•  
  •  
 

Abstract

This Article reveals interdependent legal and technical loopholes that the US intelligence community could use to circumvent constitutional and statutory safeguards for Americans. These loopholes involve the collection of Internet traffic on foreign territory, and leave Americans as unprotected as foreigners by current United States (US) surveillance laws. This Article will also describe how modern Internet protocols can be manipulated to deliberately divert American’s traffic abroad, where traffic can then be collected under a more permissive legal regime (Executive Order 12333) that is overseen solely by the executive branch of the US government. Although the media has reported on some of the techniques we describe, we cannot establish the extent to which these loopholes are exploited in practice. An actionable short-term remedy to these loopholes involves updating the antiquated legal definition of “electronic surveillance” in the Foreign Intelligence Surveillance Act (FISA), that has remained largely intact since 1978. In the long term, however, a fundamental reconsideration of established principles in US surveillance law is required, since these loopholes cannot be closed by technology alone. Legal issues that require reconsideration include the determination of applicable law by the geographical point of collection of network traffic, the lack of general constitutional or statutory protection for network-traffic collection before users are “intentionally targeted,” and the fact that constitutional protection under the Fourth Amendment is limited to “US persons” only. The combination of these three principles results in high vulnerability for Americans when the US intelligence community collects Americans’ network traffic abroad.