The question at the heart of the suit is: Does this constitute illegal wiretapping? A free tip if you ever want to pose as an online privacy expert: For basically any question about how the Electronic Communications Privacy Act applies to the Internet, the correct answer is “It’s complicated, and the law is unclear.” Still, being a little fuzzy on the technical details of how Paxfire and the ISP accomplished this, I thought about what the end result of this was without focusing too much on how the result was arrived at. The upshot is that Paxfire (if we take their description of their practices at their word) only ends up logging a small subset of terms submitted via address bars, which are at least plausibly regarded as user attempts to specify addressing information, not communications content. In other words, I basically treated the network as a black box and thought about the question in terms of user intent: If someone who punches “apple” into their search bar is almost always trying to tell their ISP to take them to Apple’s website, that’s addressing information, which ISPs have a good deal of latitude to share with anyone but the government under federal law. And it can’t be wiretapping to route the communication through Paxfire, because that’s how the Internet works: Your ISP sends your packets through a series of intermediary networks owned by other companies and entities, and their computers obviously need to look at the addressing information on those packets in order to deliver them to the right address. So on a first pass, it sounded like they were probably clear legally.

Now I think that’s likely wrong. My mistake was in not thinking clearly enough about the mechanics. Because, of course, neither your ISP nor Paxfire see what you type into your address bar; they see specific packets transmitted to them by your browser. And it turns out that the way they pull out the terms you’ve entered in a search bar is, in effect, by opening a lot of envelopes addressed to somebody else.

Some quick Internet 101: When you type “apple.com” into your address bar, your browser first checks with your ISP (or, if you’re a techie, maybe with some other Domain Name System server you’ve specified) to look up the computer-friendly numerical address corresponding to the human-friendly URL. Then the browser sends a GET request—basically just a packet saying “give me this page please”—to the IP address of the machine where it think apple.com lives. But if you just type “apple” into a lot of modern browsers, then depending on their settings, they may not pass that on to your ISP’s DNS server at all. Instead, the browser recognizes that you’ve entered something that isn’t formatted like a URL, and sends a packet straight to your default search engine, whose content is “please give me a page of results for the search term apple.” That’s annoying to the ISP, because it means they get cut out of an opportunity to monetize your eyeballs by (for instance) charging Apple to send you straight there, or delivering you their own search results (with their own ads).

According to some network researchers who explained their findings at EFF’s site, here’s how Paxfire and some of its ISP partners have apparently solved the “problem.” When your browser goes to look up the IP address of your default search engine—that is, when it asks your ISP’s domain name server where it can find “Bing.com” or “Google.com”—the ISP just systematically lies. It tells your browser that one of Paxfire’s servers is really Google.* Paxfire then acts as an invisible proxy, or “man in the middle”: It looks at the request your browser was trying to submit to Google, and in most cases resubmits the identical request to Google itself, then passes along Google’s response without logging anything. An ordinary user wouldn’t notice that Paxfire had been involved at all. But! When their servers see a search that was both originated from a browser’s address bar (the search parameters apparently reveal this) and matches their list of trademarked terms, they’ll log the query and instead return their own page.

The crucial point here is that by the time the packet gets to Paxfire, it’s no longer ambiguous whether “apple” was supposed to be an address or a search term. By the time it gets to Paxfire, “apple” is the content of a message addressed to Google, which reads “please send me search results for apple, and by the way, I’m asking from a Firefox address bar.” The mechanics are opaque to the average user, but Paxfire is in effect combing through all these messages to find the ones that maybe, possibly, perchance the user really meant to be an address rather than a search request, because they don’t really understand how their browsers work. And thaaats kinda wiretappy.

Except, of course, it’s still complicated. If an ordinary citizen taps your phone or your Internet connection, they’re guilty of wiretapping (a felony, for those keeping score at home) the instant they “acquire” the communication, regardless of what they do with it. If I rig your computer to send me copies of all your emails (without your consent), it makes no difference whether I ever read any of them or use them for any purpose. If, for some bizarre reason, I’ve done this and then set my system set to automatically erase the e-mails upon receipt, I’m still equally guilty of illegal “interception” of your communications. (It’s a separate offense to “use” or “disclose” communications that have been illegally intercepted.) The crime occurs at the instant of acquisition.

The rules are different for telecom companies, because the only way to have communications on a packet switched network is for various intermediaries to “acquire” your communications in order to pass them along. So the Wiretap Act’s definition of “interception” explicitly excludes acquisition by a provider’s computers in the “ordinary course of business.” It’s a separate offense for the provider to “divulge” the contents of a communication to any third party, and here there’s no loose “ordinary course of business” exception. Third-party disclosure is allowed when it’s a “necessary incident” of providing the communications service, or when the contents are passed to an entity whose facilities are used to forward the communication to its intended recipient, or with the consent of one of the parties to the communication. (There are a bunch of other exceptions, but they’re not relevant here.) The interesting wrinkle here is that while for most of us, it’s simple to determine when we’ve “intercepted” a communication, for telecom providers it’s kind of complicated: Unlike the rest of us, they’re allowed to acquire and disclose other people’s communications in the ordinary course of business, so whether an illegal interception has occurred doesn’t just depend on where the data goes, but on what they’re doing with it, and why.

Unsurprisingly, Paxfire’s reply to the suit against them seeks to invoke the “ordinary course of business” exception, among other arguments. Exactly what qualifies as the “ordinary course of business” in this rapidly changing industry is an open question, and circuit court rulings are all over the map, with none directly on point. If that were what we had to assess, I might say flip a coin. But the standard for “divulging” to third parties is more stringent—which makes sense, when you think about it. The law essentially gives providers more leeway in deciding what kinds of internal monitoring or processing are necessary, but sets a higher bar for disclosure to others.

Claiming that redirection of search traffic to Paxfire is a “necessary incident” of service seems like a nonstarter. The more obvious out for the ISPs here is 18 U.S.C. 2511(3)(b)(iii), authorizing disclosure to a person whose facilities are used to forward the message. But a little common sense is needed here: Anyone eavesdropping on a realtime packet-switched communication would normally forward the intercepted packets to their intended recipients. We can’t read this as a sort of blanket loophole for wiretapping executed as a man-in-the-middle attack.

What seems dispositive here is that, while Paxfire is ultimately forwarding most query packets to their intended recipients, ISPs aren’t routing traffic through Paxfire as a means of getting it to the intended recipient, Google. The more direct way to achieve that would be not lying to our browsers when they ask for Google’s IP address, and letting our requests go through normally. Rather, the only rationale for routing the traffic to Paxfire is what they do other than the normal routing and forwarding Internet switches do. The only difference Paxfire makes is that it sometimes doesn’t just forward packets to their intended recipients in the normal way, but sends the user to some affiliate’s page instead. It would make a kind of nonsense of the statute to apply the forwarding exception to these circumstances.

Perhaps counterintuitively, it’s not nearly as clear that Paxfire itself falls on the wrong side of the law here, because a court might well regard their actions as covered by the telecom provider’s “ordinary course of business” restriction on the statutory definition on “interception.” If everyone whose traffic was routed through Paxfire had clearly given informed consent to the filtering and occasional rerouting of their search queries, what Paxfire’s doing would clearly be legal, and one could argue it’s really the ISP’s problem to ensure they’re allowed to pass along the traffic they do.

That, of course, brings us back to the crucial question of consent. All of this is moot if the ISPs had the informed consent of their subscribers to do this. Paxfire says they all did, pointing to privacy policies like this one on RCN’s website. But it’s not clear that this does or should meet the relatively high standard for consent to interception under the Wiretap Act. Congress clearly wanted to establish a pretty strong presumption against the interception of communications content. In this case, that means that when monitoring or disclosure go beyond the “ordinary course” and “necessary incident” exceptions, it seems appropriate to demand that each individual whose communications are intercepted have actual, specific, effective notice that their communications are subject to interception. In considering a case involving workplace monitoring of an employee’s personal calls, the 11th Circuit gave an indication of the stringency of the consent requirement:

It is clear, to start with, that Watkins did not actually consent to interception of this particular call. Furthermore, she did not consent to a policy of general monitoring. She consented to a policy of monitoring sales calls but not personal calls. This consent included the inadvertent interception of a personal call, but only for as long as necessary to determine the nature of the call. So, if Little’s interception went beyond the point necessary to determine the nature of the call, it went beyond the scope of Watkins’ actual consent.

Consent under title III is not to be cavalierly implied. Title III expresses a strong purpose to protect individual privacy by strictly limiting the occasions on which interception may lawfully take place.

Your mileage may differ, but that sounds hard to square with the claim that “consent” exists for each user provided that whichever member of the household pays the bills checked a box next to a link to a dozen pages of dense legal boilerplate, which studies suggest nobody actually reads. Title III, after all, is to a substantial extent a regulation of telecom operators themselves—which means it would be contrary to the purpose of the statute to let them so easily disclaim liability, and to pile broad new exceptions atop the detailed list Congress created.

The key point to bear in mind here is that the strong statutory presumption against interception is of enormous benefit to the providers. People normally don’t scrutinize the legal boilerplate on ISP privacy policies, I want to suggest, because they take for granted that wiretapping is illegal, and that ISPs will not, in fact, routinely allow marketers to sift through the contents of their private communications. If users and customers had to fear that a communications provider was likely to assert the right to do this, based on item D(3) on page 12… a lot of providers would lose a hell of a lot of business, because most people don’t want to have to get a JD in order to be able to feel confident they can communicate securely. I know some of my libertarian friends will say it would be better if everyone did have to pay close attention to all these clickwrap contracts, but in the world we currently live in, people do rely on the strong statutory default prohibiting interception and disclosure. Providers whose business depends pretty heavily on consumer expectations of a strong default shouldn’t be allowed to turn around and assert that the default is actually so weak as to be almost trivially overcome when it might permit them to rake in a few extra bucks on the side.

* Actually, they’ve apparently stopped proxying Google specifically, but roll with me for illustrative purposes.

So, for instance, maybe I’m having a beer with a couple neighbors on my porch, a bunch of other folks are across town where a BBQ I plan to swing by later is getting into gear, and another friend is stuck in a hotel room in the Midwest on a reporting trip and doesn’t want to totally miss out. Most of us are probably talking to our co-located people, but the experience is shared without anyone having to retreat from socialization to tap at their phones. If I want to know when a critical mass of folks I know have arrived at the BBQ, there’s no need to keep checking Twitter, and no need for them to go out of their way to announce their arrival—I just notice out of the corner of my eye that folks are there and, hey, maybe it’s time to hop a bus over. Our friend in the hotel can do his work, but also perhaps welcome the occasional distraction as a friend walk by the Stargate and checks in. Could be a short-lived fad, but I think it could also be as socially normal, in the relatively near future, to have social gatherings connected by virtual windows as it is to text friends about what you’re doing.

(2) The feature most immediately likely to be useful is huddle, which facilitates more conventional text/IM style communication with a select group in a kind of mobile-friendly chat room—handy when you’re trying to coordinate plans with a dozen people.

I note though, that there may be some interesting side effects of integrating virtual social networks more closely into actual socialization. With social circles—as opposed to Circles—the boundaries are fuzzy and ad-hoc. Even among a somewhat well-defined group of friends, it’s always somewhat a matter of happenstance which particular subsets of people end up communicating and making plans on any given day. A person may gradually drift out of touch with once circle and into another in a gradual and almost imperceptible way, ideally with no hard feelings on either side.

Making it technologically easy to communicate with groups means that, for activities involving more than a relative handful of people, that technology becomes more likely to be the default mechanism of interaction. Individuals will define their own Circles, but there will be a tendency toward convergence. But these aren’t fuzzy-bordered circles, they’re Circles in which membership is really an either-or. I wonder if we won’t find ourselves feeling the need to make uncomfortably explicit, conscious decisions about who’s in the “folks I meet for drinks after work” or “always invited to parties” group—which seems rather more freighted than the question of who happened to get asked to come out for a specific round of drinks or a particular party.. People, of course, don’t see which circles anyone else has included them in, but to the extent they’re the basis of actual group interaction, it should be readily apparent to everyone quickly enough who is and isn’t part of the conversation. I’m guessing this sets up some potential awkwardness as people figure out how to navigate all that.

(3) Finally, as Mike Masnick observes, some people are already worrying about a potential privacy “loophole” in G+: Items shared with one “circle” can, by default, easily be RE-shared by the members of that circle. I agree with Mike that it’s weird to treat this as some kind of disturbing privacy violation on Google’s part: After all, in general, everything we share with one set of friends might be shared by them with others. Something you say in conversation might be repeated; a photo you e-mail can be forwarded. Normally, the solution is to ensure that your friends know when you don’t want a specific bit of informatoin shouted to the four winds.

That said, a lot of privacy has more to do with ease of information sharing than whether it’spossible, and more to do with the clarity of norms than explicit prohibitions. Someone could copy the contents of a private e-mail (or, by hand, the contents of a private letter) and forward it to hundreds of friends. But that would be both effortful and rude. If I share a photo with my “Friends” circle, I realize they could save and reupload it if there’s not sharing functionality built in… but they’d have to be big jerks (and ergo probably not “Friends”) to make the effort to do so, in particular if I’ve signaled via my settings that I don’t expect these pictures to be more widely circulated.

It’s not a question of Google “violating my privacy,” which is the unhelpful frame of stories about social networks much of the time. But what Google can do is facilitate social signalling about the information norms we expect friends, peers, and colleagues to respect. On most Twitter clients, for instance, while you can always copy-and-paste text into a retweet, the one-click retweet button is inactive for tweets from locked accounts. Obviously, that doesn’t literally prevent anyone from sharing a message on a private feed—it just means it’s hard to do it thoughtlessly, and the very fact that you’ve got to take the unusual extra step of doing it manually reminds you that, hey, your friend doesn’t actually expect this stuff to be more widely distributed. Increasingly, I think, having “good privacy practices” as a social networking site isn’t going to be so much about what the site does with your information (important as that is), or even about the literal control they give you—since “control” over information in any really strong sense is always pretty chimerical—but how fluidly and organically they allow us to establish norms and articulate expectations about how our peers will use the information they have access to.

Perhaps the most obvious problem with balancing metaphors is that they suggest a relationship that is always, by necessity, zero sum: If one side rises, the other must fall in exact proportion. Also implicit in balancing talk is the idea that equilibrium is the ideal, and anything that upsets that balance is a change for the worse. That’s probably true if you’re walking a tightrope, but it clearly doesn’t hold in other cases. If you have a perfectly balanced investment portfolio and somebody gives you some shares of stock, the balance is upset (until you can shift some assets around), but you’re plainly better off—and would be better off even if for some reason you couldn’t trade off some of the stock to restore the optimal mix.

In my own area of study, the familiar trope of “balancing privacy and security” is a source of constant frustration to privacy advocates, because while there are clearly sometimes tradeoffs between the two, it often seems that the zero-sum rhetoric of “balancing” leads people to view them as always in conflict. This is, I suspect, the source of much of the psychological appeal of “security theater”: If we implicitly think of privacy and security as balanced on a scale, a loss of privacy is ipso facto a gain in security. It sounds silly when stated explicitly, but the power of frames is precisely that they shape our thinking without being stated explicitly.

There’s a deeper problem, though: Embedded in the idea of the scales is a picture of a process for arriving at sound decisions—which if the metaphor is sufficiently pervasive we may come to think of as the only method for making sound decisions. A scale is a machine for reducing diverse objects—or in the metaphor, interests and values—to a single shared dimension. You might have items as varied as toasters and giraffes on the opposing plates of the scale, but all the scale cares about—or all we care about when we employ it—is that they both have weight and mass. Every other difference between the items in the balance is irrelevant so long as they have this one shared property, this one dimension along which they intersect, which allows us to quantify each in terms of the other.

If you think about the cases in which we employ balancing rhetoric, though, it’s often unclear just what this shared dimension is supposed to be. Sometimes that implicit dimension seems to be the universal currency of happiness or utility—the ultimate good that more concrete values like privacy or utility are presumed to serve. But often the imaginary scales conjured by balancing talk conceal the fact that we don’t have a clear sense of what that shared dimension is supposed to be, what single quantity is supposed to serve as our standard for comparing such heterogenous goods. The jurist or political philosopher who assumes a scale—perhaps without realizing he’s doing so—may be rather like the economist in the old joke who begins by assuming a can opener.

Paradoxically, this may make disagreement seem more intractable than it really is. We often say that even when people are agreed on the facts, they may “assign different weights” to competing values, which if we really did have a single agreed upon scale or dimension along which to balance, could only be understood as some kind of irreducible brute preference.

The distortion is magnified if the values we hope to “weigh” are not just qualitatively different from each other, but internally plural or diverse. Legal scholar Dan Solove, for instance, argues forcefully that “privacy” is not a monolithic value defined by any singular essence, but a cluster concept defined instead by overlapping family resemblances. (The classic example from Wittgenstein is the idea of a “game,” instances of which range from football to chess to Myst to the unstructured pretend-play of Cops and Robbers.) In Solove’s schema, privacy encompasses an array of quite different interests: Colloquially speaking, we recognize that one’s privacy may be violated by physical intrusion on the seclusion of the home, by the disclosure of sensitive or embarrassing personal facts, by the denial of autonomy to make intimate medical or sexual decisions, by the mere knowledge that one’s actions (even one’s “public” actions) are being systematically monitored and recorded, by having one’s image (again, even an ordinary photograph snapped on a public street) plastered on billboards and television without one’s consent. The point is not, of course, that the law should forbid all these things; merely that we find it perfectly intelligible to describe each as, in some sense, an incursion on privacy.

Even bracketing the zero-sum framing problem, think about how squeezing all these dimensions of privacy on to a unidimensional metaphorical scale tends to flatten the debate, at least outside the context of the scholarly journals inhabited by folks like Solove. Obviously, we need to use shorthand terms like “privacy” and “security” to keep discussion manageable, but is it really especially illuminating to treat every proposed security measure as though its consequences can be reduced to quantity subtracted from an undifferentiated lump of privacy stuff, and a quantity added to a blob called security? The task of analysis is always aided when we can render heterogeneous interests more easily comparable by reducing them to some uniform measure, of course, but balance metaphors imply that we’ve already achieved this. This may be why so many legal opinions employing “balancing tests” feel so thin, and so many arguments about where to “strike the right balance” between competing values founder. The metaphor assumes a lot of analytic background work that hasn’t actually been done—and conceals the fact that it still needs to be.

First, if there’s anyone reading this who’s living with the kind of pain Bill writes about, the Rape, Abuse & Incest National Network (RAINN) has an anonymous online hotline that is designed to be absolutely confidential, and staffed by people specifically trained to help people work through the consequences of sexual abuse. It would be too glib to say that reaching out will help but lots of survivors who once felt as hopeless as Bill did have found that it did for them. It’s presumptuous to think one can judge what is too much for another person to endure, but it seems doubly tragic that Bill made his decision without at least trying to talk to someone first. I can’t pretend I’m able to imagine how insanely hard it must be to take that step, but given the alternative, I have to believe it’s worth the gamble even if the odds seems slim.

Second, I couldn’t help but link Bill’s own account of why he didn’t seek help to the more general work I do on privacy—and what we lose when it’s eroded. When we talk about all the ways we’re increasingly exposed in the modern era, we tend to focus on the harms that occur when private information is exposed to employers or neighbors or governments without our consent. Those are the visible harms. But there’s an invisible flip side that’s at least as serious: The harms that occur when people keep things that ought to be shared within an intimate circle bottled up, fearing the ease with which information shared once can spread beyond control. Knowing a few of Bill’s friends, I feel certain that there were people he could’ve reached out to who would have kept his confidence better than he believed. But as a more general point, it’s worth bearing in mind that some of the most acute costs of diminished privacy are the ones we never see—except, as in this case, when it’s too late: Not the harm inflicted by exposure, but by the silences exposure’s specter imposes.

Addendum: While Bill—for reasons of his own—declines to name his rapist, this sentence near the end jumped out at me: “[My parents] don’t understand that good and decent people exist all around us, ‘saved’ or not, and that evil and cruel people occupy a large percentage of their church.” That could mean a thousand things totally unrelated to the abuse he experienced, but I hope local police are at least asking questions. Because there are only so many contexts in which adult males are trusted to regularly spend time alone with very young children, and it’s hard to believe someone capable of raping a child only did it once.

It started with an open window. Stumbling from my bedroom in my typical bleary, pre-caffinated state Tuesday morning, I was befuddled to feel a blast of cold air blowing through a gaping living room window that I had no recollection of having opened the night before. But I shut it, shrugged, and proceeded to shower and dress. It was only a bit later, hunting about with increasing frustration for my wallet and shoulder bag—hadn’t I left them right on my desk chair?—that I noticed the depressing rectangle of pristine black lacquer in the thin patina of dust covering the base of my television stand. It was a precisely Playstation-sized rectangle. I could be quite certain of this because I had, until just a few hours earlier, been the owner of one.

I’d always taken a measure of comfort in my buiding’s position on the edge of a moderately busy traffic circle—exposed enough, I thought, to deter most prospective burglars. Unfortunately, the local power company had been doing some work—protracted far beyond the initial estimate—upgrading our electric hookup, with two unfortunate consequences. First, their digging had left a mound of packed dirt outside a window normally a bit too high for the average person to easily reach. Second, they’d stretched an enormous tarpaulin over the work area to guard against rain—with the side effect that anyone perched under the window on that mound of dirt could now take the time to force it open without making too much of a spectacle of themselves. So thank you, Pepco.

The police arrived and duly dusted for fingerprints, but I wasn’t holding out any hope of recovering anything until it occurred to me a few hours later that the PS3 is, after all, a network device with a unique MAC address—and a lot of the cool stuff you can do with it requires connecting it to a network. A little Googling and, sure enough, Sony has the capability, at the request of law enforcement, to flag a stolen system using the serial number (which I still had on the original box) and record the IP address from which it’s connected—even if the thieves (or an unwitting buyer) wipe the machine and try to create a new account. From there, you’re a mere subpoena away* from getting a physical address from the Internet Service Provider. The folks I spoke to at MPD hadn’t encountered this approach before—Sony doesn’t seem to advertise it too widely, perhaps because they’d prefer I just bought another PlayStation—but seemed willing to look into it. Which means, I suppose, that spending as much time as I do thinking about the ways people can be tracked online could wind up having some direct practical benefit.

Another trackable bit of tech the thieves made off with was the SmarTrip card in my wallet. It was only Wednesday morning that I got around to e-mailing the good folks at Metro to ask them to cancel my card and send a replacement. Might one of the crooks have tried to use it?—I wondered. Well, it turned out someone had—and Metro was able to tell me the precise minute that person swiped themselves in at the Van Ness station, and then swiped themselves out at the Shaw station. And come to think of it, didn’t I read just about a year ago that WMATA had gotten a grant to begin installing surveillance cameras on buses and at Metro stations? How many people could there be swiping in and out at those precise stations, at those precise times, on a Tuesday afternoon in November? A comparison of any footage that exists from the two Metro stations at the time the card was used could yield at least a fuzzy image of the person who used it—quite likely the burglar.

I passed all this information on to the police—though all along with that scene from The Big Lebowski playing in my head: “Oh sure, I’ll just check with the boys down at the crime lab… they got us working in shifts!” Police in Washington DC, after all, have plenty of more serious crimes to worry about. Still, there has been a recent spate of burglaries, car break-ins, and muggings in my neighborhood—and plenty of locals believe it’s one or two groups of people responsible for most of them. If their little spree continues, sooner or later they’re likely to break into a lighter sleeper’s home, at which point it’s not a great stretch to think someone might end up getting hurt. So I’m hoping they may decide that finding the culprits is worth more hassle than my isolated burglary alone would merit.

So there you have it. In part because I spend my days thinking about the creepy potential of modern surveillance technologies—and warning against the potential harms of going too far with them—I now find myself hoping the DC police are prepared to go further down that avenue than seems to be customary for a garden variety burglary. If it does manage to get my PS3 back, though, I’ll be willing to love Big Brother just this once.

* I originally wrote “a §2703(d) order away”—that’s the catchall provision covering non-content communications records, and requiring an application to a judge advancing “specific and articulable facts.” But on second thought, the only records the police would really need in practice—the device IP from Sony and the service address from the ISP—are classed as “basic subscriber records” under 18 USC §2703(c)(2), so a mere subpoena should suffice. If I wrote the laws, I’d probably actually want the higher standard to apply to much of that info because of the potential First Amendment implications of revealing the identities of anonymous speakers, though obviously in this case either would be readily met.

But like Monty Python’s Black Knight, some of those old arguments keep popping up — as evidenced by John Eastman’s contribution to the Cato Unbound roundtable on the digital surveillance state we held last month. So while the roundtable’s over, I thought it would be convenient to round up a compact version of the main arguments in one place, for the convenience of folks who might not want to slog through the many law review articles that have been written on the subject.

The touchstone for modern analysis of executive war powers is, by general consensus, the tripartite schema elaborated by Justice Jackson in his concurrence in the Youngstown steel seizure case :

1. When the President acts pursuant to an express or implied authorization of Congress, his authority is at its maximum, for it includes all that he possesses in his own right plus all that Congress can delegate. In these circumstances, and in these only, may he be said (for what it may be worth) to personify the federal sovereignty. If his act is held unconstitutional under these circumstances, it usually means that the Federal Government, as an undivided whole, lacks power….

2. When the President acts in absence of either a congressional grant or denial of authority, he can only rely upon his own independent powers, but there is a zone of twilight in which he and Congress may have concurrent authority, or in which its distribution is uncertain….

3. When the President takes measures incompatible with the expressed or implied will of Congress, his power is at its lowest ebb, for then he can rely only upon his own constitutional powers minus any constitutional powers of Congress over the matter…. Presidential claim to a power at once so conclusive and preclusive must be scrutinized with caution, for what is at stake is the equilibrium established by our constitutional system.

Using this as our starting point, it becomes clear that an analysis of the NSA program entails answering a series of distinct (though related) questions. First, we need to determine which level of the Youngstown schema applies. If we’re in Youngstown’s Category I, then the NSA program was illegal only if it exceeded the constitutional constraints on government surveillance established by the Fourth Amendment. If, on the other hand, we’re in Category III, a constitutionally permissible surveillance program might nevertheless be illegal. So I’ll consider three questions in turn: Did the NSA program violate federal statute? If so, does the statute trump whatever inherent power the president might enjoy as commander in chief in this context? Finally, does the program as it’s been publicly described violate the Fourth Amendment? An affirmative answer to either the first pair of questions or the third will entail that the NSA program was illegal.

The AUMF

The statutory question may seem like something of a no-brainer: The Foreign Intelligence Surveillance Act of 1978 states explicitly that its procedures establish the “exclusive means” by which domestic electronic surveillance for foreign intelligence purposes. In this case, the obvious answer is the right one. But the Justice Department has attempted to claim that Congress cleverly managed to repeal the “exclusive means” language without telling anyone about it back in 2001, when it passed the Authorization for the Use of Military Force against the perpetrators of the 9/11 attacks. Probably the most decisive demolition of that argument was offered by David Kris, who currently heads the National Security Division at the Department of Justice, but it’s worth reviewing briefly why this argument is so implausible.

The central problem with reliance on the AUMF is that FISA itself contains a provision providing a 15-day surveillance grace period following a declaration of war. As the legislative conference report explains, this was intended to provide time for Congress to consider whether any wartime modifications to the FISA structure were necessary. Plainly, then, Congress did not imagine or intend that a declaration of war (or “authorization of force”) would in itself implicitly loosen FISA’s fetters beyond that grace period.

Moreover, Congress has repeatedly amended FISA since the 9/11 attacks, both in the PATRIOT Act passed almost simultaneously with the AUMF, and in subsequent legislation over a period of years. As Glenn Greenwald recounted in his lead essay for the Cato roundtable, it has expanded government surveillance powers in a variety of ways, but none of these prior to the Protect America Act of 2007 (superseded by the FISA Amendments Act of 2008) approached the breadth of the NSA program, and even these establish at least a modicum of judicial oversight, however inadequate. Again, this history sits uneasily with the premise that Congress understood itself to have authorized such broad domestic surveillance when it passed the AUMF.

Indeed, as former Senate Majority Leader Tom Daschle explained in a Washington Post op-ed shortly after the revelation of the warrantless wiretap program, the Senate explicitly rejected language sought by the White House that would have extended the authorization to actions within the United States. Then–Attorney General Alberto Gonzales has publicly acknowledged that the Bush Administration contemplated asking for a more specific amendment to FISA authorizing something like the NSA program, but concluded that it would be “difficult, if not impossible.” We are being asked to believe, in other words, that Congress intended to implicitly grant authority that the administration was certain would be refused had it been requested overtly. It is, as Justice Frankfurter put it in Youngstown, “quite impossible… to find secreted in the interstices of legislation the very grant of power which Congress consciously withheld.”

Basic principles of statutory construction disfavor inferring implicit repeal of specific statutory language from more general authorizations, except in the face of “overwhelming evidence” of congressional intent—and the Court has accordingly rejected parallel arguments in several recent War on Terror cases, as in Hamdan v. Rumsfeld, where the court found “nothing in the text or legislative history of the AUMF even hinting that Congress intended to expand or alter the authorization” for military commissions spelled out in the Uniform Code of Military Justice.

The evidence here is indeed overwhelming, but it uniformly cuts against the fanciful proposition that Congress somehow enacted a kind of sub silentio repeal of FISA. I’m inclined to assume this argument was offered primarily because of an understandable reluctance to rely entirely on a radical theory of inherent and preclusive executive powers, to which I turn next.

The President’s Inherent Authority

The first thing to observe with respect to claims of inherent executive authority here is that if we exclude non-binding dicta, the evidence for a constitutional power to conduct warrantless domestic surveillance for foreign intelligence purposes is almost wholly negative. That is to say, it turns on inferences from questions the Supreme Court has declined to directly address rather than on its affirmative holdings. As we’ll see, this is a thin reed on which to hang ambitious claims.

Consider, for instance, the so-called Keith case. In addressing the scope of presidential power to authorize warrantless surveillance against domestic national security threats, the majority noted that they had “not addressed, and express no opinion as to, the issues which may be involved with respect to activities of foreign powers or their agents.” But in that very case, the unanimous majority held that a warrant was required in cases involving domestic national security threats, resolving a lacuna expressed in very similar language in a footnote to a previous ruling involving wiretaps:

Whether safeguards other than prior authorization by a magistrate would satisfy the Fourth Amendment in a situation involving the national security is a question not presented by this case.

The arguments deployed against unchecked executive discretion in Keith clearly have substantial cross-application to the War on Terror, which in many respects bears as much resemblance to those domestic threats as it does to traditional nation state–sponsored espionage and warfare. It will suffice to note, however, that declining to foreclose a power because the fact pattern under consideration provided no occasion to consider the distinct issues involved, as the Court did in both Katz and Keith, is not at all the same as affirmatively asserting it, let alone defining its scope—a point to which I’ll return in the next section.

Nevertheless, let’s suppose arguendo that there is some such inherent power, whether broad or narrow. Eastman and other defenders of the NSA program stil err in conflating inherent power with preclusive or indefeasible power. As a simple conceptual matter, this cannot be right, or else the third Youngstown category would collapse into the second: If all “inherent” presidential powers were per se immune to Congressional limitation, Category III would be superfluous, since it would never yield a result different from analysis under Category II.

Fortunately, we need not restrict ourselves to conceptual analysis, because precedent and practice both speak directly to the question, and both support robust legislative power to constrain even those presidential powers grounded in Article II. The legislature has, from the founding era on, assumed that its Article I power to make “rules for the government of the land and naval forces” enabled it to cabin the discretion of the commander in chief, often in frankly picayune ways, by establishing general rules limiting the conduct of a conflict. Prior to the Truman administration there was little indication that presidents saw this as encroaching upon sacrosanct executive prerogatives. Even Lincoln—probably the most obvious early example of a wartime president acting without or contrary to statutory authority—did not claim some general constitutional power to defy Congress. Rather, he argued that when hostilities commenced during a congressional recess, he had acted as he thought necessary given the impracticality of securing advance approval, while acknowledging that it fell to the legislature to ratify or overrule his judgment once it reconvened.

In the few cases where the Supreme Court has had occasion to rule on the scope of executive power at “lowest ebb,” it has repeatedly confirmed that federal law binds the president even in war. In Little v. Barreme, during a conflict with France, the Court found that a specific Congressional authorization for the seizure of ships bound to French ports rendered invalid an executive order that also permitted seizure of ships bound from those ports. And this was so, the Court noted, even though the president’s own commander-in-chief powers would have permitted him this discretion had Congress not spoken. Since the inauguration of the War on Terror, the Court has reaffirmed the validity of such statutory limits on executive discretion, as in Hamdan. Bush’s own Office of Legal Counsel ultimately repudiated a series of memos, penned by John Yoo, that had relied on a more expansive conception of executive power to justify the administration’s War on Terror programs, concluding that they were “not supported by convincing reasoning.”

There is, by general consensus, some “preclusive core” to the executive’s commander-in-chief authority. This includes, at the least, a prerogative of “superintendence”: Congress could not appoint Nancy Pelosi commander of U.S. forces in Afghanistan and forbid the president to remove her. Most commentators see it as similarly foreclosing efforts to achieve the same end by a series of micromanagerial statutes commanding specific tactics be employed at particular times. But the notion that this preclusive core encompasses discretion to unilaterally disregard a general statutory framework governing protracted electronic surveillance of U.S. persons on American soil is simply insupportable in the face of both history and precedent. The argument is, if anything, more absurd when it comes to the government’s illegal acquisition the statutorily protected calling records of tens of millions of Americans, the vast majority of whom obviously have no ties to terrorism or Al Qaeda. Attempts to stitch together a countervailing line from desultory snatches of language about the president’s role as “sole organ” in foreign affairs are entertaining as a sort of exercise in experimental Burroughsian cut-up narrative, but as legal analysis they seem pretty desperate.

The Fourth Amendment

Finally, we turn to the Fourth Amendment. I will, for the most part, consider how the Fourth Amendment applies to the NSA surveillance program prior to the 2008 passage of the FISA Amendments Act.

As Eastman notes, while in most contexts the prohibition on “unreasonable searches and seizures” requires surveillance to be authorized by a probable cause warrant based on individualized suspicion, there are a variety of circumstances in which warrantless searches may nevertheless be reasonable. While this is not the place to conduct a detailed survey of such “special needs” exemptions, such exceptions tend to involve cases in which the subjects of the search are already understood to enjoy a diminished expectation of privacy (students in school), where the searches are standardized and minimally intrusive, where the targets are in a position to raise challenges before a neutral magistrate if necessary, and where prior court authorization would be highly impractical. No exception that I am aware of can plausibly be stretched so far as to permit sustained, discretionary, warrantless electronic surveillance of members of the general population—a method recognized to be so intrusive that in the criminal context, federal statute requires investigators to meet a higher standard than applies to ordinary physical search warrants.

It’s worth noting in passing that the existence of the statutory FISA framework is at least arguably relevant to the Fourth Amendment analysis here. What measures are “reasonable” will often depend on context, and upon the available alternatives: The use of lethal force in self-defense might be found reasonable as a last resort, but not when the victim has an easy avenue of escape or a taser handy. Similarly, if the only alternative to conventional criminal courts were warrantless surveillance—if Congress had made no provision for a highly secretive court to consider classified applications under secure conditions, with ample flexibility in cases of emergency—one might be more inclined to sympathize with some degree of executive improvisation. In light of the elaborate mechanisms Congress has provided, an appeal to impracticality is considerably less compelling.

But let’s bracket that for the moment, and again suppose for the sake of argument that the president has some inherent authority to conduct warrantless domestic wartime surveillance. Let’s further assume away any statutory problems. Can the NSA program be squared with the Fourth Amendment injunction that searches be reasonable, based on what little we know of it? It seems highly unlikely.

Multiple accounts suggest that the NSA program involved algorithmic selection of surveillance targets, possibly triggered by keywords within the communications themselves, almost certainly based on pattern analysis of calling records or other transactional data. The result, according to the Bush administration, was that the international communications of approximately 500 persons within the U.S. were being intercepted at any given time. Since the program operated for several years, both before and after being disclosed, a conservative estimate would place the total number of persons subject to surveillance in the thousands, and most likely in the tens of thousands.

What did all this spying yield? In 2006, under the headline “Surveillance Net Yields Few Suspects,” the Washington Post reported:

Fewer than 10 U.S. citizens or residents a year, according to an authoritative account, have aroused enough suspicion during warrantless eavesdropping to justify interception of their domestic calls, as well.

Nearly all the “leads” produced by the program appear to have been dead ends. Indeed, despite the assurances of the Bush administration that the NSA program had saved thousands of lives, a postmortem review by the intelligence community’s Inspectors General found that officials they spoke to “had difficulty citing specific instances where [NSA program] reporting had directly contributed to counterterrorism successes,” though a classified version of the report apparently cites a handful of instances in which the program “may have contributed.”

As a point of reference, the government’s reporting suggests that under criminal wiretap orders, about 30 percent of intercepted communications contain incriminating content. Since “minimization” of innocent communications is necessarily imperfect, and since even the most hardened criminals presumably spend most of their time conversing about more mundane matters, the number of targets engaged in at least some incriminating communication is clearly far higher. That’s what one would expect when evidence establishing “probable cause” must justify surveillance—and Bush officials have claimed the NSA program’s targeting met the same standards. The evidence suggests otherwise.

I’m happy to grant that we should accept a somewhat lower “hit rate” when interception is geared toward protecting the nation from major terror attacks. But if the requirement that searches be “reasonable” is not to be rendered completely vacuous, or totally severed from even a diluted standard of “probable cause,” there must be some substantive test of whether such highly intrusive techniques are actually in service of that vital state interest. It cannot possibly be enough to simply observe that the president has uttered the magical incantation “war on terror.” And it cannot possibly be enough that a program involving interception of the private conversations of thousands or tens of thousands of U.S. persons “may have contributed” to a handful of successful investigations. The question is closer with respect to post-FISAAA programs of interception, which are at least subject to some modicum of independent oversight, but unless we have gotten vastly better at sifting the guilty from the innocent, grave constitutional doubts should remain.