Privacy Lawsuit Exposes Nonprofits’ NSA Concerns
January 31, 2014 Zach Halper
When the revelations about the National Security Agency’s (NSA) surveillance programs came to light last year, it wasn’t just ordinary Americans who were concerned. Many nonprofit leaders were worried about the effect these programs would have on their organizations. Rather than waiting around to see what might happen, 22 organizations joined together and went to court. Represented by the Electronic Frontier Foundation (EFF), these 22 nonprofits are at the center of First Unitarian Church of Los Angeles v. NSA. Filed in the U.S. District Court in San Francisco, Calif., the goal is straightforward -- to force the NSA to stop the sweeping surveillance program on the grounds that it violates organizations’ right to association. Specifically, the lawsuit points to a 1958 U.S. Supreme Court ruling that “Inviolability of privacy in group association may in many circumstances be indispensable to preservation of freedom of association, particularly where a group espouses dissident beliefs.” The NSA did not immediately respond when asked for comment but, in a motion filed Dec. 6, the government asked that the case be dismissed because “The Court lacks subject matter jurisdiction with respect to Plaintiffs’ claim that the Government’s alleged conduct exceeds its statutory authority under the Foreign Intelligence Surveillance Act because such a claim is precluded by statute.” Cindy Cohn, who represents the 22 organizations and is the legal director at EFF, said that the government’s motion to dismiss the case was due on December 6, with the response from the court due in last month. There had not been a ruling as The NonProfit Times went to press. If that motion gets rejected, the first hearing in the case would not be until some time in April. The assigned judge is moving his chambers from San Francisco to Oakland and needs the time to relocate. Rather than argue the case on the basis of the Fourth Amendment, which prohibits searches and seizures without a warrant, Cohn thought she would have the best shot by highlighting the NSA’s surveillance effect on the First Amendment right to association. “I wanted to make the point that the First Amendment doesn’t take sides about who or what you are associating with,” she said. Cohn filed the first class-action case against telecommunication providers to stop warrant-less wiretapping in 2006, Hepting v. AT&T. In June of 2009, a federal judge dismissed Hepting and dozens of other lawsuits against telecoms, ruling that the companies had immunity from liability under the controversial FISA Amendments Act (FISAAA). Cohen is more hopeful this case will be upheld, though, as she believes the justification the NSA is using does not hold up. The NSA points to Section 215 of the PATRIOT Act to justify the program, but Cohn explained that that statute doesn’t address the government’s right to undergo a mass surveillance program. “Hepting was dismissed because Congress passed a law that specifically gave retroactive immunity to telecommunication companies,” she explained. “I don’t think [the case is likely to be thrown out] in the current political climate. It was also dismissed in part because we still had a cause of action against the government -- only the telecommunications companies were let off the hook.” In addition to this line of reasoning, Cohn pointed to the 1958 U.S. Supreme Court decision in NAACP v. Alabama as another element of the case. The State of Alabama tried to prevent the NAACP from conducting business in the state. After the Circuit Court issued a restraining order, the state issued a subpoena for various records, including the NAACP’s membership lists. The case eventually went to the U.S. Supreme Court, which ruled that it would violate the First Amendment for the NAACP to have to turn over its membership lists in litigation. Another reason for her optimism is that, now that the government has admitted to the existence of a surveillance program, nonprofits know that records are being collected. “The key to this case is understanding that in the past, challenges that were filed were thrown out because parties couldn’t show there was a clear injury,” said Berin Szoka CEO of TechFreedom, one of the organizations involved in the suit. “Now that we actually know what’s happening, we have a much stronger argument.” Richard Esguerra, development director at EFF, said that the NSA’s surveillance program “sets a dangerous precedent” and pointed out that many of the organization’s members have voiced concern about whether they could be at risk of being spied on because of EFF’s activism. “If people have the impression that they are being watched by an authority, it changes what people think they are at liberty to say,” Esguerra said. Indeed, all 22 nonprofits involved in the suit point to a “chilling effect” that the NSA’s surveillance could have on their missions. Mark Flogel, interim research director at Greenpeace in Washington, D.C., said the organization joined the suit not long after being approached by EFF. He said it was a “no-brainer” decision since Greenpeace has attracted a lot of “undue government interest over the years.” Greenpeace is an environmental advocacy group and its members have sometimes been branded as “terrorists” for the actions they take to protect the environment. Flogel mentioned a number of instances where he believed that government took extreme action against the organization, including one incident cited in a 2010 report by the U.S. Department of Justice. The Inspector General detailed a number of Federal Bureau of Investigation (FBI) cases that were improperly held open, including one involving Greenpeace. During the mid-2000s, the FBI opened a probe of Greenpeace on the belief that the organization might disrupt Exxon’s shareholder meeting. The investigation was open for three years and, while nothing came of it, there was never any explanation as to what the investigation pertained. Because of incidents like this, combined with the reports about the NSA’s surveillance, Flogel said Greenpeace officials felt compelled to join First Unitarian v. NSA. “If people think their government is going to start monitoring their communications, it may prevent them from taking action,” said Flogel. He added that NSA’s actions are “striking at the core” of Greenpeace’s support and credibility. This point was expanded on further in Greenpeace’s plaintiff declaration in which the organization’s staff attorney, Deepa Padmanabha, wrote that Greenpeace members engage in telephone and email communications on a daily basis. As a result, Padmanabha wrote that the collection of phone records by the NSA has resulted in “membership withdrawal, and/or discouragement of new members” in addition to other chilling effects. Padmanabha also mentioned a 1992 report in the London Observer in which British Intelligence officials revealed that NSA agents used the word “Greenpeace” as a keyword to intercept communications. Flogel admitted that it’s hard to say exactly how many donors or supporters they might have lost due to the NSA’s surveillance programs, and he declined to suggest any specific number. The mere fact that these programs are known to exist would be enough to stop supporters from making phone calls or signing petitions. “It’s reasonable for us to assume that anything we say on a call will be intercepted by the NSA,” said Flogel. Flogel’s concerns were exactly the reason TechFreedom’s board voted unanimously to join EFF’s lawsuit. The Washington, D.C.-based organization, which advocates for issues such as ‘Net Neutrality, uses Verizon for business and personal purposes. The telecommunications giant is one of the companies that was reported to have been handing over phone records to the NSA and, because of that, Szoka said his organization’s mission has been hindered. “Since the disclosure of the Associational Tracking Program, we have lost the ability to assure policymakers, journalists, thought leaders, civil society allies, and our donors, that the fact of their communications to and with us will be kept confidential,” said Szoka. Like Greenpeace’s former interactions with the government, Szoka also speaks from experience when worrying about chilling effects from government intervention. The Progress and Freedom Foundation (PFF), a now-defunct digital think tank run in part by Szoka, was the subject of a three-year investigation by the Internal Revenue Service (IRS) because of a college course it funded taught by then-Speaker of the House Newt Gingrich. It was thought that the organization had violated its tax-exempt status by engaging in “electoral politics.” While the investigation eventually found that PFF had broken no rules and that the course was educational in nature, Szoka said the damage was done. “Combined with speculation that the investigation was itself politically motivated, this experience further chilled PFF’s ability to exercise its free speech rights within the confines of its tax-exempt status by causing its future employees to be excessively cautious about engaging legitimate questions of tax law or that might raise the ire of those in a position to launch another such investigation,” he explained. Szoka also expressed concern about the surveillance’s effect on TechFreedom’s relationships with policymakers. If, for example, he spoke with a policymaker shortly before that individual changed his view to align closer with TechFeedom, it could be safely assumed the organization had some influence over the decision. Szoka is concerned a similar fate will befall TechFreedom. Much like Flogel, Szoka can’t say exactly how many supporters the organization lost and that, he said, is troublesome for nonprofits. “[Losing supporters] is definitely the kind of loss nonprofits can suffer here. The difficulty is we would never really know how many we lost.” As the 22 nonprofits involved in First Unitarian Church v. NSA await their day in court, there was a common thread among the organizations involved: There’s only so much you can do on your own to ensure the privacy of your donors. “Any organization that uses a traditional communication provider is going to have its records collected,” explained Szoka. “Even if you ran your own cloud or stored your emails, it’s still by no means clear that the government can’t gain access to those.” While saying they try to be as state-of-the art as they can when it comes to protecting information from intrusion, Greenpeace’s Flogel admitted that at a certain point, the amount of privacy technology you would need to use to prevent communications from being traced would be “ridiculous.” “We are an open organization, and we have a philosophical problem with preventing people from knowing what we are doing,” he explained. At the same time, Flogel said they have taken every step to make sure their donors’ information is as secure as possible. “My information is much more exposed than [our donors’].” While there might not be much you can do to ensure donors are not being monitored, EFF’s Esguerra said there are simple steps you can take to make them feel more secure on your website. For example, he recommended using Hypertext Transfer Protocol Secure (HTTPS) on all sections of your website. This allows for secure communication and is typically used in online stores to ensure credit card and contact information is encrypted. Even without the threat of NSA surveillance, Esguerra said this is a good idea just to prevent casual snooping from hackers. Technology such as the Onion Router, which lets you browse or post things on the Web without it being traced back to you, is also worth exploring. But since the government has made clear investigators are looking at “multiple hops” from their target, there are no guarantees other than staying completely away from technology, something Cohn said some of her clients are doing. “It’s not whether you did anything that might warrant attention, it’s whether you talk to anyone who warrants government information,” she said. While organizations can and are taking action to get regulations on NSA activities increased, Cohn said the courtroom is the most likely place to get policy changed. The wheels are already in motion aside from EFF’s suit, as U.S. District Court Judge Richard Leon ruled on Dec. 16 that NSA surveillance “likely” violated the Fourth Amendment. “Nonprofits need to take this seriously, especially organizations that care about rule of law,” said Cohn NPT.