Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad

47 Pages Posted: 30 Jun 2014 Last revised: 16 Jun 2015

Axel Arnbak

University of Amsterdam - Institute for Information Law (IViR); Harvard University - Berkman Klein Center for Internet & Society

Sharon Goldberg

Boston University - Department of Computer Science

Date Written: 2015

Abstract

We reveal interdependent legal and technical loopholes that the U.S. intelligence community could use to circumvent constitutional and statutory safeguards for Americans. These loopholes involve the collection of Internet traffic on foreign territory, and leave Americans as unprotected as foreigners by current U.S. surveillance laws. We also describe how modern Internet protocols can be manipulated to deliberately divert American's traffic abroad, where traffic can then be collected under a more permissive legal regime (Executive Order 12333) that is overseen solely by the Executive branch of the U.S. government. While the media has reported on some of the techniques we describe, we cannot establish the extent to which these loopholes are exploited in practice.

An actionable short-term remedy to these loopholes involves updating the antiquated legal definition of "electronic surveillance" in the Foreign Intelligence Surveillance Act (FISA), that has remained largely intact since 1978. On the long term, however, a fundamental reconsideration of established principles in U.S. surveillance law is required, since these loopholes cannot be closed by technology alone. Legal issues that require reconsideration include: the determination of applicable law by the geographical point of collection of network traffic; the lack of general constitutional or statutory protection for network traffic collection before users are "intentionally targeted"; and the fact that constitutional protection under the Fourth Amendment is limited to "U.S. persons" only. The combination of these three principles means that Americans remain highly vulnerable to bulk surveillance when the U.S. intelligence community collects their network traffic abroad.

Notes: The paper is accepted and will be presented at the Privacy Enhancing Technologies Symposium of July 2014, during the HOTPETS session.

Keywords: Surveillance, Privacy, FISA, Executive Order 12333, Network protocols, DNS attacks, BGP attacks

Suggested Citation

Arnbak, Axel and Goldberg, Sharon, Loopholes for Circumventing the Constitution: Unrestrained Bulk Surveillance on Americans by Collecting Network Traffic Abroad (2015). 21 MICH. TELECOMM. & TECH. L. REV. 317 (2015); Also presented at Privacy Enhancing Technologies Symposium (HOTPETS'14), Amsterdam, NL, July 2014.; Also presented at Telecommunications Policy Research Conference (TPRC’42), Washington, DC, September 2014.. Available at SSRN: https://ssrn.com/abstract=2460462

Axel Arnbak (Contact Author)

University of Amsterdam - Institute for Information Law (IViR) ( email )

Kloveniersburgwal 48
Amsterdam, 1012 CX
Netherlands

HOME PAGE: http://www.ivir.nl/staff/arnbak.html

Harvard University - Berkman Klein Center for Internet & Society ( email )

23 Everett Street
Cambridge, MA 012138
United States

Sharon Goldberg

Boston University - Department of Computer Science ( email )

Boston, MA
United States

HOME PAGE: http://www.cs.bu.edu/~goldbe/

Paper statistics

Downloads
1,467
Rank
8,956
Abstract Views
11,045