Recent Decisions of the European Court of Human Rights and Their Application to Mass Surveillance in the United States and Russia

The Surveillance Cold War: Recent Decisions of the European Court of Human Rights and their Application to Mass Surveillance in the United States and Russia

Michael Palmisano

1. Introduction...... 2 2. Part One: Mass Surveillance in the United States and Russia...... 3 3. United States Surveillance...... 3 4. National Security Agency Surveillance Programs...... 3 5. The Foreign Intelligence Surveillance Court...... 6 6. Russian Surveillance...... 8

III. Mass Surveillance and the Courts...... 9

1. European Court of Human Rights...... 9 2. Roman Zakharov v. Russia...... 10 3. Szabó and Vissy v. Hungary...... 14 4. United States Courts—Klayman v. Obama...... 16 5. Part Three: Applying the Surveillance State Criteria of the European Court of Human Rights to the United States and Russia 20 6. Conclusion...... 25

This article examines the legal and technological architecture of the American and Russian systems of surveillance. It analyzes these systems using criteria set forth in the European Court of Human Rights’ recent decisions in Roman Zakharov v. Russia and Szabó and Vissy v. Hungary. This article concludes that both the United States and Russia lack the necessary safeguards to ensure that surveillance measures are only used when necessary in a democratic society. Both nations must reform their systems of mass surveillance if they are to preserve a democratic society in an age of mass surveillance.

I. Introduction

Since the Cold War, the United States and Russia have had a peculiar relationship. The two nations are frequently competitors. As technology has advanced, the two nations have found themselves competing once again—this time in the realm of mass surveillance. This paper examines the mass surveillance abilities and actions undertaken by both nations and considers them in light of recent decisions by the European Court of Human Rights which analyzed surveillance measures in Russia and Hungary. Both the United States and Russia lack the necessary safeguards to ensure surveillance measures are used only when necessary in a democratic society.

In the United States, Edward Snowden leaked documents depicting a vast surveillance apparatus, collecting billions of pages of information on U.S. citizens and foreigners alike. Although there have been reforms since these leaks, the United States still has tremendous surveillance capabilities. In Russia, since the days of the Soviet Union, a surveillance apparatus has been quietly growing as well. Russia now has the ability to surveil anyone with data stored on servers on Russian soil. But, who is “winning” this competition? This paper provides a comparison of the two systems of surveillance and argues that both nations must rein in their surveillance measures. This paper uses decisions from the European Court of Human Rights to examine the legality of the American and Russian surveillance systems under the Convention for the Protection of Human Rights and Fundamental Freedoms. This paper only examines the legal architecture in the United States and Russia. It does not discuss or evaluate extra-judicial surveillance measures undertaken by either country.

This article proceeds as follows. Part one provides an overview of mass surveillance programs in the United States and Russia. Part two examines mass surveillance in the courts. Specifically, part two examines mass surveillance as contemplated by the European Court of Human Rights in Roman Zakharov v. Russia and Szabó and Vissy v. Hungary and as contemplated by the United States District Court for the District of Columbia in Klayman et al. v. Obama et al. Part three applies the European Court of Human Rights’ criteria for surveillance systems to the American and Russian systems of surveillance. The article concludes that the American and Russian systems of surveillance do not adequately respect the laws necessary in a democratic society, and therefore, must be reformed.

II. Part One: Mass Surveillance in the United States and Russia

A. United States Surveillance

On June 6th, 2013, The Guardian published its first piece on the National Security Agency’s (“NSA”) mass surveillance apparatus, reporting the NSA was collecting the telephone records of millions of United States customers of Verizon.[1] This was merely the tip of the iceberg. A few days later, on June 9th, 2013, Edward Snowden permitted The Guardian to disclose his identity, saying his sole motive was “to inform the public as to that which is done in their name and that which is done against them.”[2] The Snowden leaks uncovered behemoth architecture, of unprecedented breadth and depth, of mass surveillance which ignited a worldwide debate about the propriety, legality, and wisdom of such practices. As many scholars have discussed, the history and traditions of privacy in the United States and Europe have led to different sociocultural and legal conceptions of privacy.[3] Thus, it is natural that the Snowden leaks are thought of, and handled, quite differently in the United States and in Europe. In particular, it is no surprise that courts in the two regions grapple with mass surveillance and its relationship with privacy and national security, quite differently.

B. National Security Agency Surveillance Programs

Prism was an NSA program that facilitated the collection of vast amounts of data, including the content of communications.[4] Prism allowed for the targeting of any customer of participating internet companies, if they were reasonably believed to live outside of the United States or if they were an American whose communications reached people outside of the United States.[5] Emails, videos, video and voice chats, photos, file transfers, social networking details, and more were all available under Prism.[6] Apple, AOL, Facebook, Google, Microsoft, PalTalk, Skype, Yahoo, and Youtube all participated in the program.[7] Companies were legally obligated to comply with requests for users’ communications, and Prism allowed the NSA to have direct access to companies’ servers, including both stored communications and real-time communications.[8] Following the FISA Amendments Act of December 2012, a court order was not required for any of the individual inquiries made by the NSA under Prism.[9]Snowden leaked a presentation in which the NSA described Prism as “one of the most valuable, unique and productive accesses for the NSA.”[10] When Prism was made public, Jameel Jaffer of the American Civil Liberties Union’s Center for Democracy stated it was an “unprecedented militarization of domestic communications infrastructure,” and that it was “profoundly troubling to anyone who is concerned about that separation.”[11]

Snowden also released information regarding a surveillance program known as XKEYSCORE. The Intercept called XKEYSCORE the NSA’s Google for the world’s private communications.[12] XKEYSCORE facilitated the tracking of an individual’s internet usage.[13] It also enabled the collection, categorization, and querying of metadata[14] or “secondary data that organize, manage, and facilitate the use and understanding of primary data”[15] The data collected includes: advertising analytics traffic, botnet traffic, documents, file uploads to online servers, logged keystrokes, pictures, Skype sessions, social media traffic, username and password pairs, voice calls, web searches, webcam photos, and more.[16] Simply by entering a person’s name, email address, telephone number, or other identifying data, the totality of data collected concerning an individual was available to the NSA—without a court order or prior internal approval.[17] Rather, the burden was on NSA analysts to comply with legal rules.[18] The data collected included that of Americans.[19] Finally, XKEYSCORE was not only used to surveil suspected terrorists.[20] For example, an internal NSA publication boasted that analysts successfully obtained United Nations’ Secretary General Ban Ki-Moon’s talking points for a meeting with President Obama using XKEYSCORE.[21]

Snowden also leaked documents exposing an NSA program- operated in conjunction with Britain’s Government Communications Headquarters- called MUSCULAR.[22] MUSCULAR used communication links connecting Google and Yahoo data centers to collect metadata and content flowing through the fiber-optic cables connecting the data centers.[23] MUSCULAR was somewhat surprising when uncovered, as the NSA already had “front door” access to Google and Yahoo user accounts under Prism.[24] Because the process was effectuated overseas, the NSA was legally permitted to presume that anyone using these data-links was a foreigner.[25] The Foreign Intelligence Surveillance Court, discussed below, has no jurisdiction over such operations.[26] Massive amounts of data, including metadata indicating who sent or received emails and the times associated therewith, and content, including audio, text, and video, was stored at the NSA’s headquarters in Fort Meade, Maryland.[27] One of the leaked documents, dated January 9th, 2013, indicated that in the preceding thirty days, 181,280,466 new records were stored.[28]

These three programs are not the only ones revealed by Snowden. However, this overview provides some impression as to the vast mass surveillance apparatus the United States government, and particularly the NSA, had in place. It should also be clear that the NSA was subjected to very little internal or external review, and that few safeguards were in place to either limit data collected on Americans or prevent abuses of surveillance programs. In short, the United States operated a titanic surveillance operation, collecting, storing, and categorizing massive quantities of information with very little oversight.

Following the public outcry triggered by the Snowden revelations,[29] Congress enacted the FREEDOM Act of 2015on June 2, 2015.[30] The FREEDOM Act replaced the PATRIOT Act,[31] from which many mass surveillance powers emanated, following its expiration on June 1, 2015.[32] The FREEDOM Act “prohibits the Government from obtaining telephony metadata in bulk.”[33] However, the new model allows the government to make “targeted queries” aimed at “metadata held by telecommunications service providers.”[34] Thus, the government has essentially the same abilities, except now it does not directly control the metadata.

C. The Foreign Intelligence Surveillance Court

In 2007, Congress passed the Protect America Act.[35] The Protect America Act, inter alia, required the Attorney General to submit targeting procedures to the Foreign Intelligence Surveillance Court (“FISC”) and to certify that intercepted communications were not purely domestic.[36] When the Attorney General made this certification, the FISC was required to grant the Attorney General’s requested order.[37] In 2008, the Foreign Intelligence Service Act Amendments Act (“FAA”) replaced the Protect America Act.[38] The FAA grants the Attorney General and the Director of National Intelligence the power to jointly authorize “the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information.”[39] The FISC annually reviews the certification for the orders, which contain certain limits, the order:

(1)may not intentionally target any person known at the time of acquisition to be located in the United States; (2) may intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States; (3) may not intentionally target a United States person reasonably believed to be located outside the United States; (4) may not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States; and (5) shall be conducted in a manner consistent with the fourth amendment to the Constitution of the United States.[40]

At first blush, the mandates of the FAA appear to provide a reasonable degree of privacy protection. However, an examination of the law and the facts which have been made public reveal a statute and court that grant remarkable latitude to intelligence agencies. The legal standard of “reasonably believes” is, on its face, a very low threshold. Although statutory language mandates the collection of data be conducted in a manner consistent with the Fourth Amendment,[41] FISC opinions, citing “third party” evidence doctrine, have found no violations in mass surveillance cases. Professor Laura K. Donahue, among others, argues that the mass collection of data, in the manner undertaken both then and now, violates the Fourth Amendment.[42] The Supreme Court has not taken up the question. Until very recently, the FISC was a non-adversarial court; the government argued directly to the court with no party arguing against its positions.[43] The FISC is also a “secret court.” Most of the arguments, deliberations, and opinions are classified. Most of its published documents are heavily redacted. Finally, although the FISC, ostensibly, reviews the certifications, it is exceedingly rare for an application to be denied; indeed, the FISC is often criticized as a “rubber-stamp” body. [44] In 2013, for example, each of the 1,588 surveillance requests to the court were granted, and only thirty-four of the applications required modification.[45] Though there have been reforms since the Snowden leaks, the FISC did not, and does not, provide meaningful oversight of United States surveillance actions.

D. Russian Surveillance

In Russia, mass surveillance is, primarily, undertaken and effectuated by the Federal Security Service of Russia (the “FSB”) using the “System of Operative Search Measures” (“SORM”).[46] While seven Russian investigative and security agencies may intercept communications, the FSB defines the interception procedures.[47] Many former Soviet Union regions, including Belarus, Kazakhstan, Kyrgyztan, Ukraine, and Uzbekistan use systems similar to SORM.[48] SORM has been in use for over two decades, and has been upgraded to keep pace with technological advancements.[49] SORM is now split into three separate programs: SORM-1 intercepts telephone traffic, including from mobile networks; SORM-2 intercepts internet traffic, including VoIP[50]; and SORM-3 collects information from communication media[51], offers three years of data storage, and provides access to data on subscribers.[52] SORM also enables the use of mobile control points which are laptops that can be plugged directly into communication hubs to intercept and record traffic.[53]

FSB control centers directly connect to internet service providers’ and telecommunication providers’ computer servers in virtually every Russian town.[54] If an FSB operative wishes to surveil a target, they need only enter a command.[55] Technically, FSB operatives must obtain a court order, however, they are only required to show it to their superiors in the FSB.[56] Indeed, telecommunication providers have no right to demand production of a warrant, and they cannot access the surveillance boxes.[57] However, providers must pay for the SORM equipment and its installation.[58] If an internet service provider or other telecommunications company does not comply with SORM requirements, they first receive a warning and a fine.[59] If violations persist, they may have their operating license revoked.[60] III. Mass Surveillance and the Courts A. European Court of Human Rights

The European Court of Human Rights (the “court”) is an international court established in 1959.[61] Individuals and states may apply to the court to allege violations of civil and political rights as set forth in the Convention for the Protection of Human Rights and Fundamental Freedoms, better known as the European Convention on Human Rights (the “Convention”).[62] The forty-seven signatories to the Convention include all European nations except Belarus, and several non-European countries, including Hungary and Russia.[63] Technically, the court’s judgments are binding on the countries and individuals concerned.[64] However, the court has no ability to enforce its decisions.[65] Nonetheless, rulings by the court are taken seriously because, inter alia, they can embarrass a state actor and damage inter-state relations.[66] Therefore, states take the court and its judgments quite seriously.

The court has heard several cases regarding surveillance as it pertains to the Convention. Recently, in the cases of Roman Zakharov v. Russia and Szabó and Vissy v. Hungary, the court found surveillance systems in Russia and Hungary violate the Convention.[67] Each nation that is a signatory to the Convention has one judge serving on the court, though these judges hear the cases as individuals and not as state representatives.[68] Judge Dmitry Dedov from Russia took part in the judgment of Roman Zakharov v. Russia and Judge András Sajó took part in the judgment of Szabó and Vissy v. Hungary.[69] Indeed, Judge Dedov concurred in the judgment of Roman Zakharov v. Russia, and Judge Sajó joined the majority opinion in Szabó and Vissy v. Hungary.[70]

B. Roman Zakharov v. Russia

In Roman Zakharov v. Russia, the court heard the case of Roman Zakharov, a Russian national who alleged the Russian system of secret interception of mobile telephone communications violated his right to respect for his private life and correspondence as guaranteed by the Russian Constitution as well as several international legal instruments, including Article Eight of the Convention.[71] Zakharov was the Chairperson of the St. Petersburg Branch of the Glasnost Defence Foundation, an NGO monitoring the state of media freedom in Russian regions which promotes freedom of the press and provides legal support to journalists.[72] Zakharov claimed that the mobile network operators installed equipment that permitted the interception of all telephone communications without prior judicial authorization.[73] He further alleged mobile network operators and law enforcement agencies were technically capable of intercepting all telephone communications and that they routinely intercepted such communications without judicial authorization.[74] Zakharov could not prove his interceptions had, in fact, been intercepted.[75] Instead, he argued that the mere existence of legislation permitting covert interception of mobile telephone communications and the risk of being subjected to such interception measures constituted an interference of his rights under the Convention.[76]

Primarily at issue was Article Eight of the Convention. It states:

 Everyone has the right to respect for his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.[77]

The court noted that, ordinarily, it did not review in abstracto claims brought in actio popularis.[78] Rather, it typically heard claims in which an individual showed they were “directly affected” by the measure complained against.[79] The court also noted that: “where a State institutes secret surveillance “the existence of which remains unknown to the persons being controlled, with the effect that the surveillance remains unchallengeable, Article 8 could to a large extent be reduced to a nullity.”[80] The court declared a two-part inquiry to determine whether an individual is the victim of a violation of the Convention due to the mere existence of secret surveillance measures or legislation permitting such measures.[81]

First, the court looks to the scope of the legislation and examines whether the applicant could possibly be affected by it; either because they belong to a targeted group or “because the legislation directly affects all users of communications services.”[82] Second, the court considers “the availability of remedies at the national level” and adjusts the degree of scrutiny employed to reflect the effectiveness of those remedies.[83] The court stated: “[w]here there is no possibility of challenging the alleged application of secret surveillance measures at the domestic level, widespread suspicion and concern among the general public that secret surveillance powers are being abused cannot be said to be unjustified.”[84] By the test set forth, Zakharov was found to have standing, despite being unable to show actual interception of his own communications.[85]

Interference with the rights promulgated under Article Eight of the Convention is justified only if such interference pursues one or more of the legitimate aims to which Section Two of Article Eight refers and is necessary in a democratic society to achieve any such aim.[86] However, “[i]n view of the risk that a system of secret surveillance set up to protect national security may undermine or even destroy democracy under the cloak of defending it, the Court must be satisfied that there are adequate and effective guarantees against abuse.”[87]

The minimum safeguards which should be prescribed by law include: “the nature of offenses which may give rise to an interception order;” a definition of people who may have their communications intercepted; a limit on the duration of the data collection; the procedures for examining, using, and storing the data; the precautions to be taken when transferring the data to other parties; and, the circumstances in which the data may or must be destroyed.[88] After surveillance has been terminated, subsequent notification of the surveilled is “inextricably linked” to the effectiveness of remedies.[89] Thus, as soon as notification can be made without jeopardizing the purpose of the surveillance measures undertaken, it should be provided to the surveilled individual when feasible.[90] Finally, the court noted that accessibility of legal provisions governing secret surveillance and the foreseeability of such surveillance measures, is of paramount importance in determining the quality of law as applied to what is necessary in a democratic society.[91]

Interestingly, the Russian government officially published almost all legal provisions governing secret surveillance and made them accessible to the public.[92] In Russia, judicially authorized surveillance may not exceed six months’ duration, however, the orders may be renewed.[93] The procedures for storing, accessing, examining, using, communicating, and destroying the data were more problematic in the court’s view. Although Russian law provides that intercepted data must be destroyed after six months if the individual at issue is not criminally charged, it also grants unlimited discretion to trial judges to store or destroy data used as evidence at trial.[94] The judicial authorization procedures were also found to be problematic. Among other problems, Russian courts did not always verify the existence of a reasonable suspicion against the surveilled individual.[95] Although the Russian Constitutional Court recommended Russian district courts verify the existence of a reasonable suspicion, the Russian Constitutional court cannot mandate this recommendation.[96] Indeed, analytical notes issued by the Russian district courts reveal interception requests were often unaccompanied by adequate supporting materials, and that such materials were not ordinarily requested by the courts.[97] In short, the Russian courts did not: verify the existence of a “reasonable suspicion,” verify that surveillance measures were applied only when “necessary in a democratic society” (the “necessity test”), or verify that surveillance measures were proportionate to legitimate aims authorized under Article Eight of the Convention (the “proportionality test”).[98]

The court also discussed particularized safeguards that Russia, or countries with surveillance systems like that in Russia, should implement. In order to ensure proper authorization is granted in each case, judicial authorization should be shown to communications service providers before a government accesses an individual’s communications.[99] The court noted that “the possibility of improper action by a dishonest, negligent, or over-zealous official” could never be completely controlled against; but that a system, such as the Russian one, that facilitates security services’ direct access the communications of every single citizen is “prone to abuse.”[100] In order to ensure supervisory bodies can access the details of surveillance actions undertaken by the state, agencies that intercept communications must keep records of each interception.[101] Also, a court which authorizes such surveillance is incompetent to supervise the implementation of the surveillance measures.[102] It is not informed of the results and is powerless to review whether the requirements of the decision which authorized surveillance are complied with; the supervisory body should include a judge, with procedures and powers to exercise effective and continuous control over the surveilling agency and effective powers to remedy breaches.[103] The supervisory body’s activities should be open to public scrutiny, and the body should release information regarding breaches of its orders and the manner in which such breaches are remedied.[104] In the end, the court found the Russian system of surveillance violates Article Eight of the Convention because, inter alia, of a lack of adequate safeguards. Apparently in response to this ruling, Russia adopted a law allowing it to overrule judgments of international courts that contradict the Russian Constitution.[105]

C. Szabó and Vissy v. Hungary

In Szabó and Vissy v. Hungary, decided after Zakharov v. Russia, Máté Szabó and Ms. Beatrix Vissy alleged that Hungary violated their rights under Article Eight of the Convention.[106] When introducing their application to the court, Szabó and Vissy were staff members of a non- governmental watchdog organization which regularly criticized the Hungarian government.[107] They complained they could potentially be subjected to unjustified and disproportionally intrusive surveillance measures by Hungary’s Anti-Terrorism Task Force (the “Task Force”).[108] The Task Force’s authority is delineated in § 7/E of Act number XXXIV of 1994 on the Police, as amended by Act number CCVII of 2011.[109] Under these acts, the Task Force may: conduct secret house searches, surveil and record targets, open letters and parcels, and check and record the contents of electronic or computerized communications.[110] None of these activities require consent of the targeted person.[111] Secret surveillance linked to investigations of certain crimes is subject to judicial authorization.[112] However, secret surveillance linked to intelligence gathering for national security is subject only to the Minister in charge of justice.[113] Once the surveillance ends, the authorities are not obligated to destroy any irrelevant intelligence obtained.[114]

Consistent with the reasoning in Zakharov v. Russia, the applicants were found to have standing.[115] Additionally, consistent with the reasoning in Zakharov v. Russia, the court ultimately found that the Hungarian system of surveillance violated Article Eight of the Convention.[116] The Hungarian system requires surveillance proposals related to national security be submitted to the responsible governmental Minister.[117] The proposal “must specify, either by name or as a range of persons, the person or persons” targeted for interception.[118] The court found this statutory language to be “of serious concern,” because it could be interpreted as “paving the way for the unlimited surveillance of a large number of citizens.”[119] The court was also troubled because Hungarian law does not clarify the application of this language as it applies to surveillance practices.[120] There is no requirement for the authorities to demonstrate the actual or presumed relation between the person or range of persons concerned and the prevention of any terrorist threat.[121] The mere possibility that the legal provisions at issue could be construed “to enable so-called strategic, large-scale interception” concerned the court.[122] Compounding this concern, the Task Force is not required to produce supportive materials or a sufficient factual basis to justify secret surveillance.[123]

The Fourth Section of the European Court of Human Rights heard Szabó and Vissy v. Hungary.[124] This is a smaller panel of judges than that of the Grand Chamber of the European Court of Human Rights, which heard Zakharov v. Russia.[125] The Fourth Section is bound by the Grand Chamber’s rulings.[126] However, the test set forth by the Fourth Section is apparently different from and inconsistent with the Necessity and Proportionality tests established in Zakharov v. Russia.[127] The Fourth Section announced a test requiring the “necessary in a democratic society” prong of Article Eight be interpreted to require “‘strict necessity’ in two aspects.”[128] First, a measure of secret surveillance complies “with the Convention only if it is strictly necessary, as a general consideration, for the safeguarding the [sic] democratic institutions. . . .”[129] Second, a surveillance measure must be “strictly necessary, as a particular consideration, for the obtaining of vital intelligence in an individual operation.”[130] The concurring opinion levels two main criticisms at the majority’s opinion.[131] First, the majority does not require that surveilled persons satisfy the reasonable suspicion standard set out in Zakharov.[132] Second, the “strict necessity” test outlined by the majority is stricter than the “necessity” test outlined in Zakharov.[133] Nonetheless, the decision in Szabó and Vissy v. Hungary was final.[134]

D. United States Courts—Klayman v. Obama

In Klayman v. Obama, Judge Richard J. Leon of the United States District Court for the District of Columbia heard the case of Larry Klayman, Charles Strange, Mary Ann Strange, J.J. Little, and J.J. Little & Associates, P.C. against President Obama, et al., challenging the NSA’s Bulk Telephony Metadata Program.[135] The plaintiffs,[136] except for Mary Ann Strange,[137] were either Verizon Wireless customers or Verizon Business Network Services customers. Judge Leon ultimately found that J.J. Little and J.J. Little & Associates, P.C. (collectively, the “Little’s”) had standing to challenge both the past and future collection of their data, while Larry Klayman, Charles Strange, and Mary Ann Strange did not.[138] Because standing is frequently the most difficult hurdle in litigation challenging American mass surveillance, an examination of the standing analysis in Klayman v. Obama is warranted.

Judge Leon found that Clapper v. Amnesty Int’l USA[139] provides “that standing to challenge a classified [g]overnmental surveillance program demands more than speculation that the challenged surveillance has, or will, transpire.”[140] Rather, a “‘concrete and particularized injury’” must be shown.[141] A substantial likelihood that a plaintiff’s own metadata was collected by the government shows such an injury.[142] However, a substantial likelihood may not solely rest on inferences about which providers participate in a particular program.[143] Klayman and Strange produced “a declassified letter from the Department of Justice to the then- presiding Judge of the FISC” which referenced Verizon Wireless.[144] Judge Leon found the document did not prove the government ordered Verizon Wireless to turn over the metadata records of its customers.[145] However, Judge Leon stated the plaintiff’s suspicion of Verizon Wireless’ participation in the program was “plausible, if not logical.”[146]

The Little’s showed they were subscribers of Verizon Business Network Services during all relevant times, including during a three-month window in which the government acknowledged collecting Verizon Business Network Services subscribers’ call records.[147] The government argued that, even if the plaintiffs’ metadata had been collected, they lacked evidence showing that the NSA accessed their records when querying the metadata.[148] Judge Leon “wholeheartedly disagree[d].”[149] He pointed out that “every single time the NSA runs a query to, for example, ‘detect foreign identifiers associated with a foreign terrorist organization calling into the U.S.,’ it must ‘analyze metadata for every phone number in the database by comparing the foreign target number against all of the stored call records to determine which U.S. phones, if any, ha[d] interacted with the target number.’”[150] Therefore, the Little’s had standing to challenge the past collection and review of their data.[151] The Little’s also had standing to challenge the future collection of their telephony metadata.[152] The government argued the Little’s did not have standing because they lacked evidence that Verizon Business Network Services participated in the metadata collection program at the time of the hearing.[153] Judge Leon was unpersuaded. He did not have to “abandon all common sense in determining the scope” of a provider’s participation once concretely pled.[154] He was permitted to infer, “based on the NSA’s past collection . . . [from this provider], that it continue[d] to collect data . . . [data] from that same provider, pursuant to the same statutory authorization, to combat the same potential threats to our national security.”[155] Judge Leon stated: “[i]t defies common sense for [the government] to argue, as they apparently do, that [they have] chosen to omit from this breathtakingly broad metadata collection Program a provider that the Government surveilled in the past and that, presumably, has the infrastructure to continue assisting in that surveillance. In fact, it would make no sense whatsoever for the Government to use all available tools except [Verizon Business Network Services’] call data to accomplish its putative goals.”[156] Therefore, the Little’s had standing to challenge the future collection of their data.[157]

Judge Leon found that the Little’s would likely succeed on the merits of their Fourth Amendment claim.[158] The Fourth Amendment protects the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”[159] The right “shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”[160] A Fourth Amendment search occurs “when the government violates a subjective expectation of privacy that society recognizes as reasonable.”[161] In a previous opinion issued in the case, Judge Leon explained why the indiscriminate bulk collection of telephony metadata and the analysis of that data each separately constitute a Fourth Amendment search.[162] He ruled the plaintiffs would likely prove the searches were unreasonable.[163]

A balancing test is employed by the court to determine whether a warrantless, suspicionless search is reasonable under the “special needs” doctrine of the Fourth Amendment.[164] A court weighs the privacy interests implicated by the search against the governmental interest furthered by the intrusion.[165] Specifically, the court balances “(1) ‘the nature of the privacy interest allegedly compromised’ by the search, (2) ‘the character of the intrusion imposed’ by the Government, and (3) ‘the nature and immediacy of the government’s concerns and the efficacy of the [search] in meeting them.”[166]

Examining the nature of the privacy interest compromised by the search, Judge Leon found an individual’s metadata can be analyzed to reveal “embedded patterns and relationships, including personal details, habits and behaviors.”[167] He also noted that “smartphones”[168] are used for much more than basic communication functions, including the navigation of important life events and for other sensitive purposes such as online banking and researching health conditions.[169] Thus, “cellular phone technology does not present the same diminished expectation of privacy that typically characterizes ‘special needs’ incursions.”[170] Judge Leon observed that, although aggregated metadata is held by third-party service providers, it is necessary for an individual to permit the third-party service provider to hold that metadata if they are to use a cellphone.[171] Thus, the privacy interests at stake are substantial.[172] Judge Leon found the character of the governmental intrusion was substantial, and that the government was asking the court to “sanction a dragnet of unparalleled proportions.”[173] He found the program: was sweeping; targeted millions of Americans arbitrarily and indiscriminately; did not collect metadata in a discriminatory fashion, which would minimize the privacy intrusion; that the duration of the search was far from short; and that the program was not tailored in any way, much less in a meaningful way.[174] He also found that, while minimization procedures were in place to mitigate privacy intrusions in querying and analyzing metadata, there were no minimization procedures in place at the collection stage.[175] Finally, he found that, Americans could not choose to avoid the program because it was shrouded in secrecy.[176]

The government’s purpose in “identifying unknown terrorist operatives and preventing terrorist attacks is an interest of the highest order that goes beyond regular law enforcement needs.”[177] However, “[t]he gravity of the threat alone cannot be dispositive of questions concerning what means law enforcement officers may employ to pursue a given purpose.”[178] The efficacy of the searches in achieving the given purpose must also be evaluated.[179] Judge Leon noted that the government had not cited a “single instance in which telephone metadata analysis actually stopped an imminent attack, or otherwise aided the Government in achieving any time-sensitive objective,” and therefore the argument was significantly weakened.[180] Judge Leon found that the program was not reasonably effective in accomplishing its goal, primarily because the government lacked evidence the program had ever been successful as a means of conducting time-sensitive investigations in cases involving imminent threats of terrorism.[181] Thus, he concluded, the plaintiffs would likely succeed in showing the program constituted an unreasonable search under the Fourth Amendment.[182] Ultimately, Judge Leon granted a preliminary injunction to the Little’s, enjoining the future collection and querying of their telephone record metadata.[183] IV. Part Three: Applying the Surveillance State Criteria of the European Court of Human Rights to the United States and Russia

Examining to what extent the American and Russian systems of surveillance conform with the European Court of Human Rights’ minimum safeguards required for a surveillance system to be sufficiently protective of human rights elucidates the extent to which these two nations respect human rights and the laws “necessary in a democratic society.” The court first looks to the scope of surveillance legislation and examines whether the applicant could possibly be affected by it, either because they belong to a targeted group or because the legislation directly affects all users of communications services.[184] Second, the court accounts for the availability of remedies at the nation level and adjusts the degree of scrutiny employed depending on the effectiveness of those remedies.[185] Finally, the court mandated several minimum safeguards in surveillance systems which national laws should provide.[186] Governments should clearly delineate the nature of offenses which may give rise to an interception order.[187] Governments should provide a definition of people who may have their communications intercepted.[188] They should define a limit on the duration of the data collection.[189] And, they should define the procedures for examining, using, and storing data.[190] The precautions taken when transferring the data to other parties should be adequate.[191] Moreover, the circumstances in which the data may, or must, be destroyed should be delineated.[192] Finally, the authorization procedures allowing for surveillance must ensure that secret surveillance is not ordered “haphazardly, irregularly, or without due and proper consideration.”[193] The authorization procedures are examined by looking to the authority which authorizes the surveillances, its scope of review, and the content of the surveillance authorization.[194]

In both the United States and Russia, the scope of the legislation for secret surveillance is remarkably broad; the legislation in both nations directly affects all users of communications services. Recall that Russia requires all internet service providers and other telecommunication companies to install SORM equipment at their facilities.[195] Recall also that the United States may similarly access data stored at many, if not all, major internet and telecommunication service providers.[196] Thus, virtually all users of communication services are directly affected by the legislation that facilitates surveillance in both nations.

In both the United States and Russia, remedies at the national level are virtually nonexistent. Neither country provides notification of surveillance measures undertaken after their termination. In Klayman v. Obama, the Little’s were only found to have standing, by a very sympathetic court, because the government previously acknowledged that Verizon Business Network Services once participated in the surveillance program.[197] The “plausible, if not logical” inference that Verizon Wireless participated in the program was not enough to find standing. And, if standing is somehow established, plaintiffs will likely find themselves stymied by “state secrets” doctrine.[198] In Russia, “persons whose communications have been intercepted are not notified of this fact at any point or under any circumstances,” unless criminal proceedings are opened against them and surveillance information was used in evidence.[199] Thus, neither the United States nor Russia provides effective remedies at the national level, because surveilled individuals are not notified of the surveillance measures undertaken against them.

The nature of offenses which may give rise to a surveillance order are unclear in the United States, but are relatively clear, if overly broad, in Russia. While the United States surveillance programs are, ostensibly, used to protect national security, it is unclear exactly what activities give rise to surveillance orders.[200] However, it is known that the FISC once found that bulk data collection without any particularized threat or connection to terrorism was legally permissible.[201] Contrariwise, in Russia, almost all provisions governing secret surveillance have been published and are accessible to the public. Thus, though the nature of offenses in Russia which may give rise to a surveillance order are quite broad[202], the public is aware of this.

The limit on the duration of data collection is well defined in both the United States and Russia. In the United States, the production of a daily basis of call details records cannot exceed 180 days, however, this order can be extended.[203] Under the FAA, surveillance orders cannot exceed one year.[204] In Russia, interceptions may be judicially authorized for a period not to exceed six months, however, this order may be extended for a maximum of six months at a time.[205] Thus, the durations for surveillance measures are clearly delineated in both nations.

The procedures for examining, using, and storing data in the United States and Russia are inadequate. In the United States, investigations must be conducted under guidelines approved by the Attorney General under Executive Order 12333.[206] United States agencies utilize internally produced minimization procedures[207], but they are highly classified.[208] Further, the minimization procedures have been inadvertently broken on thousands of occasions, and willfully disregarded on, at least, several occasions.[209] In 2013, the NSA’s 2011 minimization procedures for FAA searches were declassified and released to the public.[210] The procedures required, inter alia, that analysts “destroy inadvertently acquired communications of or concerning a United States person at the earliest practicable point.”[211] Apparently, this procedure was not applied to US citizen metadata. The minimization procedures also discuss the use and examination of communications, providing minimal oversight and granting considerable authority to NSA analysts to determine the propriety of examination and use of communications.[212] In Russia, the law stipulates that data collected as a result of secret surveillance measures constitute a state secret and must be sealed and stored to prevent the risk of unauthorized access.[213] State officials with a “genuine need” may review the data.[214] But, they may only review information necessary to perform their duties.[215] The data must also be securely stored[216] and securely communicated.[217] Finally, the data must be destroyed after six months of storage if no criminal charge is filed against the surveilled.[218] In the United States, however, data must be destroyed after five years.[219]

The authorization procedures facilitating surveillance must ensure that surveillance is not ordered haphazardly, irregularly, or without due and proper consideration. The authorization procedures are examined by looking to the authority which authorizes the surveillances, its scope of review, and the content of the surveillance authorization. The United States authorization system, under the FISC, has been discussed in detail, above. In Russia, as in the United States, a court must authorize any interception of telephone or other communications.[220] While the European Court of Human Rights has acknowledged that a non-judicial authority may be compatible with the Convention, a judicial body is an important safeguard against arbitrary or indiscriminate secret surveillance.[221] However, for the reasons cited above, both American and Russian courts have been ineffective as judicial checks on surveillance powers. Inter alia, the FISC is “forced to rely upon the accuracy of the information that is provided to the court. . . The FISC does not have the capacity to investigate issues of noncompliance.”[222] In Russia, the courts are incapable of verifying a reasonable suspicion against potential surveillance targets.[223] Finally, as regards the content of a surveillance authorization- that is, identification of a specific person to be placed under surveillance or a single set of premises as the premises in respect of which the authorization is granted- both the United States and Russia have insufficient safeguards. In the United States, while specific persons are named, authorities may go within two “hops” of a targeted individual (formerly three hops).[224] That is, they may look at a target (zero “hops”), anyone that target communicated with (one “hop”), and anyone that individuals identified in the first “hop” communicated with (two “hops”).[225] Thus, a large number of individuals are surveilled without court orders. In Russia, granted surveillance requests do not always name a specific person, or provide information which otherwise identifies an individual, such as a telephone number.[226] Thus, authorities in both nations are granted wide discretion, and the content of surveillance authorization need not be specific. V. Conclusion

The systems of surveillance in the United States and Russia lack the necessary safeguards that assure surveillance measures are used only when necessary in a democratic society. In both countries, the scope of surveillance legislation is overly broad. In both countries, remedies at the national level are insufficient. Both countries lack necessary minimum safeguards. The authorization procedures of both countries are insufficient to ensure the appropriate application of surveillance measures. The European Court of Human Rights’ decisions discussed herein provide guidelines for reform that both nations must undertake if they are to preserve a democratic society in an age of mass surveillance.

[1]. Glenn Greenwald, NSA Collecting Phone Records of Millions of Verizon Customers Daily, THE GUARDIAN (June 6, 2013, 6:05 AM ET), http://www.theguardian.com/world /2013/jun/06/nsa-phone-records-verizon-court-order.

[2]. Associated Press, Edward Snowden Timeline of Events, POLITICO (Aug. 1, 2014, 11:29 AM ET), http://www.politico.com/story/2013/08/edward-snowden-timeline-of-events- 095057.

[3]. See, e.g., James Q. Whitman, The Two Western Cultures of Privacy: Dignity Versus Liberty, 113 Yale L.J. 1151, 1160-61 (2004) (arguing that US conceptions of privacy are rooted in notions of liberty against the state and European conceptions of privacy are rooted in a form of protection of a right to respect and personal dignity);but see Hannah Bloch-Wehba, Confronting Totalitarianism at Home: The Roots of European Privacy Protections, 40 Brook. J. Int’l L. 749 (2014-15) (discussing the similarities between the European and US conceptions of privacy and challenging the model put forth by Whitman).

[4]. Glenn Greenwald & Ewen MacAskill, NSA Prism Program Taps in to User Data of Apple, Google and Others, THE GUARDIAN (June 7, 2013, 3:23 PM ET), http:// www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.

[5]. Id.

[6]. Id.

[7]. Id.

[8]. Id. [9]. Id.

[10]. Id.

[11]. Id.

[12]. Morgan Marquis-Boire, et al., XKEYSCORE: NSA’s Google for the World’s Private Communications, THE INTERCEPT (July 1, 2015, 7:49 AM), https://theintercept.com /2015/07/01/nsas-google-worlds-private-communications/.

[13]. Id.

[14]. Id.,

[15]. Metadata, BLACK’s Law Dictionary (9th ed. 2009).

[16]. Marquis-Boire, et al., supra note 12.

[17]. Id.

[18]. Id.

[19]. Id.

[20]. Id.

[21]. Id.

[22]. Barton Gellman & Ashkan Soltani, NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say, WASH. POST. (Oct. 30, 2013), https:// www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data- centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74- d89d714ca4dd_story.html.

[23]. Id.

[24]. Id.

[25]. Id.

[26]. Id; see also Laura K. Donohue, FISA Reform, 10 I/S: J. L. & Pol’y for Info. Soc’y 599, 609-10 (2014).

[27]. Gellman & Soltani, supra note 22

[28]. Id. [29]. Klayman v. Obama, 142 F. Supp. 3d 172, 180 (D.D.C. 2015).

[30]. USA FREEDOM Act of 2015, Pub. L. No. 114-23, 129 Stat. 268 (2015).

[31]. Sudha Setty, Surveillance, Secrecy, and the Search for Meaningful Accountability, 51 Stan. J. Int’l L. 69, 72-73 (Winter 2015. (“The PATRIOT Act arguably authorized the collection and storage of domestic telephony and internet metadata and the collection and content searches of substantial amounts of foreign telephone and internet communications.”)).

[32]. Id. at 79.

[33]. Klayman, supra note 29, at 180

[34]. Id.

[35]. Donohue, supra note 26, at 607.

[36]. Id.

[37]. Id. at 607-8.

[38]. Id. at 608.

[39]. Id.

[40]. 50 U.S.C. § 1881a(b)(1-5).

[41]. Id.

[42]. See, e.g., Laura K. Donahue, The Future of Foreign Intelligence: Privacy and Surveillance in a Digital Age, Surveilled US: A Mellon-Sawyer Seminar (Jan. 19, 2016), http://surveilled.us/index.php/event/laura-donohue/ (arguing the mass surveillance programs are prohibited under the United States Constitution as general warrants).

[43]. Cody M. Poplin, Amici Curiae for FISC Announced, Lawfare (Dec. 1, 2015), https://www.lawfareblog.com/amici-curiae-fisc-announced.

[44]. Angus Stevenson, et al., New Oxford American Dictionary 1525 (3rd ed. 2010). (verb with object) “approve automatically without proper consideration.” Angus Stevenson, et al., New Oxford American Dictionary 1525 (3rd ed. 2010)).

[45]. See Electronic Privacy Information Center, Foreign Intelligence Surveillance Act Court Orders 1979-2015, https://epic.org/privacy/wiretap/stats/fisa_stats.html (last visited Apr. 14, 2016). [46]. Andrei Soldatov & Irina Borogan, In Ex-Soviet States, Russian Spy Tech Still Watches You, Wired (Dec. 21, 2012, 6:30 AM), http://www.wired.com/2012/12/russias-hand/.

[47]. Andrei Soldatov & Irina Borogan, Russia’s Surveillance State, World Policy Institute (2013), http://www.worldpolicy.org/journal/fall2013/Russia-surveillance.

[48]. Soldatov & Borogan, supra note 47.

[49]. Id.

[50]. Voice over Internet Protocol, Federal Communications Commission, (Voice over Internet Protocol; a technology that allows one to make voice calls using a broadband Internet connection).https://www.fcc.gov/general/voice-over-internet-protocol-voip.

[51]. Russia’s “Semantic Archive” monitors all varieties of open data: media archives, online sources, blogs, and social networks. The Semantic Archive is sorted and analyzed by keywords, allowing for bulk-analysis of the data. Closed accounts, such as Facebook and Twitter, are more problematic. However, Russian licensing now requires business that rent out site space on servers to give FSB access to these servers via SORM. Because some closed source companies, such as Facebook, Twitter, and Gmail, are not hosted in Russia, surveillance of these sites is more difficult. However, Russia has campaigned to bring these platforms into Russia. Soldatov & Borogan, supra note 48. In fact, a law was passed which requires companies to store data about Russian citizens on Russian territory; this could potentially require companies such as Facebook, Twitter, and Google to move data on Russian users to servers inside Russia. It is unclear if this potential requirement will be enforced, however it will always be available as a tool to use when required. Shaun Walker, Russian Data Law Fuels Web Surveillance Fears, The Guardian (Sept. 1, 2015), http://www .theguardian.com/world/2015/sep/01/russia-internet- privacy-laws-control-web.

[52]. Soldatov & Borogan, supra note 47.

[53]. Id.

[54]. Soldatov & Borogan, supra note 48.

[55]. Id.

[56]. Id.

[57]. Soldatov & Borogan, supra note 47.

[58]. Id.

[59]. Soldatov & Borogan, supra note 48.

[60]. Id. [61]. European Court of Human Rights, Council of Europe, http://www.coe.int /t/democracy/migration/bodies/echr_en.asp.

[62]. Id.; see generally, European Convention on Human Rights, Nov. 4, 1950, available at http://www.echr.coe.int/Documents/Convention_ENG.pdf.

[63]. See Chart of Signatures and Ratifications of Treaty 005, Convention for the Protection of Human Rights and Fundamental Freedoms, Council of Europe, available at http://www.coe.int/en/web/conventions/full-list/- /conventions/treaty/005/signatures?p_auth=OPJDVj7X.

[64]. European Court of Human Rights, supra note 61.

[65]. Profile: European Court of Human Rights (Feb. 7, 2012), BBC, available at http://news.bbc.co.uk/2/hi/europe/country_profiles/4789300.stm.

[66]. Liz Lennox, The Role of the European Court of Human Rights, About Human Rights (updated June 10, 2016), http://www.abouthumanrights.co.uk/european-court-human- rights.html.

[67]. See Roman Zakharov v. Russia, App. No. 47143/06, Eur. Ct. H.R. (Dec. 4, 2015), available at http://www.statewatch.org/news/2015/dec/echr-russian-secret-surveillance-judg ment.pdf; see also Szabó and Vissy v. Hungary, App. No. 37138/14, Eur. Ct. H. R. (Jan. 12, 2016), available at http://hudoc.echr.coe.int/eng#{%22itemid%22:[%22001-160020%22 ]}.

[68]. See Composition of the Court, Council of Europe, http://www.echr.coe.int/Pages /home.aspx?p=court/judges&c=#n1368718271710_pointer (last visited Apr. 15, 2016).

[69]. Roman Zakharov, supra note 67; Szabó and Vissy, supra note 67.

[70]. Id.

[71]. Id. at 3.

[72]. Id at 2-3.

[73]. Id. at 3.

[74]. Id.

[75]. Id.

[76]. Id.

[77]. European Convention on Human Rights, supra note 64 at § 1 Art. 8. [78]. Roman Zakharov, supra note 67 at 38.

[79]. Id.

[80]. Id. at 9.

[81]. Id. at 41.

[82]. Id. at 1.

[83]. Id.

[84]. Id. at 40.

[85]. Id. at 42.

[86]. Id. at 56.

[87]. Id. at 58.

[88]. Id. at 57-58.

[89]. Id. at 59.

[90]. Id. at 73 (noting that it “may not always be feasible in practice to require subsequent notification in all cases,” particularly where the surveillance is related to long-term investigations, where notification may jeopardize the long-term purpose of the surveillance orders, or where notification might serve to reveal the working methods and fields of operation of the intelligence services or identify their agents).

[91]. Id.

[92]. Id. at 60.

[93]. Id. at 63.

[94]. Id. at 64.

[95]. Id. at 65.

[96]. Id. at 66.

[97]. Id.

[98]. Id. at 67. [99]. Id. at 68.

[100]. Id. at 69.

[101]. Id.

[102]. Id. at 70.

[103]. Id.

[104]. Id. at 72.

[105]. Russia Passes Law to Overrule European Human Rights Court, BBC (Dec. 4, 2015), http://www.bbc.com/news/world-europe-35007059 (citing Roman Zakharov v. Russia)

[106]. Szabó and Vissy. Supra note 67,.

[107]. Id. at 2.

[108]. Id. at 1-2.

[109]. Id.

[110]. Id. at 2.

[111]. Id.

[112]. Id.

[113]. Id.

[114]. Id.

[115]. Id. at 28-29.

[116]. Id. at 44.

[117]. Id. at 36.

[118]. Id. (emphasis added).

[119]. Id.

[120]. Id.

[121]. Id. [122]. Id. at 37.

[123]. Id. at 38.

[124]. Id. at 1.

[125]. Roman Zakharov, supra note 67, at 1.

[126]. See European Court of Human Rights, supra note 61, http://www.echr.coe.int/Pages/home.aspx?p=court/judges&c=#newComponent_1346152138668 _pointer.

[127]. See Szabó and Vissy v. Hungary, supra note 67, at 47 (Albuquerque, J., Concurring).

[128]. Id. at 38.

[129]. Id.

[130]. Id.

[131]. Id. at 56-59 (Albuquerque, J., Concurring).

[132]. Id. at 56 (Albuquerque, J., Concurring).

[133]. Id. at 58-59 (Albuquerque, J., Concurring).

[134]. Id. at Title Page.

[135]. Klayman v. Obama, 142 F. Supp. 172, supra note 29, at 176-78.

[136]. Id. at 181-82.

[137]. Id. at 181 n. 7.

[138]. Id. at 184.

[139]. Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138 (2013).

[140]. Klayman v. Obama, supra note 29, at 185

[141]. Id. (quoting Klayman v. Obama 800 F.3d 559, 562 (D.C. Cir. 2015), vacated as moot, 2016 U.S. App. LEXIS 6190 (D.C. Cir. Apr. 4, 2016)).

[142]. Id. [143]. Id. at 188.

[144]. Id. at 185-86.

[145]. Id. at 186.

[146]. Id.

[147]. Id.

[148]. Id. at 187.

[149]. Id.

[150]. Id. (quoting Klayman v. Obama, 957 F. Supp. 2d 1, 28 (D.D.C. 2013), rev’d 800 F.3d 559 (D.C. Cir. 2015), vacated as moot, 2016 U.S. App. LEXIS 6190 (D.C. Cir. Apr. 4, 2016)) (emphasis in original).

[151]. Id.

[152]. Id. at 187, 189.

[153]. Id. at 187.

[154]. I.d at 188 (emphasis in original).

[155]. Id.

[156]. Id. at 188-89.

[157]. Id. at 189.

[158]. Id.

[159]. U.S. CONST. amend. IV.

[160]. Id.

[161]. Kyllo v. United States, 533 U.S. 27, 33 (2001) (citing Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan, J., concurring)).

[162]. See Klayman,, 957 F. Supp. 2d, supra note 150 at 30-37 (D.D.C. 2013), vacated and remanded, 800 F.3d 559 (D.C. Cir. 2015).

[163]. Klayman, 142 F. Supp. 172, supra note 29, at 190-95. [164]. Id. at 190 (citing Nat’l Treasury Emps., Union v. Von Raab, 489 U.S. 656, 665-66 (1989).

[165]. Id.

[166]. Id (quoting Bd. Of Educ. Of Indep. Sch. Dist. No. 92 of Pottawatomie Cty. v. Earls, 536 U.S. 822, 830-34 (2002)).

[167]. Id. (quoting Decl. of Prof. Edward W. Felton).

[168]. [A] Cellular phone that incorporates a palmtop computer or PDA [a palmtop computer that functions as a personal organizer but also provides e-mail and Internet access]. Angus Stevenson, et al., supra note 39, at 1649, 1288.

[169]. See Klayman v. Obama, F. Supp. 172, supra note 29, at 190,(citing Aaron Smith, U.S. Smartphone Use in 2015, PEW RESEARCH CENTER (Apr. 1, 2015), http://wwwpewinternet.org/2015/04/01/us-smartphone-use-in-2015/).

[170]. Id. at 191.

[171]. Id.

[172]. See id.

[173]. Id. at 193.

[174]. Id. at 191-92.

[175]. Id. at 192.

[176]. Id. at 193.

[177]. Id. (quoting Klayman v. Obama, 957 F. Supp. 2d 1, supra note 150 at 39).

[178]. Id. (quoting City of Indianapolis v. Edmond, 531 U.S. 32, 42 (2000)).

[179]. Id.

[180]. Id.(noting that the program was not designed for detention and deterrence, which is a separate substantial governmental interest not raised in this case because, where secrecy is the hallmark of the program, “the deterrent value is effectively zero and its efficacy can only be measured by its ability to detect, and thereby prevent, terrorist attacks.”).

[181]. Id. at 194-95.

[182]. Id. at 195. [183]. Id. at 178.

[184]. Zakharov, supra note 67, at 41.

[185]. Id.

[186]. Id. at 57.

[187]. Id.

[188]. Id.

[189]. Id.

[190]. Id.

[191]. Id. at 57-58.

[192]. Id.

[193]. Id. at 64-65.

[194]. Id.

[195]. See Soldatov & Borogan supra note 48.

[196]. See NSA Prisim Program, supra note 4.

[197]. See Obama v. Klayman, 800 F.3d 559, supra note 150, at 561-64.

[198]. Setty, supra note 31, at 75.

[199]. Roman Zakharov, supra note 67,at 16.

[200]. Setty, supra note 31, at 82-83 (explaining the FISC’s opinions are often secret or are published in heavily redacted form).

[201]. Id.at 83.

[202]. Zakharov, supra note 67, at 13(for example, surveillance could be used against a target suspected of the relatively minor crime of pick-pocketing)..

[203]. USA Freedom Act of 2015, supra note 27, at § 101(b)(3)(F)(i-ii).

[204]. 50 U.S.C. §1881a(a) (2015). [205]. Zakharov, supra note 68, at 251.

[206]. 50 U.S.C. § 1861(a)(2)(A) (2012); see United States Intelligence Activities, 46 FR 59941, 59951 (Dec. 4, 1981).

[207]. 50 U.S.C. § 1861(g)(2)(A-C) (2012)(defining minimization procedures as (A) specific procedures that are reasonably designed in light of the purpose and technique of an order for the production of tangible things, to minimize the retention, and prohibit the dissemination, of nonpublicly available information concerning unconsenting United States persons consistent with the need of the United States to obtain, produce, and disseminate foreign intelligence information; (B) procedures that require that nonpublicly available information, which is not foreign intelligence information, as defined in § 101(e)(1) [50 U.S.C.§ 1801(e)(1)], shall not be disseminated in a manner that identifies any United States person, without such person’s consent, unless such person’s identity is necessary to understand foreign intelligence information or assess its importance; and (C), notwithstanding subparagraphs (A) and (B), procedures that allow for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes).

[208]. Marc Ambinder, Minimization: A Term You Need to Know, The Atlantic (Feb. 5, 2010), http://www.theatlantic.com/politics/archive/2010/02/minimization-a-term-you-need-to- know/35403/; See Also Spencer Ackerman, FBI Quietly Changes its Privacy Rules for Accessing NSA Data on Americans, The Guardian (Mar. 10, 2016, 5:32 PM EST), http://www.theguardian.com/us-news/2016/mar/08/fbi-changes-privacy-rules-accessing-nsa- prism-data.

[209]. Dan Roberts, NSA Analysts Deliberately Broke Rules to Spy on Americans, Agency Reveals, The Guardian (Aug. 23, 2013, 1:46 PM EST), http://www.theguardian.com/world/2013/aug/23/nsa-analysts-broke-rules-spy; see also Barton Gellman, NSA Broke Privacy Rules Thousands of Times Per Year, Audit Finds, Wash. Post (Aug. 15, 2013), https://www.washingtonpost.com/world/national-security/nsa-broke-privacy- rules-thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f- 49ddc7417125_story.html.

[210]. Benjamin Wittes & Sean Mirski, The NSA Documents: The 2011 Minimization Procedures, Lawfare Blog (Aug. 23, 2013, 10:13 AM), https://www.lawfareblog.com/nsa- documents-part-vi-2011-minimization-procedures. Minimization Procedures available at https://www.aclu.org/files/assets/minimization_procedures_used_by_nsa_in_connection_with_fi sa_sect_702.pdf.

[211]. Minimization Procedures, Id at § 3(b)(1).

[212]. See generally Id.

[213]. Zakharov supra note 67, at 14. [214]. Id. at 12.

[215]. Id. at 12-13.

[216]. Id.

[217]. Id. at 13.

[218]. Id. at 14.

[219]. Jonathan Stray, FAQ: What You Need to Know About the NSA’s Surveillance Programs, ProPublica (Aug. 5, 2013, 3:20 PM), https://www.propublica.org/article/nsa-data- collection-faq (citing Minimization Procedures at § 3(b)(1).

[220]. Zakharov, supra note 67, at 8.

[221]. Id. at 258, 275.

[222]. Setty, supra note 31, at 84 (citing Carol D. Leonnig, Court: Ability to police U.S. spying program limited, Wash. Post (Aug. 15, 2013), https://www.washingtonpost.com/politics/court-ability-to-police-us-spying-program- limited/2013/08/15/4a8c8c44-05cd-11e3-a07f-49ddc7417125_story.html. (quoting former Chief Judge of the FISC, Reggie B. Walton)).

[223]. Zakharov, supra note 67, at 46 (noting that disclosure of materials containing information about undercover agents or police informers or about the organization and tactics of operational-search measures may not be submitted to a reviewing judge; and that Russian judges are not required to verify the existence of a reasonable suspicion anyhow).

[224]. J.J. Green, NSA Surveillance ‘Hops’ Take a Step Back, WTOP (Feb. 5, 2015, 5:03 AM), http://wtop.com/national-security/2015/02/nsa-surveillance-hops-take-step-back/.

[225]. Id.

[226]. Zakharov, supra note 67, at 46.