy, and a web browser (with all outgoing clearnet access firewalled), consider using Tails or Whonix instead, where most of this work is done for you. It’s absolutely critical that outgoing access be firewalled so that third party applications cannot accidentally leak data about your location.
  3. If you are using persistent storage of any kind, ensure that it is encrypted. Current versions of LUKS are reasonably safe, and major Linux distributions will offer to set it up for you during their installation. TrueCrypt might be safe, though it’s not nearly as well integrated into the OS. BitLocker might be safe as well, though you still shouldn’t be running Windows. Even if you are in a country where rubber hosing is legal, such as the UK, encrypting your data protects you from a variety of other threats.
  4. Remember that your computer must be kept up to date. Whether you use Tails or build your own workstation from scratch or with Whonix, update frequently to ensure you are protected from the latest security vulnerabilities. Ideally you should update each time you begin a session, or at least daily. Tails will notify you at startup if an update is available.
  5. Be very reluctant to compromise on JavaScript, Flash and Java. Disable them all by default. If a site requires any of these, visit somewhere else. Enable scripting only as a last resort, only temporarily, and only to the minimum extent necessary to gain functionality of a web site that you have no alternative for.
  6. Viciously drop cookies and local data that sites send you. Neither TBB nor Tails do this well enough for my tastes; consider using an addon such asSelf-Destructing Cookies to keep your cookies to a minimum. Of zero.
  7. Your workstation must be a laptop; it must be portable enough to be carried with you and quickly disposed of or destroyed.
  8. Don’t use Google to search the internet. A good alternative is Startpage; this is the default search engine for TBB, Tails, and Whonix. Plus it won’t call you malicious or ask you to fill out CAPTCHAs.

Your Environment

Tor contains weaknesses which can only be mitigated through actions in the physical world. An attacker who can view both your local Internet connection, and the connection of the site you are visiting, can use statistical analysis to correlate them.

  1. Never use Tor from home, or near home. Never work on anything sensitive enough to require Tor from home, even if you remain offline. Computers have a funny habit of liking to be connected. This also applies to anywhere you are staying temporarily, such as a hotel. Never performing these activities at home helps to ensure that they cannot be tied to those locations. (Note that this applies to people facing advanced persistent threats. Running Tor from home is reasonable and useful for others, especially people who aren’t doing anything themselves but wish to help by running an exit node, relay, or bridge.
  2. Limit the amount of time you spend using Tor at any single location. While these correlation attacks do take some time, they can in theory be completed in as little as a day. And while the jackboots are very unlikely to show up the same day you fire up Tor at Starbucks, they might show up the next day. I recommend for the truly concerned to never use Tor more than 24 hours at any single physical location; after that, consider it burned and go elsewhere. This will help you even if the jackboots show up six months later; it’s much easier to remember a regular customer than someone who showed up one day and never came back. This does mean you will have to travel farther afield, especially if you don’t live in a large city, but it will help to preserve your ability to travel freely.
  3. When you go out to perform these activities, leave your cell phone turned on and at home.

Your Mindset

Many Tor users get caught because they made a mistake, such as posting their real email address in association with their activities. You must avoid this as much as possible, and the only way to do so is with careful mental discipline.

  1. Think of your Tor activity as pseudonymous, and create in your mind a virtual identity to correspond with the activity. This virtual person does not know you and will never meet you, and wouldn’t even like you if he knew you. He must be kept strictly mentally separated.
  2. If you must use public internet services, create completely new accounts for this pseudonym. Never mix them; for instance do not browse Facebook with your real email address after having used Twitter with your pseudonym’s email on the same computer. Wait until you get home.
  3. By the same token, never perform actions related to your pseudonymous activity via the clearnet, unless you have no other choice (e.g. to sign up for a provider who blocks Tor), and take extra precautions regarding your location when doing so.
  4. If you need to make and receive phone calls, purchase an anonymous prepaid phone for the purpose. This is difficult in some countries, but it can be done if you are creative enough. Pay cash; never use a debit or credit card to buy the phone or top-ups. Never insert its battery or turn it on if you are within 10 miles (16 km) of your home, nor use a phone from which the battery cannot be removed. Never place a SIM card previously used in one phone into another phone. Never give its number or even admit its existence to anyone who knows you by your real identity. This may need to include your family members.

Hidden Services

These are big in the news lately, with the recent takedown of at least two high-profile hidden services, Silk Road and Freedom Hosting. The bad news is, hidden services are much weaker than they could or should be. The good news is, the NSA doesn’t seem to have done much with them (though the NSA slides mention a GCHQ program named ONIONBREATH which focuses on hidden services, nothing else is yet known about it).

In addition, since hidden services must often run under someone else’s physical control, they are vulnerable to being compromised via that other party. Thus it’s even more important to protect the anonymity of the service, as once it is compromised in this manner, it’s pretty much game over.

The advice given above is sufficient if you are merely visiting a hidden service. If you need to run a hidden service, do all of the above, and in addition do the following. Note that these tasks require an experienced system administrator; performing them without the relevant experience will be difficult or impossible.

  1. Do not run a hidden service in a virtual machine unless you also control the physical host. Designs in which Tor and a service run in firewalled virtual machines on a firewalled physical host are OK, provided it is the physical host which you are in control of, and you are not merely leasing cloud space.
  2. A better design for a Tor hidden service consists of two physical hosts, leased from two different providers though they may be in the same data center. On the first physical host, a single virtual machine runs with Tor. Both the host and VM are firewalled to prevent outgoing traffic other than Tor traffic and traffic to the second physical host. The second physical host will then contain a VM with the actual hidden service. Again, these will be firewalled in both directions. The connection between them should be secured with IPSec, OpenVPN, etc. If it is suspected that the host running Tor may be compromised, the service on the second server may be immediately moved (by copying the virtual machine image) and both servers decommissioned. Both of these designs can be implemented fairly easily with Whonix.
  3. Hosts leased from third parties are convenient but especially vulnerable to attacks where the service provider takes a copy of the hard drives. If the server is virtual, or it is physical but uses RAID storage, this can be done without taking the server offline. Again, do not lease cloud space, and carefully monitor the hardware of the physical host. If the RAID array shows as degraded, or if the server is inexplicably down for more than a few moments, the server should be considered compromised, since there is no way to distinguish between a simple hardware failure and a compromise of this nature.
  4. Ensure that your hosting provider offers 24×7 access to a remote console (in the hosting industry this is often called a KVM though it’s usually implemented via IPMI which can also install the operating system. Use temporary passwords/passphrases during the installation, and change them all after you have Tor up and running (see below). The remote console also allows you to run a fully encrypted physical host, reducing the risk of data loss through physical compromise; however, in this case the passphrase must be changed every time the system is booted (even this does not mitigate all possible attacks, but it does buy you time).
  5. Your initial setup of the hosts which will run the service must be over clearnet, albeit via ssh; however, to reiterate, they must not be done from home or from a location you have ever visited before. As we have seen, it is not sufficient to simply use a VPN. This may cause you issues with actually signing up for the service due to fraud protection that such providers may use. How to deal with this is outside the scope of this answer, though.
  6. Once you have Tor up and running, never connect to any of the servers or virtual machines via clearnet again. Configure hidden services which connect via ssh to each host and each of the virtual machines, and always use them. If you must connect via clearnet to resolve a problem, again, do so from a location you will never visit again.
  7. Hidden services must be moved regularly, even if compromise is not suspected. A 2013 paper described an attack which can locate a hidden service in just a few months for around $10,000 in cloud compute charges, which is well within the budget of even some individuals. It is safer, though not at all convenient, to move the hidden service at least monthly. Ideally it should be moved as frequently as possible, though this quickly veers into the impractical. Note that it will take approximately an hour for the Tor network to recognize the new location of a moved hidden service.


Anonymity is hard. Technology alone, no matter how good it is, will never be enough. It requires a clear mind and careful attention to detail, as well as real-world actions to mitigate weaknesses that cannot be addressed through technology alone. As has been so frequently mentioned, the attackers can be bumbling fools who only have sheer luck to rely on, but you only have to make one mistake to be ruined. We call them “advanced persistent threats” because, in part, they are persistent. They won’t give up, and you must not.



The Hunted and the Hated: An Inside Look at the NYPD’s Stop-and-Frisk Policy

An exclusive audio recording obtained by The Nation of a stop-and-frisk carried out by the New York City Police Department reveals the humiliation and degradation caused by broken windows policing strategies which are being implemented in urban areas throughout America.

The day after The Nation published this video, it sparked a heated debate during a meeting of the City Council’s public safety committee. Since then, the New York Police Department’s stop, question and frisk tactic gained national notoriety and became a major factor in the city’s 2013 mayoral race. Footage and audio from this video were incorporated into a PSA video by the artist Yasiin Bey, and, perhaps most significantly, and the video was mentioned in the August 2013 decision of the landmark federal case Floyd v. City of New York, which found stop and frisk to be unconstitutional and racially discriminatory.

On June 3, 2011, three plainclothes New York City Police officers stopped a Harlem teenager named Alvin and two of the officers questioned and frisked him while the third remained in their unmarked car. Alvin secretly captured the interaction on his cell phone, and the resulting audio is one of the only known recordings of stop-and-frisk in action.

In the course of the two-minute recording, the officers give no legally valid reason for the stop, use racially charged language and threatened Alvin with violence. Early in the stop, one of the officers asks, “You want me to smack you?” When Alvin asks why he is being threatened with arrest, the other officer responds, “For being a fucking mutt.”

Later in the stop, while holding Alvin’s arm behind his back, the first officer says, “Dude, I’m gonna break your fuckin’ arm, then I’m gonna punch you in the fuckin’ face.”

“He grabbed me by my bookbag and he started pushing me down. So I’m going backwards like down the hill and he just kept pushing me, pushing me, it looked like he we was going to hit me,” Alvin recounts. “I felt like they was trying to make me resist or fight back.”

Alvin’s treatment at the hands of the officers may be disturbing but it is not uncommon. According to their own stop-and-frisk data, the NYPD stops more than 1,800 New Yorkers a day. A New York Times analysis recently determined that more than 20 percent of those stops involve the use of force. And these are only the numbers that the Department records.  Anecdotal evidence suggests both figures are much higher.

In this video, exclusive to, Alvin describes his experience of the stop, and working NYPD officers come forward to explain the damage stop-and-frisk has done to their profession and their relationship to the communities they serve. The emphasis on racking up stops has also hindered what many officers consider to be the real work they should be doing on the streets. The video sheds unprecedented light on a practice, cheered on by Mayor Michael Bloomberg and Police Commissioner Ray Kelly, that has put the city’s young people of color in the department’s crosshairs.

Those who haven’t experienced the policy first-hand “have likened Stops to being stuck in an elevator, or in traffic,” says Darius Charney, senior staff attorney at the Center for Constitutional Rights. “This is not merely an inconvenience, as the Department likes to describe it. This is men with guns surrounding you in the street late at night when you’re by yourself. You ask why and they curse you out and rough you up.”

“The tape brings to light what so many New Yorkers have experienced in the shadows at the hands of the NYPD,” says Ben Jealous, President of the NAACP. “It is time for Mayor Bloomberg to come to grips with the scale of the damage his policies have inflicted on our children and their families. No child should have to grow up fearing both the cops and the robbers.”

“This audio confirms what we’ve been hearing from communities of color, again and again,” says Donna Lieberman, executive director of the NYCLU. “They are repeatedly subjected to abusive and disrespectful treatment at the hands of the NYPD. This explains why so many young people don’t trust the police and won’t help the police,” she adds. “It’s not good for law enforcement and not good for the individuals who face this harassment.”

The audio also betrays the seeming arbitrariness of stops and the failure of some police officers to fully comprehend or be able to articulate a clear motivation for carrying out a practice they’re asked to repeat on a regular basis.

And, according to Charney, the only thing the police officers do with clarity during this stop is announce its unconstitutionality.

“We’ve long been claiming that, under this department’s administration, if you’re a young black or Latino kid, walking the street at night you’re automatically a suspicious person,” says Charney, who is leading a class-action lawsuit challenging the NYPD’s stop-and-frisk practices. “The police deny those claims, when asked. ‘No, that’s not the reason we’re stopping them.’ But they’re actually admitting it here [on the audio recording]. The only reason they give is: ‘You were looking back at us…’ That does not rise to the level of reasonable suspicion, and there’s a clear racial animus when they call him a ‘mutt.’”

The audio was recently played at a meeting of The Morris Justice Project, a group of Bronx residents who have organized around the issue of stop-and-frisk and have been compiling data on people’s interactions with police. Jackie Robinson, mother of two boys, expected not to be surprised when told about the contents of the recording. “It’s stuff we’ve all heard before,” she said at the gathering. Yet Robinson visibly shuddered at one of the audio’s most violent passages. She had heard plenty about these encounters, but had never actually listened to one in action.

“As a mother, it bothers you,” says Robinson. “The police are the ones we’re supposed to turn to when something bad happens. Of all the things I have to worry about when my kids walk out the door, I don’t want to have to worry about them being harmed by the police. It makes you feel like you can’t protect your children. Something has to be done.”

Officers who carry out such belligerent stops face little accountability under the NYPD’s current structure. The department is one of New York City’s last agencies to operate without independent oversight, leaving officers with no safe place to file complaints about police practice and systemic problems.

“An independent inspector general would be in a position to review NYPD policies and practices—like the recorded stop-and-frisk shown here—to see whether the police are violating New Yorkers’ rights and whether the program is in fact yielding benefits,” says the Brennan Center’s Faiza Patel. “An inspector general would not hinder the NYPD’s ability to fight crime, but would help build a stronger, more effective force.”

NYPD spokespeople have said that stop-and-frisk is necessary to keep crime down and guns off the street. But those assertions are increasingly being contradicted by the department’s own officers, who are beginning to speak out about a pervasive culture of number-chasing.

Two officers from two different precincts in two separate boroughs spoke toThe Nation about the same types of pressures put on officers to meet numerical goals or face disciplinary action and retaliation. Most chillingly, both officers use the word “hunt” when describing the relentless quest for summonses, stops and arrests.

“The civilian population, they’re being hunted by us,” says an officer with more than ten years on the job. “Instead of being protected by us, they’re being hunted and we’re being hated.”

The focus on numbers, and the rewards for those who meet quotas has created an atmosphere, another veteran officer says, in which cops compete to see who can get the highest numbers, and it can lead to the kind of arbitrary stop that quickly became violent in this recording.

“It’s really bad,” says the officer after listening to the audio recording. “It’s not a good thing at all. But it’s really common, I’m sorry to say. It doesn’t have to be like that.”

Lieberman from the NYCLU agrees: “It’s time for the Mayor and the Police Commissioner to stop trying to scare New Yorkers into accepting this kind of abuse, and to recognize that there is a problem.”

Additional reporting by Erin Schneider. To see this and other related media, go to: or e-mail stopandfriskmedia at gmail dot com


The Target: Stop-and-Frisk’s Damaging Toll on Families and Communities

On August 12, a federal judge ruled the New York Police Department’s policy of “stop, question and frisk” unconstitutional and racially discriminatory. In her decision in the case of Floyd v. City of New York, Judge Shira A. Scheindlin validated many of the complaints coming from civil rights organizations, grassroots groups and politicians who have rallied against the policy and its destructive effects on low-income communities of color.

But more than a year before opening arguments began in the Floyd lawsuit, New York City Council members and community advocates were discussing their own policy ideas to address years of corruption in the department.

The result was two pieces of legislation, collectively known as the Community Safety Act, that the City Council began debating last year seeking to curb a range of abuses and address other NYPD policy problems before they escalate to the point of federal intervention.

The first piece would establish an independent inspector general to investigate and review police policy and practice and make non-binding recommendations to the mayor and police commissioner. The second would expand the categories of individuals protected from profiling and make enforceable an anti-profiling law that is already on the books.

Though the federal monitor imposed by Judge Scheindlin’s decision will seek to fix how the NYPD currently employs stop-and-frisk, it is these bills, councilmembers believe, that could have more impact on the long-term health of the department, and make it more accountable to the public.

The City Council voted on the two bills in June. And despite receiving the full endorsement of only one of the top New York City mayoral candidates (Bill de Blasio), and being denounced by Mayor Michael Bloomberg as “dangerous and irresponsible,” the council passed the bills by wide margins.

Their passage into law, however, is by no means assured. Mayor Bloomberg vetoed the legislation in July. And he, along with the city’s largest police union, the Patrolmen’s Benevolent Association, has announced his determination to sway the outcome of a veto override vote scheduled in the City Council this Thursday.

“This is a fight to defend your life and your kids’ lives. You can rest assured that I will not give up for one minute,” Bloomberg said at a June press conference.

Though the margin of the council’s June vote on the bills was wide enough to beat a veto, they could go down to defeat if the anti-profiling bill loses just one vote, or if the inspector-general bill loses eight. But if the current majorities hold, the bills will be signed into law, and it would be the second rebuke in as many weeks of the policing tactics of an administration that prides itself on its crime-fighting prowess.

Despite the life-and-death rhetoric from the mayor, it is these personal stakes that the bills’ backers see as the main reason for the mayor’s increasingly acerbic public comments and outright misinformation on the subject in recent weeks.

“He’s afraid of someone saying ‘not everything you did in policing worked,’” says Councilmember Jumaane Williams, a co-sponsor of the legislation. “A real leader can say, ‘Look, we tried a couple things. They didn’t all work out. And the ones that didn’t work out we tried to fix and work with the community on how to fix it.’ But he just didn’t do that, which caused us to be where we are now.”

Indeed, at a post-verdict press conference last week, the mayor became angry and agitated when asked about the pending legislation. The mayor’s message is clear: any extra departmental oversight will prohibit officers from doing their jobs and innocent civilians and officers will die.

“It’s disappointing the amount of fear-mongering that I’ve seen among the mayor and [Police Commissioner Ray Kelly],” says Williams. “ ’The sky is going to fall. Everything bad is going to happen.’ What they’re saying is that we have to profile in order to continue to do police work, and that’s just not acceptable. Otherwise, why are you worried about a profiling bill that just says you can’t profile?”

Though the anti-profiling bill is most vulnerable to the veto, it’s the one seen as most important by many lawyers because of the allowance that civilians can bring claims of profiling before a state court, and a judge can order binding remedies. It is also the one being most misrepresented by opponents.

A PBA delegate reached by The Nation, who spoke on the condition of anonymity because he was not authorized to speak on behalf of the union, said that though he is against profiling, he’s also against the anti-profiling bill because he believes it would penalize individual officers.

Yet according to the bill’s language, officers will not be liable for monetary damages or subject to punishment by the judge.

For his part, Mayor Bloomberg has erroneously stated that the bill would bar officers from using descriptions of age or race when identifying a suspect.

“His staff had to tell him to stop saying that, because it isn’t true,” says Councilmember Brad Lander, a co-sponsor of the legislation. “It’s one thing for the New York Post, or the PBA to be saying this, but the mayor?”

The profiling bill is also one that gives hope to people who’ve been stopped and frisked wrongfully and regularly, like Keeshan Harley, an 18-year-old from Brooklyn who says he’s been stopped by the NYPD nearly 150 times.

“If they stop me without proper cause or without fair reasoning, if it’s just because I’m a young black male in Brooklyn, that’s the reason they stop me, then I have the right to bring them to court,” says the teen.

The fact that the mayor and the commissioner are not even open to a dialogue on the subject or attentive to citizens like Harley has frustrated Lander, who says the two have shown contempt for the City Council for merely doing its job of representing constituents’ concerns.

“And not only has the mayor been dismissive of the council, he’s shown a disregard for common sense,” exemplified, Lander said, when he madecomments on a recent radio talk show that whites (not blacks and Latinos) are the ones who are stopped too much.

Mayor Bloomberg also recently argued that the addition of an inspector general would result in too many layers of oversight. But according to Lander, “Inspectors general are present in every other major police department around the country and every federal law enforcement and intelligence agency. There is no example of an officer being confused about whose orders to follow.” The monitor will be focusing narrowly on stop-and-frisk, Lander said, while the inspector general would be “looking at the full array of programs and policies on the NYPD, including Muslim surveillance, quotas, statistics fixing, etc.”

“The history of law enforcement shows that a longer term legal framework for strong oversight and civil rights protection are what’s needed for effective and constitutional policing,” and that’s what these bills are intended to achieve, he says.

The big vote that will determine many upcoming issues revolving around the NYPD will come next month during the primaries for the next mayor—he or she will choose the next police commissioner, and decide whether to pursue Mayor Bloomberg’s appeal of the federal court’s decision in the Floyd case. And positions on public safety appear to be a priority for prospective voters, as the candidate who has distanced himself most from Mayor Bloomberg’s policies is now a serious contender to be the mayor’s successor: Public Advocate Bill de Blasio.

But in the meantime, this Thursday’s City Council vote on whether to override Bloomberg’s veto of the Community Safety Act bills is the one to watch, because the new mayor, whoever they may be, would be bound by this new legislation.


DNA Evidence Can Be Fabricated, Scientists Show


AUG. 17, 2009

Scientists in Israel have demonstrated that it is possible to fabricate DNA evidence, undermining the credibility of what has been considered the gold standard of proof in criminal cases.

The scientists fabricated blood and saliva samples containing DNA from a person other than the donor of the blood and saliva. They also showed that if they had access to a DNA profile in a database, they could construct a sample of DNA to match that profile without obtaining any tissue from that person.

“You can just engineer a crime scene,” said Dan Frumkin, lead author of the paper, which has been published online by the journal Forensic Science International: Genetics. “Any biology undergraduate could perform this.”

Dr. Frumkin is a founder of Nucleix, a company based in Tel Aviv that has developed a test to distinguish real DNA samples from fake ones that it hopes to sell to forensics laboratories.

The planting of fabricated DNA evidence at a crime scene is only one implication of the findings. A potential invasion of personal privacy is another.

Using some of the same techniques, it may be possible to scavenge anyone’s DNA from a discarded drinking cup or cigarette butt and turn it into a saliva sample that could be submitted to a genetic testing company that measures ancestry or the risk of getting various diseases. Celebrities might have to fear “genetic paparazzi,” said Gail H. Javitt of the Genetics and Public Policy Center at Johns Hopkins University.

Tania Simoncelli, science adviser to the American Civil Liberties Union, said the findings were worrisome.

“DNA is a lot easier to plant at a crime scene than fingerprints,” she said. “We’re creating a criminal justice system that is increasingly relying on this technology.”

John M. Butler, leader of the human identity testing project at the National Institute of Standards and Technology, said he was “impressed at how well they were able to fabricate the fake DNA profiles.” However, he added, “I think your average criminal wouldn’t be able to do something like that.”

The scientists fabricated DNA samples two ways. One required a real, if tiny, DNA sample, perhaps from a strand of hair or drinking cup. They amplified the tiny sample into a large quantity of DNA using a standard technique called whole genome amplification.

Of course, a drinking cup or piece of hair might itself be left at a crime scene to frame someone, but blood or saliva may be more believable.

The authors of the paper took blood from a woman and centrifuged it to remove the white cells, which contain DNA. To the remaining red cells they added DNA that had been amplified from a man’s hair.

Since red cells do not contain DNA, all of the genetic material in the blood sample was from the man. The authors sent it to a leading American forensics laboratory, which analyzed it as if it were a normal sample of a man’s blood.

The other technique relied on DNA profiles, stored in law enforcement databases as a series of numbers and letters corresponding to variations at 13 spots in a person’s genome.

From a pooled sample of many people’s DNA, the scientists cloned tiny DNA snippets representing the common variants at each spot, creating a library of such snippets. To prepare a DNA sample matching any profile, they just mixed the proper snippets together. They said that a library of 425 different DNA snippets would be enough to cover every conceivable profile.

Nucleix’s test to tell if a sample has been fabricated relies on the fact that amplified DNA — which would be used in either deception — is not methylated, meaning it lacks certain molecules that are attached to the DNA at specific points, usually to inactivate genes.

A version of this article appears in print on , on page D3 of the National edition with the headline: Scientists Show That It’s Possible to Create Fake DNA Evidence.

How (and why) to set up a VPN today

Marissa Mayer made Yahoo’s VPN famous by using it to check on the work habits of her employees. Lost amid today’s VPN conversation, however, is the fact that virtual private networks are much more than just pipelines for connecting remote employees to central work servers.

And that’s a damn shame, because VPNs can be helpful tools for protecting online privacy, and you need not be an office drone to enjoy their benefits.

A VPN, as its name suggests, is just a virtual version of a secure, physical network—a web of computers linked together to share files and other resources. But VPNs connect to the outside world over the Internet, and they can serve to secure general Internet traffic in addition to corporate assets. In fact, the lion’s share of modern VPNs are encrypted, so computers, devices, and other networks that connect to them do so via encrypted tunnels.

Why you want a VPN

You have at least four great reasons to start using a VPN. First, you can use it to connect securely to a remote network via the Internet. Most companies maintain VPNs so that employees can access files, applications, printers, and other resources on the office network without compromising security, but you can also set up your own VPN to safely access your secure home network while you’re on the road.

Second, VPNs are particularly useful for connecting multiple networks together securely. For this reason, most businesses big and small rely on a VPN to share servers and other networked resources among multiple offices or stores across the globe. Even if you don’t have a chain of offices to worry about, you can use the same trick to connect multiple home networks or other networks for personal use.

This diagram illustrates the difference between using an unencrypted connection and using a VPN-secured Internet connection at your average coffee shop.

Third, if you’re concerned about your online privacy, connecting to an encrypted VPN while you’re on a public or untrusted network—such as a Wi-Fi hotspot in a hotel or coffee shop—is a smart, simple security practice. Because the VPN encrypts your Internet traffic, it helps to stymie other people who may be trying to snoop on your browsing via Wi-Fi to capture your passwords.

Fourth and finally, one of the best reasons to use a VPN is to circumvent regional restrictions—known as geoblocking—on certain websites. Journalists and political dissidents use VPNs to get around state-sponsored censorship all the time, but you can also use a VPN for recreational purposes, such as connecting to a British VPN to watch the BBC iPlayer outside the UK. Because your Internet traffic routes through the VPN, it looks as if you’re just another British visitor.

Pick your protocol

When choosing a networking protocol for your VPN, you need worry only about the four most popular ones. Here’s a quick rundown, including the strengths and weaknesses of each.

Point-to-Point Tunneling Protocol (PPTP) is the least secure VPN method, but it’s a great starting point for your first VPN because almost every operating system supports it, including Windows, Mac OS, and even mobile OSs.

Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPsec) are more secure than PPTP and are almost as widely supported, but they are also more complicated to set up and are susceptible to the same connection issues as PPTP is.

Secure Sockets Layer (SSL) VPN systems provide the same level of security that you trust when you log on to banking sites and other sensitive domains. Most SSL VPNs are referred to as “clientless,” since you don’t need to be running a dedicated VPN client to connect to one of them. They’re my favorite kind of VPN because the connection happens via a Web browser and thus is easier and more reliable to use than PPTP, L2TP, or IPsec.

An SSL VPN server is designed to be accessed via Web browser and creates encrypted channels so that you can safely access the server from anywhere.

OpenVPN is exactly what it sounds like: an open-source VPN system that’s based on SSL code. It’s free and secure, and it doesn’t suffer from connection issues, but using OpenVPN does require you to install a client since Windows, Mac OS X, and mobile devices don’t natively support it.

In short: When in doubt, try to use SSL or OpenVPN. Keep in mind that some of the services highlighted in the next section don’t use these protocols. Instead, they use their own proprietary VPN technology.

Now, let’s talk about how to create and connect to your own VPN. If you want simple remote access to a single computer, consider using the VPN software built into Windows. If you’d like to network multiple computers together quickly through a VPN, consider installing stand-alone VPN server software.

If you need a more reliable and robust arrangement (one that also supports site-to-site connections), consider using a dedicated VPN router. And if you just want to use a VPN to secure your Internet traffic while you’re on public Wi-Fi hotspots and other untrusted networks—or to access regionally restricted sites—consider subscribing to a third-party hosted VPN provider.

Set up a simple VPN with Windows

Windows comes loaded with a VPN client that supports the PPTP and L2TP/IPsec protocols. The setup process is simple: If you’re using Windows 8, just bring up the Search charm, type VPN, and then launch the VPN wizard by clicking Set up a virtual private network (VPN) connection.

You can use this client to connect securely to other Windows computers or to other VPN servers that support the PPTP and L2TP/IPsec protocols—you just need to provide the IP address or domain name of the VPN server to which you want to connect. If you’re connecting to a corporate or commercial VPN, you can contact the administrator to learn the proper IP address. If you’re running your own VPN server via Windows, you can figure out the server’s IP address by typing CMD in the Search charm, launching the Command Prompt, and typing ipconfig. This simple trick comes in handy when you’re setting up your Windows PC as a VPN server, and then connecting to it so that you can securely, remotely access your files from anywhere.

Windows has a built-in VPN client, but you’ll need to provide the connection information (namely, the IP address) for the VPN server you want to use.

Quick note: When setting up incoming PPTP VPN connections in Windows, youmust configure your network router to forward VPN traffic to the Windows computer you want to access remotely. You can do this by logging in to the router’s control panel—consult the manufacturer’s instructions on how to do this—and configuring the port-forwarding or virtual-server settings to forward port 1723 to the IP address of the computer you wish to access. In addition, PPTP or VPN pass-through options need to be enabled in the firewall settings, but usually they’re switched on by default.

If you’re using Windows 7 and you need to connect to a VPN or to accept incoming VPN connections in that OS, check out our guide to setting up a VPN in Windows 7.


Use third-party software to create a VPN server

If you’d like to create a VPN between multiple computers to share files and network resources without having to configure your router or to dedicate a PC to act as the VPN server, consider using third-party VPN software. Comodo Unite, Gbridge, andTeamViewer are all decent, reliable, and (most important) free.

LogMeIn Hamachi is a simple, elegant, and secure VPN client that’s free for up to five users.

You can also use LogMeIn Hamachi for free with five or fewer users, but it’s good enough that if you have more than five PCs you want to link up securely—say, as part of your small-but-growing business—you should consider paying for the full service.

Go whole hog with your own VPN router

If you want to get your hands dirty while providing robust remote access to an entire network, or if you wish to create site-to-site connections, try setting up a router on your network with a VPN server and client. If you’re working on a budget, the cheapest way to set up your own dedicated VPN router is to upload aftermarket firmware that enables VPN functionality, such as DD-WRT or Tomato, to an inexpensive consumer-level router.

The ZyXel USG20W VPN router is a smart investment if you want to set up your own dedicated VPN at home or in the office.

You can also purchase a specially designed router (commonly called a VPN router) with a VPN server built in, such as the ZyXel ZyWall 802.11n Wireless Internet Security Gigabit Firewall (USG20W), Cisco Wireless Network Security Firewall Router (RV220W), or Netgear ProSecure UTM Firewall with Wireless N (UTM9S).

When you’re choosing a VPN router and third-party router firmware, make sure they support the VPN networking protocol you need for your devices. In addition, check the VPN router to verify how many simultaneous VPN users it supports.

Let a third-party VPN provider worry about it

If you merely want VPN access to cloak your Internet traffic while you’re using public Wi-Fi or another untrusted network, or to access regionally restricted sites, the simplest solution is to use a hosted VPN provider. Hotspot Shield is my favorite, as it offers both free and paid VPN services for Windows, Mac, iOS, and Android. HotSpotVPN,StrongVPN, and WiTopia are other paid services we’ve reviewed in the past.

The Onion Router is an excellent, free utility that anonymizes your Internet activity through a series of servers scattered around the world.

If you want to keep your browsing activity anonymous but can’t spare the cash for a paid VPN, check out the Onion Router, a network of servers that can anonymize your Internet traffic for free. Visit the TOR website and download the latest browser bundle, and then start browsing with the TOR extensions enabled. The software will encrypt your connection to the TOR server before routing your Internet traffic through a randomized series of servers across the globe, slowing your browsing speed but cloaking your online activity from prying eyes.

No matter how you choose to go about it, start using a VPN today. It takes a bit of work up front, but spending the time to get on a VPN is one of the smartest, simplest steps you can take toward making your online activities more secure.


Eric Geier Contributor

Follow me on Google+

Eric Geier is a freelance tech writer as well as the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, an on-site computer services company.

More by

FBI Taps Hacker Tactics to Spy on Suspects

Law-Enforcement Officials Expand Use of Tools Such as Spyware as People Under Investigation ‘Go Dark,’ Evading Wiretaps

Updated Aug. 3, 2013 3:17 p.m. ET

Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.

Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.

People familiar with the Federal Bureau of Investigation’s programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can’t be wiretapped like a phone, is called “going dark” among law enforcement.

The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc.’s Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.

The bureau typically uses hacking in cases involving organized crime, child pornography or counterterrorism, a former U.S. official said. It is loath to use these tools when investigating hackers, out of fear the suspect will discover and publicize the technique, the person said.

The FBI has been developing hacking tools for more than a decade, but rarely discloses its techniques publicly in legal cases.

Earlier this year, a federal warrant application in a Texas identity-theft case sought to use software to extract files and covertly take photos using a computer’s camera, according to court documents. The judge denied the application, saying, among other things, that he wanted more information on how data collected from the computer would be minimized to remove information on innocent people.

Since at least 2005, the FBI has been using “web bugs” that can gather a computer’s Internet address, lists of programs running and other data, according to documents disclosed in 2011. The FBI used that type of tool in 2007 to trace a person who was eventually convicted of emailing bomb threats in Washington state, for example.

The FBI “hires people who have hacking skill, and they purchase tools that are capable of doing these things,” said a former official in the agency’s cyber division. The tools are used when other surveillance methods won’t work: “When you do, it’s because you don’t have any other choice,” the official said.

Surveillance technologies are coming under increased scrutiny after disclosures about data collection by the National Security Agency. The NSA gathers bulk data on millions of Americans, but former U.S. officials say law-enforcement hacking is targeted at very specific cases and used sparingly.

Still, civil-liberties advocates say there should be clear legal guidelines to ensure hacking tools aren’t misused. “People should understand that local cops are going to be hacking into surveillance targets,” said Christopher Soghoian, principal technologist at the American Civil Liberties Union. “We should have a debate about that.”

Mr. Soghoian, who is presenting on the topic Friday at the DefCon hacking conference in Las Vegas, said information about the practice is slipping out as a small industry has emerged to sell hacking tools to law enforcement. He has found posts and resumes on social networks in which people discuss their work at private companies helping the FBI with surveillance.

A search warrant would be required to get content such as files from a suspect’s computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department’s primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.

But if the software gathers only communications-routing “metadata”—like Internet protocol addresses or the “to” and “from” lines in emails—a court order under a lower standard might suffice if the program is delivered remotely, such as through an Internet link, he said. That is because nobody is physically touching the suspect’s property, he added.

An official at the Justice Department said it determines what legal authority to seek for such surveillance “on a case-by-case basis.” But the official added that the department’s approach is exemplified by the 2007 Washington bomb-threat case, in which the government sought a warrant even though no agents touched the computer and the spyware gathered only metadata.

In 2001, the FBI faced criticism from civil-liberties advocates for declining to disclose how it installed a program to record the keystrokes on the computer of mobster Nicodemo Scarfo Jr. to capture a password he was using to encrypt a document. He was eventually convicted.

A group at the FBI called the Remote Operations Unit takes a leading role in the bureau’s hacking efforts, according to former officials.

Officers often install surveillance tools on computers remotely, using a document or link that loads software when the person clicks or views it. In some cases, the government has secretly gained physical access to suspects’ machines and installed malicious software using a thumb drive, a former U.S. official said.

The bureau has controls to ensure only “relevant data” are scooped up, the person said. A screening team goes through all of the data pulled from the hack to determine what is relevant, then hands off that material to the case team and stops working on the case.

The FBI employs a number of hackers who write custom surveillance software, and also buys software from the private sector, former U.S. officials said.

Italian company HackingTeam SRL opened a sales office in Annapolis, Md., more than a year ago to target North and South America. HackingTeam provides software that can extract information from phones and computers and send it back to a monitoring system. The company declined to disclose its clients or say whether any are in the U.S.

U.K.-based Gamma International offers computer exploits, which take advantage of holes in software to deliver spying tools, according to people familiar with the company. Gamma has marketed “0 day exploits”—meaning that the software maker doesn’t yet know about the security hole—for software including Microsoft Corp.’s Internet Explorer, those people said. Gamma, which has marketed its products in the U.S., didn’t respond to requests for comment, nor did Microsoft.

Write to Jennifer Valentino-DeVries at and Danny Yadron at

With Liberty to Monitor All

US Surveillance is Harming Journalism, Law, Democracy
For much of its history, he United States has held itself out as a model of freedom, democracy, and open, accountable government. Freedoms of expression and association, as well as rights to a fair trial, are protected by the Constitution, and US officials speak with pride of the freedom of the media to report on matters of public concern and hold government to account for its actions. Yet, as this report documents, today those freedoms are very much under threat due to the government’s own policies concerning secrecy, leak prevention, and officials’ contact with the media, combined with large-scale surveillance programs. If the US fails to address these concerns promptly and effectively, it could do serious, long-term damage to the fabric of democracy in the country.Specifically, this report documents the effects of large-scale electronic surveillance on the practice of journalism and law, professions that enjoy special legal protections because they are integral to the safeguarding of rights and transparency in a democracy. To document these effects, we interviewed 92 people, including 46 journalists and 42 lawyers, about their concerns and the ways in which their behavior has changed in light of revelations of large-scale surveillance. We also spoke to current and former senior government officials who have knowledge of the surveillance programs to understand their perspective, seek additional information, and take their concerns into account in our analysis.Whether reporting valuable information to the public, representing another’s legal interests, or voluntarily associating with others in order to advocate for changes in policy, it is often crucial to keep certain information private from the government. In the face of a massively powerful surveillance apparatus maintained by the US government, however, that privacy is becoming increasingly scarce and difficult to ensure. As a result, journalists and their sources, as well as lawyers and their clients, are changing their behavior in ways that undermine basic rights and corrode democratic processes.

Revelations of Large-Scale Surveillance

The United States government today is implementing a wide variety of surveillance programs that, thanks to developments in its technological capacity, allow it to scoop up personal information and the content of personal communications on an unprecedented scale. Media reports based on revelations by former National Security Agency (NSA) contractor Edward Snowden have recently shed light on many of these programs. They have revealed, for example, that the US collects vast quantities of information—known as “metadata”—about phone calls made to, from, and within the US. It also routinely collects the content of international chats, emails, and voice calls. It has engaged in the large-scale collection of massive amounts of cell phone location data. Reports have also revealed a since-discontinued effort to track internet usage and email patterns in the US; the comprehensive interception of all of phone calls made within, into, and out of Afghanistan and the Bahamas; the daily collection of millions of images so the NSA can run facial recognition programs; the acquisition of hundreds of millions of email and chat contact lists around the world; and the NSA’s deliberate weakening of global encryption standards.

In response to public concern over the programs’ intrusion on the privacy of millions of people in the US and around the world, the US government has at times acknowledged the need for reform. However, it has taken few meaningful steps in that direction.

On the contrary, the US—particularly the intelligence community—has forcefully defended the surveillance programs as essential to protecting US national security. In a world of constantly shifting global threats, officials argue that the US simply cannot know in advance which global communications may be relevant to its intelligence activities, and that as a result, it needs the authority to collect and monitor a broad swath of communications. In our interviews with them, US officials argued that the programs are effective, plugging operational gaps that used to exist, and providing the US with valuable intelligence. They also insisted the programs are lawful and subject to rigorous and multi-layered oversight, as well as rules about how the information obtained through them is used. The government has emphasized that it does not use the information gleaned from these programs for illegitimate purposes, such as persecuting political opponents.

The questions raised by surveillance are complex. The government has an obligation to protect national security, and in some cases, it is legitimate for government to restrict certain rights to that end. At the same time, international human rights and constitutional law set limits on the state’s authority to engage in activities like surveillance, which have the potential to undermine so many other rights.

The current, large-scale, often indiscriminate US approach to surveillance carries enormous costs. It erodes global digital privacy and sets a terrible example for other countries like India, Pakistan, Ethiopia, and others that are in the process of expanding their surveillance capabilities. It also damages US credibility in advocating internationally for internet freedom, which the US has listed as an important foreign policy objective since at least 2010.

As this report documents, US surveillance programs are also doing damage to some of the values the United States claims to hold most dear. These include freedoms of expression and association, press freedom, and the right to counsel, which are all protected by both international human rights law and the US Constitution.

Impact of Surveillance on Journalists

For journalists, the surveillance programs and a government crackdown on unregulated contact between officials and the press have combined to constrict the flow of information concerning government activity. An increase in the frequency of leak prosecutions, as well as the government’s implementations of programs—such as the Insider Threat Program—aimed at discouraging officials from sharing information outside the government, have raised the stakes for officials who might consider even talking to journalists.

Large-scale surveillance dramatically exacerbates those concerns by largely cutting away at the ability of government officials to remain anonymous in their interactions with the press, as any interaction—any email, any phone call—risks leaving a digital trace that could subsequently be used against them. This is particularly worrisome in light of changes to US law that allow intelligence information to be used more easily in criminal investigations, potentially allowing law enforcement to circumvent traditional warrant requirements.

Journalists told us that officials are substantially less willing to be in contact with the press, even with regard to unclassified matters or personal opinions, than they were even a few years ago. This can create serious challenges for journalists who cover national security, intelligence and law enforcement, and who often operate in a gray area—working with information that is sensitive but not necessarily classified, and speaking with multiple sources to confirm and piece together the details of a story that may be of tremendous public interest.

In turn, journalists increasingly feel the need to adopt elaborate steps to protect sources and information, and eliminate any digital trail of their investigations—from using high-end encryption, to resorting to burner phones, to abandoning all online communication and trying exclusively to meet sources in person. Journalists expressed concern that, rather than being treated as essential checks on government and partners in ensuring a healthy democratic debate, they now feel they may be viewed as suspect for doing their jobs. One prominent journalist summed up what many seemed to be feeling as follows: “I don’t want the government to force me to act like a spy. I’m not a spy; I’m a journalist.”

This situation has a direct effect on the public’s ability to obtain important information about government activities, and on the ability of the media to serve as a check on government. Many journalists said it is taking them significantly longer to gather information (when they can get it at all), and they are ultimately able to publish fewer stories for public consumption. As suggested above, these effects stand out most starkly in the case of reporting on the intelligence community, national security, and law enforcement—all areas of legitimate—indeed, extremely important—public concern.
Impact of Surveillance on Lawyers 

Lawyers face a different challenge. They have a professional responsibility to maintain the confidentiality of information related to their clients on pain of administrative discipline. They also rely on the ability to exchange information freely with their clients in order to build trust and develop legal strategy, which is especially important in the realm of criminal defense. Increased government surveillance undercuts these longstanding and central elements of the practice of law, creating uncertainty as to whether lawyers can ever provide true confidentiality while communicating electronically with clients.

Lawyers we interviewed for this report expressed the greatest concern about situations where they have reason to think the US government might take an intelligence interest in a case, whether it relates to the activities of foreign governments or a drug or terrorism prosecution. As with the journalists, lawyers increasingly feel under pressure to adopt strategies to avoid leaving a digital trail that could be monitored; some use burner phones, others seek out technologies they feel may be more secure, and others reported traveling more for in-person meetings. Some described other lawyers expressing reluctance to take on certain cases that might incur surveillance, though by and large the attorneys interviewed for this report seemed determined to do their best to continue representing clients. Like journalists, some felt frustrated, and even offended, that they were in this situation. “I’ll be damned if I have to start acting like a drug dealer in order to protect my client’s confidentiality,” said one.

The result is the erosion of the right to counsel, a pillar of procedural justice under human rights law and the US Constitution.

Uncertainty and Secrecy

Uncertainty is a significant factor shaping the behavior of both journalists and lawyers. The combination of the sheer number of surveillance programs, the complexity of the underlying legal regimes, and the lack of clarity as to their scale and scope renders it practically impossible for any layperson to discern which forms of communication and data storage are secure and when they may be reasonably subject to surveillance. Compounding matters, the government has failed fully to disclose the rules governing itscollection and use of information under the surveillance regime. Piecemeal access to this information only creates greater doubt.

The US government has an obligation to defend national security, yet many of its surveillance practices go well beyond what may be justified as necessary and proportionate to that aim. Instead, these practices are undermining fundamental rights and risk changing the nature of US democracy itself. It is time for the US to carry out significant reforms of its surveillance programs and other policies contributing to the harms documented in this report.

Human Rights Watch and the ACLU strongly urge the United States to:

  • end large-scale surveillance practices that are either unnecessary or broader than necessary to protect national security or an equally legitimate goal;
  • strengthen the protections provided bytargeting and minimization procedures;
  • disclose additional information aboutsurveillance programs to the public;
  • reduce government secrecy and restrictionson official contact with the media; and
  • enhance protections for national-securitywhistleblowers.


This report is based on interviews with 92 people in the United States, including journalists, lawyers, and current and former US government officials.[1] Because of the sensitive nature of the questions asked, many interview subjects spoke on background, preferring that their comments not be attributed to them by name. A couple elected to speak entirely off the record. Many of the interviews took place in or around New York City or Washington, DC. A large number were conducted by telephone, though it was not always possible to determine whether interviewees may have felt uncomfortable speaking entirely candidly over the phone.

We spoke with 46 journalists representing a wide range of news organizations, including both larger and smaller media outlets. The major outlets include the New York Times, the Wall Street Journal, the Washington Post, the Los Angeles Times, the Associated Press, Reuters, McClatchyThe New Yorker, National Public Radio, and ABC News. Most interview subjects either formerly covered or currently cover the US intelligence community, national security, or law enforcement. Most work in print, but some also work in television or radio. A few are or were editors or news executives. A significant number of the journalists are highly decorated; as a group, the interviewees for this report have won at least a dozen Pulitzer Prizes and many other prestigious journalism awards.

We interviewed 42 practicing attorneys, working in a variety of areas: criminal defense lawyers (including public defenders both at the federal and state level, and private defense attorneys representing a wide range of clients, including people charged with terrorism, drug, and financial crimes); judge advocates serving in the military and representing detainees at Guantanamo Bay; and lawyers engaged in complex civil litigation, representation of multinational corporations, and representation of foreign sovereigns.

Finally, we interviewed five current or former senior government officials with knowledge of the US government’s surveillance programs or related policies. These include a senior official within the intelligence community and a senior official within the Federal Bureau of Investigation (FBI). We repeatedly requested interviews with senior officials at the National Security Agency (NSA), but after initially stating they would consider our request, the agency’s representatives ceased replying to our correspondence.

I. Background: US

Surveillance, Secrecy, and Crackdown on Leaks

There are limits to the public’s right to know in national security [contexts], but many [people within the] intelligence community know that if we followed strict rules on [classified information], there’d be no discussion of national security at all.

—Steve Engelberg, editor-in-chief of ProPublica, January 30, 2014

In December of 2005, the New York Times reported that the NSA had been conducting warrantless surveillance on Americans since shortly after the terrorist attacks of September 11, 2001.[2] According to the Times, President Bush had authorized the NSA to listen in on phone calls and gather emails of US persons without warrants. A federal judge found that the warrantless wiretapping program blatantly violated both the US Constitution and the federal law governing surveillance for foreign intelligence and international counterterrorism purposes, the Foreign Intelligence Surveillance Act of 1978 (“FISA”).[3] That law established a court, the Foreign Intelligence Surveillance Court (“FISC” or “FISA Court”), specifically designed to issue such warrants.[4] FISA included specific provisions governing surveillance of three types of communications, which we define here as follows: “domestic communications” (which originate and terminate inside the United States), “international communications” (which originate or terminate inside the United States, but not both), and “foreign-to-foreign communications” (which both originate and terminate outside the United States).

Over the next several years, a series of stories revealed further details about the NSA’s spying activities.[5] The Bush administration over time imposed more restrictions on the warrantless wiretapping program, and some portions of the program were eventually authorized under FISC orders.[6] 

However, these restrictions prompted Congress to broaden FISA, including by allowing programmatic surveillance without court oversight over specific targets.[7] Further news reports surfaced, suggesting the NSA’s surveillance activities continued to broaden in scope, potentially to a problematic degree.[8] Nevertheless, the public debate died down significantly.

The current chapter in the NSA saga began on June 5, 2013, when the Guardian published a secret FISC order from April of 2013.[9] The order instructed the US telecommunications provider Verizon to turn over to the government (on a daily basis, for three months) the records on all calls in its systems. Specifically, the article noted that “the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls.”[10] Many refer to the information Verizon had been ordered to turn over as “metadata”—data about communications or transactions, rather than the content of communications themselves (that is, the specific words uttered). Although the Guardian article described the collection of metadata rather than the content of phone conversations, it once again breathed life into the NSA controversy, illustrating through a rare, primary document that the NSA’s call-records program was remarkably broad and indiscriminate.

Within days, former NSA contractor Edward Snowden came forward as the source of the document.[11] Snowden, concerned by the NSA’s surveillance activities, had collected a large number of NSA files before leaving his position as a contractor for the agency, and shared them with members of the press. Since the Guardian article, a flood of subsequent stories have appeared in different media outlets, many apparently based on documents provided by Snowden. Collectively, they confirm much of what had been alleged before and reveal much more, illuminating the contours of a powerful and growing surveillance apparatus run by the US government. Specific reports have detailed a variety of surveillance programs aimed at different sorts of electronic information and communications, including the large-scale collection of:

  • metadata related to domestic phone calls;[12]
  • the actual content of Americans’international chats, emails, and voice calls, as well aselectronic documents shared internationally;[13]
  • business records related to Americans’international money transfers (for a program run by the CIA);[14]
  • massive amounts of cell phone location data;[15]
  • a since-discontinued program to trackAmericans’ internet usage and emailing patterns;[16]and
  • address books and contact lists frompersonal email and chat accounts around the world.[17]

There also have been reports that the government has eased the rules on sharing information gathered through surveillance (both internally, among different agencies, and with other governments),[18] and that it is secretly using information gathered through surveillance purportedly conducted for intelligence purposes in standard criminal investigations.[19] A further report detailed a government system for gathering all of an unnamed country’s phone calls (including calls made to and from the US, and calls made by Americans from or within the country).[20]

Legal Authorities

Governing Surveillance

The US government conducts different types of surveillance in different contexts. For example, federal law enforcement agents might seek a warrant from a judge to conduct targeted surveillance of a particular person suspected of a crime.[21]

The surveillance programs at issue in this report are generally introduced in the name of national security or intelligence rather than criminal law enforcement. Instead of trying to piece together facts about events that have already occurred, they aim to inform the government broadly and—in theory—help prevent future events like terrorist attacks. The programs disclosed by Snowden operate on a much larger scale than more traditional surveillance methods used for law enforcement purposes—collecting hundreds, thousands, or millions of records at a time. By its nature, large-scale surveillance often implicates the interests of many people who are not suspected of any wrongdoing.

Large-scale surveillance by the US government proceeds under a variety of legal authorities. The main authorities known to the public as of July 2014 are Section 215 of the USA PATRIOT Act (PATRIOT Act), Section 702 of the Foreign Intelligence Surveillance Act (FISA), and Executive Order 12,333.[22] In addition to these tools, the FBI also has the power to collect significant amounts of information relevant to national security investigations—without judicial oversight and sometimes in large quantities—using National Security Letters (NSLs).[23]

Surveillance under Section 215 of the PATRIOT Act

The phone call metadata program revealed by the Guardian in June 2013 operates under Section 215 of the PATRIOT Act (Section 215), which allows for the collection of “tangible things” or business records that are “relevant” to an authorized investigation.[24] A major point of controversy concerning Section 215 is that the FISA Court has clearly adopted a weak standard for relevance (and seemingly not in line with Congress’s intent) if it has concluded that Verizon should turn over metadata of all domestic calls on a rolling basis.Surveillance under Section 702 of FISASection 702 of FISA (Section 702) is a provision of federal law, created by the FISA Amendments Act (FAA), that permits the Executive Branch to issue year-long warrants for collecting the content of international communications and other data of persons reasonably believed to be outside the US, specifically to acquire broadly-defined foreign intelligence information. The FISA Court periodically approves the government’s “minimization procedures,” as well as ”targeting procedures” designed to ensure surveillance is targeted at non-US persons outside the US, but it does not issue specific warrants nor approve specific targets of surveillance.[25] Subject to minimization, the government can collect and use the international communications or internationally-shared data of Americans under Section 702. The government relies on Section 702 to collect communications from US service providers as well as to monitor fiber optic cables as they enter the United States, and both forms of surveillance involve the collection of US persons’ communications.[26] The targeting and minimization procedures that have been made public so far provide almost no protections for non-US persons under these programs.[27]Surveillance under Executive Order 12,333Executive Order 12,333 took effect when President Reagan signed it in 1981.[28] It has been updated from time to time, but it remains the primary executive order addressing US intelligence activities, especially those undertaken abroad. Like the minimization procedures discussed above, Executive Order 12,333 also provides some protections for US persons,[29] requiring (when it comes to US persons) that the intelligence community “use the least intrusive techniques feasible.” [30] Yet the US government is reported to be conducting large-scale surveillance under 12,333, such as “secretly breaking into the main communications links that connect Yahoo and Google data centers around the world.”[31] It appears, then, that the government has the power to collect large amounts of information even on US persons through the executive order.[32]

Privacy Protections under Existing US Surveillance Programs

US officials have argued that they have put effective mechanisms in place to protect privacy. They have pointed to two types of protections: “minimization” procedures and oversight mechanisms.

Minimization Procedures

The government has in various contexts adopted policies called “minimization procedures,” which are designed to limit its collection and use of information pertaining to “United States persons” (US persons) whether they are inside or outside the US.[33] In theory, minimization limits the collection or use of information on US persons; it does not appear to apply to any broad category of non-US person, or provide safeguards for their data or communications. Not all of the government’s minimization procedures are public, however, so it is impossible to know their full extent.[34]

Some of the surveillance programs also operate under some measure of court supervision—most notably, the FISC and its appellate counterpart, both composed of federal judges. However, those courts operate in secrecy and do not have any structures in place that would offer meaningful opposition or any kind of counterweight to government requests for approval of surveillance programs. Nor are most FISC orders made public. Indeed, the bulk collection of metadata under Section 215 was authorized by the FISC in secret, and the public did not know about it until years later.

The agencies involved in conducting surveillance also have internal positions for the purpose of promoting accountability, such as inspectors general or privacy and civil liberties officers, though it is unclear what role—if any—they have played in checking the surveillance programs revealed over the past year. Executive bodies such as the Privacy and Civil Liberties Oversight Board (PCLOB) also have some power to exercise oversight, but their recommendations are not binding.[35]

Both the US House of Representatives and the Senate have standing Committees on Intelligence and on the Judiciary, which are designed, in theory, to provide oversight over the intelligence community’s activities. However, much of what these committees do is itself secret. Moreover, effective oversight requires that the intelligence community candidly share information with these committees. As Senator Ron Wyden, from the Senate Intelligence Committee, has noted, senior officials have repeatedly made misleading statements about their activities in congressional hearings.[36] Senate Intelligence Committee Chairman Dianne Feinstein has also noted that the intelligence community has failed fully to inform the committee about its surveillance activities.[37]

The Current Surveillance


The Snowden revelations have prompted domestic and international debates about whether and how to reform US surveillance practices. Among US policymakers, most of that debate has focused on the impact of surveillance on privacy rights of US persons. The US government’s perspective is that its surveillance activities are lawful and necessary to protect US national security.

Even so, in response to public pressure, both President Barack Obama and the US Congress have expressed some willingness to consider reforms. In August of 2013, President Obama created the Review Group on Intelligence and Communications Technologies (President’s Review Group).[38] The group issued a report in December of 2013, recommending a series of reforms to US surveillance practices.[39] The PCLOB has also held hearings on the surveillance programs, recommending its own changes to Section 215 in a report it released in January of 2014.[40] The PCLOB issued a second report in July of 2014, recommending more modest changes to Section 702.[41]

In January of 2014, President Obama gave a speech in which he acknowledged the legitimacy of some concerns about government surveillance.[42] He vowed to make certain changes, such as shifting the storage of information from the bulk domestic metadata program to private companies.[43]

Most recently, Congress has debated legislation that would make some adjustments to Section 215 of the USA PATRIOT Act. In May of 2014, the House passed a version of what has been known as the “USA FREEDOM Act.” An initial draft of the bill contained provisions that would have constituted a significant step towards ending bulk collection of US persons’ phone records and metadata, but the version that the House finally passed was significantly watered down.[44] Many of the bill’s original sponsors and supporters now question whether the current version would prevent large-scale collection of business records or metadata in practice, defeating the objective of the bill.[45] As of July 2014, the Senate was contemplating similar legislation. Both bills are limited in that they fail significantly to address US surveillance under authorities other than Section 215.[46] As of this writing, there has yet to be any significant tightening of the legal authorities that facilitate an astonishing scale of government collection of metadata and communications content. Even were the USA FREEDOM Act to become law in some form, massive and largely indiscriminate collection of content appears set to continue under Section 702 and Executive Order 12,333.

More broadly, however, the debates in Congress and among relevant members of the Executive Branch have failed to account for a variety of costs of large-scale surveillance programs, including not only the implications of surveillance for individuals’ privacy rights, both inside and outside the US, but also the “chilling” or inhibiting effect surveillance can have on the exercise of freedoms of expression and association. Indeed, early research indicates that the revelations in 2013 and continuing to date have begun to have a chilling effect on private individuals’ electronic communications practices and activities.[47] And, as this report documents, surveillance can have a profound impact on the practice of journalism and law.

The Broader Context: Government

Secrecy and the Crackdown on Leaks

The increase in US government surveillance has come at the same time as an increase in criminal investigations and prosecutions of leaks, as well as the establishment of new government programs to prevent leaks of information or otherwise restrict government officials’ contact with the media.[48] These steps have raised further concerns over public access to information, particularly as many journalists, advocates, and even some members of Congress and the Executive Branch believe the government over-classifies information, prohibiting access to much information that is not actually sensitive.[49]


The power to classify US government information rests with the president, the vice president, the heads of federal agencies, and anyone else designated by the president, though only certain types of information may be classified.[50] Three levels of classification are available—top secret, secret, and confidential—calibrated to the seriousness of the expected harm to protected government interests like national security from publication of the information.[51]

In classifying information, officials are supposed to designate the length of time for which the information is expected to remain sensitive; in theory, much of the information that is currently classified should at some point become available to the public.[52] Of over 95 million classification decisions made by the federal government in 2012, however, the vast majority were “derivative” rather than “original”—meaning they involved reclassifying information that had previously been marked as classified.[53]

Officials found to have leaked classified information may face a number of penalties, ranging from administrative sanctions to criminal prosecution.[54] The Obama administration has pursued eight prosecutions of officials for allegedly releasing information to the press—an unprecedented number.[55] By contrast, since 1917 (when the Espionage Act—the law under which most leakers have been prosecuted—took effect), all previous administrations pursued three leak prosecutions combined.[56]

“Insider Threats”

In response to the leaks of information to Wikileaks by former US soldier Chelsea Manning, in October 2011, President Obama implemented the “Insider Threat Program” (or “ITP”).[57] The program requires training of federal employees to beware of insider threats—colleagues who may be inclined to leak classified information.[58] Failure to report suspicious activity by colleagues can result in hefty penalties, including loss of security clearance and criminal charges.[59] One guide on insider threats, prepared by the Defense Security Service—an agency of the Department of Defense that provides security support to various defense and federal agencies—lists a government worker’s “exploitable behavior traits” and attempting to work in private as “potential espionage indicators.”[60]

While the point of the program is ostensibly to limit leaks of classified information,[61] the ITP covers a wide range of government agencies (including, for example, the Peace Corps and the Department of Agriculture), and it makes clear that it sets out only minimum standards.[62] Agencies thus have flexibility to crack down widely, with potential implications for the ability of employees safely to discuss even unclassified matters with the press. Indeed, McClatchy reported that several agencies have already applied the policy to justify protecting such information.[63]

In reporting on sensitive areas, journalists often work with information that is not itself classified. Skilled journalists often assemble fragments of a story bit by bit without ever requiring a source to provide protected information. As a result, increased restrictions on the discussion of even unclassified information make it harder for journalists to gather the pieces of information that compose the whole picture.

Limiting Intelligence Officials’ Contact with the Media

Within the intelligence community, recent rules go even further. Director of National Intelligence James Clapper issued Intelligence Community Directive 119 in March of 2014, prohibiting intelligence community employees from all unauthorized contact with the press and requiring employees to report unauthorized or unintentional press contact on certain topics.[64] The Office of the Director of National Intelligence also updated its press rules (through ODNI Instruction 80.04) in April of 2014, requiring “pre-publication review” of certain information that any member of the intelligence community makes available to the public.[65] The range of topics that trigger pre-publication review include those that “discuss … operations, business practices, or information related to the ODNI, the IC, or national security,” and the rules do not distinguish between classified or unclassified information, or between information that is private and information that is already in the public domain.[66] Steve Aftergood, Director of the Federation of American Scientists’ Project on Government Secrecy, observed that the “newly updated Instruction will no doubt inhibit informal contacts between ODNI employees and members of the general public, as it is intended to do.”[67]

II. The Impact of Surveillance on Journalists

Every national security reporter I know would say that the atmosphere in which professional reporters seek insight into policy failures [and] bad military decisions is just much tougher and much chillier.

— Steve Coll, staff writer for The New Yorker and Dean of the Graduate School of Journalism at Columbia University, February 14, 2014

Numerous US-based journalists covering intelligence, national security, and law enforcement describe the current reporting landscape as, in some respects, the most difficult they have ever faced. “This is the worst I’ve seen in terms of the government’s efforts to control information,” acknowledged Jonathan Landay, a veteran national security and intelligence correspondent for McClatchy Newspapers.[68] “It’s a terrible time to be covering government,” agreed Tom Gjelten, who has worked with National Public Radio for over 30 years.[69] According to Kathleen Carroll, senior vice president and executive editor of The Associated Press, “We say this every time there’s a new occupant in the White House, and it’s true every time: each is more secretive than the last.”[70] Journalists are struggling harder than ever before to protect their sources, and sources are more reluctant to speak. This environment makes reporting both slower and less fruitful.

Journalists interviewed for this report described the difficulty of obtaining sources and covering sensitive topics in an atmosphere of uncertainty about the range and effect of the government’s power over them. Both surveillance and leak investigations loomed large in this context—especially to the extent that there may be a relationship between the two. More specifically, many journalists see the government’s power as menacing because they know little about when various government agencies share among themselves information collected through surveillance, and when they deploy that information in leak investigations.[71] “[Government officials have been] very squishy about what they have and [what they] will do with it,” observed James Asher, Washington Bureau Chief for McClatchy Co., the third largest newspaper group in the country.[72] One Pulitzer Prize-winning reporter for a newspaper noted that even a decrease in leak prosecutions is unlikely to help, “unless we [also] get clear lines about what is collectable and usable.”[73]

Others agreed. “I’m pretty worried that NSA information will make its way into leak investigations,” said one investigative journalist for a major outlet.[74] A reporter who covers national defense expressed concern about the possibility of a “porous wall” between the NSA and the Department of Justice, the latter of which receives referrals connected to leak investigations.[75] Jonathan Landay wondered whether the government might analyze metadata records to identify his contacts.[76] A national security reporter summarized the situation as follows: “Do we trust [the intelligence] portion of the government’s knowledge to be walled off from leak investigations? That’s not a good place to be.”[77]

While most journalists said that their difficulties began a few years ago, particularly with the increase in leak prosecutions, our interviews confirmed that for many journalists large-scale surveillance by the US government contributes substantially to the new challenges they encounter. The government’s large-scale collection of metadata and communications makes it significantly more difficult for them to protect themselves and their sources, to confirm details for their stories, and ultimately to inform the public.

In the 1970s, many journalists spoke with sources by phone, and the government already had the technological capacity to tap those calls if it so chose. But traditional forms of wiretapping or physical surveillance were time consuming and resource intensive. Today, so many more transactions are handled electronically that there exists a tangible, easy-to-store, easy-to-access record of a much larger proportion of any given person’s life: banking transactions, internet browsing, driving habits (though EZ Pass records, license plate cameras, and GPS systems), cell phone location and activity, emailing patterns, and more. Metadata can reveal intimate details about people, such as religious affiliations, medical diagnoses, and the existence of private relationships. Meanwhile, as more transactions have become digitalized, the government has acquired a much greater technical capacity to gather, store, analyze, and sift through electronic data.

Even with rapidly evolving techniques for conducting research and contacting sources, journalists expressed concern that widespread government surveillance constrains their ability to investigate and report on matters of public concern, and ultimately undermines democratic processes by hindering open, informed debate.

Losing Sources

One of the most common concerns journalists expressed to us was that their sources were drying up.[78] According to James Asher, “[Before] you’d start pulling the curtain back and more people would come forward. Many fewer people are coming forward now.”[79]

Journalists expressed diverse views as to when and why reporting conditions began to deteriorate. Some pointed to the attacks of September 11, 2001 and the subsequent expansion in the amount of information considered sensitive for national security purposes.[80] Others emphasized a cluster of stories that appeared in the media in 2005, including the first reports of the NSA’s domestic surveillance programs and confirmation of black sites in Poland.[81] The most common explanation, however, was a combination of increased surveillance and the Obama Administration’s push to minimize unauthorized leaks to the press (both by limiting government employees’ contact with journalists, such as through the Insider Threat Program, and by ramping up prosecutions of allegedly unauthorized leaks, as described above).[82] That trend generates fear among both sources and journalists about the consequences of communicating with one another—even about innocuous, unclassified subjects.[83]

Even sources who are not sharing classified information risk losing their security clearances and ability to work. Steve Engelberg, the editor-in-chief of ProPublica, described the security clearance that a source holds as their “driver’s license in the intelligence community.”[84] According to him, “[It’s] easy to lose it, at which point you can’t work.”[85] As a result, loss of a security clearance is a “big sanction.”[86] Scott Horton, who writes on national security for Harper’s Magazine, sees the risks to sources as a very real and tangible threat to their willingness to speak to reporters and to ensure effective reporting:

Reveal details about government activity and you may lose almost everything: your clearance, your position, and your pension. You may have to hire an attorney, and you may have your reputation destroyed in the press by their own counter-leaks, making it impossible to get a new job.[87]

Yet while loss of one’s security clearance, job, or pension can be serious enough, the risk of prosecution for leaking has never been higher.[88] “It is not lost on us, or on our sources, that there have been eight criminal cases against sources [under the current administration] versus three before [under all previous administrations combined],” observed Charlie Savage, a Pulitzer Prize-winning reporter for the New York Times.[89] That spike sends a message, even when prosecutions do not end in convictions. “I understand why they do it,” noted another Pulitzer Prize-winning reporter.[90] “Even the cases that blow up in [the government’s] face have the intended effect.”[91]

In February of 2014, Stephen Kim, who faced a leak prosecution, described the costs of the process:

This has been a huge blow for me and for my entire family. I had to give up a job that I had liked. It also destroyed my marriage. My family had to spend all of the money they had saved up and even sell their house to pay my legal fees. I hardly have any remaining assets. [92]

Although Kim eventually pleaded guilty to unauthorized disclosure of classified information, his description of the harm to himself and his family represents the setbacks anyone prosecuted might face, irrespective of the ultimate disposition of the case. Thomas Drake, who was also prosecuted by the Obama administration for leaking information to the press, reported similar costs. [93] The government dropped all of its major counts against Drake right before his trial was scheduled to begin, in exchange for a guilty plea to a minor misdemeanor, triggering harsh criticism from the judge for putting Drake through “four years of hell.” [94]

While sources’ employers sometimes have legitimate reasons for discouraging conversations about certain matters with the press, the stakes and the consequences have increased substantially in recent years, making conversations about declassified or innocuous subjects not worth the risk. One journalist described a source who was eventually fired when his or her employer found signs of the source’s initial contact with journalists a year earlier, even though the source had not leaked classified information.[95]

At the same time, the fact that senior government officials themselves routinely appear to authorize “leaks” of classified information has bred cynicism about the government’s claims that these prosecutions are merely about enforcing the law. “Of course, leaks that help the   government are sanctioned,” observed Brian Ross, chief investigative correspondent for ABC News.[96] Bart Gellman, senior fellow at The Century Foundation, and the winner of multiple Pulitzer Prizes, argued that official, sanctioned leaks reveal much more classified information than unofficial ones.[97]

Yet, beyond the leak investigations and administrative efforts to prevent leaks, many journalists said that the government’s increased capacity to engage in surveillance—and the knowledge that it is doing so on an unprecedented scale—has made their concerns about how to protect sources much more acute and real.

In fact, some believed that surveillance may be a direct cause of the spike in leak investigations. “It used to be that leak investigations didn’t get far because it was too hard to uncover the source, but with digital tools it’s just much easier, and sources know that.” observed Bart Gellman.[98] Peter Maass, a senior writer at The Intercept, concurred: “Leak investigations are a lot easier because you leave a data trail calling, swiping in and out of buildings, [and] walking down a street with cameras. It’s a lot easier for people to know where you’re going and how long you’re there.”[99] Charlie Savage raised a similar point: “[E]lectronic trails mak[e] it easier to figure out who’s talking to reporters. That has made it realistic [to investigate leaks] in a way that it wasn’t before.”[100] Peter Finn, the National Security Editor at the Washington Post, expressed concern that “the government’s ability to find the source will only get better.”[101]

A national security reporter made the link even clearer, stating that the Snowden revelations show that “[w]hat we’re doing is not good enough. I used to think that the most careful people were not at risk, [that they] could protect sources and keep them from being known. Now we know that isn’t the case.”[102] He added, “That’s what Snowden meant for me. There’s a record of everywhere I’ve walked, everywhere I’ve been.”[103] Peter Maass voiced a similar concern: “[The landscape] got worse significantly after the Snowden documents came into circulation. If you suspected the government had the capability to do mass surveillance, you found out it was certainly true.”[104]

Journalists repeatedly told us that surveillance had made sources much more fearful of talking. The Snowden revelations have “brought home a sense of the staggering power of the government,” magnifying the fear created by the increasing number of leak investigations.[105] Accordingly, sources are “afraid of the entire weight of the federal government coming down on them.”[106] Jane Mayer, an award-winning staff writer for The New Yorker, noted, “[t]he added layer of fear makes it so much harder. I can’t count the number of people afraid of the legal implications [of speaking to me].”[107] One journalist in Washington, DC, noted, “I think many sources assume I’m spied on. [I’m] not sure they’re right but I can’t do anything about their presumption.”[108]  As a result, she said, some remaining sources have started visiting her house to speak with her because they are too fearful to come to her office.[109] One national security reporter estimated that intelligence reporters have the most skittish sources, followed by journalists covering the Department of Justice and terrorism, followed by those on a military and national security beat.[110]

As a result, journalists report struggling to confirm even unclassified details for stories, and have seen trusted, long-standing sources pulling back. “I had a source whom I’ve known for years whom I wanted to talk to about a particular subject and this person said, ‘It’s not classified but I can’t talk about it because if they find out they’ll kill me’ [figuratively speaking].”[111] Several others have reported the sudden disappearance of formerly reliable sources, or the reluctance of sources to discuss seemingly innocuous and unclassified matters.[112] One decorated intelligence and national security journalist indicated that even retired sources are increasingly reluctant to speak.[113] Though firing or revocation of security clearances no longer worries them, they fear prosecution, and “now [they] have to worry that their communications can be reached on a basis far short of probable cause.”[114]

Though losing developed sources has proved frustrating to numerous journalists with whom we spoke, a number suggested that the largest challenge they face is reaching new sources. “Sources don’t just materialize,” noted Peter Finn. “They often are developed.”[115] That requires building trust, which can be a slow and difficult process.

Adding to the challenge of developing sources that are already skittish is the fact that surveillance makes it very difficult for journalists to communicate with them securely. Calling or emailing can leave a trail between the journalist and the source; and it can be difficult to get casual contacts to take more elaborate security measures to communicate. “[H]ow do you even get going?” asked Bart Gellman, referring to the challenge of making first contact with a new would-be source without leaving a trace. “By the time you’re both ready to talk about more delicate subjects, you’ve left such a trail that even if you start using burner phones or anonymous email accounts you’re already linked.”[116] A national security reporter noted, “[Ideally,] you bump into people. [That’s] tough to arrange, though, without [creating a] record…. [You] find yourself using phone and email to set up a chance to talk. If that’s completely forbidden, then we are really in trouble.”[117] As a result, according to Peter Finn, “both parties want to move faster toward a more direct relationship that requires less electronic contact.”[118]

Yet approaching sources in person from the outset can also be quite difficult. The time and effort required physically to locate specific sources can be prohibitive. Moreover, some sources simply do not want reporters to know their identities, so they “won’t necessarily want to meet face to face initially.”[119] That can push journalists back toward more conventional—and traceable—methods of making contact.[120] This sort of situation can leave reporters feeling “increasingly frustrated.”[121]

A couple of journalists reported trying to make the best of a challenging situation. “In some ways, this environment creates a closer alliance with sources,” observed Bart Gellman. “They’re being treated as adversaries by people they work for. You use whatever you have.”[122] Yet even the journalists who expressed these sorts of views did not regard such new opportunities as offsetting the growing challenges.[123] As a national security reporter summed up the matter, “We’re not able to do our jobs if sources are in danger.”[124]

Changing Journalistic Practices

In an attempt to protect their sources, their data, and themselves, many journalists reported modifying their practices—their tradecraft—for investigating stories, communicating with sources, and protecting their notes. The fact that journalists are profoundly altering their tradecraft is evidence of the impact of surveillance on their profession.

Yet significant uncertainty about which methods are effective, exacerbated by continued uncertainty about the scope and legal limits of US surveillance operations, leads to a variety of different approaches. Some journalists have changed their practices in response to specific tips they have received from government officials. “I was warned by someone at the Pentagon that it was easy to track my calls because I used the same number all the time,” reported a national security journalist.[125] Now he uses burner phones.[126] Brian Ross relayed a different tip he received: Start all international calls with, “I’m a US citizen. Aren’t you?”[127] (Ross’ tip refers to a prohibition against the “targeting” of US citizens for surveillance under Section 702.)[128] Others develop their techniques with the support of security experts.[129] Still others are operating blindly—speculating as to what works and what does not. As one investigative reporter put it put it, “You don’t know what you’re up against; you just take the precautions you can.”[130]

We found three broad types of changes in journalists’ behavior, all aimed at obscuring parts of the reporting process: increasing use of advanced privacy-enhancing technology, decreasing reliance on electronic tools, and modified use of conventional methods of protecting information and sources. Journalists often employ a combination of measures from all three categories.

Advanced Privacy and Security Technology

A significant number of journalists reported using various forms of encryption software for their communications with sources or colleagues, including emails, chats, texts, and phone calls, though it is far from clear how effective these methods are in the long run.[131] While proper use of encryption can protect the contents of communications, it will not obscure the identity of the correspondents, or the fact that they are communicating. As a result, if the government were to collect metadata concerning emailing patterns (as it did until 2011), then even encrypting domestic emails would only offer partial protection.[132]

Journalists also reported using special devices or software to encrypt and store data securely.[133] A couple endorsed the use of air-gapped computers—computers that never connect to the internet, or any unsecured network—for particularly sensitive material.[134] Steve Coll noted, however, that securing a computer to such a degree significantly limits its utility. “At that point, why have a computer at all?” he wondered. “You could just go to the store and buy an Olivetti typewriter.”[135]

Some journalists—including a few working on particularly sensitive materials—declined to discuss their full range of security measures.[136] Another noted that he tries to mask his records of purchases of advanced technology.[137]

On the other hand, some journalists actively avoid encryption, or use it with reservations. One prominent concern is that encryption is not entirely secure.[138] One national security reporter asked, “Will it save you in the end? Isn’t the NSA going to crack it, or get someone to give up the code?”[139] Steve Coll noted that he has been “interested in the debate about whether any encryption approach is effective.”[140]  According to some of the people he has looked to for information on the subject, the biggest worry is not that the NSA will find a way to crack encryption, but rather that one’s electronic “hygiene” in using it must be “excellent.”[141] In other words, one lapse in protecting encryption passphrases or hardware can provide others with direct access to sensitive data in unencrypted form. Bart Gellman noted similar challenges with Tor: “You forget to launch Tor once before logging onto the account, and you’re linked to it.”[142]

Another worry is that encrypting communications might only draw the government’s attention.[143] The NSA’s minimization procedures that have been made public allow its employees to seek permission from the Attorney General to retain encrypted communications even if they are purely domestic.[144] Scott Shane, an intelligence reporter for the New York Times, said that while he has used encryption in the past, he is “skeptical that it is a solution of significance.”[145] He noted that encrypted email “wasn’t even a speed bump” for prosecutors in some recent leak cases, “who even used that to suggest the source knew he was doing something wrong.”[146] Shane was referring to the prosecutions of Thomas Drake. Drake was suspected of leaking information to a reporter about wasteful spending at the NSA, and in their case against him, prosecutors highlighted his use of encrypted email (Hushmail) to communicate with the reporter.[147]

Eric Schmitt, a Pulitzer Prize-winning reporter for the New York Times who covers terrorism and national security, had similar misgivings. He observed that while certain sources might be better off using encrypted email, and journalists have begun using it among themselves and with some of their sources, “if you ask … government sources to do it, it brands them.”[148] Steve Aftergood suggested the same concern: “Maybe you’re drawing more attention to yourself by using it, suggesting the contents are sensitive.”[149] 

Several journalists highlighted another significant difficulty: In many instances, for encryption to work, both the journalist and the source must have some facility with the same encryption tool. Some journalists expressed doubts about their own ability to master encryption and related technologies.[150] Others noted that many would-be sources lack the technical savvy to approach journalists safely,[151] and even that using encrypted methods of communication with typical sources—as opposed to sources who already prefer to use encryption—might “spook” them. “They’re going to feel like they’re doing something wrong.”[152] Jane Mayer added, “Your source has to be really committed [to bother with advanced security measures].”[153]

Most journalists who use advanced technologies indicated that their outlets are willing to cover the financial costs of doing so.[154 Those costs are not overwhelming on the whole; there are open source (free) versions of certain encryption software, such as PGP, while other programs require a manageable subscription fee, like Silent Circle.

However, the use of advanced technologies does impose costs beyond the financial. They can take time to learn, and are often difficult to use. Journalists we spoke with characterized them as “a burden,”[155] “a huge tax on your time,”[156] and “cumbersome and slow.”[157] The perceived complexity of learning them imposes a barrier for some journalists.[158] While some outlets actively train select staff in the use of advanced technology,[159] others do not. Several journalists described teaching themselves new technologies on an ad hoc basis under their own initiative.[160]

Decreasing Reliance on Digital Technology

Both sources and journalists alike use a range of third-party service providers, including web-based email, social media services, or cloud-based storage. The revelations of the PRISM program [161] brought into stark relief the privacy and security risks associated with using US-based online service providers, who are subject to orders under Section 702 and other national security authorities. The lack of certainty about how data stored by these companies is protected undermines their convenience and cost-effectiveness.

For all of the influence of advanced technologies on the evolution of journalistic tradecraft, many journalists indicated that creating no electronic record is best. Even those who have made significant use ofadvanced privacy-enhancing technology held this view.[162] As one national security reporter summed it up, “any form of electronic communication just can’t be used for sensitive matters.”[163] Accordingly, many journalists have ratcheted back their use of technology.

Many journalists reported a strong preference for meeting sources in person in large part for reasons of security.[164] “I don’t think there’s anything ironclad you can do except [meet] face to face,” remarked Jonathan Landay.[165] “Maybe we need to get back to going to sources’ houses,” added Peter Finn.[166] Indeed, several journalists expressed a marked reluctance to contact certain sources by email or phone.[167] “[We] have to think about how to contact someone without leaving electronic cookies behind,” observed Steve Engelberg.[168] “[You] can’t call [sources] at work,” noted a New York-based investigative journalist. If you have misgivings about using a source’s cell phone or personal email, “[the] only thing that’s left is to go to their door.”[169]

The common view appears to be that meeting face to face with a source is better than calling, which in turn is better than emailing.[170] “Most assume emails can be intercepted or subpoenaed,” noted Eric Schmitt. Fewer worried that the government will intercept their domestic calls. “I doubt the NSA can get content of domestic calls without an active investigation,” noted one national security reporter, who said he has heard as much from “good sources.”[171] Peter Finn concurred: “I don’t think they could listen routinely to journalists.” (There have been no revelations of large-scale US government eavesdropping on purely domestic phone calls.)

Even so, when forced to call a source, a couple of journalists indicated a preference for using landlines over cell phones, noting how easily one can intercept the contents of a cell phone call.[172] “Almost anybody with the right equipment can eavesdrop on a cellphone call; landlines are more secure from snooping (though of course [the] government… can capture content with [a] wiretap),” observed Peter Maass.[173] Nevertheless, the US government continues to collect metadata information on landlines as well as cell phones, and as Maass noted, “The government doesn’t need to know what people are talking about—just that they’re talking. That can go a long way in supporting the prosecution’s case in a leak investigation.”[174]

Two journalists also indicated a growing affinity for using postal services to transmit documents rather than electronic means,[175]  though a third expressed concern about media reports that the US Postal Service has been photographing all of the mail it handles.[176] Even suggesting that sources use conventional mail rather than other means to communicate can scare away sources, however. Peter Maass described being approached by a would-be source, and urging that person to mail him information rather than sending it electronically. He never heard from the person again, and Maass suspects the reason is that “I made him aware of the danger of being connected to me. As a result, I lost that story.”[177]

Several journalists also suggested a preference for avoiding other technologies that create electronic trails or files. One trend is to use cash rather than credit cards when making purchases that relate to one’s reporting.[178] A couple of journalists also reported avoiding storing data in the cloud.[179] Steve Engelberg noted that he prefers to deal in hard copies and printouts—rather than electronic files—when working on drafts of stories related to national security.[180]

Other Strategies to Protect Sources

In addition to seeking security in a combination of more and less advanced technology, a number of journalists have adapted their use of conventional tools to make it more difficult to track down their sources through surveillance. One approach involves deliberately creating a misleading electronic trail. For example, one journalist described a colleague who calls a large number of possible sources before a story comes out in order to obscure the identities of those who actually provided information.[181] Another reported booking “fake” travel plans for places he never intended to visit.[182]

Journalists and sources have also made creative use of common technologies to hide their interactions. The most common such approach is to use “burner” phones—cell phones with limited identifiable links to the owner, and which one disposes of after a matter of days or weeks. A significant number of journalists described elaborate processes by which they managed to obtain such phones, limit their traceability, and make them operable for a short period.[183]

Others described a variety of similar techniques for sharing information with sources electronically while minimizing the trace left behind. Some detailed the inventive use of email accounts or phones, as well as tricks for hiding purchase records related to reporting activity.[184]

Journalists also have made efforts to better protect their information. Due to the traceability of GPS information from cell phones, and the possibility of turning cell phones into listening devices (even if they are off),[185] several journalists reported turning off cell phones or taking out their phone batteries before speaking with people in person, or even leaving phones behind altogether when visiting sources.[186] One journalist reported keeping his files “on a flash drive in [his] pocket all the time,” and taking additional precautions with his notes—such as writing them by hand and encoding them.[187] A couple of others have employed codes for discussing stories or sources, whether within an office or otherwise.[188] 

The large variety and complexity of these strategies illustrate the fear that journalists and their sources hold of government surveillance. Even in cases where the topic of discussion is innocuous and declassified, journalists and their sources are unable to converse freely, stymying effective reporting. Many of these techniques entail additional costs for journalists— not just the financial costs of additional technology and equipment, but perhaps even more burdensome costs in the time it takes for journalists to go through all the elaborate steps they now need to take to keep their sources protected.

Ongoing Uncertainty about Security

Even with all these burdensome and costly measures, many journalists expressed doubts about their power to protect sources and the level of security they are able to attain.

A national security reporter observed, “[I’m under] no illusion that [my approach] is foolproof, but it’s anything to protect [us] somewhat.” [189] A number of journalists seemed to recognize that their evolving tradecraft countermeasures are extremely limited. Jonathan Landay noted that certain steps he is inclined to take “may not be very successful, but you do whatever you can think of.”[190] Brian Ross was also skeptical of some of his steps, such as using codes within the office to discuss more sensitive matters. “We’re not very good at it; we’re not trained in cyphers and codes.”[191]

Not a single journalist we spoke with believed they could defeat the most focused efforts by the government to discern their activities. “If the government wants to get you, they will,” noted Adam Goldman, a Pulitzer Prize-winning reporter with the Washington Post. “We don’t have the technology [that] they do,” added Jonathan Landay.[192] While there are a number of steps one can take to limit exposure to large-scale electronic surveillance, observed Bart Gellman, “ if a first-rate intelligence agency decides to target you specifically and invest serious resources, there’s nothing you can do”[193] Accordingly, he described his tradecraft techniques as an attempt “to raise the cost of surveillance.”[194]

Another prominent journalist wondered whether the US government might fill its intelligence gaps on US persons by acquiring information—including, potentially, on journalists—from friendly foreign governments.[195] Indeed, it is publicly known that the US has an intelligence sharing agreement with the UK, Canada, Australia, and New Zealand—a group of countries collectively called the “Five  Eyes” [196] —and has worked closely with various other intelligence services.[197] As described in the next section, the US is known to have received intelligence about a US law firm’s communications with its client from the Australian intelligence service.[198] One senior intelligence official we spoke with noted that the US government can accept (though not solicit) intelligence about US persons from other governments even where the US is not permitted to gather that intelligence itself.[199]

A national security reporter put it this way: “It’s difficult, if you’re using any electronic communications, to do something that DOJ with a subpoena or the NSA couldn’t figure out. But you want to make the initial leak investigation more difficult to preclude a more sweeping inquiry.”[200] For example, burner phones “won’t thwart the NSA,” he argued.[201] “They’ll know [the phone is] always near [other phones linked to me.] But for sensitive calls, it’ll hopefully thwart the initial leak investigation.”[202] A Pulitzer Prize-winning reporter for a major newspaper agreed: “It’s really hard to leave zero trail and do your job.”[203]

Impact on News

Coverage, Public Accountability, and the Quality of Democratic Debate Increased surveillance, combined with the tightening of measures to prevent both leaks and (more broadly) government officials’ contact with the media, may be having a profoundly detrimental impact on public discourse. There are good reasons to believe that recent developments are reducing the amount and quality of news coverage of matters of public concern. They are also affecting the role that journalists have typically played in holding government to account for its actions, particularly when it comes to the intelligence sector.

Impact on News Coverage

Several journalists we spoke with asserted that the new challenges they face significantly impede news coverage of matters of great public concern.[204] Many journalists emphasized the extra time entailed by the new techniques they’re employing to protect their sources and communications.[205] “It’s a tax on my time,” noted Bart Gellman. “I could do double the work if I weren’t spending so much effort on encryption and a secure workflow between networked and air-gapped machines.”[206] Part of the delay results from using more advanced privacy and security technologies, which may involve trade-offs with convenience, and ensuring that sources do the same. Part of the delay also comes from the scaled back use of electronic communications or digital technology. “Mail is slow,” observed Martin Knobbe, a New York-based correspondent for Stern Magazine. “It can take two weeks to get an okay to meet someone [using mail].”[207] All things considered, “[i]t absolutely slows down coverage,” claimed Marisa Taylor.[208]

“Stories that could have been done have a much higher uphill climb,” observed Steve Engelberg.[209] With staff limitations, it is not always possible to undertake that climb simply because a story looks interesting or promising. “We have to pick our spots. It takes thought.”[210] While the additional time that goes into stories can also yield more nuance, these extra challenges arise at an inopportune time. Print-centered news outlets have struggled over the last several years, and may have fewer resources than in the past.[211]

Additionally, many journalists said the amount of information provided or confirmed by sources is diminishing. For one, sources are becoming less candid over email and phone. “I definitely see a trend of sources speaking at a different level of candor face to face [as compared to over the phone],” noted a national security reporter.[212] As a result, he acknowledged spending more time physically near where his sources work.[213] Others also confirmed traveling more (and spending the money that goes with that), or facing the difficult choice of how to pursue information if travel is not an option.[214]

As one might expect, sources are less willing to discuss sensitive matters, even where it is not clearly classified. “[There is] much greater reluctance from sources to talk about sensitive stuff,” asserted Scott Shane.[215] “There just isn’t a bright line between classified and not…. There’s a huge gray area. That’s where the reporting takes place. [But s]ources are increasingly unwilling to enter that gray zone.”[216]

Yet the effect is still broader. As a Pulitzer Prize-winning reporter put it, “People are increasingly scared to talk about anything.”[217] According to Jonathan Landay, source reluctance extends “even [to] something like, ‘Please explain the rationale for this foreign policy.’ That’s not even dealing with classified material; that’s just educating readers.”[218] Landay added, “There’s [also] a much greater constraint on the ability to get explanatory information about the views of people dealing with real issues before they get into the political levels of the government. That’s not classified. That’s not secret. At worst, that’s embarrassing.”[219] Jane Mayer put it differently. “What you’re losing now is spontaneity.”[220] As a result, we are “not getting spur-of-the-moment stories.” She also emphasized the motives of many government sources: “Most of these leaks are just criticism, frankly. [My sources] are very patriotic on the whole…. They’re not enemies of the state.”[221]

Bart Gellman put the size of the challenge into context: “I don’t feel like there’s a drought, but there are more challenges.”[222] Steve Engelberg agreed, noting that the surveillance revelations have “added a layer of complexity” to national security reporting, but have not shut it down completely.[223] 

The net result is a less informed public. It is “absolutely” the case that less information is reaching the American people, according to James Asher. Kathleen Carroll agreed. While she does not necessarily see a connection between leak investigations and surveillance, she also expressed concern over sources feeling especially skittish, noting that “People have to work harder, it takes longer, and you […] won’t have as many stories [until the landscape changes].”[224]

Impact on the Press’s Ability to Serve as a Check on Government Abuse

In recent decades, the press has played an important role in checking government, and in particular, the intelligence community.[225] That has not always been the case. Betty Medsger, a former Washington Post reporter whose series of stories in 1971 first revealed the FBI’s targeting of dissenters, recalled that there was “very little investigative work” before her articles appeared.[226] Even her FBI stories derived from documents stolen by activists, rather than through Medsger’s cultivation of sources inside the intelligence community. “I was given these files. I didn’t have clever techniques. Nobody was trying to develop inside sources until then.”[227]

Tim Weiner, a Pulitzer Prize-winning reporter for the New York Times, who also won a National Book Award for his history of the CIA, offered an earlier timeline for the development of investigative journalism on the intelligence community, observing that “serious investigative reporting into the CIA started in the mid-1960’s, and then seriously expanded a decade later.”[228] Phil Bennett elaborated:

The growth of the intelligence community and of a more critical, more adversarial press occurred in tandem, on overlapping timelines. Although there have been state secrets since the founding of the Republic, the current institutional structure that manufactures and protects those secrets emerged near the end of World War II and the beginning of the Cold War. For the most part, at first journalists did little to contest the government’s monopoly on secrets. But the Vietnam War led some journalists to see secrecy as a tool for the government to deceive the public. The Pentagon Papers case ratified this view. Disclosing government secrets then became a central part of the birth of modern investigative reporting. This has carried over to the digital era.[229]


Ultimately, the government’s own investigations into the intelligence community in the mid-1970s—most famously among them, the Church Committee in the Senate—provided a sound basis for ongoing and active investigative work by journalists on the intelligence community ever since.[230] Those inquiries revealed significant and widespread misconduct by the intelligence community dating back decades. By offering the public significant and early insight into objectionable practices by the FBI, Medsger’s stories formed a major part of the environment that gave rise to those investigations,[231] complementing pressure resulting from the Vietnam War and Seymour Hersh’s 1974 reporting on the CIA.[232]

But coverage of the intelligence community has recently (once again) become more challenging to undertake. “It seems to me that at some point it became very difficult again to cover these institutions and get inside sources,” Medsger observed.[233]

Many journalists who spoke to us expressed a strong commitment to their work, and were unwilling to be dissuaded from continued efforts to cover increasingly difficult beats. “I’m not in any way going to stop reporting,” remarked Adam Goldman. “In most cases, I am not the vulnerable one,” added Steve Aftergood.[234] Peter Maass also identified a silver lining: “Even though it’s harder, it’s also very exciting. We’re being given an amazing opportunity to do exciting work that could help shape society for years to come.”[235]

Nevertheless, the effects that surveillance and leak investigations have had on coverage are working to undermine effective democratic participation and governance. “What makes government better is our work exposing information,” argued Dana Priest, a Pulitzer Prize-winning national security reporter at the Washington Post.[236] “It’s not just that it’s harder for me to do my job, though it is. It also makes the country less safe. Institutions work less well, and it increases the risk of corruption. Secrecy works against all of us.”[237] Charlie Savage added, “National security journalism is especially important for a functioning, democratically accountable system.”[238] Steve Coll agreed as well, noting, “There’s a real loss to the public, the voters.”[239]

For James Asher, “The role of the press is to be challenging and critical.”[240] It is thus inherently important for journalists to seek out certain information that the government treats as sensitive and, when appropriate, share it with the public. Kathleen Carroll also emphasized the responsibility typically demonstrated by journalists who work on national security topics. “This is not a bunch of bratty journalists trying to undermine legitimate government operations,” she argued. Moreover, though she believes “that a government’s actions on behalf of the people it serves should be public, [m]ost news organizations [including her outlet, the Associated Press] will recognize that certain things the government is doing need to remain secret, at least for now. The disputes take place because the government idea of what should remain secret is much more sweeping.”[241]

Dana Priest defined the problem as follows:

The government is getting the balance between guarding  information and making it public wrong. They think anything classified should stay secret…. The question for me is what really needs to stay secret. The rules for that were set for the nuclear era. We have a new era now with old rules. The government should reverse it, and start by asking, ‘What needs to be secret?’[242]

A couple of journalists also expressed principled resistance to the prospect of undertaking so many evasive maneuvers to do their work. Scott Shane argued that “[a]s an American reporter, I should not be uneasy about the government targeting me to figure out my sources.”[243] Another reporter, who covers law enforcement and national security, noted that the need for additional secrecy has forced him to “start to act like a criminal.”[244] Brian Ross articulated a similar sentiment: “There’s something about using elaborate evasion and security techniques that’s offensive to me—that I should have to operate as like a criminal, like a spy.”[245] Adam Goldman, though he was less inclined to connect surveillance and leak investigations, also shared that view: “I don’t want the government to force me to act like a spy. I’m not a spy; I’m a journalist.”[246] He added, “What are we supposed to do? Use multiple burners? No email? Dead drops? I don’t want to do my job that way. You can’t be a journalist and do your job that way.”[247]

Certain statements by government officials have, indeed, suggested that journalists who report leaked information are engaged in criminal behavior. In January of 2014, Director of National Intelligence James Clapper called on “[Snowden] and his accomplices to facilitate the return of the remaining stolen documents that have not yet been exposed….” [248] As Snowden is not known to have had the assistance of others in obtaining the documents he later provided to the media, many interpreted that comment to refer to the reporters who had published stories based on the documents. [249]

Republican Representative Mike Rogers made another such remark only days later. [250] Rogers, Chairman of the House’s Permanent Select Committee on Intelligence (the primary House body tasked with oversight of the intelligence community), criticized journalist Glenn Greenwald for working with news outlets that paid for stories based on the Snowden documents. [251] Rogers accused Greenwald of “selling his access to information,” specifically “[f]or personal gain.” He concluded, “A thief selling stolen information is a thief.”

One former government official we interviewed made a similar comparison between leakers and burglars (though without directly criticizing journalists who receive and publish leaked information).

Scott Shane responded to that analogy at some length:

Informing Americans about the national security programs that they pay for and are carried out in their name is impossible without government officials who are willing to speak with reporters about them, within limits. The hard part, of course, is judging the proper limits. To compare the exchange of information about sensitive programs between officials and the media, which has gone on for decades, to burglary seems to miss the point. Burglary is not part of a larger set of activities protected by the Constitution, and at the heart of our democracy. Unfortunately, that mindset is sort of the problem.[253]

Several journalists likened the current reporting atmosphere to what one might find in more authoritarian countries. Peter Maass noted that he has worked under threat of surveillance abroad while covering the Soviet Union, the Balkans, and North Korea, and has thus been exposed to the need for evasion in reporting.[254] But he is “horrified and outraged” that the same concerns now apply here in the US.[255] Jonathan Landay reported that a number of his sources for a story in Jordan were called in for questioning after they spoke with him. “But I expect that to happen in Jordan.”[256] A national security reporter noted that the US government now causes him more concern than other governments that we expect to do surveillance. “A year ago, in our line of business, we were more worried about the Chinese government snooping to get an edge by collecting what we weren’t reporting. Now it’s a distant second to our own government.”[257]

III. The Impact of Surveillance on Lawyers and Their


I found it shocking to think that the US is doing this [surveillance]—and I was at DOJ before.

—A lawyer specializing in international dispute resolution at an international firm, April 1, 2014

Recent media reports confirm that large-scale electronic surveillance by the US government has been sweeping up vast amounts of private data and communications. That includes confidential information related to ongoing legal matters, and privileged communications between attorneys and their clients. Duty-bound to protect that information, and strategically disadvantaged if unable to do so, many attorneys describe surveillance as undermining their ability to advocate on behalf of their clients.[258]

At the most general level, as described by Maureen Franco, the federal public defender for the west district of Texas, “The Snowden stories confirm widely held suspicions and make us more nervous about using electronic communications.”[259] Worries about surveillance vary from one area of legal practice to another, but they are particularly pronounced among attorneys who defend clients from charges related to terrorism—including federal defenders who are assigned to such cases rather than choosing them. Yet attorneys in other areas expressed significant concern as well, including defense attorneys who handle drug cases, and even attorneys doing international or civil work. Specifically, lawyers expressed concern over their ability to satisfy their professional duty of confidentiality, maintain their attorney-client relationships, and effectively represent their clients.

Like journalists, attorneys are uncertain about whether it is even possible to protect their communications from government surveillance, and are confused about what steps they can—and may even be obligated—to take. The result is a less robust relationship between some attorneys and their clients, and a legitimate concern about the impact on due process rights in the criminal context.

Uncertainty and Confusion among Lawyers over How to Respond to Large-Scale US Surveillance

The legal community, perhaps even more so than the media, is plagued by uncertainty and confusion over the implications for their work of surveillance of the scope revealed during the last year. Part of that uncertainty derives from the widespread sense that we have yet to learn the full extent of the government’s surveillance powers, and what steps the intelligence community is taking to avoid scooping up attorney-client communications.[260]Part may also reflect the unsettled legal landscape regarding whether attorneys who are surveilled have legal recourse.[261]

The US government has stated that it applies certain minimization procedures to protect attorney-client communications.[262] Indeed, some of those procedures—which appear to limit NSA monitoring of communications under Section 702, if they are between someone under indictment in the US and their lawyer—were made public in June 2013 as part of one of the earliest Guardian stories based on the Snowden documents.[263]

But it is far from clear whether analogous procedures exist that apply to US surveillance under other authorities. Moreover, these procedures are little comfort to the many lawyers who represent individuals or companies not now under criminal indictment in the United States.[264] Indeed, in February 2014, new documents revealed that the communications of US-based law firm Mayer Brown with its client, the government of Indonesia, came under surveillance by an Australian intelligence agency, which in turn provided resulting intelligence to the United States.

The report prompted a letter from James R. Silkenat, president of the American Bar Association, to the NSA, expressing concern about reports of surveillance intruding on the attorney-client relationship.[265] Then-NSA Director General Keith Alexander responded, essentially restating public information concerning the NSA’s rules.[266] For example, Alexander noted that the NSA stops monitoring communications when they are discovered to be between someone “known to be under criminal indictment in the United States and an attorney who represents that individual in the matter under indictment” (though it keeps the portion of the exchange it has already gathered).[267] The NSA also seeks individualized review by the Office of General Counsel before disseminating to other agencies or offices “information constituting U.S. person privileged communications [such as those that arise between a person and his attorney].”[268]

A number of lawyers indicated that it is difficult to know what to make of the current landscape, and they are only beginning to confront the implications of large-scale electronic surveillance for their work. In reflecting about the risks posed by surveillance, Tom Durkin, a leading national security defense attorney, began to express worries about his metadata records for the first time during an interview with us: “I never thought about whether I wanted to leave a metadata trail until” he gave it some consideration at that moment.[269] He argued that it is too soon to comprehend the full range of implications of the Snowden revelations for the practice of law.[270] On the other hand, another litigator, who runs a private practice representing international clients, noted how significant the revelations have been for him: “I think everyone is starting to think about this.”[271] It takes time, however, because “we’re used to a world with sacrosanct communications between lawyers and clients.”[272]

Many attorneys were very concerned about surveillance, even if not necessarily up to date on recent developments. The following remarks are indicative of this anxiety. A federal defender who has been working on a terrorism matter noted: “I get the sense that once you represent someone accused of terror-related charges, someone in the government is always going to be interested.”[273] The defender added, “Everyone kind of jokes uncomfortably about it, particularly with the NSA stuff that’s been coming out.”[274] Linda Moreno, a defense attorney specializing in national security and terrorism cases, cited reports from “former CIA and FBI consultants” as the basis for part of her concern: “In their collection of metadata, I’ve been informed that the NSA filters for trigger words [like ‘Osama bin Laden,’ ‘jihad,’ and ‘Islam’]. In my law practice, those are words used in my  discussions with colleagues, experts, and potential witnesses.”[275]

A significant number of the lawyers who spoke with Human Rights Watch expressed worries about surveillance by the US government. Overall, criminal defense attorneys appear to be the most anxious. Much like journalists, they serve a crucial role in a democratic society, and one that is singled out for its importance in the US Constitution.[276] 

Interestingly, despite reports that Mayer Brown, a major corporate law firm, has had some of its confidential client information collected through surveillance by an NSA ally, concerns about surveillance did not appear as pronounced among the corporate lawyers with whom we spoke. One factor behind the disparity appears to be that large firms have been concerned about surveillance by other governments for a long time, and have had the financial resources to develop systems for protecting their information. For example, one information security officer at a major international firm indicated that the threat of large-scale electronic surveillance by the US government does not trigger any special security measure the firm does not already take to protect against other governments or independent hackers.[277] A partner in the litigation department at another large firm reported the same thing.[278] As indicated below, however, concerns about large-scale electronic surveillance have started to work their way into practice areas handled by some corporate firms, such as international arbitration.

More broadly, a number of legal organizations have begun to wrestle with questions surrounding the impact of surveillance on attorneys. These include the American Bar Association (ABA),[279] the New York City Bar Association,[280] the National Association of Criminal Defense Lawyers (NACDL),[281] and the National Lawyers Guild.[282] Nevertheless, as described further below, they have yet to reach a consensus around the precise implications of surveillance for lawyers’ professional responsibilities—and this lack of consensus highlights broader uncertainty.[283]

The Implications of Surveillance for the Professional Responsibilities of Lawyers

Lawyers practicing in the United States operate in a heavily regulated environment. They must comply with various rules of professional responsibility or risk penalties that can include suspension or even the loss of their license to practice law. Those rules generally include the obligation to maintain the confidentiality of information related to the representation of their clients, which attorneys regard as a core value of their profession.[284] Increasing surveillance by the US government introduces a serious ethical problem for attorneys, who are often professionally obligated to protect the contents of their communications, the nature of their legal research, and even the fact that they are communicating with a particular person or traveling to a particular place.[285]

For example, the American Bar Association maintains a set of Model Rules of Professional Conduct (Model Rules)—carefully sculpted guidelines that form influential, baseline standards for various jurisdictions that admit and regulate lawyers. The Model Rules stipulate that attorneys “shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”[286] While lawyers have long been expected not to disclose confidential client information without consent, the ABA modified the language of the applicable rule in 2012 to impose an explicit obligation on attorneys to take positive steps to protect the confidentiality of information concerning their clients and cases.[287]

According to Andrew Perlman, a professor at Suffolk University Law School who served as chief reporter of the ABA’s Commission on Ethics 20/20 and directs Suffolk’s Institute on Law Practice Technology and Innovation, the rule change followed general concerns about cybersecurity. [288] Perlman noted, however, that the wording of the rule is open-ended because the nature of security threats is constantly evolving. The obligation to protect client information applies across the board, and large-scale electronic surveillance can trigger the rule.[289]

“My take is that lawyers—especially those with clients whose legal matters may be of interest to the government—have legitimate concerns about government surveillance,” Perlman noted.[290]Those concerns, he added, are especially pronounced for attorneys dealing with clients located outside the United States.[291] Stephen Gillers, Elihu Root Professor of Law at NYU School of Law, and a widely recognized expert on legal ethics, agreed. As early as 2007, Gillers argued that mere knowledge that the government could collect and apparently was collecting Americans’ international communications without a specific warrant, and without meeting the conventional criminal standard of probable cause, was enough to preclude certain lawyers working on terror defense cases from using email, fax, and phone communications with people abroad.[292]

Yet, according to Gillers, “Obligations are [even] stronger on lawyers now [since the Snowden revelations].”[293] Since 2007, the public has learned more about the enormous power of the US government’s surveillance apparatus and some media reports have made clear that the US government has collected at least some confidential legal information. For example, in February 2014, reports surfaced that the government had—under FISA Court orders—wiretapped defense attorneys representing individuals accused of terrorism charges.[294] Even though the communications were privileged, the narrow minimization rules did not apply, so the government was able to listen to the recordings of the calls.[295] The same month, as noted above, another report based on a document provided by Edward Snowden revealed that a US-based corporate law firm, Mayer Brown, “was monitored while representing [the Indonesian] government in trade disputes with the United States.”[296] More specifically, the Australian Signals Directorate, the Australian analog for the NSA, surveilled communications between the Indonesians and their American lawyers, and then offered to share what it had collected with the NSA.[297]

Perlman emphasized that the new rule lays out a “reasonableness test”; [298] and the commentary elaborating on the ABA rule identifies several factors that lawyers must weigh in discerning the measures they are reasonably expected to undertake to protect their communications.[299] Those factors include (but are not limited to):

the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).[300]

Attorneys handling certain types of cases—such as those representing defendants in terrorism-related cases, foreign sovereigns, or major corporations whose business has significant implications for US economic interests—have legitimate reason for thinking the government may be especially interested in their communications. The risk of the collection and review of confidential case information by US government agents appears higher when handling such matters, imposing on them heightened professional responsibilities.

Attorneys handling cases that would seem to be of little interest to the government have a reason to be concerned as well, however, as they still must avoid needlessly exposing confidential information to  unauthorized parties. “Even if you aren’t doing sensitive work, you should be concerned about how much [information] is gathered,” said Jonathan Hafetz, an associate professor of law at Seton Hall University School of Law.[301] With the US government acquiring and retaining so much electronic data, many ways of communicating or storing information that would have been acceptable in the past are now known to be insufficient to preserve confidentiality.

One of the major concerns attorneys expressed to us relates to the scope of their professional responsibilities under the current surveillance regime.[302] As a result of recent surveillance revelations, a couple of attorneys reported feeling duty-bound to warn their clients that information related to their case may not remain private. Linda Moreno noted, “Given the now publicly admitted revelations that there is no privacy in communications, including those between attorneys and their clients, I feel ethically obligated to tell all clients that I can’t guarantee anything [they] say is privileged … or will remain confidential.”[303] Similarly, Nancy Hollander, who focuses on criminal defense including in national security contexts, has begun including a bolded auto-signature in her work-related emails with the same effect: “Warning: Based on recent news reports, it is possible that the NSA is monitoring this communication.”[304] Overall, however, without a clear sense of the boundaries of US government surveillance, and the effectiveness of various countermeasures, it is difficult to discern what steps lawyers might be obliged to take to protect their information.

Gillers cautioned lawyers about the use of phone, email, and text communications, noting that when it comes to electronic data, “it doesn’t matter what the vehicle is.”[305] An experienced criminal defense attorney observed similarly that, based on what we knew about US government surveillance programs before the Snowden leaks, overseas travel (instead of international electronic communication) was likely ethically required for attorneys handling certain types of cases.[306] Now, he argued, “Lawyers have to assume any electronic communication they have is going to be intercepted.”[307] Although the risk that poses will vary with the nature of the communications, and might be mitigated in some instances by security measures, lawyers need to treat the likely collection of electronic communications as a “fact of life.”[308]

Perlman did not go quite as far. In a March 2014 article, Perlman noted that the challenges of securing one’s electronic communications may (for now) create a gap between best practices and ethical obligation.[309] In an interview with us, he suggested that using encrypted email is probably not yet universally required of all lawyers. An attorney might, however, face discipline for removing from his office and subsequently losing an unencrypted flash drive containing highly sensitive client information.[310]

Significantly, the standard shifts with growing common awareness of the risks of certain forms of communication or file storage. Losing an unencrypted flash drive could result in discipline because, according to Perlman, “[i]n light of what we know, [carrying one around is] just too dangerous,” and further, “it’s easy to avoid the risk.”[311] The documents taken by Edward Snowden have demonstrated that an increasing number of electronic transactions are insecure, so “[a]s encryption gets easier, that might be something that becomes necessary, both as a matter of best practices and ethics,” Perlman observed.[312] James Connell III, a defense attorney for one of the Guantanamo detainees,agrees: “[It] won’t be long before some bar association says you can’t . . . send unencrypted emails.”[313] The same is undoubtedly true for other security measures as well.

Damage to Attorney-Client Trust

One major concern expressed by attorneys is that their inability to guarantee the privacy of their conversations makes it much harder to build trust with their clients. “Normally to build trust you don’t want to start with a cautionary statement,” observed Shane Kadidal, senior managing attorney of the Guantanamo Global Justice Initiative at the Center for Constitutional Rights.[314] “If your clients see you uncomfortable communicating, they may resist telling you everything,” added one federal defender handling a terrorism case. “It just chills the conversation.”[315]

“Clients don’t tend to come to us with a deep sense of the social compact,” noted Ron Kuby, a prominent criminal defense and civil rights lawyer. “They need to be persuaded [to trust their lawyer].” That trust can be essential to the proper functioning of the adversarial process, and it is especially difficult to develop in criminal defense work. Kuby pointed out that many clients who have been charged with an offense are primed to be mistrustful.[316] Nancy Hollander reported increasingly skittish behavior by her clients, describing one who “won’t bring his phone to my office.”[317] Kuby confirmed that his clients have been less comfortable speaking by phone over the last few years, and he attributes that in part to growing awareness of surveillance by the US government. “It used to be that I could assure them that the government lacked the resources to focus on them. But these days it does have the resources—it can focus on everyone.”[318]

Josh Dratel, a renowned criminal defense attorney who has handled a number of terrorism cases, noted a similar phenomenon, pointing out that mistrust of the US government is especially high among people who do not originate in the US.[319] He cannot diminish that mistrust among his clients “without lying.”[320] Large-scale surveillance actually “licenses paranoia among outsiders,” significantly affecting how they interact with the legal system, including their own defense attorney. They are less likely, for example, to share essential information with their lawyers.[321] “As a result, I can help them less,” he concluded.[322]

Impact on Attorneys’ Ability to Effectively Represent Clients

Some attorneys reported feeling forced to change their practices because the government’s access to information about their communication patterns (including the contents of some of their work-related exchanges) compromises their strategy.[323] This concern is especially pronounced in contexts where the US government is an opposing legal party, such as in federal criminal cases. In those cases, the government has a genuine interest in the legal strategies employed against it, and the technical ability to gain insight into that strategy by searching through the many electronic records it holds.

The worry here is not so much that the government will explicitly introduce private, strategic communications in court—the attorney-client privilege recognized in US courts largely precludes that  possibility [324]—but rather that the government appears to have the power to discern and prepare in advance for the strategy an opposing attorney designs for a case. In general, “it would be a huge advantage to the government” to have access to such information,[325]  particularly since defense attorneys do not have any prospect of gaining similar access to the prosecution’s information.

Some attorneys also raised concerns about the safety of individuals they might seek to contact in preparing their defenses. For example, Major Jason Wright, an Army JAG who does work before the Guantanamo commissions noted,[326] “We are fearful that our communications with witnesses abroad are monitored,” and thus that attempts to build their case “might put people in harm’s way.”[327] “Every person you’re touching, you’re potentially poisoning,” agreed Ahmed Ghappour, a law professor at UC Hastings who directs the Liberty, Security, and Technology Clinic.[328]

A clinical law professor who handles national security matters also raised a related pedagogical concern: it might not be in the long-term interests of law students to appear on the radar of the NSA, and that might well happen if they spend a few months on a national security case while in a law school clinic.[329] Without additional detail about what information the government collects, and how it deploys that information, it is difficult to know how to assess these sorts of risks.

Finally, some attorneys expressed the broader concern that large-scale electronic surveillance—by introducing a further, massive power asymmetry between the government and its legal opponents—undermines the adversarial process, a core element of the US criminal justice system.[330] In addition to the possibility that surveillance can give the government insight into opponents’ legal strategies, it also provides an enormous but opaque tool for the government to gather evidence against defendants. Because some of this evidence gets collected through sensitive programs, or is considered classified, defendants may never learn how the evidence was obtained and, therefore, be unable to challenge its acquisition as unlawful.[331]

Changing Legal Practices

Many lawyers have long been suspicious about the security of certain forms of communication, even before recent revelations of large-scale electronic surveillance by the US government. “I always assume my phone conversations are being monitored,” reported Ron Kuby.[332] Tom Durkin said he had “assumed for years, because of the people I’ve represented” that the government had access to many of his conversations.[333] And email in particular is problematic because it can so easily be forwarded to third parties.[334]

Nevertheless, a significant number of the lawyers who spoke to us have reduced their reliance on electronic means of communicating or storing data specifically in response to concerns about ongoing surveillance programs. Several emphasized avoiding putting information into emails or discussing matters over the phone.[335] As Linda Moreno put it, “On the phone, we are constrained in our discussions with witnesses and even co-counsel on cases, mindful of government monitoring.”[336] One clinical law professor who handles national security matters insists that students working on those cases only perform work from inside a secure clinic office, minimizing the chance that they will save or transmit confidential information insecurely.[337]

Accordingly, lawyers face a choice similar to the one confronting journalists. Some have attempted to increase the security of their electronic tools; others have tried to forgo digital communications or storage tools altogether; and still others have attempted to combine both approaches. Whatever the preferred strategy, a number of attorneys indicated that they must try to do something. “Only a foolish person understands your communications can be intercepted and does nothing about that,” observed Rob Feitel, a former federal prosecutor who spent 22 years in the Department of Justice and who now specializes in defense work arising from international and complicated drug cases. “It’s no different from locking your office door.”[338]

As a result of their growing concerns about surveillance, several attorneys reported encrypting their email or other forms of electronic communications. [339] One lawyer described using air-gapped computers and more secure networks. [340] Another described how his law office maintains its own servers in large part to retain additional control over its data. While there are multiple reasons for his organization to maintain its own servers, some not obviously related to surveillance, this attorney noted that all of those reasons (including surveillance) blend together here because “the [government] is the adversary we’re worried about.” [341]


Not all of the attorneys we spoke with trust encryption. One noted that it can draw the government’s attention to one’s communications but may slow down attempts to understand the content.[342] Another suggested that before the Snowden leaks, he might have considered technological solutions to the challenge of protecting communications.[343] He has even used encrypted phone calls in the past, which at the time “seemed over the top.”[344] But now he is skeptical that such tools would even work. “Post-Snowden, I think we have to assume there’s no encryption the NSA can’t beat,” he argued, adding, “I don’t want a false sense of security.”[345]

One defense attorney reported relying exclusively on one particular form of communication that he considered more secure than others for privileged communications with remote clients.[346] “I don’t send any information by email, attachment, or phone. I don’t use Gchat or What’sApp for anything but ‘Hi, what’s up?’ I don’t even talk on Skype.”[347]

As with journalists, it is not only the contents of attorneys’ communications that matter; it can be important to protect even the fact that they are in contact with particular people. Further, it is not always possible to use advanced electronic security to correspond with the necessary parties, such as when communicating with clients, witnesses, or even co-counsel who lack the appropriate resources or technical sophistication.[348] Many attorneys believe that the only secure way to handle such communications is face-to-face.

Many lawyers also reported conducting more meetings in person—sometimes significantly more, and not just with clients, but with co-counsel and witnesses as well.[349] A lawyer specializing in international dispute resolution at an international firm noted that surveillance has intimidated some of her foreign clients, who, as a result, prefer not to communicate remotely, and instead “will only exchange sensitive information in secure rooms in embassies or outside the US.”[350] She reported having to travel more to accommodate that preference.[351]

Yet travel is both expensive and time-consuming, and thus is not always a viable option. Describing the prospect of traveling more to avoid vulnerable long-distance communications, one experienced criminal defense attorney observed, “[It] seems romantic the first time you do it, but after that it’s just a pain in the ass.”[352] “I can’t just jump on a plane and go visit witnesses in order to insure some type of confidentiality,” added Linda Moreno, noting that many of her cases have an international component.[353] Tom Durkin highlighted the same problem; describing a colleague who travels to Europe in order to speak face-to-face securely, he observed, “That’s a luxury we don’t often have.”[354]

Having co-counsel located in the US may not be materially better from a strategic point of view when lawyers do not trust the security of their domestic communications. Moreno elaborated:

I can’t tell you how often we [as co-counsel] have to tell each other, “It’ll have to wait a month [until I can see you in person].” Just on this trip [to New York, which allowed for the Human Rights Watch interview] my co-counsel on a pending federal case said, “I’ll talk to you when you get here.” . . . [Still,] sometimes there’s an urgency to brainstorming and we just say, we can’t run and hide. They’re listening to us anyway, but we have to do our work.[355]

Even increased local travel can pose problems. One federal defender handling a terrorism case reported meeting a client in person more frequently to avoid risky electronic communications. Although the client lives in the attorney’s area, he works during the week, so in order to discuss the case securely, the attorney must meet him on weekends.[356] While this is less cumbersome than traveling abroad might be, it is yet another burden that disproportionately affects the defense.

On the other hand, a number of criminal defense attorneys expressed principled resistance to modifying their practices to protect against possible intrusion by the US government.

“I’ll be damned if I have to start acting like a drug dealer in order to protect my client’s confidentiality,” asserted Tom Durkin. Another lawyer described the sorts of measures necessary to avoid some forms of government surveillance as “the kinds of techniques that would stand out to me if I wanted to do something illicit.”[357] Linda Moreno identified one possible basis for such feelings, noting, “Nobody practiced law like this 15 years ago unless you were a crook.”[358] Indeed, James Connell III pointed out that in choosing his security measures, he worries that particularly advanced techniques will look suspicious. “[As much as I want to be secure,] I don’t want to look like I’m doing something illegal,” he reported. “[There’s a] real balance that must be struck.”[359] Yet how to strike that balance remains unclear.

IV.The Government’s Rationale for Surveillance

President Obama has defended his administration’s leak investigations as essential to preventing leaks that could endanger US military and intelligence officials,[360] and the government insists that the surveillance programs at the center of the Snowden revelations both comply with the law and protect national security. “I continue to believe that there has been nothing that has come out in the last nine months that is in any way inconsistent with [the claim that everything we do is lawful],” noted one senior intelligence official, who also argued that by and large the programs are valuable for protecting national security.[361]

“These programs are important, vital and lawful,” argued Bob Deitz, who served as General Counsel for the NSA from 1998 to 2006, in an interview with us.[362] A senior FBI official concurred, adding, “What’s been revealed are intelligence-collection programs that were initially and originally focused on defending the country in a time of war with respect to the enemy that were undertaken in a manner pursuant to the law.”

We interviewed five current or former US officials with knowledge of the programs. They generally defended the programs as legal and important for national security. They also showed varying degrees of concern for or interest in the impact that the programs might have on the work of journalists and attorneys. Most were skeptical that the programs have affected journalists and did not appear to have considered seriously the possible effect on attorneys.

The Lawfulness of Current Surveillance Programs

Officials we interviewed argued that the Snowden revelations did not uncover government abuse of its surveillance powers. The senior FBI official observed, “You don’t have [evidence of] rampant disregard for the law.” He claimed that the programs revealed by Snowden are qualitatively different from those described in the findings of the Senate’s Church Committee (and its House counterparts) in the mid-1970s. (Those investigations—triggered by news reports of domestic spying by the intelligence community, and by concerns about the Watergate scandal[363]—uncovered widespread abuses by a number of government agencies, including the specific targeting of nonviolent political dissidents.) While the senior FBI official acknowledged that, under the current programs, there have been “mistakes—clear mistakes—that implicate the rights of Americans,” he did not regard recent revelations as uncovering willful misconduct.[364] Deitz essentially agreed, insisting that he “wouldn’t have spent eight to nine years overseeing lawlessness.”

The question of whether the programs fall within the letter of US statutory law has been discussed elsewhere.[365] And whether intelligence officials have engaged in willful misconduct[366] or whether oversight has been adequate[367] are questions that fall outside the scope of this report. However, our research strongly suggests that the US did not design the programs with protection of human rights foremost in mind.

When asked about the role of human rights law in shaping the surveillance activities of the US intelligence community, officials suggested it exists, but is limited. The senior FBI official acknowledged the significance of treaty-based human rights law, noting that “[t]reaties are the supreme law of the land,” and adding, “[i]f it’s the law, and it applies, we’ll enforce it.”[368] Yet he also pointed to challenges “operationalizing concepts from international law,”[369] and the comments of other officials suggested that a domestic legal analysis predominates.

“I don’t think that we have historically looked to international human rights law as having a substantial weight of its own, as opposed to … the kind of principles of freedom and dignity and individuality that it’s meant to incorporate,” noted the senior intelligence official.[370] A former DOJ official said that most of the internal legal assessments would take the form of a “primarily … constitutional analysis”—not an analysis that explicitly takes into account the language of applicable human rights treaties.[371] 

Officials repeatedly underscored the level of oversight constraining the American intelligence community. The senior FBI official emphasized “overlapping, extensive oversight by multiple entities,” including Congress, the courts, and (at least for the FBI) the Inspector General of DOJ. “I don’t think we get enough credit for the work that goes into that [oversight] process,” he added.[372] Deitz characterized the US intelligence community as “the most heavily overseen of any … in the world.”[373]

The senior intelligence official highlighted the same point, specifically in the context of the surveillance programs described in the Snowden documents. “The [congressional] intelligence committees know all this. They are on top of it and aware of it. We brief them hundreds of times a month on what we’re doing and what we’re discovering from what we’re doing … and contrary to what people think, they push back on us immensely.”[374]

The same official also highlighted “a general principle that we can’t ask [other governments] to do something that we can’t do. That’s embodied in Executive Order 12,333.”[375] As a result, he noted that “we can’t for example, ask GCHQ, ‘Hey, could you spy on this American who we are not allowed to spy on?’”[376] When asked if the US government can accept information from other governments that it cannot legally collect on its own, the official replied, “Sure…. And I don’t think there’s anything wrong with that.”[377] Sharing of that sort could include information on US persons.[378]

Whether the Programs Are

Necessary for National Security and Sufficiently Targeted “Throughout American history, intelligence has helped secure our country and our freedoms,” President Obama claimed in his January 2014 surveillance speech.[379] He went on to defend the current surveillance programs as an extension of that tradition. Citing the attacks of September 11, 2001, he elaborated:

We were shaken by the signs we had missed leading up to the [9/11] attacks—how the hijackers had made phone calls to known extremists and traveled to suspicious places. So we demanded that our intelligence community improve its capabilities, and that law enforcement change practices to focus more on preventing attacks before they happen than prosecuting terrorists after an attack…. And it is a testimony to the hard work and dedication of the men and women of our intelligence community that over the past decade we’ve made enormous strides in fulfilling this mission.[380]

Officials we spoke with generally shared this view, and also endorsed the scope of the surveillance programs. The senior intelligence official defended them at length, emphasizing that “[w]e don’t go out there, and . . . listen to every conversation that Frau Hoffman has with her husband about what kind of bratwurst to bring home for dinner tonight.” Instead, he claimed, “[t]he collection is all targeted in some sense at getting things that are legitimate foreign intelligence.” [381]

The challenge, he said, is that collecting intelligence to protect national security is a forward-looking exercise, unlike solving crimes. That requires collecting information with some uncertainty as to its ultimate utility. “We don’t know necessarily who we’re looking for or what we’re looking for; we may not even know the type of thing we’re looking for.”[382]

Additionally, “Al-Qaeda communications are flowing along exactly the same pipes as your communications are. So technologically, we need to be able to [identify and sort through those communications].” Naturally, “[i]f you’re listening for conversations of bad people, you are going to listen to and intercept some conversations of people who aren’t bad people. And that’s where the minimization comes in.”[383]

As noted in the Background section, agencies that conduct surveillance, like the NSA, will generally operate under a set of “minimization procedures”—broad guidelines shaping the way they can acquire, retain, disseminate, or use information they have the power to collect.[384] For example, the agency might set procedures that instruct employees, in certain circumstances, to redact personally identifying information of US persons found in intercepted communications. Those guidelines can be important because, as the senior intelligence official implied, the government collects a lot of information about people who are not suspected of doing anything wrong. It then sifts through much of that information, based in part on the terms of its minimization procedures. However, the government operates a large number of different surveillance programs, and we do not know the details of most of the minimization procedures that constrain them. Such procedures also seem to provide safeguards only for US persons—and even those appear to be very weak. What little is public about the procedures suggests that they place even fewer constraints on what the government may do with information and communications of non-US persons.

More generally, “I probably couldn’t defend every single [bit of] surveillance that is done out there as essential to national security. I think by and large though … it’s an apparatus that is set-up to [serve that function],” said the senior intelligence official.[385] As for the bulk metadata program under Section 215, he likened it to a “fire insurance policy” meant to provide a critical capacity that was absentbefore the 9/11 attacks.[386]

Officials on Whether the Snowden Disclosures Harmed National Security

While this was not a central focus of our research, it is worth noting that officials did not all agree on the impact that the Snowden disclosures might have had on US national security. Overall, Deitz condemned Snowden’s disclosures, claiming that “any professional in the intelligence world will say it’s the single most damaging set of leaks [they’ve ever seen].” The senior intelligence official, while disapproving of the leaks, took a more measured view, arguing that “it’s too soon to tell whether [these leaks are] going to have a measurable effect on our ability to protect the nation.” He added, “It’s only been 9 months since this started, so we can’t tell.” Still, he claimed that “particular targets [] have changed their methods of communications because of what’s been disclosed.” While “it’s very hard for us to know what we’re not seeing,” he argued that less information is available to the intelligence community as a result. NSA director Admiral Michael Rogers made a similar assessment in an interview with the New York Times, saying, “‘You have not heard me as the director say, ‘Oh, my God, the sky is falling.’” Aside from some diminished traffic along certain lines of communication, none of the concerned officials pointed to specific, concrete, and identifiable harms.

Whether the Programs Have a Chilling Effect on the Rights of Journalists, Lawyers, or Others

The officials we spoke with denied that the surveillance programs are intended to chill permissible activity. “I don’t think anybody rational has suggested these are intended to chill civil liberties,” said the senior intelligence official.[387] They also expressed skepticism that surveillance programs have caused any unintended, objectionable chilling effects.[388]

Officials distinguished between different kinds of chilling. For example, the senior intelligence official separated “rational” and “irrational” chilling.[389] “Journalists who suggest that their lives are at risk and they therefore have to take precautions to avoid being assassinated by the CIA, or journalists who suggest that they have to be concerned that their conversations are going to be monitored because of their journalism, that’s just a fantasy.” He added, “It’s our assessment that [these programs] are not having and should not have an undue chilling effect, and that frankly, to the extent that people are perceiving the chilling effect now, it’s largely due to misperception, sometimes intentionally fostered, about how the programs  work.” [390]

Deitz made a related but different distinction, dividing legitimate and illegitimate chilling.[391] When asked about the possibility that reporting has become more difficult, Deitz responded, “Leaking is against the law. Good. I want criminals to be deterred.”[392] Deitz analogized the chilling of sources to police deterrence of crime, which he called “legitimate” chilling. “Does a cop chill a burglar’s inclination to burgle? Yes.”[393]

Deitz’s comparison of leakers to burglars disregards the pervasive over-classification of information in the United States, and the strong public interest in learning about much of that information. Moreover, it is simply not applicable to much of the work done by journalists covering the government. As noted above, a significant proportion of the reporting that journalists do on sensitive areas involves assembling bits of information that are not classified to begin with.

As to the journalists’ worries that information acquired through surveillance could be used in leak investigations, a senior DOJ official largely dismissed concerns over the increase in leak prosecutions pursued by the Obama administration:

There have been a small number of prosecutions of individuals for unauthorized disclosures of classified information that reflects a very small percentage of the unauthorized disclosures of classified information that have occurred…. I am aware of no change in policy during the Obama Administration seeking to increase investigation and prosecution of unauthorized disclosures of classified information, and any marginal increase in the number of such prosecutions in recent years is not attributable to such a change nor necessarily indicative of future trends in this area.[394]

However, he did acknowledge that “it is possible (though not particularly likely)” that raw intelligence information collected under Section 702 or Executive Order 12,333 “could be identified by FBI as germane to such an investigation or referred to FBI by another agency for such an investigation.”[395]

The same official also explained that information collected or derived from electronic surveillance under FISA might make its way into criminal prosecutions as evidence against “an aggrieved person, provided that the aggrieved person and the court or other authority are notified that the government intends to use or disclose such information.”[396] Accordingly, he said, “information acquired or derived from FISA is used in some criminal prosecutions related to national security, such as counterterrorism or counterespionage matters, and could be used as well in criminal cases that do not have a nexus to national security.”[397]

Though the senior DOJ official indicated that information collected through Section 702 or Executive Order 12,333 is unlikely to be used in leak investigations, the possibility that it could be—and that it could be introduced as evidence—gives real substance to some of the journalists’ worries about leaving an electronic trail to their sources, especially where the journalists do research with an international dimension.

The Impact on Journalists

The officials were skeptical that surveillance has undermined reporting, or indeed, that anything else has either. “[People argue that] this mass surveillance apparatus is going to cause whistleblowers to dry up and not be willing to talk to reporters and there’s absolutely no indication of that in the press at all. There’s a steady stream every day of classified information coming out.”[398] More broadly, he observed, “We haven’t really seen … any measurable change in the journalistic output.”[399] As the senior FBI official put it, “The First Amendment seems quite alive and well in America today.”[400]

Two officials suggested that journalists have always complained about the challenges of reporting. According to Deitz, “These things rotate through Washington every few years. Nixon had an enemies list. It was a matter of prestige to be on it.”[401] The senior intelligence official argued similarly that “this is a constant dynamic, and I think that there is always going to be a flow of information to the press, and the press is always going to be complaining that they’re not getting enough of it.”[402]

When asked what would constitute sufficient evidence of a chilling effect to cause them concern, both Deitz and the senior FBI official expressed skepticism about the reliability of self-reports by journalists or others. Deitz in particular claimed that people could exploit assertions that they are now constantly on alert for surveillance to advance their interests, observing that “the press is used as much as it uses.”[403] He appeared to be suggesting that journalists speaking to us for our research have an incentive to exaggerate their concerns about surveillance. The senior intelligence official responded that “the immediate canary in the mine would be if all of a sudden stories about leaks of classified information stopped appearing in the newspapers.” [404] While he argued that he has seen no indication that less information has made its way to the media, he acknowledged that it would be “hard to measure” such a phenomenon.[405]

Some journalists independently spoke directly to this point. One suggested that a pair of sizable leaks in recent years—one by Chelsea Manning and one by Edward Snowden—may be obscuring the chilling effect in part, supplying two specific streams of classified information.[406] Indeed, some of the journalists we spoke with indicated that levying hefty penalties against suspected sources weeds out all but the most committed sources, creating an environment more suitable for occasional, massive leaks of highly sensitive information rather than more numerous, smaller disclosures of less sensitive information.[407] As Charlie Savage noted, journalists having more consistent access to a wider range of government agencies may be better for “shed[ding] light on democratic processes” than having a small number of concentrated leaks.[408] The government might prefer that situation as well.

The Impact on Lawyers and Their Clients

Government officials had somewhat less to say regarding the possibility that surveillance has a chilling effect on attorneys and their clients. The senior intelligence official observed that “this is not a new issue for lawyers, how to protect their communications in an electronic age,” indicating that he had seen it arise in private practice years ago.[409]

He elaborated:

Should lawyers communicate by email at all with their clients? … [Not doing so] imposes a little additional cost, but … if lawyers weren’t taking these kind of precautions beforehand, they probably should have been. So, I don’t know how much you can attribute to this particular issue.[410]

While the government does have some minimization procedures in place for attorney-client communications, as previously noted, those procedures do not clearly apply across all programs, and they appear to be limited to cases involving a client under indictment. Moreover, while these rules apply for the most part to direct communication between attorneys and their clients, attorneys are bound to protect information that extends far beyond their direct communications with clients, including nearly all information related to legal representation.

What the Government Should Do

The revelations of large-scale surveillance by the US have prompted discussion and a few modest steps towards reform by the President and Congress. However, for the most part discussion of reform has been dominated by concerns over intrusion on privacy rights. While the privacy concerns are pressing and important, there has been little public discussion of how the US should act to prevent a chilling of freedoms of the press, expression, and association, or damage to the attorney-client relationship.

As noted above, some of the officials we spoke to denied that there was any sort of inappropriate chilling effect. Those who acknowledged a chilling effect did not seem to think reform of government programs was in order, though two officials noted that the government has an obligation to allay concerns among the public, even if those concerns are grounded in misunderstandings about the government’s activity because of inaccurate or overwhelming press reports. When asked about whether the government might have such a duty, the senior intelligence official responded, “Totally. Totally.” He added, “If someone wants to write a report that criticizes us for not doing a good enough job of explaining what it is that we do, I’m totally there. I think we have not done a good enough job.”[411] The former DOJ official essentially agreed. “It’s incumbent on the Executive Branch to put people at ease.”[412]

Ultimately, the officials expressed varied responses to this  investigation. The senior FBI official voiced an interest in reviewing any evidence of chilling effects on rights that we identified.[413] Deitz, on the other hand, seemed to think the entire project was misguided.[414]

V. The Rights at Stake

The US surveillance practices revealed over the last year raise a wide variety of human rights concerns. The issue that probably has received the most attention in public debate so far is the impact of surveillance on the right to privacy of individuals across the globe and in the US, which Human Rights Watch and the ACLU have discussed at length in other reports and submissions.[415] However, the particular patterns described in this report—the effect of surveillance on journalists, attorneys and their clients—raise further concerns about the impact of surveillance on another cluster of related rights: freedoms of expression and association, freedom of the press, the public’s right to access information, and the right to counsel.[416]

Rights Affected by Surveillance’s Impact on Journalists

Both international human rights law and the US Constitution protect the freedoms of expression and association, as well as the right to  privacy.[417] Under both domestic and international law, freedom of expression can also include anonymous speech,[418] and freedom of association can apply both to the freedom of individuals to join and engage with civil society groups and to the right of government officials to interact with members of the press. Moreover, international standards governing freedom of expression protect not just the right to express views for advocacy purposes, but also the right of access to information, including the right to learn about the activities of government, and the right of journalists to pursue information for the public benefit.[419] The same international human rights standards allow limitation of these rights in the interest of national security, but any such restrictions must be necessary to the goal pursued, and proportionate to it.

International Human Rights Law and Standards on Freedom of Expression, Association, and Access to Information

In order for a democratic society to function, and in order for healthy debate over government policies to flourish, people must enjoy the fundamental rights to speak and associate freely, and to acquire information about matters of public concern. Without these, it becomes extremely difficult for the public to have an informed discussion about government policies and practices.

The US ratified the International Covenant on Civil and Political Rights (ICCPR) in 1992, making it binding on the US.[420] The treaty protects the freedom of expression (Article 19), encompassing the freedom of speech that is so prominent in US constitutional law. It also protects the freedom of association (Article 22),[421] and the right to privacy (Article 17).[422] Freedom of expression in the ICCPR also includes “the freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers.”[423]

Additionally, Article 26 of the ICCPR requires equal protection before the law for everyone, regardless of status.[424] As a result, the rights in the ICCPR apply equally to all, including noncitizens. Indeed, the UN Human Rights Committee (HRC), the body established by the ICCPR to review state reports and issue interpretations of the treaty, has reaffirmed that expression, association, and privacy are rights that do not admit of discrimination “between aliens and citizens.”[425]

The US has long maintained the position that the ICCPR imposes no extraterritorial obligations on states parties, and thus that the government’s obligations under the treaty do not extend beyond its own borders.[426] That position helps the US to justify implementing surveillance programs that are especially invasive of the rights of foreigners located abroad. Yet international bodies, including the HRC[427] and the Office of the High Commissioner on Human Rights,[428] have repudiated the idea that the ICCPR has no extraterritorial reach. Indeed, where a state can project its authority to intercept the electronic communications of persons outside its territory, it carries with it the obligation to respect privacy, freedom of expression, and other associated rights.[429]

In its General Comment 34, the HRC also observed that the freedoms of expression and association are related.[430] The rights to information and to freedom of expression are integral to group advocacy, political organizing, vindication of rights, civil society monitoring, and many other associative activities in a normal democratic society.

Further, the HRC has interpreted the language of Article 19 to establish a “right to access to information held by public bodies.”[431]
To give effect to the right, the Committee has stated that “States parties should proactively put in the public domain Government information of public interest. States parties should make every effort to ensure easy, prompt, effective and practical access to such information.” [432]

There is growing international recognition that the right to seek, receive, and impart information encompasses a positive obligation of states to provide access to official information in a timely and complete manner. For example, the Organization of American States (OAS) has stated that the right of access to official information is a fundamental right of every individual.[433]

Moreover, it is internationally recognized that the right of access to official information is crucial to ensure democratic control of public entities and to promote accountability within the government.[434]

The Human Rights Committee (HRC) has also specifically emphasized that press freedom—and the ability of the press to obtain information—is essential to ensure freedom of expression and the enjoyment of other rights:

It constitutes one of the cornerstones of a democratic society. The Covenant embraces a right whereby the media may receive information on the basis of which it can carry out its function. The free communication of information and ideas about public and political issues between citizens, candidates and elected representatives is essential. This implies a free press and other media able to comment on public issues without censorship or restraint and to inform public opinion.The public also has a corresponding right to receive media output. [435]

The freedom of expression guaranteed by the ICCPR is not absolute. The treaty builds in several possible limitations, including one for the protection of national security.[436] However, any such restrictions must be strictly cabined: as indicated by the text, the right “may … be subject to certain restrictions, but these shall only be such as are provided by law and are necessary … for the protection” of a listed state interest.[437]

As noted by the HRC, this language means that any restrictions on these rights must meet specific conditions: they must be “provided by law”; they must adhere to one of the purposes laid out in Article 19; and “they must conform to the strict tests of necessity and proportionality…. Restrictions must be applied only for those purposes for which they were prescribed and must be directly related to the specific need on which they are predicated.”[438]

Of particular interest, the HRC has also warned about the risks of government overreach in the name of national security, noting that States parties must ensure that provisions to protect national security are not invoked “to suppress or withhold from the public information of legitimate public interest that does not harm national security or to prosecute journalists, researchers, environmental activists, human rights defenders, or others, for having disseminated such information.” [439]

Since the adoption of the ICCPR, civil society groups, governments, and international institutions have also worked together to further develop legal standards that address the apparent tension between access to information and the protection of national security. Those standards, while not binding, are based on developing norms of international law and state practice, and provide informed, detailed, and legally persuasive guidelines for the interpretation of the proper scope of some of the rights that the ICCPR protects.

One set of such relevant standards, in wide use and grounded in international and comparative law, is the Johannesburg Principles on National Security, Freedom of Expression and Access to Information (Johannesburg Principles). [440] These principles provide that restrictions on expression based on national security “must have the genuine purpose and demonstrable effect of protecting a legitimate national security interest,” [441] which they define as protecting “a country’s existence or its territorial integrity against the use or threat of force, or its capacity to respond to the use or threat of force, whether from an external source, such as a military threat, or an internal source, such as incitement to violent overthrow of the government.” [442]

The 2013 Tshwane Principles on National Security and the Right to Information (Tshwane Principles) apply developing interpretation and jurisprudence of national and international bodies to the right to information. [443] The Tshwane Principles provide: “Everyone has the right to seek, receive, use, and impart information held by or on behalf of public authorities, or to which public authorities are entitled by law to have access.” [444]

The Tshwane Principles directly address the ICCPR limitations, recognizing that governments may need to keep certain information classified, including information with particularly strong implications for national security. [445] However, the Principles make clear that that the government bears the burden of proving that the restriction is permissible. To do so, it must show that: “(1) the restriction (a) is prescribed by law and (b) is necessary in a democratic society (c) to protect a legitimate national security interest; and (2) the law provides for adequate safeguards against abuse, including prompt, full, accessible, and effective scrutiny of the validity of the restriction by an independent oversight authority and full review by the courts.”[446]

Although the Tshwane Principles, unlike the Johannesburg Principles, do not define “national security,” they do recommend it be defined precisely in law in a manner consistent with a democratic society. The principles list a small, illustrative set of types of information that might legitimately be withheld from disclosure on national security grounds provided such nondisclosure is both necessary and proportionate to protect national security.[447] But they specifically list other types of information, which in practice are often withheld, where there is a strong presumption in favor of public disclosure.

Importantly, the Tshwane Principles also make clear that for some categories of information, there is an overriding public interest in disclosure, which means that the information cannot be withheld under any circumstances, because they are “of particularly high public interest given their special significance to the process of democratic oversight and the rule of law,”[448] These categories include information about gross violations of human rights or serious violations of international humanitarian law, [449] as well as state surveillance. [450]

Finally, the principles also provide that the disclosure by public personnel of certain categories of wrongdoing (such as human rights violations)—in other words, disclosures by whistleblowers—should be protected. [451] There is no question that the US government holds some information with grave, direct implications for the safety of the nation. To the extent that it does, the government is entitled—indeed, has a duty—to shield that information from the press and the public in order to protect national security. Yet, if it invokes national security as a basis for restricting information, then it needs to make the case that the restriction really is necessary and proportionate, and meets all of the other requirements outlined above.

There is also no question that the US government routinely classifies a broad array of information that, while convenient to keep confidential, is not a serious risk to national security.[452] Even much of the classified information released by Snowden may well fall into this category.

Unclassified information and personal opinions of federal employees are even less likely to be legitimately kept from the public on national security grounds. In fact, certain government agencies implementing their own version of the Insider Threat Program, such as the Peace Corps, may be hard-pressed to show that any information they seek to protect on national security grounds genuinely relates to national security in the precise sense contemplated by international human rights law.

Of course, there is a great deal of information that the US may be legitimately seeking to withhold on grounds that are unrelated to national security—such as international relations, public order, public health and safety, law enforcement, future provision of free and open advice, effective policy formulation, and economic interests of the state. However, the Tshwane Principles make very clear that even when these other justifications for restricting access to information are invoked, “they must at least meet the standards for imposing restrictions on the right of access to information” that apply to information implicating national security.[453] In other words, it is up to the US government to prove that such restrictions are strictly necessary to serve a legitimate interest, and that there are safeguards in place to prevent abuse.

As noted above, it is well established—and the government has often admitted—that over-classification is a problem within the US government.[454] Initiatives—such as the Insider Threat Program—that seek to prevent or punish disclosure of all classified information are by their nature overbroad, even though much classified information might be legitimately withheld. The same is true for directives that seek to restrict all unauthorized contact between officials and the media, or that discourage even the sharing of  unclassified information. Moreover, contrary to international standards, US law does not adequately protect those who disclose official wrongdoing or information of great public interest. Under the Espionage Act, for example, it is unclear whether the public interest in a disclosure may ever be available as a defense to charges.[455]

The surveillance programs of the US government have dramatically compounded this already serious problem by making it significantly more challenging for third parties—journalists and the public at large—to seek out information that the government withholds but that is of strong public interest and value to a democratic society. In this context, at least three separate rights are thus threatened by the current surveillance regime in the US: the right of government officials to share information through the press with the public; the right of journalists to acquire and share information about the operations of the US government; and the right of the public to access that information through the media. If the government refuses to disclose or declassify this information itself as a matter of official policy, the least it can do is permit its officials, the press, and the public to exercise the right to impart or seek out information that cannot legitimately be withheld.[456]

Through its consistent threat to pursue leak investigations, the US continues to impede the free exercise of that human right. And, as this report has shown, journalists and sources are afraid to disclose or discuss matters that should be legitimate topics of public debate because surveillance—combined with the harsh crackdown on leaks—increases the likelihood that the government will know about their conversations and may prosecute or otherwise sanction the  participants.

Finally, the government has also run afoul of international standards by withholding from public view so many of the details about its surveillance programs. For example, the government has declined to make public many of its minimization procedures and whether they offer any genuine protection to journalists or lawyers in their interaction with sources and clients. Under the standards set forth in the Tshwane Principles and Johannesburg Principles, the US government ought to make public more information about its surveillance practices. Greater transparency would help to eliminate much of the uncertainty surrounding these programs, allowing for a more robust public debate about them, and possibly even helping to allay some of the fears described in this report.

US Constitutional Law

The First Amendment to the US Constitution establishes that “Congress shall make no law … abridging the freedom of speech, orof the press.” It also recognizes the freedom of association.[457]

In interpreting the Constitution, the Supreme Court has identified a link between privacy, freedom of association, and freedom of expression. In NAACP v. Alabama, the Court held that Alabama could not compel the NAACP to turn over its roster of rank-and-file members because doing so, given past discrimination and hostility toward the NAACP, would likely result in “a substantial restraint upon the exercise by [the NAACP’s] members of their right to freedom of association.”[458] In reaching that conclusion, the Court underscored its recognition of “the vital relationship between freedom to associate and privacy in one’s associations,”[459] and also observed that,

Effective advocacy of both public and private points of view, particularly controversial ones, is undeniably enhanced by group association, as this Court has more than once recognized by remarking upon the close nexus between the freedoms of speech and assembly. [Citations omitted.] It is beyond debate that freedom to engage in association for the advancement of beliefs and ideas is an inseparable aspect of the “liberty” assured by the Due Process Clause of the Fourteenth Amendment, which embraces freedom of speech. [460]

As for freedom of the press, the Supreme Court has held it is a “fundamental personal right[],”[461] though it is subject to limitations. For example, journalists may face liability for publishing inaccurate, defamatory items,[462] and may be subpoenaed to appear before grand juries.

Although there are some countries that penalize reporters who publish leaks of government secrets, the United States has not prosecuted reporters who published government secrets provided to them by government sources.[463] Some worry that journalists could be prosecuted under the Espionage Act of 1917, although there is also a strong argument that such prosecutions would require that the journalists act with specific intent to engage in espionage.

Yet the possibility that surveillance feeds the US government’s crackdown on leaks still raises constitutional concerns for journalists. As documented above, these forces jointly undermine freedoms of the press by frightening away sources and restricting the ways in which journalists may gather information. Moreover, in leak prosecutions, journalists may be compelled to identify their sources, as evidenced by the current legal battle for New York Times reporter James Risen’s testimony in the prosecution of Jeffrey Sterling.[464] Journalists may face imprisonment if they decline to testify when ordered to do so.[465] Forcing journalists to choose between imprisonment and revealing their sources clearly (and in one sense, literally) undermines the freedom of the press, at best intimidating sources and journalists, and at worst (when paired with imprisonment of the source) resulting in tangible punishment for both. Surveillance exacerbates journalists’ concerns that they will get “caught” doing their jobs and thus face a range of direct or indirect penalties.

The same factors also raise troubling First Amendment questions with respect to journalists’ sources themselves, as they are also entitled to freedom of speech. While that freedom faces a range of limits, sources have a right to express their opinions about less sensitive matters,[466] and, in some circumstances, even about matters the government deems to be classified. Even if the government wishes to require its employees to sign non-disclosure agreements,[467] such agreements cannot be too broad. As one district court has put it, “while the scope of government employees’ free speech rights may be in some ways narrower than those of private citizens, government employees do not relinquish their First Amendment rights at the door of public employment.”[468] More recently, Supreme Court Justice Sonia Sotomayor, writing for a unanimous court, noted that “[s]peech by citizens on matters of public concern lies at the heart of the 1st Amendment. . . . This remains true when speech concerns information related to or learned through public employment.”[469]

The DC Circuit Court of Appeals has outlined a balancing test for locating the limit of the government’s ability to censor its employees, holding that “restrictions on the speech of government employees must ‘protect a substantial government interest unrelated to the suppression of free speech.’ … [and] the restriction must be narrowly drawn to ‘restrict speech no more than is necessary to protect the substantial government interest.’” [470] In general, the government cannot legitimately prevent employees from disclosing unclassified information. [471]

Moreover, employees at agencies that disapprove of unauthorized press contact have a particular interest in being able to speak with the press anonymously. According to the Supreme Court, First Amendment protections do indeed extend to some measure of anonymous speech.[472] In particular, the Court has rejected certain ordinances and statutes that require speakers to identify themselves when those identification requirements would “tend to restrict freedom to distribute information and thereby freedom of expression.”[473]

Policies that seek to identify (and then punish) government officials for having contact with the press have the same effect. The increased leak prosecutions and the Insider Threat Program sharply curtail the ability of federal officials to express themselves, even with respect to unclassified information or mere opinions. Additionally, in the absence of clear information about how the government deploys surveillance information in its leak investigations, government sources harbor justifiable doubts about their ability to engage in constitutionally protected, anonymous contact with journalists without suffering administrative or legal penalties. While such policies may be defensible or even desirable to the extent that they protect especially sensitive information, our research indicates that in practice they reach much further. Officials fear punishment for mere association with the press, as well as for sharing unclassified yet valuable information about the operation of the government. As a result, they are less willing to speak to reporters, undercutting the flow of information to the public, and limiting the freedom of expression enshrined in the US Constitution.

Rights Implicated by Surveillance’s Impact on Attorneys

Both international human rights law and the US Constitution protect the right to counsel, which is commonly understood in both contexts to include the ability to communicate freely with one’s legal counsel—especially in the context of criminal prosecution. That understanding reflects wide recognition that impediments to the exchange of information between a defendant and his attorney can render the attorney’s legal counsel ineffective, directly undermining the purpose of the right to counsel in the first place.

International Human Rights Law and Standards

The ICCPR provides that a person charged with a criminal offense is entitled “to defend himself in person or through legal  assistance.” [474]

The treaty also defines a right for such a person “to communicate with counsel of his own choosing.” It is well established in international human rights law, including in the interpretation of the ICCPR specifically, that full confidentiality of communications is a requirement of the right to counsel.[475]

By engaging in large-scale and sometimes entirely indiscriminate collection of data, the US government falls short of its obligations under the ICCPR to respect the relationship between attorneys and their clients. In gathering so much data, it inevitably picks up confidential legal information as well, including attorneys’ domestic call records and the content of various other (typically international) messages and calls. As documented above, the mere fact that the government acquires and retains these materials, even if they are never used adversely, is enough to force lawyers toward more costly and less efficient practices, as they are under an obligation to keep that information confidential. In this way, the government’s surveillance programs impede the ability of attorneys to “perform their professional functions without … hindrance … or improper interference.”[476]

Further, a lawyer could well “reveal” confidential information improperly under the rules of professional responsibility if he or she takes inadequate steps to prevent that information from being picked up and stored in a government computer. Even if no unauthorized person actually reviews such information, at that point, the government has gained access to it. Moreover, the government cannot generally know if the information it has collected should be treated as confidential until it reviews it. Even treating information specially at that point, as the government may choose to do under various minimization procedures designed to protect US persons, will not undo the harm.[477] (Failure to treat confidential information specially might exacerbate the harm, however—for example, if the government were to share confidential information with prosecutors in the case against the defendant it concerns.) The salient solution is to engage in more narrow collection on the front end, specifically avoiding the collection of confidential information.

US Constitutional Law

The Sixth Amendment to the US Constitution also provides for a right to counsel.[478] A number of circuit courts have emphasized that the heart of this right encompasses the ability of defendants to communicate securely with their attorneys (though some limitations exist, especially for defendants in detention). For example, in United States v. Rosner, the Second Circuit held that “the essence of the Sixth Amendment right is, indeed, privacy of communication with counsel.”[479] In Caldwell v. United States, the DC Circuit Court of Appeals observed that “high motives and zeal for law enforcement cannot justify spying upon and intrusion into the relationship between a person accused of crime and his counsel.”[480] The Third Circuit offered a fuller explanation:

The fundamental justification for the sixth amendment right to counsel is the presumed inability of a defendant to make informed choices about the preparation and conduct of his defense. Free two-way communication between client and attorney is essential if the professional assistance guaranteed by the sixth amendment is to be meaningful.[481]

Given current US surveillance practices, countless defendants presently have justifiable reasons for doubting the security of their exchanges with counsel, especially (but by no means exclusively) if they are charged with offenses related to terrorism. Indeed, as this report documents, the situation has become so problematic that attorneys are feeling the need to issue new kinds of warnings to their clients about how they share sensitive information related to their cases. It is beyond the scope of this report for us to determine whether federal prosecutors have ever made use of intercepted confidential communications of defense counsel.[482] But surveillance practices are already interfering with trust and communication between attorneys and defendants, conflicting with the spirit of the right to counsel as articulated by numerous circuit courts and raising serious Sixth Amendment concerns.


Everyone has the right to communicate with an expectation of privacy, including privacy from unwarranted or indiscriminate surveillance by governments. This right, which can be restricted only for important reasons such as national security, is essential not just to individual freedom of expression, but to the fair and accountable functioning of a democracy. This report documents the threats that surveillance poses to two professions, vital to a democratic society, that depend on freedom of expression and confidentiality of communications: journalism and law. Those threats are exacerbated by over-classification and excessive government secrecy.

Acknowledging the limits of our knowledge about the details of existing US surveillance programs, we urge the US Congress and the President to adopt the recommendations listed below to limit the government’s surveillance activities, strengthen restrictions on the use of information collected through surveillance, increase transparency, and address problems linked to over-classification and leak investigations and prosecutions. The President has the power to make many of these changes unilaterally, and he should use that power without delay. Certain longer-term solutions will require a legislative response, and we urge Congress to act swiftly to provide one.

Narrow the Scope of Surveillance Authorities:

International law—including, in particular, the ICCPR—requires that the United States ensure that any interference with the rights to privacy and freedom of expression comply with the principles of legality, proportionality, and necessity for a legitimate aim, such as national security. This is true regardless of the nationality of the individuals affected. Moreover, in circumstances where a state exercises effective control over an individual or that individual’s exercise of rights, that state is also obliged to respect such rights even when the individual is located outside its territory.

Many US surveillance practices, as revealed since June 2013, are inconsistent with US obligations under international law and pose a particular threat to the rights to privacy and freedom of expression and access to information guaranteed by Articles 17 and 19 of the ICCPR. To bring its policies in line with the law, and to ensure the measure of privacy necessary for journalists, lawyers, and others who require confidentiality to perform their responsibilities free from undue interference,

the US should take the following steps:

  • End mass collection of business records andother information.
    • Among other steps, Congress should pass andthe President should sign legislation that would prohibit the mass orlarge-scale collection of communications metadata or other business records,whether under Section 215 or other authorities, such as pen register and trapand trace statutes. It should also ensure that any new legislation permit the acquisition of communications metadata only upon a showing of individualized suspicion. The President should also cease requesting authorization from the FISC for the large-scale acquisition of telephone metadata, or any other records. Finally, no requirement of compelled data retention for private companies should be imposed to substitute for present government collection and retention practices.
  • Narrow the purposes for which all foreignintelligence surveillance may be conducted and limit such surveillance toindividuals, groups, or entities who pose a tangible threat to nationalsecurity or a comparable state interest.
    • Among other steps, Congress should passlegislation amending Section 702 of FISA and related surveillance authoritiesto narrow the scope of what can be acquired as “foreign intelligenceinformation,” which is now defined broadly to encompass, among otherthings, information related to “the conduct of the foreign affairs of the United States.” It should be restricted to what is necessary and proportionate to protect legitimate aims identified in the ICCPR, such as national security. In practice, this should mean that the government may acquire information only from individuals, groups, or entities who pose a tangible threat to national security narrowly defined, or a comparable compelling state interest.
  • Establish clear limits on the circumstancesunder which government agencies may share information collected forintelligence purposes with law enforcement for criminal investigations, andensure that those limits are made public and are subject to review.
    • Law enforcement agencies should notgenerally have access to databases collected by intelligence agencies, absentsome decision by an independent tribunal that, by their terms, permissible lawenforcement searches otherwise comply with constitutional and international law standards relating to criminal cases.

Strengthen the Protections Provided by Targeting and Minimization


Much of the anxiety caused by the government’s surveillance programs stems from the permissiveness of the US government’s targeting and minimization procedures, which provide weak protections for US persons, and virtually none at all for non-US persons. Those procedures appear to allow easy access to and long-term retention of information of no significant value to a compelling state interest. The US should strengthen the targeting and minimization procedures that protect the privacy of all those whose information is swept into the government’s enormous databases. Toward that end, it should take the following steps:

  • Require prior review of targeting decisionsby a competent, independent, and impartial decisionmaker.
    • Under Section 702 and Executive Order12,333, executive branch officials hold the power to make unilateral targetingdecisions. Targeting decisions made under Executive Order 12,333 are notsubject to any independent review. And under Section 702, only the broaderprocedures for making those decisions—designed to ensure that the government is targeting non-US persons outside the US—are subject to periodic approval of the Foreign Intelligence Surveillance Court. The lack of independent targeting oversight is even more worrisome because the standards for approving targets under Section 702 and Executive Order 12,333 are much lower than in the law enforcement context. Congress should pass (and the President should sign) legislation modifying Section 702 and the executive’s authority under Executive Order 12,333 both to narrow the grounds for permissible surveillance (see above) and to require that individual targeting decisions be reviewed by an independent decisionmaker to ensure that any encroachment on any person’s rights is fully justified under constitutional and international law standards. Until such legislation takes effect, the Executive Branch should adopt targeting procedures that require individual targeting decisions to be approved by an independent decisionmaker.
  • Prohibit the “backdoor” searchesof communications collected, except pursuant to the same standards andprocedures that would justify surveillance in the first instance.
    • Presently the government claims the power tosearch through the information it collects under Section 702 (and perhapsExecutive Order 12,333) for the communications of individuals it could not havetargeted in the first place. The government should prohibit such backdoorsearches to cabin the harm that incidental or excessive collection can inflict.
  • Require the prompt destruction of allinformation collected that is not to or from a target, or that does not containinformation necessary to a legitimate aim (such as national security) furtheredby surveillance of the target.
    • In particular, such information should bedeleted from all government databanks rather than stored for a retention period(regardless of access). That deletion should be audited periodically by anindependent authority that reports publicly on the government’s retentionand deletion practices.
  • Prohibit the acquisition, retention,dissemination, or use of protected attorney–client communications orsimilarly confidential or privileged communications or information.
    • The NSA’s current minimization

    procedures for attorney-client communications acquired under Section 702 are both too narrow and too weak. If the government finds itself reviewing a communication between an individual known to be indicted in the US and an attorney representing that person in connection with the indictment, it must stop reviewing the communication. But the government may retain the communication and preserve any foreign intelligence information it has already discerned. Moreover, there is no protection for the myriad other forms of privileged attorney-client communications—which include communications relating to criminal proceedings that precede an indictment, criminal matters where the NSA does not yet know of an indictment, and civil matters—aside from the requirement that the NSA’s Office of General Counsel review proposed dissemination of such communications. There is also no protection for confidential, as opposed to privileged, information related to ongoing legal representation. The Executive Branch should implement minimization procedures that require the government to delete confidential or privileged attorney communications it gathers through its surveillance programs, without retaining, disseminating, or otherwise using information gleaned from reviewing them.

Disclose Additional Information about Surveillance Programs to the Public:

  • The secrecy surrounding USsurveillance authorities has greatly hindered the public debate about theprograms, and it has contributed to the uncertainty felt most acutely by thosewho rely heavily on the confidentiality of their communications, such asjournalists and lawyers. To allow for a more meaningful public debate, and to permit the public to understand the true scope of the government’s surveillance authorities, the United States should take the following steps:
  • Publish detailed, unclassified descriptionsof the scale and scope of signals intelligence conducted under all authorities,including Executive Order 12,333.
    • Among other steps, the Executive Branchshould report statistics on the number of requests for information thegovernment makes under Section 215, Section 702, and National SecurityLetters. Such reporting should include the total number of requests under specific legal authorities for specific types of data (content, subscriber information, or metadata), and the number of individuals affected by each as well as their status in the United States (citizens, residents, non-citizens). The President should also disclose detailed, unclassified descriptions of the scale and scope of signals intelligence collection practices pursuant to Executive Order 12,333 that affect both US persons and non-US persons, and clarify the extent to which foreign intelligence surveillance undertaken pursuant to Executive Order 12,333 implicates the private information of persons who are not suspected of any wrongdoing or of any connection to a national security threat.
  • Disclose all current and future targetingand minimization procedures for all agencies engaging in surveillance, subjectto only those redactions necessary to protect ongoing investigations orsensitive sources and methods.
    • Uncertainty about the government’sacquisition of information through its surveillance programs, and itssubsequent treatment and use of that information, underlies much of thereluctance of journalists and lawyers to engage in certain types ofcommunication and data storage. Publicizing significantly more information about how the government makes targeting decisions, as well as how it treats information it has gathered, is essential for allaying legitimate concerns about which activities are reasonably secure and which are not. The Executive Branch should promptly release all current targeting and minimization procedures with minimal redactions, and it should continue to release new, unredacted or minimally redacted procedures as they come into effect in the future.
    • Declassify or publish detailed descriptionsof all opinions of the Foreign Intelligence Surveillance Court, and establishan efficient means for doing so in a timely manner in the future.
    • Allow recipients of surveillance orders, whoare entrusted with the privacy and security of their users’ data,regularly to report statistics concerning government requests for information,including:
      • The number of government requests forinformation about their users made under specific legal authorities such asSection 215 of the USA PATRIOT Act, Section 702 of FISA, the various NationalSecurity Letter statutes, and others;
      • The number of individuals, accounts, ordevices for which information was requested under each authority;
      • The number of individuals, accounts, ordevices affected by those requests under each authority; and
      • The number of requests under each authoritythat sought communications content, basic subscriber information, and/or otherinformation.

Reduce Government Secrecy and Restrictions on Official

Contact with the Media: The government’s tendency to over-classify information relating to its surveillance activities contributes significantly to the lack of transparency about those activities. Its efforts to protect all of that information, including by imposing strict restrictions on contact between federal officials and the press, are contributing to journalists’ and sources’ fear of surveillance and harming the ability of the press to report on matters of public concern. Accordingly, the US should take the following steps:

  • Reform the classification system to preventover-classification and to facilitate prompt declassification of information ofpublic interest.
    • The Executive Branch should enact meaningfulmeasures to combat over-classification. It should impose new limits on thetypes of information that may be classified, significantly shorten the periodfor which information may be classified,[483] and implement a process to identify and expedite the declassification review of information of significant public interest. It should also impose penalties on agencies or officials that engage in over-classification.
    • Narrow administrative restrictions on theability of government officials to talk with others about matters of publicconcern.
    • Among other steps, the President should order a review of the Insider Threat Program to ensure that it is not leading to harmful outcomes, including by allowing agencies to create policies that interfere with the ability of federal officials to interact with the press on matters that are unclassified or that do not pose any significant, tangible risk to national security or to other critical state interests recognized in international human rights law. The President should also direct the revocation of Intelligence Community Directive 119 to permit non-designated intelligence community employees contact with the press (subject to typical restrictions on sharing classified information), and to remove the requirement to report contact with the press. Congress should conduct oversight hearings on the implementation of the Insider Threat Program and other government policies and programs that may be improperly inhibiting government officials’ communication with the media and restricting the public’s access to information.

Enhance Protections for National-Security Whistleblowers:

  • Those who disclose officialwrongdoing or information of great public interest to the media perform animportant service in a democratic society and should be protected. Similarly,journalists who report their disclosures should not be forced to divulge theirsources. Even if a revelation does not point to a clear violation of the law, the public disclosure of that information should not be prosecuted—and a leaker should have a defense against prosecution for divulging classified or confidential information—where the public interest in that information outweighs the harm to a state interest such as national security. Accordingly, the US should take the following steps:
    • Prohibit the prosecution of those who are not government employees or contractors for the receipt, possession, or public disclosure of classified information.
      • Journalism is not a crime, and treating itpotentially as such discourages everyday reporting essential to understandingthe operation of our government. The onus should be on the government to protect any legitimate secrets, not on journalists under the threat of serious criminal penalties. This would not insulate journalists from prosecution for other sorts of crimes, such as theft, hacking, or bribery.
      • The public disclosure of information shouldnot be prosecuted where the public interest in disclosure outweighs anyspecific harm to national security or a comparable state interest caused bydisclosure.
        • The public disclosure of information is not

        espionage and should not be prosecuted as such. Moreover, to the extent criminal penalties are sought for public disclosures, they should be available only for the disclosure of narrow categories of information defined by law, where disclosure would pose a real and identifiable risk of causing significant harm to national security or a comparable state interest. The law should also provide for a public interest defense in such cases. Under that defense, the public interest in disclosures relating to US government waste, fraud, corruption, or illegal activities should presumptively outweigh any legitimate interest in secrecy.

    • Strengthen legal protections for nationalsecurity whistleblowers, including contractors.
    • Strengthen federal law to provideintelligence and national security sector employees and contractors a) anenforceable right to report abuse internally and b) legal protection fromretaliation if they do so, in addition to the public interest defense recommended above. Pending the enactment of legislative guarantees, the President should forbid retaliation and prosecution against such employees and contractors and provide an independent channel for challenging such actions should they occur.


This report was researched and written by G. Alex Sinha, Aryeh Neier fellow with the US Program at Human Rights Watch and the Human Rights Program at the American Civil Liberties Union. Maria McFarland Sanchez-Moreno, US Program deputy director at Human Rights Watch, participated in some of the research interviews. Andrea Prasow, deputy Washington Director at Human Rights Watch, also participated in one of the research interviews and provided key contacts. Significant research, proofreading, and formatting assistance were provided by Samantha Reiser, Paul Smith, and Jeanne Jeong, associates in the US Program at Human Rights Watch; as well as Alex Simon-Fox, Erin Weber, Cassandra Kildow, and Phoebe Young, interns in the US Program at Human Rights Watch. Other US Program staff—including Clara Long, Grace Meng, Alba Morales, and Brian Root—graciously offered contacts and insight.

This report was reviewed at Human Rights Watch by Maria McFarland Sanchez-Moreno, US Program deputy director; Alison Parker, US Program director; Cynthia M. Wong, senior researcher on the Internet and human rights; Laura Pitter, senior national security researcher; Dinah PoKempner, general counsel; and Joe Saunders, deputy program director. At the American Civil Liberties Union, it was reviewed by Steven Watt, Human Rights Program senior staff attorney; Jameel Jaffer, deputy legal director and Center for Democracy director; Alex Abdo, Speech, Privacy and Technology staff attorney; Naureen Shah, legislative counsel; Gabe Rottman, legislative counsel and policy advisor; Neema Singh Guliani, legislative counsel; Michael W. Macleod-Ball, Washington Legislative Office chief of staff. Layout and production were managed by Grace Choi, publications director; Kathy Mills, publication specialist; and Fitzroy Hepkins, mail manager for Human Rights Watch.

Human Rights Watch and the American Civil Liberties Union wish to thank the journalists, attorneys, and others who generously shared their time—and in some cases, sensitive information about their experiences and practices—to ensure that this report properly captured their perspectives. We are especially grateful because many interviewees kindly fielded uncomfortable questions, which required them to lay bare their uncertainties about the adequacy of their professional practices for operating under the cloud of large-scale, electronic surveillance. Human Rights Watch and the American Civil Liberties Union would also like to thank those government officials who spoke to us about delicate matters related to ongoing surveillance programs, as well as the public affairs officers and others who facilitated those conversations.



[1] Note that the totals of each of the separate categories do not add up to 92 because at least one subject offered comments as a member of multiple groups.


[2] James Risen and Eric Lichtblau, “Bush Lets U.S. Spy on Callers Without Courts,” New York Times, December 16, 2005, (accessed July 8, 2014).


[3]Am. Civil Liberties Union v. Nat’l Sec. Agency, 438 F. Supp. 2d 754 (E.D. Mich. 2006), vacated on jurisdictional grounds, 493 F.3d 644 (6th Cir. 2007).


[4] “Bush Administration’s Warrantless Wiretapping Program,” Washington Post, February 12, 2008, (accessed July 8, 2014) (noting that the program was not subject to court oversight).


[5] For a chronology of the surveillance revelations during this period, see G. Alex Sinha, “NSA Surveillance Since 9/11 and the Human Right to Privacy,” Loyola Law Review, vol. 59 (2013), pp. 880-885.


[6] In January of 2007, President Bush announced changes to the controversial warrantless spying program, adding a role for the FISA Court. Dan Eggen, “Court Will Oversee Wiretap Program,” Washington Post, January 18, 2007, (accessed July 8, 2014). For more information, see also Office of the Inspectors General of the Department of Defense, Department of Justice, Central Intelligence Agency, National Security Agency, and Office of the Director of National Intelligence, “ Unclassified Report on the President’s Surveillance Program,” July 10, 2009, (accessed July 16, 2014), p. 30.


[7] In modifying the legal framework, Congress initially passed (and President Bush signed) the Protect America Act in 2007. That law expired in 2008, however, and Congress did not renew it. Instead, later the same year, Congress passed the FISA Amendments Act (FAA), which was renewed again in 2012 and remained in effect as of the time of this report’s publication. The FAA dramatically expanded the government’s authority to conduct warrantless surveillance of international communications (including communications originating or terminating inside the United States). For more details, see Sinha, “NSA Surveillance Since 9/11 and the Human Right to Privacy,” Loyola Law Review, pp. 883-888.


[8] For a description of the relevant legislative changes and subsequent surveillance revelations, see Sinha, “NSA Surveillance Since 9/11 and the Human Right to Privacy,” Loyola Law Review, pp. 883-892.


[9] Glenn Greenwald, “NSA collecting phone records of millions of Verizon customers daily,” Guardian, June 5, 2013, (accessed July 8, 2014).


[10] Ibid. Subsequent reports, including the Privacy and Civil Liberties Oversight Board report on Section 215, found that under current practice, cell phone location data is not in fact collected. See Privacy and Civil Liberties Oversight Board, “Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court,” January 23, 2014,  (accessed July 8, 2014), pp. 22-23.


[11] Glenn Greenwald et al., “Edward Snowden: the whistleblower behind the NSA surveillance revelations,” Guardian, June 9, 2013, (accessed July 8, 2014).


[12] Greenwald, “NSA collecting phone records of millions of Verizon customers daily,” Guardian, (accessed July 14, 2014).


[13] The key programs revealed are called “PRISM” and “Upstream.” Dominic Rush and James Ball, “PRISM Scandal: tech giants flatly deny allowing NSA direct access to servers,” Guardian, June 6, 2013, (accessed July 8, 2014); “NSA slides explain the PRISM data-collection program,” Washington Post, June 6, 2013, (accessed July 8, 2014).


[14] Charlie Savage and Mark Mazzetti, “C.I.A. Collects Global Data on Transfers of Money,” New York Times, November 14, 2013, (accessed July 8, 2014).


[15] The program revealed is called “CO-TRAVELER.” Barton Gellman and Ashkan Soltani, “NSA tracking cellphone locations worldwide, Snowden documents show,” Washington Post, December 4, 2013, (accessed July 8, 2014).


[16] Orin Kerr, “Problems with the FISC’s Newly-Declassified Opinion on Bulk Collection of Internet Metadata,” post to “Lawfare” (blog), November 19, 2013, (accessed July 8, 2014).


[17] Barton Gellman and Ashkan Soltani, “NSA collects millions of e-mail address books globally,” Washington Post, October 14, 2013, (accessed July 14, 2014).


[18] Charlie Savage and Laura Poitras, “How a Court Secretly Evolved, Extending U.S. Spies’ Reach,” New York Times, March 11, 2014, (accessed July 8, 2014).


[19] John Shiffman and Kristina Cooke, “Exclusive: U.S. directs agents to cover up program used to investigate Americans,” Reuters, August 5, 2013, (accessed July 8, 2014).

The program is called “MYSTIC,” and it employs a search tool called “RETRO.” Barton Gellman and Ashkan Soltani, “NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls,Washington Post, March 18, 2014, (accessed July 8, 2014).

Later reporting revealed that as of 2013, MYSTIC was operable in five countries, gathering voice data in the Bahamas and one other unnamed country, and gathering phone metadata in Mexico, Kenya, and the Philippines. Ryan Devereaux, Glenn Greenwald and Laura Poitras, “Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas,” The Intercept, May 19, 2014, (accessed July 8, 2014).

On May 23, Wikileaks revealed the unnamed country inthe first report to be Afghanistan. “WikiLeaks statement on the mass recording of Afghan telephone calls by the NSA,” May 23, 2014, (accessed July 8, 2014).


[21] Under the 4th Amendment to the US Constitution, in order for the government to conduct a search of “persons, houses, papers, and effects,” the government must demonstrate to a judge probable cause that a search would reveal evidence of a crime or contraband. See U.S. Const. amend. IV.


[22] Section 215 and Section 702 are provisions of federal law, passed by Congress and signed by the president. USA PATRIOT Act (U.S. H.R. 3162, Public Law 107-56), Title II, Section 215; FISA Amendments Act of 2008, H.R. 6304, Title VII, Section 702. Executive orders are different; although they also have the force of law, and are subject to judicial review, the president can sign (or change or revoke) them unilaterally to help guide the operations of the Executive Branch. For the applicable executive order, see Executive Order 12,333, “United States Intelligence Activities,” December 4, 1981, (accessed July 9, 2014).


[23] NSLs operate like subpoenas except that they are not issued by judges. An FBI agent can issue them to seek metadata and other non-content information from third parties, without prior judicial authorization. Controversially, NSLs can be written to bar the recipient from discussing that he or she has been asked for information. While various forms of NSLs have existed for years, their use increased with the passage of the USA PATRIOT Act in 2001. None of the Snowden  revelations as of July 2014 concerned NSLs in any significant way.


[24] Human Rights Watch, “Comments for the Review Group on Intelligence and Communications Technologies,” October 11, 2013,


[25] The ACLU has summarized the implications of the various provisions in the FAA, including noting the breadth of permissible surveillance. For example, “[u]nlike surveillance under traditional FISA, surveillance under the FAA is not predicated on probable cause or individualized suspicion. The government’s targets need not be agents of foreign powers, engaged in criminal activity, or connected even remotely with terrorism. Rather, the FAA permits the government to target any foreigner located outside the United States so long as the programmatic purpose of the surveillance is to acquire ‘foreign intelligence information.’” See Submission of Jameel Jaffer, Deputy Legal Director, American Civil Liberties Union Foundation to Privacy and Civil Liberties Oversight Board, Public Hearing on Section 702 of the FISA Amendments Act, March 19, 2014, (accessed July 9, 2014), p. 5.

Further, “[n]othing in the Act requires the government even to inform the court who its surveillance targets are (beyond to say that the targets are outside the United States), what the purpose of its surveillance is (beyond to say that a “significant purpose” of the surveillance is foreign intelligence), or which Americans’ privacy is likely to be implicated by the acquisition.” See ibid., p. 9. Much information can be swept in “incidentally” in searches for information relating to targeted individuals, including communications of people who have no connection with the intelligence target.


[26] Rush and Ball, “PRISM Scandal,” Guardian,;

“NSA slides explain the PRISM data-collection program,” Washington Post,


[27] A report from July of 2014 revealed that “ordinary internet users, American and non-American alike, far outnumber legally targeted foreigners in communications intercepted by the [NSA] from U.S. digital networks.” Barton Gellman, Julie Tate, and Ashkan Soltani, “In NSA-intercepted data, those not targeted far outnumber the foreigners who are,” Washington Post, July 5, 2014, (accessed July 16, 2014).


[29] Executive Order 12,333, Part 1.1(d): Goals. Specifically, the order notes that agencies and departments should build in “full consideration of the rights of United States persons” while attempting to maximize the benefit of the country’s intelligence efforts. Ibid.


[30] Ibid., Part 2.4: Collection Techniques. The order does not provide much protection for non-US persons, except to limit searches of their personal property by the CIA. Ibid.


[31] Barton Gellman and Ashkan Soltani, “NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden Documents say,” Washington Post, October 30, 2013, (accessed July 9, 2014).


[32] For more information on Executive Order 12,333, see Mark Jaycox, Electronic Frontier Foundation, “Three Leaks, Three Weeks, and What We’ve Learned About the US Government’s Other Spying Authority: Executive Order 12333,”, November 5, 2013, (accessed July 9, 2014).


[33] US citizens, lawful permanent residents of the US, companies incorporated in the US, and “unincorporated association[s] a substantial number of members of which are citizens of the United States or aliens lawfully admitted for permanent residence”all count as “US persons.” 50 U.S. Code § 1801 (i). The minimization procedures published by the Guardian in June of 2013 indicate that the definition of “US person” used by the NSA derives from the original language of the Foreign Intelligence Surveillance Act of 1978 (FISA). “Procedures used by NSA to minimize data collection from US persons: Exhibit B, full document,” Guardian, June 20, 2013, (accessed July 8, 2014), p. 2. For the original FISA definition, see 50 U.S. Code § 1801(i).


[34] We have submitted a Freedom of Information Act Request seeking remaining minimization procedures. To read the request, see Appendix.


[35] A number of individuals and groups have recently criticized the oversight of the intelligence community as inadequate, highlighting, for example, the limited role for the FISA Court, the lack of public transparency, and the strength of the PCLOB. See, e.g., Human Rights Watch, “Comments to the Privacy and Civil Liberties Oversight Board (PCLOB)”, August 1, 2013,;

letter from Human Rights Watch to President Obama Urging Surveillance Reforms, January 16, 2014,;

Jameel Jaffer, “Obama’s NSA Proposal Reveals Broken Oversight System,” Guardian, March 25, 2014, (accessed July 9, 2014); ACLU, “

Support Oversight of the Secret FISA Court,” (accessed July 9, 2014).


[36] Ron Wyden, “Statement at Senate Intelligence Committee’s Open Hearing,” January 29, 2014, (accessed July 9, 2014).


[37] Diane Feinstein, “Statement on Intelligence Collection of Foreign Leaders,” October 28, 2013, (accessed July 9, 2014).


[38] “About the Review Group on Intelligence and Communications Technologies,” Office of the Director of National Intelligence, accessed July 9, 2014,


[39] See Review Group on Intelligence and Communications Technologies, “Liberty and Security in a Changing World,” December 12, 2013, (accessed July 9, 2014).


[40] Privacy and Civil Liberties Oversight Board, “Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court,”

Both Human Rights Watch and the ACLU (working in conjunction with Amnesty International) submitted comments to the PCLOB, and provided someone to testify before the PCLOB as well. Human Rights Watch, “Comments of Human Rights Watch to the Privacy and Civil Liberties Oversight Board (PCLOB),” August 1, 2013,;

ACLU, “Submission to the PCLOB on US Surveillance and Human Rights Law,” April 16, 2014, (accessed July 9, 2014).


[41] Privacy and Civil Liberties Oversight Board, “Report on the Surveillance Program Operated Pursuant to Section 702 of the Foreign Intelligence Surveillance Act,” July 2, 2014, (accessed July 9, 2014).


[42] “Obama’s Speech on N.S.A. Phone Surveillance,” New York Times, January 17, 2014, (accessed July 9, 2014). For commentary on that speech, see “Statement on US President Obama’s surveillance speech,” Human Rights Watch news release, January 17, 2014,


[43] He also imposed certain interim limits on the querying of that information, including requiring judicial oversight and limiting searches of targets’ contacts to those linked by two degrees of separation rather than three.


[44] In part this was a result of last-minute changes shortly before the vote. Andrea Peterson, “NSA reform bill passes House, despite loss of support from privacy advocates,” Washington Post, May 22, 2014, (accessed July 9, 2014). See also “US Senate: Salvage Surveillance Reform,” Human Rights Watch news release, May 22, 2014,


[46] The USA Freedom Act, as passed by the House, would modify a bulk phone metadata program authorized under Section 215 of the USA PATRIOT Act, and includes some provisions on NSLs. It does not significantly address various other authorities, like Section 702 of FISA, or Executive Order 12,333, which appear to lie behind most of the surveillance programs revealed thus far in the Snowden documents.


[47] E.g., Stephen Cobb, “New Harris poll shows NSA revelations impact online shopping, banking, and more,” We Live Security, April 2, 2014, (accessed July 9, 2014); Alex Marthews and Catherine Tucker, “Government Surveillance and Internet Search Behavior,” unpublished paper, March 24, 2014, (accessed July 9, 2014).


[48] The meaning of the term “leak” may vary by context, so for simplicity, we will use the term broadly to include the unauthorized disclosure of government information to the press, even if that information is not sensitive, as well as the release (whether authorized by a high-level official or not) of classified information without prior declassification. On this definition, “instant declassification”—the idea that a high-level official can properly declassify information simply by making it public—would still count as a leak. For more on “instant declassification,” see Jennifer K. Elsea, Congressional Research Service, “The Protection of Classified Information: The Legal Framework,” December 17, 2002, (accessed July 9, 2014), pp.11-14.


[49] E.g., Elizabeth Goitein and David M. Shapiro, Brennan Center for Justice, New York University School of Law, “Reducing Overclassification Through Accountability,” October 5, 2011, (accessed July 9, 2014); Human Rights Watch interview with Dana Priest, national security reporter at the Washington Post, Washington, DC, December 17, 2013; Human Rights Watch interview with Jane Mayer, staff writer for The New Yorker, Washington, DC, January 16, 2014.


[50] Executive Order 13,526 provides the current guidelines for the federal government’s classification and declassification of information. Elsea, Congressional Research Service, “The Protection of Classified Information,”,      p. 3.


[51] Ibid.


[52] Ibid., p. 4.


[53] Information Security Oversight Office, “Annual Report to the President 2012,” (accessed July 9, 2014), pp. 4, 7. For more, see David E. Pozen, “The Leaky Leviathan: Why the Government Condemns and Condones Unlawful Disclosures of Information,” Harvard Law Review, vol. 127 (2013), p. 575.


[54] Elsea, Congressional Research Service, “The Protection of Classified Information,”,  pp. 10-11.


[55] Leonard Downie Jr. with reporting by Sara Rafsky, Committee to Protect Journalists, “The Obama Administration and the Press,” October 10, 2013, (accessed July 9, 2014) (documenting the various leak prosecutions pursued by the Obama administration). At the same time, the administration continues to benefit from selective, authorized leaks to the press. For an in-depth look at the US government’s handling of leaks, see Pozen, “The Leaky Leviathan,” Harvard Law Review, p. 512. Note that the Obama administration inherited two of its eight prosecutions from the Bush administration.


[56] These are the widely accepted numbers, and the recent spike is not in dispute; however, there may be room for some disagreement at the margins. See Pozen, “The Leaky Leviathan,” Harvard Law Review, p. 537.


[57] Marisa Taylor and Jonathan S. Landay, “Obama’s crackdown views leaks as aiding enemies of U.S.,” McClatchy, June 20, 2013, (accessed July 9, 2014); “National Insider Threat Taskforce,” Office of the National Counterintelligence Executive, accessed July 9, 2014,


[58] Taylor and Landay, “Obama’s crackdown views leaks as aiding enemies of U.S.,” McClatchy,

Technically, the policy does not define “insider threats” in relation to classified information specifically, but the program is designed to protect classified information. See Office of the National Counterintelligence Executive, “National Insider Threat Policy,” (accessed July 9, 2014), p. 5.


[59] Taylor and Landay, “Obama’s crackdown views leaks as aiding enemies of U.S.,” McClatchy,–vmVHl


[60] Defense Security Service, “Insider Threats: Combating the ENEMY within your organization,” (accessed July 9, 2014), p. 2.


[61] Office of the National Counterintelligence Executive, “National Insider Threat Policy,”, p. 1. The policy applies to “all executive branch departments and agencies with access to classified information, or that operate or access classified computer networks; all employees with access to classified information, including classified computer networks (and including contractors and others who access classified information, or operate or access classified computer networks controlled by the federal government); and all classified information on those networks.” Ibid.


[62] Office of the National Counterintelligence Executive, “National Insider Threat Policy,”, p. 5.


[63] Taylor and Landay, “Obama’s crackdown views leaks as aiding enemies of U.S.,” McClatchy,–vmVHl.


[64] Hadas Gold and Josh Gerstein, “Clapper signs strict new media directive,” Politico, April 21, 2014, (accessed July 9, 2014).


[65] Steven Aftergood, “ODNI Requires Pre-Publication Review of All Public Information,” Secrecy News, May 8, 2014, at (accessed July 9, 2014).


[66] Ibid.


[67] Ibid.


[68] Human Rights Watch interview with Jonathan Landay, national security and intelligence correspondent for McClatchy Newspapers, Washington DC, December 12, 2013.


[69] Human Rights Watch telephone interview with Tom Gjelten, correspondent with NPR, March 18, 2014.


[70] Human Rights Watch interview with Kathleen Carroll, Senior Vice President and Executive Editor of The Associated Press, New York, New York, May 8, 2014.


[71] E.g., Human Rights Watch interviews with Jonathan Landay, December 12, 2013, and an investigative journalist for a major outlet, New York, New York, January 23, 2014.


[72] Human Rights Watch interview with James Asher, Washington Bureau Chief for McClatchy Co., Washington DC, December 12, 2013.


[73] Human Rights Watch interview with a reporter, Washington, DC, December 17, 2013.


[74] Human Rights Watch interview with an investigative journalist for a major outlet, New York, New York, January 23, 2014.


[75] Human Rights Watch interview with a reporter who covers national defense issues, Washington DC-area, January 16, 2014.


[76] Human Rights Watch interview with Jonathan Landay, December 12, 2013.


[77] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[78] See also Leonard Downie Jr. with reporting by Sara Rafsky, Committee to Protect Journalists, “The Obama Administration and the Press,” October 10, 2013, (accessed July 9, 2014) (also documenting these concerns).


[79] E.g., Human Rights Watch interview with James Asher, Washington DC, December 12, 2013.


[80] E.g., Human Rights Watch telephone interview with Tim Weiner, reporter for the New York Times, January 31, 2014; Human Rights Watch interview with Barton Gellman, senior fellow at The Century Foundation, New York, New York, February 10, 2014.


[81] Human Rights Watch telephone interview with Philip Bennett, Professor at Duke University and former managing editor of the Washington Post, February 26, 2014; Human Rights Watch telephone interview with Tom Gjelten, March 18, 2014. Bennett said there is “no doubt in my mind” that a cluster of national security stories in 2005 rattled the government, and prompted it to crack down on the press. Gjelten reported beginning an extended leave from reporting in March of 2005. He encountered a radical shift in source cooperation upon his return in December of 2007. “[It was] like a whole different world.”


[82] These views are not mutually exclusive, and some journalists subscribed to multiple theories. Some journalists also reported limited concern about the effect of large-scale electronic surveillance by the US government or said that they had not observed a chilling effect, though that view was uncommon and in some cases reflected the journalist’s coverage areas. E.g., Human Rights Watch interview with a reporter covering the Supreme Court, Washington DC, January 15, 2014; Human Rights Watch interview with an investigative journalist most recently covering (among other things) state-level politics, Washington DC, January 17, 2014; Human Rights Watch telephone interview with Mark Bowden, author and Distinguished Writer in Residence at The University of Delaware, January 21, 2014.


[83] Again, for more, see Downie Jr. with reporting by Rafsky, Committee to Protect Journalists, “The Obama Administration and the Press,”


[84] Human Rights Watch interview with Stephen Engelberg, editor-in-chief of ProPublica, New York, January 30, 2014.


[85] Ibid.


[86] Ibid. McClatchy calls this a “career-killing penalty.” Marisa Taylor and Jonathan S. Landay, “Obama’s crackdown views leaks as aiding enemies of U.S.,” McClatchy, June 20, 2013,–vmVHl (accessed July 14, 2014).


[87] Human Rights Watch interview with Scott Horton, writer on national security for Harper’s Magazine, New York, New York, January 13, 2014.. For more on the costs associated with leak prosecutions, see also David E. Pozen, “The Leaky Leviathan: Why the Government Condemns and Condones Unlawful Disclosures of Information,” Harvard Law Review, vol. 127 (2013), p. 553.


[88] Agencies are also making many referrals to the Department of Justice that do not become full prosecutions. Human Rights Watch interview with Peter Finn, National Security Editor at the Washington Post, Washington DC, December 17, 2013. For some statistics on the number of leak investigation referrals, see Steven Aftergood, “‘Crimes Reports’ and the Leak Referral Process,” Secrecy News, Dec. 17, 2002, (accessed July 11, 2014). Newer statistics are difficult to locate.


[89] Human Rights Watch telephone interview with Charlie Savage, reporter for the New York Times, March 14, 2014.


[90] Human Rights Watch interview with a reporter, Washington, DC, December 17, 2013.


[91] Ibid.


[92] Steven Aftergood, “Stephen Kim Leak Case Heats Up,” October 23, 2013, Secrecy News, (accessed July 11, 2014). Kim was a contractor with the State Department who was accused of leaking classified information to Fox News reporter James Rosen in 2009. The information, derived from a top-secret intelligence report, described North Korea’s intentions to perform nuclear tests.


[93] For more on Drake’s case, see PBS interview with Thomas Drake, Frontline, December 10, 2013, (accessed July 16, 2014).


[94] Scott Shane, “No Jail Time in Trial Over N.S.A. Leak,” New York Times, July 15, 2011, (accessed July 11, 2014). The judge also called the government’s conduct “unconscionable.” See also Pozen, “The Leaky Leviathan,” Harvard Law Review, p. 553 (discussing the Drakecase).


[95] Human Rights Watch interview with Peter Finn, December 17, 2013.


[96] Human Rights Watch interview with Brian Ross, Chief Investigative Correspondent for ABC News, New York, New York, February 11, 2014. Law professor David Pozen calls this view “jaundiced but not unfounded.” Pozen, “The Leaky Leviathan,” Harvard Law Review, p. 562. One reporter for a newspaper similarly criticized what he sees as a “double standard in the government’s pursuit of [leak] prosecutions.” Human Rights Watch interview with a reporter, Washington, DC, December 17, 2013. Phil Bennett, a former managing editor of the Washington Post and now a professor at Duke University, recalled then Vice-President Dick Cheney disclosing a torrent of classified information to Bob Woodward just weeks after 9/11 that portrayed the continued terrorist threat to the country as high and describing the administration’s aggressive response without “triggering a leak investigation or explaining on what authority he was making the disclosures.” Human Rights Watch telephone interview with Philip Bennett, February 26, 2014.



Human Rights Watch interview with Barton Gellman, February 10, 2014.


[98] Human Rights Watch interview with Barton Gellman, February 10, 2014.


[99] Human Rights Watch telephone interview with Peter Maass, senior writer at The Intercept, March 26, 2014.


[100] Human Rights Watch telephone interview with Charlie Savage, March 14, 2014.


[101] Human Rights Watch interview with Peter Finn, December 17, 2013. Note that Finn spoke on his own behalf, and not for the Washington Post.


[102] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[103] Ibid.


[104] Human Rights Watch telephone interview with Peter Maass, March 26, 2014.


[105] Human Rights Watch interview with Peter Finn, December 17, 2013.


[106] Human Rights Watch interview with Marisa Taylor, investigative reporter for McClatchy Newspapers, Washington DC, January 16, 2014.


[107] Human Rights Watch interview with Jane Mayer, staff writer for The New Yorker, Washington, DC, January 16, 2014.


[108] Human Rights Watch interview with a reporter in Washington, DC, (date withheld).


[109] Email from a reporter in Washington DC to Human Rights Watch, June 5, 2014.


[110] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[111] Human Rights Watch interview with Jonathan Landay, December 12, 2013.


[112] E.g., Human Rights Watch interviews with Steven Aftergood, Director, Federation of American Scientists’ Project on Government Secrecy, Washington DC, December 11, 2013, and Peter Finn, December 17, 2013.


[113] Human Rights Watch interview with a journalist (name, location, and date withheld).


[114] Human Rights Watch interview with a journalist (name, location, and date withheld).


[115] Human Rights Watch interview with Peter Finn, December 17, 2013.


[116] Human Rights Watch interview with Barton Gellman, February 10, 2014.


[117] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[118] Human Rights Watch interview with Peter Finn, December 17, 2013.


[119] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[120] Ibid.


[121] Ibid.


[122] Human Rights Watch interview with Barton Gellman, February 10, 2014.


[123] E.g., Human Rights Watch telephone interview with Peter Maass, March 26, 2014.


[124] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[125] Ibid.


[126] Ibid.


[127]Human Rights Watch interview with Brian Ross, February 11, 2014.


[128] “Procedures used by NSA to minimize data collection from US persons: Exhibit B – full document,” Guardian, June 20, 2013, (accessed July 11, 2014).


[129] Human Rights Watch interview with Barton Gellman, February 10, 2014.


[130] Human Rights Watch interview with an investigative reporter, Washington, DC, November 19, 2013.


[131] Human Rights Watch interviews with multiple journalists (names, locations, and dates withheld).


[132] By using encryption in combination with the software Tor, some journalists may be able to hide their communication patterns in a way that encryption alone does not.


[133] Human Rights Watch interviews with multiple journalists (names, locations, and dates withheld).


[134] E.g., Human Rights Watch interviews with a national security reporter, January 14, 2014 and Steve Coll, February 14, 2014.


[135] Human Rights Watch interview with Steve Coll, February 14, 2014.


[136] Human Rights Watch interviews with Jonathan Landay, December 12, 2013; a national security reporter, Washington, DC, January 14, 2014; and Barton Gellman, February 10, 2014.


[137] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[138] E.g., Human Rights Watch interview with Steven Aftergood, December 11, 2013.


[139] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[140] Human Rights Watch interview with Steve Coll, February 14, 2014.


[141] Ibid.


[142] Human Rights Watch interview with Barton Gellman, February 10, 2014. See Section II, The Impact of Surveillance on Journalists, Footnote 132.


[143] E.g., Human Rights Watch interviews with an investigative journalist, Washington, DC, November 19, 2013, and a national security reporter, Washington, DC, January 14, 2014.


[144] Glenn Greenwald and James Ball, “The top secret rules that allow NSA to use US data without a warrant,” Guardian, June 20, 2013, (accessed July 11, 2014).


[145] Human Rights Watch telephone interview with Scott Shane, intelligence reporter for the New York Times, April 2, 2014.


[146] Ibid.


[147] “Former NSA Senior Executive Charged with Illegally Retaining Classified Information, Obstructing Justice and Making False Statements,” Department of Justice press release, April 15, 2010, (accessed July 14, 2014). He was indicted in 2010 on charges related to espionage and obstructing the investigation against him, but after a costly trial, had all charges dropped in exchange for a guilty plea to a misdemeanor for exceeding authorized use of a computer.


[148] Human Rights Watch interview with Eric Schmitt, reporter for the New York Times, Washington, DC, January 28, 2014.


[149] Human Rights Watch Interview with Steven Aftergood, December 11, 2013.


[150] At the same time, a growing number of intelligence and national security journalists are posting PGP keys on their Twitter pages, signifying to potential sources that they possess some useful level of technological sophistication.


[151] A couple of journalists flagged the development of secure drop boxes, which allow sources (with online instruction) to submit files to a news outlet without independently learning how to use encryption software. E.g., Human Rights Watch interview with Barton Gellman, February 10, 2014. See, e.g., The New Yorker Strongbox, accessed July 14, 2014,


[152] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[153] Human Rights Watch interview with Jane Mayer, January 16, 2014.


[154] Human Rights Watch interviews with Jonathan Landay, December 12, 2013; Peter Finn, December 17, 2013; a national security reporter, Washington, DC January 14, 2014; and Jane Mayer, Washington, DC, January 16, 2014; Human Rights Watch telephone interviews with a reporter who covers law enforcement and national security, February 4, 2014, and a journalist covering Afghanistan, March 18, 2014.


[155] Human Rights Watch interview with Steve Coll, February 14, 2014.


[156] Human Rights Watch interview with Barton Gellman, February 10, 2014.


[157] Human Rights Watch interview with Jane Mayer, January 16, 2014.


[158] Human Rights Watch interview with an investigative journalist for a major outlet, New York, January 23, 2014.


[159] One journalist described having his name on a list to be supplied with some advanced technology by his outlet. Human Rights Watch interview with Eric Schmitt, January 28, 2014.


[160] Human Rights Watch interview with an investigative reporter, Washington, DC, November 19, 2013.


[161] For more on the PRISM program, see Section I, Background: US Surveillance, Secrecy, and Crackdown on Leaks, Footnote 13.


[162] E.g., Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[163] Ibid.


[164] E.g., Human Rights Watch interviews with Martin Knobbe, New York-based correspondent for Stern Magazine, New York, New York, January 13, 2014, and a reporter in Washington, DC (date withheld).


[165] Human Rights Watch interview with Jonathan Landay, December 12, 2013.


[166] Human Rights Watch interview with Peter Finn, December 17, 2013.


[167] E.g., Human Rights Watch interviews with a national security reporter, Washington, DC, January 14, 2014, and a New York-based investigative journalist, New York, March 24, 2014.


[168] Human Rights Watch interview with Stephen Engelberg, January 30, 2014.


[169] Human Rights Watch interview with a New York-based investigative journalist, New York, March 24, 2014.


[170] E.g., Human Rights Watch interview with a reporter, Washington, DC, December 17, 2013; Human Rights Watch telephone interview with Scott Shane, April 2, 2014.


[171] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[172] Human Rights Watch interview with Eric Schmitt, January 28, 2014; Human Rights Watch telephone interview with Peter Maass, March 26, 2014; email correspondence with Peter Maass, July 3, 2014.


[173] Human Rights Watch email correspondence with Peter Maass, July3, 2014.


[174] Human Rights Watch telephone interview with Peter Maass, March 26, 2014.


[175] Human Rights Watch interviews with Steven Aftergood, December 11, 2013, and Martin Knobbe, January 13, 2014.


[176] Human Rights Watch interview with an investigative journalist for a major outlet, New York, January 23, 2014. For background, see Ron Nixon, “U.S. Postal Service Logging All Mail for Law Enforcement,” New York Times, July 3, 2013,


[177] Human Rights Watch telephone interview with Peter Maass, March 26, 2014.


[178] E.g., Human Rights Watch interviews with Jonathan Landay, December 12, 2013, and a national security reporter, Washington, DC, January 14, 2014.


[179] Human Rights Watch interviews with an investigative journalist for a major  outlet, New York, January 23, 2014, and Stephen Engelberg, January 30, 2014.


[180] Human Rights Watch interview with Stephen Engelberg, January 30, 2014.


[181] Human Rights Watch interview with an investigative reporter, Washington, DC, November 19, 2013.


[182] Human Rights Watch interview with Jonathan Landay, December 12, 2013.


[183] Human Rights Watch interviews with multiple journalists (names, locations, and dates withheld).


[184] Human Rights Watch telephone interview with a journalist covering immigration issues, February 4, 2014; Human Rights Watch interviews with an investigative reporter, Washington, DC, November 19, 2013; Scott Horton, January 13, 2014; and Jonathan Landay, December 12, 2013. Peter Maass described one such common practice from Russia dating back at least 10 years ago. During a visit to Russia around that time, Maass watched an acquaintance borrow a stranger’s phone in a restaurant. The acquaintance wanted to make a sensitive call without having it traced back to him. When Maass asked him why the stranger would lend his phone so readily, the acquaintance replied, “We all do that now.” Human Rights Watch telephone interview with Peter Maass, March 26, 2014.


[185] Liz Klimas, “Report: The FBI Can Remotely Turn on Phone Microphones for Spying,” The Blaze, August 2, 2013, (accessed July 14, 2014).


[186] E.g., Human Rights Watch interviews with an investigative reporter, Washington, DC, November 19, 2013, and an investigative journalist for a major outlet, New York, January 23, 2014.


[187] Human Rights Watch interview with Scott Horton, January 13, 2014.


[188] Human Rights Watch interviews with Brian Ross, February 11, 2014, and Jonathan Landay, December 12, 2013.


[189] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[190] Human Rights Watch interview with Jonathan Landay, December 12, 2013.


[191] Human Rights Watch interview with Brian Ross, February 11, 2014.


[192] Human Rights Watch interview with Jonathan Landay, December 12, 2013.


[193] Human Rights Watch interview with Barton Gellman, February 10, 2014.


[194] Ibid.


[195] Human Rights Watch interview with a journalist (name, location, and date withheld).


[196] Patrick Donahue and John Walcott, “U.S. Offered Berlin ‘Five Eyes’ Pact. Merkel Was Done With It,” Bloomberg, July 12, 2014, (accessed July 14, 2014).


[197] Maria McFarland Sanchez-Moreno, “What is the NSA Sharing with Other Countries?,” Al Jazeera America, January 24, 2014, (accessed July 14, 2014).


[198] James Risen & Laura Poitras, “Spying by N.S.A. Ally Entangled U.S. Law Firm,” New York Times, Feb. 15, 2014, (accessed July 14, 2014).


[199] For more on related statements by the same official, see Section IV, The Government’s Rationale for Surveillance.


[200] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[201] Ibid.


[202] Ibid.


[203] Human Rights Watch interview with a reporter for a major newspaper, Washington, DC, December 17, 2013.


[204] E.g., Human Rights Watch interview with Jane Mayer, January 16, 2014.


[205] E.g., Human Rights Watch interviews with a reporter, Washington, DC, December 17, 2013, and Adam Goldman, reporter with the Washington Post, Washington, DC, January 28, 2014.


[206] Human Rights Watch interview with Barton Gellman, February 10, 2014


[207] Human Rights Watch interview with Martin Knobbe, January 13, 2014.


[208] Human Rights Watch Interview with Marisa Taylor, January 16, 2014.


[209] Human Rights Watch interview with Stephen Engelberg, January 30, 2014.


[210] Ibid.


[211] Human Rights Watch interview with James Asher, December 12, 2013.


[212] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[213] Ibid.


[214] Ibid. Human Rights Watch interviews with Jane Mayer, January 16, 2014; Martin Knobbe, January 13, 2014; and Eric Schmitt, January 28, 2014. Human Rights Watch telephone interview with a reporter who covers law enforcement and national security, February 4, 2014.


[215] Human Rights Watch telephone interview with Scott Shane, April 2, 2014.


[216] Ibid.


[217] Human Rights Watch interview with a reporter, Washington, DC, December 17, 2013.


[218] Human Rights Watch interview with Jonathan Landay, December 12, 2013.


[219] Ibid.


[220] Human Rights Watch interview with Jane Mayer, January 16, 2014.


[221] Human Rights Watch interview with Jane Mayer, January 16, 2014


[222] Human Rights Watch interview with Barton Gellman, February 10, 2014.


[223] Human Rights Watch interview with Stephen Engelberg, January 30, 2014.


[224] Human Rights Watch interview with Kathleen Carroll, May 8, 2014.


[225] Human Rights Watch email correspondence with Tim Weiner, July 2, 2014.


[226] Human Rights Watch interview with Betty Medsger, former Washington Post reporter, New York, New York, January 24, 2014.


[227] Ibid.


[228] Human Rights Watch email correspondence with Tim Weiner, July 10, 2014. Weiner has written several books, including Legacy of Ashes: The History of the CIA, (New York: Anchor Books, 2008).


[229] Human Rights Watch email correspondence with Phil Bennett, July 10, 2014.


[230] Medsger’s stories appeared in 1971, the Watergate scandal occurred in 1972, Seymour Hersh published some major revelations about the CIA’s activities in 1974, and in 1975, both the executive and the legislative branches launched investigations into the intelligence community. For more on the chronology of these events, see G. Alex Sinha, “NSA Surveillance Since 9/11 and the Human Right to Privacy,” Loyola Law Review, vol. 59 (2013), pp. 871-873. For more on the story behind Medsger’s reporting, see Betty Medsger, The Burglary: The Discovery of J. Edgar Hoover’s Secret FBI, (New York: Alfred A. Knopf, 2014).


[231] Human Rights Watch interview with Betty Medsger, January 24, 2014.


[232] Human Rights Watch email correspondence with Tim Weiner, July 2, 2014.


[233] Human Rights Watch interview with Betty Medsger, January 24, 2014.


[234] Human Rights Watch Interview with Steven Aftergood, December 11, 2013.


[235] Human Rights Watch telephone interview with Peter Maass, March 26, 2014.


[236] Human Rights Watch interview with Dana Priest, national security reporter at the Washington Post, Washington, DC, December 17, 2013.


[237] Ibid.


[238] Ibid.


[239] Human Rights Watch interview with Steve Coll, February 14, 2014.


[240] Human Rights Watch interview with James Asher, December 12, 2013.


[241] Human Rights Watch interview with Kathleen Carroll, May 8, 2014.


[242] Human Rights Watch interview with Dana Priest, December 17, 2013.


[243] Human Rights Watch telephone interview with Scott Shane, April 2, 2014.


[244] Human Rights Watch telephone interview with a reporter who covers law enforcement and national security, February 4, 2014.


[245] Human Rights Watch interview with Brian Ross, February 11, 2014.


[246] Human Rights Watch interview with Adam Goldman, January 28, 2014.


[247] Ibid.


[248] Hadas Gold, “Clapper refers to Snowden ‘accomplices’,” Politico, January 29, 2014, (accessed July 14, 2014).


[249] Ibid.


[250] Josh Gerstein, “Intelligence chairman accuses Glenn Greenwald of illegally selling stolen material,” Politico, February 4, 2014, (accessed July 14, 2014).


[251] Ibid.


[252] For more on this comparison, see Section IV, The Government’s Rationale for Surveillance.


[253] Human Rights Watch telephone interview with Scott Shane, April 2, 2014.


[254] Human Rights Watch telephone interview with Peter Maass, March 26, 2014.


[255] Ibid.


[256] Human Rights Watch interview with Jonathan Landay, December 12, 2013.


[257] Human Rights Watch interview with a national security reporter, Washington, DC, January 14, 2014.


[258] Much information related to ongoing legal matters is confidential in the sense that attorneys must not reveal it without the client’s informed consent. This includes communications between attorneys and clients, the reasoning behind strategic decisions made pertaining to the case, and information an attorney learns about his client during the representation. The attorney-client privilege is narrower than the duty of confidentiality; it applies to specific sorts of communications, especially (but not exclusively) between attorneys and their clients. The privilege manifests itself primarily as a rule of evidence: privileged communications cannot be introduced in legal proceedings without the client’s consent. Respect for client confidentiality and the attorney-client privilege enables clients to trust their attorneys and facilitates open communication.


[259] Human Rights Watch telephone interview with Maureen Franco, federal public defender for the west district of Texas, March 14, 2014.


[260] As one American Bar Association (ABA) publication put it, “[G]iven the secretive nature of the NSA, as well as the United States Foreign Intelligence Surveillance Court that oversees its surveillance warrants, lawyers can’t even be sure of what is and what is not legal.” Victor Li, ABA Journal, “Tools for lawyers worried that NSA is eavesdropping on their confidential conversations,” March 30, 2014, (accessed July 14, 2014).


[261] In 2013, in a case that predated the Snowden revelations, the Supreme Court denied standing to people who felt obliged to change their practices to guard against surveillance undertaken pursuant to one specific legal authority, Section 702, because they could not demonstrate that their communications had actually been collected. For that ruling and its rationale, see generally Clapper v. Amnesty Int’l USA, 133 S.Ct. 1138 (2013). New challenges are underway based on the Snowden revelations and related acknowledgments of surveillance by the government.


[262] Letter from NSA Director General Keith Alexander to ABA President James Silkenat, March 10, 2014, (accessed July 14, 2014).


[263] “Procedures used by NSA to minimize data collection from US persons: Exhibit B – full document,” Guardian, June 20, 2014, (accessed July 14, 2014), pp. 4-5.


[264] Nicolas Niarchos, “Has the NSA Wiretapping Violated Attorney-Client Privilege?,” The Nation, February 4, 2014, (accessed July 14, 2014).


[265] Letter from ABA President James Silkenat to NSA Director General Keith Alexander and NSA General Counsel Rajesh De, February 20, 2014, (accessed July 14, 2014).


[266] Letter from NSA Director General Keith Alexander to ABA President James Silkenat, March 10, 2014, The ABA acknowledged General Alexander’s response in a short public statement. American Bar Association, “ABA president responds to NSA letter regarding attorney-client privilege,” March 11, 2014, (accessed July 14, 2014).


[267] Letter from NSA Director General Keith Alexander to ABA President James Silkenat, March 10, 2014,, p. 3.


[268] Ibid., 2.


[269] Human Rights Watch telephone interview with Tom Durkin, national security defense attorney, March 6, 2014.


[270] Ibid.


[271] Human Rights Watch telephone interview with a litigator with a private practice representing international clients, April 7, 2014.


[272] Ibid.


[273] Human Rights Watch telephone interview with a federal defender handling a terrorism case, April 3, 2014.


[274] Ibid.


[275] Human Rights Watch telephone interview with Linda Moreno, defense attorney specializing in national security and terrorism cases, March 12 and in-person interview, New York, New York, March 20, 2014.


[276] One group of criminal defense attorneys operates under especially difficult circumstances in this respect. Attorneys defending detainees held at Guantanamo Bay, Cuba, have faced extreme difficulty in trying to protect the confidentiality of communications with their clients. All phones at the military base at Guantanamo are subject to surveillance; in February 2013 defense attorneys discovered listening devices disguised as smoke detectors in attorney client meeting rooms; all meetings with clients are monitored with cameras; in late January 2013, during a different Guantanamo hearing, the judge learned that some unknown government agency was monitoring the courtroom feed and could pick up conversations, even at a whisper, between attorneys and their clients at defense tables; and in mid-April last year, an enormous number of prosecution and defense files disappeared from the server that both legal teams are required to use to process the highly classified documents in the case. Human Rights Watch telephone interview with Michael Schwartz, Air Force JAG who does work before the Guantanamo commissions, March 11, 2014; Laura Pitter, “Listening In,” Foreign Policy, February 21, 2013, (accessed July 16, 2014); Jane Sutton, “Vanishing files delay Guantanamo hearings in 9/11 case,” Reuters, April 17, 2013, (accessed July 16, 2014). As a result of these and other obstacles to protecting attorney client confidences, Guantanamo attorneys had been forced to modify their practices independently of concerns about large-scale electronic surveillance. It is all the more striking that some of these attorneys have felt the need to modify their practices even further in light of the Snowden revelations. E.g., Human Rights Watch telephone interviews with James Connell III, defense attorney for one of the Guantanamo detainees, March 18, 2014, and Jason Wright, Army JAG who does work before the Guantanamo commissions, March 31, 2014.


[277] Human Rights Watch email correspondence with an information security officer at a major international law firm based in Los Angeles, California, April 8, 2014.


[278] Human Rights Watch telephone interview with a partner in the litigation department of a large firm, March 25, 2014.


[279] The ABA Journal published an article on the tools available to lawyers to protect against surveillance. Victor Li, “Tools for lawyers worried that NSA is eavesdropping on their confidential conversations,”

The ABA Litigation Journal also designated an entire issue to questions of surveillance. See generally ABA Litigation Journal, Spring 2014 issue, available at (accessed July 14, 2014).


[280] Brief for Association of the Bar of the City of New York as Amici Curiae Supporting Plaintiffs-Appellants, ACLU v. Clapper, Case No. 13 Civ. 3994 (WHP) (Mar. 13, 2014), (accessed July 14, 2014).


[281] The NACDL has held webinars on legal issues related to the introduction of surveillance information as evidence in criminal prosecutions. NACDL, “NACDL Hosts Educational Webinars on NSA and FISA,” November 25, 2013, (accessed July 14, 2014).


[282] The National Lawyers Guild put out a report in the spring of 2014 on its long history with government surveillance, and the effects of surveillance on the legal profession. Traci Yoder, National Lawyers Guild, “Breach of Privilege: Spying on Lawyers in the United States,” April 2014, (accessed July 14, 2014).


[283] For more on the professional responsibilities of lawyers operating under the threat of surveillance, see The Implications of Surveillance for the Professional Responsibilities of Lawyers, Section III.


[284] Human Rights Watch interview with Stephen Gillers, Elihu Root Professor of Law at NYU School of Law, New York, New York, April 7, 2014; Human Rights Watch telephone interview with Ron Kuby, criminal defense and civil rights lawyer, March 7, 2014.


[285] Affirmation of Professor Stephen Gillers, Ctr. for Constitutional Rights v. Bush, Case No. 06-cv-313 (June 30, 2006), (accessed July 14, 2014).


[286] American Bar Association Model Rules, Rule 1.6(c): Confidentiality of Information, (accessed July 14, 2014).


[287] American Bar Association, “August 2012 Amendments to ABA Model Rules of Professional Conduct,” (accessed July 14, 2014), pp. 5-7.


[288] Human Rights Watch telephone interview with Andrew Perlman, Professor at Suffolk University Law School, March 14, 2014.


[289] Ibid. See also Affirmation of Professor Stephen Gillers, Center for Constitutional Rights v. Bush, Case No. 06-cv-313 (June 30, 2006).


[290] Human Rights Watch telephone interview with Andrew Perlman, March 14, 2014.


[291] Ibid.


[292] Affirmation of Professor Stephen Gillers, Center for Constitutional Rights v. Bush, Case No. 06-cv-313 (June 30, 2006), paras. 3, 8.


[293] Human Rights Watch interview with Stephen Gillers, April 7, 2014.


[294] Niarchos, “Has the NSA Wiretapping Violated Attorney-Client Privilege?” The Nation,


[295] Ibid.


[296] James Risen and Laura Poitras, “Spying by N.S.A. Ally Entangled U.S. Law Firm,” New York Times, February 15, 2014, (accessed July 14, 2014).


[297] Ibid.


[298] Human Rights Watch telephone interview with Andrew Perlman, March 14, 2014.


[299] American Bar Association, “August 2012 Amendments to ABA Model Rules of Professional Conduct,” (accessed July 14, 2014), p. 7.


[300] Ibid.


[301] Human Rights Watch telephone interview with Jonathan Hafetz, Associate Professor of law at Seton Hall University School of Law, March 13, 2014. Hafetz noted that he became concerned after initial reports about NSA domestic surveillance in 2005, and that his concerns have only grown with the Snowden revelations.


[302] Human Rights Watch telephone interviews with Rob Feitel, defense attorney, March 7, 2014; and an experienced criminal defense attorney, March 10, 2014; Human Rights Watch telephone interview with Linda Moreno, March 12, 2014 and in-person interview, March 20, 2014; Human Rights Watch telephone interview with Jonathan Hafetz, March 13, 2014.


[303] Human Rights Watch telephone interview with Linda Moreno, March 12, 2014 and in-person interview, March 20, 2014.


[304] Email from Nancy Hollander, attorney, to Human Rights Watch, June 24, 2014.


[305] Human Rights Watch interview with Stephen Gillers, April 7, 2014.


[306] Human Rights Watch telephone interview with an experienced criminal defense attorney, March 10, 2014.


[307] Ibid.


[308] Ibid.

Andrew Perlman, “Protecting Client Confidences in a Digital Age: The Case of the NSA,” JURIST – Forum, March 4, 2014, (accessed July 14, 2014).


[310] Human Rights Watch telephone interview with Andrew Perlman, March 14, 2014.


[311] Ibid.


[312] Ibid.


[313] Human Rights Watch telephone interview with James Connell III, March 18, 2014.


[314] Human Rights Watch interview with Shane Kadidal, senior managing attorney of the Guantanamo Global Justice Initiative at the Center for Constitutional Rights, New York, New York, March 6, 2014.


[315] Human Rights Watch telephone interview with a federal defender handling a terrorism case, April 3, 2014.


[316] Human Rights Watch telephone interview with Ron Kuby, March 7, 2014.


[317] Human Rights Watch skype interview with Nancy Hollander, April 9, 2014.


[318] Human Rights Watch telephone interview with Ron Kuby, March 7, 2014.


[319] Human Rights Watch telephone interview with Josh Dratel, a criminal defense attorney who has handled numerous terrorism cases, October 11, 2013.


[320] Ibid.


[321] Ibid.


[322] Ibid.


[323] E.g., Human Rights Watch telephone interviews with an experienced criminal defense attorney, March 10, 2014; Human Rights Watch telephone interview with Linda Moreno, March 12, 2014 and in-person interview, March 20, 2014; Human Rights Watch telephone interviews with Jonathan Hafetz, March 13, 2014, and a federal defender based on the West Coast, March 20, 2014.


[324] E.g., Human Rights Watch telephone interview with an experienced criminal defense attorney, March 10, 2014.


[325] Ibid.


[326] “JAG” stands for “Judge Advocate General,” and in this context refers to those who serve in the legal branch of the US armed forces.


[327] Human Rights Watch telephone interview with Jason Wright, March 31, 2014.


[328] Human Rights Watch telephone interview with Ahmed Ghappour, Professor of law at UC Hastings, October 8, 2013.


[329] Human Rights Watch interview with a clinical law professor who handles national security matters, New York, March 19, 2014.


[330] Human Rights Watch telephone interview with Tom Durkin, March 6, 2014.


[331] Human Rights Watch telephone interview with Josh Dratel, October 11, 2013. For more on the government’s use of evidence acquired through FISA or the FAA, see Human Rights Watch and Columbia Law School Human Rights Institute, Illusions of Justice: Human Rights Abuses in US Terror Prosecutions,, pp. 96-106.


[332] Human Rights Watch telephone interview with Ron Kuby, March 7, 2014.


[333] Human Rights Watch telephone interview with Tom Durkin, March 6, 2014.


[334] Ibid.


[335] E.g., Human Rights Watch telephone interviews with a New York-based national defense litigator, October 2, 2013; Josh Dratel, October 11, 2013; and a leading national security defense attorney, March 6, 2014; Human Rights Watch interview with Shane Kadidal, March 6, 2014; Human Rights Watch telephone interviews with Rob Feitel, March 7, 2014, and Ron Kuby, March 7, 2014.


[336] Human Rights Watch telephone interview with Linda Moreno, March 12, 2014 and in-person interview, March 20, 2014.


[337] Human Rights Watch interview with a clinical law professor who handles national security matters, New York, March 19, 2014.


[338] Human Rights Watch telephone interview with Rob Feitel, March 7, 2014.


[339] Human Rights Watch interviews with multiple lawyers (names, locations, and dates withheld).


[340] Human Rights Watch interview with a lawyer (name, location, and date withheld).


[341] Human Rights Watch email correspondence with a lawyer (name, location, and date withheld), June 26, 2014.


[342] Human Rights Watch interview with an attorney (name, location, and date withheld). For more on why this is not an idle worry, see Jacob Appelbaum et al., “NSA targets the privacy conscious,” Das Erste, July 3, 2014, (accessed July 14, 2014).


[343] Human Rights Watch interview with a lawyer (name, location, and date withheld).


[344] Ibid.


[345] Ibid.


[346] Human Rights Watch telephone interview with a defense attorney (date withheld).


[347] Ibid.


[348] Human Rights Watch interview with a clinical law professor who handles national security matters, New York, March 19, 2014.


[349] E.g., Human Rights Watch interview with Shane Kadidal, March 6, 2014; Human Rights Watch telephone interviews with Rob Feitel, March 7, 2014, and Ron Kuby, March 7, 2014; Human Rights Watch telephone interview with Linda Moreno, March 12, 2014 and in-person interview, March 20, 2014; Human Rights Watch telephone interviews with a lawyer specializing in international dispute resolution at a major international firm, April 1, 2014, and a litigator with a private practice representing international clients, April 7, 2014.


[350] Human Rights Watch telephone interview with a lawyer specializing in international dispute resolution at a major international firm, April 1, 2014.


[351] Ibid.


[352] Human Rights Watch telephone interview with an experienced criminal defense attorney, March 10, 2014.


[353] Human Rights Watch telephone interview with Linda Moreno, March 12, 2014 and in-person interview, March 20, 2014.


[354] Human Rights Watch telephone interview with Tom Durkin, March 6, 2014. Subsequently, Durkin added, “But recently I was forced to do the same.” Human Rights Watch telephone interview with Tom Durkin, July 7, 2014.


[355] Human Rights Watch telephone interview with Linda Moreno, March 12, 2014 and in-person interview, March 20, 2014.


[356] Human Rights Watch telephone interview with a federal defender handling a terrorism case, April 3, 2014.


[357] Human Rights Watch email exchange with a litigator with a private practice representing international clients, July 10, 2014.


[358] Human Rights Watch telephone interview with Linda Moreno, March 12, 2014 and in-person interview, March 20, 2014.


[359] Human Rights Watch telephone interview with James Connell III, March 18, 2014.


[360] On May 16, 2013, Obama offered a public explanation for his interest in stopping leaks of national security information. “Leaks related to national security can put people at risk. They can put men and women in uniform that I’ve sent into the battlefield at risk. They can put some of our intelligence officers, who are in various, dangerous situations that are easily compromised, at risk. . . . So I make no apologies, and I don’t think the American people would expect me as commander in chief not to be concerned about information that might compromise their missions or might get them killed.” Joint Conference, President Obama and Prime Minister Erdogan of Turkey, Washington, DC, May 16, 2013, (accessed July 14, 2014).


[361] Human Rights Watch interview with a senior intelligence official, April 15, 2014 (location withheld).


[362] Human Rights Watch telephone interview with Bob Deitz, General Counsel for the NSA from 1998 to 2006, April 1, 2014.


[363] For more on this sequence of events, see G. Alex Sinha, “NSA Surveillance Since 9/11 and the Human Right to Privacy,” Loyola Law Review, vol. 59 (2013), pp. 871-873.


[364] Human Rights Watch interview with senior FBI official, Washington, DC, May 12, 2014. The FBI official identified the mistakes as concerning “how NSA processed certain communications,” but he did not elaborate.


[365] For more on that discussion, see Brennan Center for Justice, New York University School of Law, “Are They Allowed to Do That? A Breakdown of Selected Government Surveillance Programs,” (accessed July 14, 2014), p. 3.


[366] For more on that possibility, see Andrea Peterson, “LOVEINT: When NSA officers use their spying power on love interests,” Washington Post, August 24, 2013, (accessed July 14, 2014).


[367] As noted in the Background section above, however, oversight mechanisms for the surveillance programs have received significant criticism recently, in part because various people involved in oversight have themselves expressed concerns. For more on some of that criticism, see Spencer Ackerman, “Fisa court documents reveal extents of NSA disregard for privacy restrictions,” Guardian, November 19, 2013, (accessed July 14, 2014).


[368] Human Rights Watch interview with senior FBI official, Washington, DC, May 12, 2014.


[369] Human Rights Watch interview with senior FBI official, Washington, DC, May 12, 2014.


[370] Human Rights Watch interview with a senior intelligence official, April 15, 2014 (location withheld).


[371] Human Rights Watch telephone interview with former DOJ official, April 10, 2014. The United States takes the position that “[n]othing in [the ICCPR] requires or authorizes legislation, or other action, by the United States of America prohibited by the Constitution of the United States as interpreted by the United States.” U.S. reservations, declarations, and understandings, International Covenant on Civil and Political Rights, 138 Cong. Rec. S4781-01 (daily ed., April 2, 1992),

The Human Rights Committee criticized this position in the concluding observations of its first review of the United States’ compliance with the ICCPR, noting, “The Committee regrets the extent of the State party’s reservations, declarations and understandings to the Covenant. It believes that, taken together, they intended to ensure that the United States has accepted only what is already the law of the United States.” Report of the Human Rights Committee, A/50/40, October 3, 1995,, para. 279.


[372] Human Rights Watch interview with senior FBI official, Washington, DC, May 12, 2014.


[373] Human Rights Watch telephone interview with Bob Deitz, April 1, 2014.


[374] Human Rights Watch interview with senior intelligence official, April 15, 2014 (location withheld).


[375] Ibid.


[376] Ibid. “GCHQ” refers to Government Communications Headquarters, a British intelligence agency.


[377] Ibid.


[378] Ibid.


[379] “Obama’s Speech on N.S.A. Phone Surveillance,” New York Times, January 17, 2014, (accessed July 14, 2014).


[380] Ibid.


[381] Human Rights Watch interview with senior intelligence official, April 15, 2014 (location withheld).


[382] Ibid.


[383] Ibid.


[384] For example, according to a senior DOJ official, “the FBI is the component of the Department of Justice that conducts electronic surveillance under FISA and therefore has minimization procedures governing the information that is acquired.” Email from senior DOJ official to Human Rights Watch, July 15, 2014.


[385] Ibid.


[386] Ibid.


[387] Human Rights Watch interview with senior intelligence official, April 15, 2014

(location withheld).


Human Rights Watch telephone interview with Bob Deitz, April 1, 2014, Human Rights Watch interview with senior intelligence official, April 15, 2014 (location withheld).


[389] Human Rights Watch interview with senior intelligence official, April 15, 2014 (location withheld).


[390] Ibid.


[391] Human Rights Watch telephone interview with Bob Deitz, April 1, 2014.


[392] Ibid.


[393] Several journalists expected this sort of response, believing that the government actively intends for there to be a chilling effect. E.g., Human Rights Watch interviews with Dana Priest, national security reporter at the Washington Post, Washington, DC, December 17, 2013; Human Rights Watch telephone interview with Scott Shane, intelligence reporter for the New York Times, April 2, 2014.


[394] Email from senior DOJ official to Human Rights Watch, July 15, 2014.


[395] Ibid. The same official explained that the National Security Division of the Justice Department (NSD), which handles leak investigations, does not itself query such information, though the NSD “is responsible for obtaining authorization to conduct electronic surveillance under the Foreign Intelligence Surveillance Act (FISA) and representing the government before the Foreign Intelligence Surveillance Court.” Ibid.


[396] Ibid.


[397] Ibid.


[398] Human Rights Watch interview with senior intelligence official, April 15, 2014 (location withheld).


[399] Ibid.


[400] Human Rights Watch interview with senior FBI official, Washington, DC, May 12, 2014.


[401] Human Rights Watch telephone interview with Bob Deitz, April 1, 2014.


[402] Human Rights Watch interview with senior intelligence official, April 15, 2014 (location withheld).


[403] Human Rights Watch telephone interview with Bob Deitz, April 1, 2014.


[404] Human Rights Watch interview with senior intelligence official, April 15, 2014 (location withheld).


[405] Ibid.


[406] Human Rights Watch telephone interview with Charlie Savage, reporter for the New York Times, March 14, 2014.


[407] E.g. Human Rights Watch interview with James Asher, Washington Bureau Chief for McClatchy Co., Washington, DC, December 12, 2013; Human Rights Watch telephone interview with Charlie Savage, March 14, 2014.


[408] Human Rights Watch telephone interview with Charlie Savage, March 14, 2014.


[409] Human Rights Watch interview with senior intelligence official, April 15, 2014 (location withheld).


[410] Ibid.


[411] Ibid.


[412] Human Rights Watch telephone interview with former DOJ official, April 10, 2014.


[413] Human Rights Watch interview with senior FBI official, Washington, DC, May 12, 2014.


[414] “The problem with organizations [like HRW and the ACLU] is that they’re monomaniacs,” he said, adding that such groups are blind to “shade[s] of gray” in public policy questions, a result he termed “ridiculous.” When our researcher insisted that both organizations genuinely seek to understand the government’s stances on these issues, Deitz replied, “Color me skeptical.” Human Rights Watch telephone interview with Bob Deitz, April 1, 2014.


[415] E.g., Comments of Human Rights Watch to the Privacy and Civil Liberties Oversight Board, August 1, 2013,;

Human Rights Watch, Letter to President Obama Urging Surveillance Reforms, January 16, 2014,;

Human Rights Watch and the Electronic Frontier Foundation Supplemental Submission to the Human Rights Committee During its Consideration of the Fourth Periodic Report of the United States, February 14, 2014,;

Human Rights Watch, Joint Submission to OHCHR Consultation in Connection with General Assembly Resolution 68/167: “The Right to Privacy in the Digital Age,” April 1, 2014,

Privacy and Civil Liberties Oversight Board Public Hearing on Section 702 of the FISA Amendments Act, Submission of Amnesty International & American Civil Liberties Union, March 19, 2014, (accessed July 17, 2014);

American Civil Liberties Union, “Privacy Rights in the Digital Age: A Proposal for a New General Comment on the Right to Privacy under Article 17 of the International Covenant on Civil and Political Rights, Draft Report & General Comment,” March 2014, (accessed July 17, 2014).


[416] There is a strong and well-recognized connection between privacy and freedom of expression in that inadequate protections for the former can seriously undermine the latter. For sources recognizing that connection, see, e.g., UN Human Rights Council, “Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression,” Frank La Rue, A/HRC/23/40, April 17, 2013, (accessed July 14, 2014) paras 24-27.

The US government’s interest in promoting freedom of expression online around the world thus relies significantly on the presence of sufficient privacy protections. For the government’s own statement about its interests in promoting freedom of expression online, see US Department of State, “Diplomacy in Action: Internet Freedom,” (accessed July 14, 2014).


[417] The US Constitution does not mention privacy by name, but the right finds roots in the 4th Amendment ban on “unreasonable searches and seizures.” U.S. Const. Amend. IV.


[418] For more on anonymous speech in human rights law, see UN Human Rights Council, “Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression,” Frank La Rue, A/HRC/23/40, April 17, 2013,, paras. 88-90.


[419] International Covenant on Civil and Political Rights (ICCPR), adopted December 16, 1966, G.A. Res. 2200A (XXI), 21 U.N. GAOR Supp. (No.16) at 52, U.N. Doc. A/6316 (1966), 999 U.N.T.S. 171, entered into force March 23, 1976, ratified by US on June 8, 1992, art. 19.


[420] Ibid. Although the treaty is binding, people cannot bring individual lawsuits based solely on the treaty in US courts.


[421] Ibid., art. 22.


[422] Ibid., art. 17.


[423] Ibid., art. 19. According to Manfred Nowak, no state was in favor of a narrow reading of this article in drafting the treaty, so “there can be no doubt that every communicable type of subjective idea and opinion, of value-neutral news and information, of … political commentary regardless of how critical, … is protected by Art. 19(2).” Manfred Nowak, U.N. Covenant on Civil and Political Rights: CCPR Commentary (Arlington: N.P. Engel, 1993), p. 341. The right also appears in the Universal Declaration of Human Rights (UDHR) and the American Declaration of the Rights and Duties of Man. See Universal Declaration of Human Rights (UDHR), adopted December 10, 1948, G.A.Res. 217A(III), U.N. Doc. A/810 at 71 (1948), art. 19; American Declaration of the Rights and Duties of Man, adopted April 1948, Ninth International Conference of American States, art. IV.


[424] ICCPR., art. 26.


[425] UN Human Rights Committee, General Comment 15: The position of aliens under the Covenant, U.N. Doc. HRI/GEN/1/Rev.1 (April 11, 1986), para. 7; see also Submission of Amnesty International USA and the American Civil Liberties Union to Privacy and Civil Liberties Oversight Board, Public Hearing on Section 702 of the FISA Amendments Act, March 19, 2014, (accessed July 14, 2014), p. 13.

The Human Rights Committee (HRC) is a group of experts tasked by the UN with monitoring the implementation of the ICCPR. Its General Comments are the most authoritative interpretations of state obligations under the treaty, though states do not always adopt the HRC’s views.


[426] For more on the US position, see Harold Koh, Office of the Legal Advisor, Memorandum Opinion on the Geographic Scope of the International Covenant on Civil and Political Rights, October 19, 2010, (accessed July 14, 2014), pp. 1-2.


[427] Human Rights Committee, “Concluding observations on the fourth periodic report of the United States of America,” CCPR/C/USA/CO/4, April 23, 2014, (accessed July 14, 2014), para. 4, noting, “The Committee regrets that the State party continues to maintain the position that the Covenant does not apply with respect to individuals under its jurisdiction, but outside its territory, despite the interpretation to the contrary of article 2, paragraph 1, supported by the Committee’s established jurisprudence, the jurisprudence of the International Court of Justice and State practice.”)


[428] UN Human Rights Council, “The right to privacy in the digital age: Report of the Office of the United Nations High Commissioner for Human Rights,” A/HRC/27/37, June 30, 2014, (accessed July 14, 2014), para. 34.


[429] Ibid.


[430] UN Human Rights Committee, General Comment 34, Article 19: Freedoms of opinion and expression, U.N. Doc. CCPR/C/GC/34 (2011), para. 4, (noting “freedom of expression is integral to the enjoyment of the rights to freedom of assembly and association.”)

Ibid., paras. 18 and 19.


[432] Ibid., para. 19.


[433] Organization of American States, Declaration of Principles on Freedom of Expression, October 19, 2000,, prin. 4.

For explanatory background on the principles, see Organization of American States, Background and Interpretation of the Declaration of Principles,

The Inter-American Commission on Human Rights (IACHR) adopted the declaration at its 108th regular sessions in October 2000. Ibid. In adopting the declaration, the IACHR interpreted Article 13 (freedom of expression) of the American Convention on Human Rights, which the US has signed though not ratified, to include the right of access to official information. Ibid. Other regional and international institutions have made similar statements. For examples of such statements, see, e.g., Joint declaration by Ambeyi Ligabo, U.N. Special Rapporteur on Freedom of Opinion and Expression, Miklos Haraszti, OSCE Representative on Freedom of the Media, and Eduardo Bertoni, OAS Special Rapporteur for Freedom of Expression, December 6, 2004, (accessed July 14, 2014). See also United Nations Economic and Social Council, Commission on Human Rights, Civil and Political Rights, Including the Question of Freedom of Expression: The Right to Freedom of Opinion and Expression. Report of the Special Rapporteur, Ambeyi Ligabo, submitted in accordance with Commission resolution 2003/42, (New York: United Nations, 2003); IACHR, Report on Terrorism and Human Rights, OAS/Ser.L./V/II 116, Doc. 5 rev. 1 corr. October 22, 2002, (accessed July 14, 2014), para. 281.

Although a narrower interpretation of the right of access to information has prevailed in Europe, the European Court of Human Rights, interpreting Article 8 (private and family life) of the European Convention, has found that individuals have the right to obtain information held by the government if such information affects their private lives, and that the government’s storage of that information therefore interferes with their rights to privacy and family life guaranteed by the Convention. The European Court has also established that governments may not restrict a person from receiving information that others wish or may be willing to impart. European Court of Human Rights, Leander v. Sweden, no. 10/1985/96/144, February 1985, paras. 48 and 74; European Court of Human Rights, Gaskin v. United Kingdom, no. 2/1988/146/200, June 1989, para. 49; and European Court of Human Rights, Guerra and others v. Italy, no. 116/1996/735/932, February 1998, paras. 53 and 60. The European Court’s reading finds support in Principle 3 of the Declaration of Principles on Freedom of Expression. Organization of American States, Declaration of Principles on Freedom of Expression, October 19, 2000,, prin. 3.


[434] For discussion of these connections, see Organization of American States, Declaration of Principles on Freedom of Expression,, prin. 1. In Europe this has been recognized since the early 1980s. Toby Mendel, “Freedom of Information: An Internationally protected Human Right,” Comparative Media Law, January-June 2003, pp. 13-19,  (accessed July 14, 2014).

The Inter-American Court of Human Rights held in 1985 that effective citizen participation and democratic control, as well as a true debate in a democratic society, cannot be based on incomplete information. Understanding freedom of expression as both the right to express oneself, and the right to obtain information, the Inter-American Court of Human Rights held that “freedom of expression is a cornerstone upon which the very existence of a democratic society rests. It is indispensable in the formation of public opinion. It represents, in short, the means that enable the community, when exercising its options, to be sufficiently informed.

Consequently, it can be said that a society that is not well informed is not a society that is truly free.” Inter-American Court of Human Rights, “Compulsory Membership in an Association prescribed by Law for the Practice of Journalism (Articles 13 and 29 American Convention on Human Rights),” Advisory Opinion OC-5, November 13, 1985, para. 70. The OAS General Assembly has held in 2003, 2004, and 2005 that access to official information is an indispensable requirement for a democracy to work properly, and that states have an obligation to ensure access to information. OAS General Assembly Resolution on Access to Official Information: Strengthening Democracy, AG/Res. 1932 (XXXIII-O/03), June 10, 2003, (accessed July 14, 2014); OAS General Assembly Resolution Access to Official Information: Strengthening Democracy, AG/Res. 2057 (XXXIV-O/04), June 8, 2004,(accessed July 14, 2014); and OAS General Assembly Resolution on Access to Official Information: Strengthening Democracy, AG/RES. 2121 (XXXV-O/05), May 26, 2005, (accessed July 14, 2014).


[435] UN Human Rights Committee, General Comment 34, Article 19: Freedoms of opinion and expression, U.N. Doc. CCPR/C/GC/34 (2011), para. 13.


[436] Limitations may also be permissible for the protection of public order, public health or morals, or the rights and freedoms of others.For a list of those limitations, see, e.g., ICCPR, art. 12. Our analysis focuses on the national security exception because that is the public justification for the surveillance programs and the crackdown on leaks. The Human Rights Committee has also acknowledged the national security limitation on the right to freedom of expression. UN Human Rights Committee, GeneralComment 34, Article 19: Freedoms of opinion and expression, U.N. Doc. CCPR/C/GC/34 (2011), para. 21. Legal scholars argue that the same limitations apply to rights guaranteed by Article 17 (right to privacy), even though the text does not list any exceptions or limitations. As one example, see, e.g. Manfred Nowak, U.N. Covenant on Civil and Political Rights: CCPR Commentary, 2d rev. ed. (Kehl am Rhein: Engel, 2005), p. 381.UN Human Rights Council, “Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism,” Martin Scheinin, A/HRC/13/37, December 18, 2009, (accessed July 15, 2014); UN Human Rights Council, “Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression,” Frank La Rue, A/HRC/23/40, April 17, 2013, (accessed July 15, 2014)


[437] ICCPR, art. 19(3), at 52.


[438] UN Human Rights Committee, General Comment 34, Article 19: Freedoms of opinion and expression, U.N. Doc. CCPR/C/GC/34 (2011), para. 22.


[439] Ibid., para. 30.


[440] The Johannesburg Principles on National Security, Freedom of Expression and Access to Information (Johannesburg Principles), November 1996,   (accessed July 14, 2014).


[441] Ibid., Principle 1.2.


[442] Ibid., Principle 2(a).


[443] The Tshwane Principles have the same legal standing as the Johannesburg Principles, providing an influential interpretation of the standard, under international law, for balancing access to information with the protection of national security.


[444] The Global Principles on National Security and the Right to Information (Tshwane Principles), June 12, 2013, (accessed July 14, 2014), Principle 1(a).


[445] Ibid., Principle 9(a)(i)-(v).


[446] Ibid., Principle 3.


[447] Specifically, the Principles list five categories that cover “on-going defense … operations”; “weapon systems”; “specific measures to safeguard the territory of the state” (or other critical strategic assets); “operations, sources, and methods of intelligence services” geared toward protecting national security; and “information concerning national security” that was provided by other states or bodies under a guarantee of confidentiality. Ibid., Principle 9ai-v.


[448] Ibid., Principle 10.


[449] Ibid., Principle 10(a). Such information, which includes “crimes under international law, and systematic or widespread violations of the rights to personal liberty and security,” “may not be withheld on national security grounds in any circumstances.” Ibid., Principle 10(a)(1). Information related to less serious violations of human rights or humanitarian law remains “subject to a high presumption of disclosure.” Ibid., Principle 10(a)(2).


[450] Ibid., Principle 10(e).


[451] Ibid., Principles 37-41.


[452] Even the government acknowledges that over-classification occurs. E.g., Ben Rhodes, “The President Signs H.R. 533, The Reducing Over-Classification Act,” The White House Blog, October 7, 2010, (accessed July 14, 2014).

The Office of the Director of National Intelligence, “Intelligence Community Classification Guidance Findings and Recommendations Report,” January 2008, (accessed July 14, 2014), p. v. “Pentagon Acknowledges, Combats Overclassification,”

Secrecy News, November 1, 2004, (accessed July 14, 2014).


[453] Tshwane Principles, Principle 2(b).


[454] For more, see Footnote 452.


[455] For more on this question, see, e.g., Laura Pitter (Human Rights Watch), “Dispatches: Snowden Case Highlights Need for Whistleblower Reform,” January 7, 2014,; Human Rights Watch, “US: Protect National Security Whistleblowers,” June 18, 2013,


[456] Other portions of the Johannesburg Principles also support this conclusion. For example, “[p]rotection of national security may not be used as a reason to compel a journalist to reveal a confidential source.” Johannesburg Principles, prin. 18. Additionally, expression can be punished, under the principles, only if it is “intended to incite imminent violence,” “likely to incite such violence,” and tightly connected to the “likelihood or occurrence of such violence.” Johannesburg Principles, prin. 6.


[457] In the First Amendment to the US Constitution, the freedom to associate derives from the language guaranteeing “Congress shall make no law … abridging … the right of the people peaceably to assemble, and to petition the Government for redress of grievances.” U.S. Const. amend I.


[458] Nat’l Ass’n for Advance. of Colored People v. Alabama, 357 US 449, 462 (1958).


[459] Ibid. at 462.


[460] Ibid. at 460.


[461] For example, journalists may face liability for publishing inaccurate, defamatory items. Lovell v. City of Griffin, 303 U.S. 444, 450 (1938). They may also be subpoenaed to appear before grand juries.


[462] Branzburg v. Hayes, 408 U.S. 665, 683 (1972) (“Although it may deter or regulate what is said or published, the press may not circulate knowing or reckless falsehoods damaging to private reputation without subjecting itself to liability for damages, including punitive damages, or even criminal prosecution. See NewYork Times Co. v. Sullivan, 376 U.S. 254, 279-280 (1964); Garrison v. Louisiana, 379 U.S. 64, 74 (1964); Curtis Publishing Co. v. Butts, 388 U.S. 130, 147 (1967) (opinion of Harlan, J.,); Monitor Patriot Co. v. Roy, 401 U.S. 265, 277 (1971).”).


[463] The case of Julian Assange could become an exception if the US were to act on threats made by some US officials. For more on Assange’s case, see Ed Pilkington, “Julian Assange to file fresh challenge in effort to escape two-year legal limbo,” Guardian, June 18, 2014, (accessed July 14, 2014).


[464] For more on Risen’s situation, see Dylan Byers, “Supreme Court rejects James Risen appeal,” Politico, June 2, 2014, (accessed July 14, 2014); “US: Don’t Press Charges Against New York Times Reporter,” Letter from Kenneth Roth to Attorney General Holder, June 4, 2014,


[465] “US: Don’t Press Charges Against New York Times Reporter,” Letter from Kenneth Roth to Attorney General Holder,


[466] See generally, Snepp v. US, 444 U.S. 507 (1980). These restrictions can apply to the sharing of classified information, which federal employees often (if not always) agree to keep secret.


[467] For an example, see Department of Homeland Security, Non-Disclosure Agreement, (accessed July 14, 2014).


[468] Stillman v. Dep’t of Defense, 209 F. Supp. 2d 185, 217 (D.DC 2002).


[469] Lane v. Franks, 573 U. S. ____ (2014). For more on the case, see David G. Savage, “Supreme Court gives public workers 1st Amendment shield,” Los Angeles Times, June 19, 2014, (accessed July 14, 2014).


[470] McGehee v. Casey, 718 F.2d 1137, 1142-43 (DC Cir. 1983) (citations omitted).


[471] For example, one district court explicitly has recognized that former government employees have “a First Amendment right to publish unclassified information.” Stillman, 209 F. Supp. 2d at 217. Indeed, as the DC Circuit has interpreted its own test, “[t]he government may not censor [unclassified materials or information obtained from public sources], ‘contractually or otherwise…’ [and t]he government has no legitimate interest in censoring unclassified materials.” McGehee, 718 F.2d at 1141 (citations omitted).

Talley v. California, 362 U.S. 60 (1960) (striking down a city ordinance that banned the distribution of any handbills omitting identifying information of the people who produced or distributed them); McIntyre v. Ohio Elections Comm’n, 514 U.S. 334 (1995) (striking down a similar state statute).


[473] Talley, 362 U.S. at 64.


[474] ICCPR., art. 14(3)(d). It also provides for the right “to have legal assistance assigned to him, in any case where the interests of justice so require, and without payment by him in any such case if he does not have sufficient means to pay for it.” Ibid.

Human Rights Committee, General Comment 13, Article 14: Administration of justice, U.N. Doc. HRI/GEN/1/Rev.9 (2003) para. 9 (Interpreting the ICCPR as requiring “counsel to communicate with the accused in conditions giving full respect for the confidentiality of their communications,” and noting, “[l]awyers should be able to counsel and to represent their clients in accordance with their established professional standards and judgement without any restrictions, influences, pressures or undue interference from any quarter.”); see also Human Rights Committee, General Comment 32, Article 14: Right to equality before courts and tribunals and to a fair trial, CCPR/C/GC/32 (2007), para. 34 (noting, “Counsel should be able to meet their clients in private and to communicate with the accused in conditions that fully respect the confidentiality of their communications.”).

Numerous UN guidelines likewise require “full confidentiality” of communications. E.g., Body of Principles for the Protection of All Persons under Any Form of Detention or Imprisonment, adopted December 9, 1988, UN GAOR Res. 43/173 at 298, 43rd Session, 76th plenary meeting, UN Doc. A/43/49 (1988), principles 18(3)(4), 43 UN GAOR Supp. (Nº 49); Basic Principles on the Role of Lawyers, adopted by the Eighth United Nations Congress on the Prevention of Crime and the Treatment of Offenders, Havana, Cuba, August 27-September 7, 1990, U.N. Doc. A/CONF.144/28/Rev.1 at 118 (1990), principles 8, 22; Standard Minimum Rules for the Treatment of Prisoners, UN Economic and Social Council resolution 663 C (XXIV), July 31, 1957 and resolution 2076 (LXII), May 13, 1977, para. 93. See also Inter-American Commission on Human Rights, Principles and Best Practices on the Protection of Persons Deprived of Liberty in the Americas, 131st Sess. Mar. 3-14, 2008, principle 5.


[476] Basic Principles on the Role of Lawyers, adopted by the Eighth United Nations Congress on the Prevention of Crime and the Treatment of Offenders, Havana, 27 August to 7 September 1990, U.N. Doc. A/CONF.144/28/Rev.1 at 118 (1990),, principle 16.

According to their own terms, these principles were “formulated to assist [UN] Member States in their task of promoting and ensuring the proper role of lawyers, should be respected and taken into account by Governments within the framework of their national legislation and practice.” The terms of these principles, while not legally binding, are highly influential in defining the terms of US’s human rights obligations under the ICCPR.


[477] For more on the government’s treatment of attorney-client communications collected through surveillance, see Section IV, The Government’s Rationale for Surveillance.


[478] Specifically, the Sixth Amendment stipulates that “In all criminal prosecutions, the accused shall enjoy the right …. to have the assistance of counsel for his defense.” U.S. Const. amend. VI.


[479]United States v. Rosner, 485 F.2d 1213, 1224 (2d Cir. 1973).


[480]Caldwell v. United States, 205 F.2d 879, 881 (DC Cir. 1953).


[481] United States v. Levy, 577 F.2d 200, 209 (3d Cir. 1978). This principle, however, has limits. For example, in Weatherford v. Bursey, a case involving a confidential government informant who attended early meetings between the defendant and his attorney, the Supreme Court ruled that there was no violation of the defendant’s Sixth Amendment rights.

Significantly, a dissent by Justices Marshall and Brennan urged the court to adopt a strict per se prohibition on interference with the relationship between defendants and their attorneys. Weatherford v. Bursey, 429 US 545, 561 (1976) (Marshall, J., dissenting). One factor in the ruling was that the defendant had invited the informant to the meetings; another, more important for present purposes, is that the informant did not pass on relevant information to the prosecution.

As the majority opinion phrased it: “As long as the information possessed by [the government’s informant] remained uncommunicated [to the prosecution], he posed no substantial threat to [the defendant’s] Sixth Amendment rights. Ibid., pp. 556-57. The situation attorneys and their clients face under large-scale electronic surveillance differs materially in several respects, but one difference is particularly relevant: neither the defendant in Weatherford nor his attorney had any reason to suspect government interference in their relationship because they did not know there was a government agent at the meetings; with large-scale electronic surveillance, both defendant and attorney have reason to fear their conversations are being recorded.


[482] Such a practice might very well violate the Constitution. See Weatherford v. Bursey, 429 US 545 (1976) (offering the relevant holding).


[483] Mike German and Jay Stanley, ACLU, “Drastic Measures Required: Congress Needs to Overhaul U.S. Secrecy Laws and Increase Oversight of the Security Establishment,” July 2011, (accessed July 17, 2014), p. 48.

Table of Contents

© 2015 Human Rights Watch

Human Rights Watch |


Thomas Hartmann: The Crash of 2016

Could the United States face another economic collapse? Writer and broadcaster Thom Hartmann looks back at past financial crises and comes to a startling conclusion. “As long as you don’t look too closely at our nation, things seem under control — the United States looks whole … but when you go around to the ‘dark back side’ of the nation, you see the shocking truth. There you see a nation whose core fundamentals have been hollowed out,” writes Hartmann in his new book, “The Crash of 2016: The Plot to Destroy America — and What We Can Do to Stop It.”

How Class Works

This video was produced by the National Association of County and City Public Health Officals (NACCHO) as a part of thier Roots of Heath Inequality Project. The project is a web-based course for the public health workforce and “How Class Works” is one section of the course.

The social and economic origins of health inequity have been well-documented since the industrial revolution in the 1840s. Recent data demonstrates a staggering and growing degree of social and economic inequality in the U.S. not seen since the Great Depression. Rates of disease and illness for people with low income are worsening across almost all categories and geographic areas in the U.S.

In this short video, economist Richard Wolff explains our class society and applies that understanding to our current financial recession. Wolff argues that a minority class determines the way our society distributes the output and places those who receive the profits in the position of deciding how they are utilized, “…We all live with the results of what a really tiny minority in our society decides to do with the profits everybody produces.” As you watch and listen, consider what we have learned about disease and illness patterns among groups with lower income, more stress, and less control of their lives. Consider how investment decisions in neighborhoods over transportation, school facilities, parks, location of grocery stores, quality of affordable housing, etc. influenced by powerful interests, affect the quality of life for large segments of our population.

Exposing the Economics of Sex Trafficking in the U.S.

“Sex sells” does little to explain the multimillion-dollar profits generated by the underground commercial sex economy. From high-end escort services to high school “sneaker pimps,” the sex trade leaves no demographic unrepresented and circuits almost every major US city. A landmark study funded by the Justice Department estimates that the underground sex industry in each of seven U.S. cities generates between $40 million to nearly $300 million a year. Hari Sreenivasan of PBS Newshour speaks with the lead author of the report, Meredith Dank of the Urban Institute.

America’s Daughters

Human trafficking is a form of modern-day slavery where people profit from the control and exploitation of an estimated 21 million men, women, and children globally. Victims of sex or labor trafficking in the United States include individuals coerced into in the commercial sex trade, domestic workers threatened with severe abuse in a home, agricultural workers held by violence or debt, and more. Each one of these victims deserves our support. And each one has a different story to tell.

America’s Daughters is a powerful piece of spoken word written and performed by a female survivor of sex trafficking. Through her words, we gain a brief glimpse into the unbelievable exploitation so many people have endured while yearning for what we all need: LOVE. This woman’s brave decision to speak out also demonstrates the remarkable resilience of the survivors Polaris Project serves every day.

Join survivors in the fight to end human trafficking. Go to­.

Produced and Directed by: William Caballero and Kate Keisel
Edited by: William Caballero:
A special thanks to all the Polaris Project New Jersey team, volunteers and survivors who made this possible

“If we desire respect for the law, we must first make the law respectable.” – U.S. Supreme Court Justice Louis D. Brandeis

%d bloggers like this: