Document Type


Publication Date



Since June 2013, we have seen unprecedented security breaches and disclosures relating to American electronic surveillance. The nearly daily drip, and occasional gush, of once-secret policy and operational information makes it possible to analyze and understand National Security Agency activities, including the organizations and processes inside and outside the NSA that are supposed to safeguard American’s civil liberties as the agency goes about its intelligence gathering business. Some have suggested that what we have learned is that the NSA is running wild, lawlessly flouting legal constraints on its behavior. This assessment is unfair. In fact, the picture that emerges from both the Snowden and official disclosures is of an agency committed to legal compliance, although both minor and major noncompliance is nonetheless frequent. A large surveillance compliance apparatus is currently staffed by hundreds of people in both the executive and judicial branches. This infrastructure implements and enforces a complex system of rules, not flawlessly but with real attention and care. Where an authoritative lawgiver has announced rights or rights-protecting procedures, the compliance apparatus works—to real, though not perfect effect—to effectuate those rights and to follow those procedures. Of course errors, small and large, occur. But even if perfect compliance could be achieved, it is too paltry a goal. A good oversight system needs its institutions not just to support and enforce compliance but also to design good rules. Yet the offices that make up the NSA’s compliance system are nearly entirely compliance offices, not policy offices; they work to improve compliance with existing rules, but not to consider the pros and cons of more individually-protective rules and try to increase privacy or civil liberties where the cost of doing so is acceptable. The NSA and the administration in which it sits have thought of civil liberties and privacy only in compliance terms. That is, they have asked only “Can we (legally) do X?” and not “Should we do X?” This preference for the can question over the should question is part and parcel, I argue, of a phenomenon I label “intelligence legalism,” whose three crucial and simultaneous features are imposition of substantive rules given the status of law rather than policy; some limited court enforcement of those rules; and empowerment of lawyers. Intelligence legalism has been a useful corrective to the lawlessness that characterized surveillance prior to intelligence reform, in the late 1970s. But I argue that it gives systematically insufficient weight to individual liberty, and that its relentless focus on rights, and compliance, and law has obscured the absence of what should be an additional focus on interests, or balancing, or policy. More is needed; additional attention should be directed both within the NSA and by its overseers to surveillance policy, weighing the security gains from surveillance against the privacy and civil liberties risks and costs. That attention will not be a panacea, but it can play a useful role in filling the civil liberties gap intelligence legalism creates. Part I first traces the roots of intelligence legalism to the last generation of intelligence disclosures and resulting reform, in the late 1970s. Part I then goes on to detail the ways in which intelligence legalism is embedded in both the Foreign Intelligence Surveillance Act of 1978 (FISA) and Executive Order 12,333, which govern American intelligence practices, and why the result is a civil liberties gap. Part II discusses the ways in which NSA’s compliance and oversight institutions likewise embody intelligence legalism. I then move in Part III to some shortcomings of this system, and in particular the ways in which the law and NSA’s compliance regulations and infrastructure fall short of full civil liberties policy evaluation. In Part IV, I examine some of the many reforms that have recently been proposed, analyzing those that might fill that gap. In light of the existing institutional arrangements, I sketch some thoughts on how they could do so most effectively.