The Twelve Days of Surveillance

by Davis Wright Tremaine LLP

It seems like a new revelation about mass surveillance by the U.S. government and our allies occurs on an almost daily basis, each one more astounding than the last. Don’t be surprised if those jingling bells you hear on your roof next week are not St. Nick, but instead someone installing a covert listening device on your fiberoptic phone line.

So, just in time for holidays, here’s a musical summary of some of the most stunning surveillance disclosures, with citations to background material on each. Break out the eggnog and join us as we count down the Twelve Days of Surveillance.

On the first day of surveillance, my government took from me... the assurance my speech will be free.

We’re starting with this because it’s a little bit counterintuitive: what does free speech have to do with government surveillance? Well, the knowledge (or even suspicion) that you are being monitored may have a direct impact on your willingness to speak freely, especially on matters that might be controversial. It also impacts the freedom of association – that is, not just what you say, but to whom you say it. A recent survey of writers by the PEN American Center found that writers are already changing their behavior in disturbing ways based on their knowledge of the NSA’s bulk surveillance program. Similarly, the Electronic Freedom Foundation, in a filing in the First Unitarian Church of Los Angeles v. NSA case, presented numerous personal accounts of chilling effects of the NSA surveillance on the freedom of association.

On the second day of surveillance, my government took from me… a slew of metadata.

So far, this is the big one: The NSA has collected and stored data about virtually every telephone call made in the United States (and elsewhere) since late 2001. The story began to unfold publicly in 2005 with a report in the New York Times, followed by a report by USA Today the following year with more details. Confirmation of many details came with the release of classified documents by NSA whistleblower Edward J. Snowden. In June 2013, The Guardian released a document that demonstrated that the NSA is collecting “communication records of millions of US citizens. . . indiscriminately and in bulk”, and that this information includes “the numbers of both parties on a call” as well as “location data, call duration, unique identifiers, and the time and duration of all calls.” The scope of the data collection is staggering, and as the former general counsel of the NSA has said, “Metadata absolutely tells you everything about somebody’s life. If you have enough metadata you don’t really need content…. [It’s] sort of embarrassing how predictable we are as human beings.” (Probably also true of turtledoves, but the extent of avian surveillance remains unclear.)

On the third day of surveillance, my government took from me… addresses of my friends.

The Washington Post has reported that the NSA is collecting “millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans.” This means that “the NSA is gathering contact lists in large numbers that amount to a sizable fraction of the world’s e-mail and instant messaging accounts.” And it’s not just addresses – the New York Times has also revealed that the NSA has been “exploiting its huge collections of data to create sophisticated graphs of some Americans’ social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information.” So, whether your buddies include French Hens, German Hens, or Turkish Hens… it doesn’t really matter, the NSA knows.

On the fourth day of surveillance, my government took from me… scores of calling locations.

Well, not really “scores” – that just rhymes better with “four” calling birds (or is it colly birds?). Actually, the NSA collects five billion records per day on the location of cell phones worldwide, meaning that it is tracking the location of “hundreds of millions” of phones. The Washington Post reports that “The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones ‘incidentally’”. That word hasn’t been so fraught with meaning since a famous person once said: “Justice is incidental to law and order.” Who said that? J. Edgar Hoover.

On the fifth day of surveillance, my government took from me… my privacy.

‘Nuff said.

On the sixth day of surveillance, my government took from me… linked gamers playing.

On December 9 of this year, based on documents disclosed by Snowden, The New York Times, ProPublica and the Guardian reported that the NSA has conducted extensive surveillance within the massive multiplayer online role-playing games Second Life and World of Warcraft. In addition to collecting data and contents of communications between players, NSA employees also have created characters within the games to surveil other players.

On the seventh day of surveillance, my government took from me… upstream Internet traffic.

Wikipedia defines the Internet “backbone” as “principal data routes between large, strategically interconnected networks and core routers on the Internet” – in other words, just as it sounds, the backbone is the structure upon which our interconnected world is built. In 2006, an AT&T technician disclosed the existence of a “secure room” interception facility in San Francisco that the NSA was using to collect large amounts of telecommunications data, and there were suggestions that similar interception points existed elsewhere that allowed the collection of “upstream” Internet traffic. The NSA program called PRISM, revealed by Snowden documents in June 2013, allows the agency to collect stored Internet communications by making demands to Internet providers (e.g., Google, Yahoo!) for data matching FISA court-sanctioned search terms (individual warrants are not required), but in addition to this judicially-supervised process, the Washington Post has reported that NSA also has worked with providers to “install equipment that copies, scans and filters large amounts of the traffic that passes through” the backbone “[a]t key points along the U.S. Internet infrastructure”.  And that’s not all. In the most striking revelation, despite the programs just mentioned, in October it was revealed that the NSA has secretly tapped into the communications networks linking the companies’ respective data clouds: according to the report, the NSA “sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade. . . including ‘metadata,’ which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.”

On the eighth day of surveillance, my government took from me… an economy a growing.

The daily drumbeat of news about NSA surveillance has not been lost on the United States’ foreign trading partners. As the Wall Street Journal has reported, US telecom providers may face significant resistance to expansion in Europe because of the NSA fall-out. Concern over how they are viewed by foreign markets likely also played a role in the recent effort by Apple, Google, Microsoft, Facebook, Yahoo, LinkedIn, Twitter and AOL to challenge President Obama to rein in the NSA’s surveillance programs.

On the ninth day of surveillance, my government gave to me… adult activity shaming.

Shades of J. Edgar Hoover, again: On November 27, 2013, it was revealed that the NSA has been collecting “records of online sexual activity and evidence of visits to pornographic websites”, for use in “discrediting” people the NSA believes are “radicalizing others through incendiary speeches”. This apparently includes individuals other than those with clear ties to terrorist organizations, and might include American citizens (although all six examples in the leaked Snowden document that led to this revelation were outside the US).

On the tenth day of surveillance, my government took from me… security that is balanced.

A “necessary” evil? On December 11, 2013, NSA Director Keith Alexander told the Senate Judiciary Committee "there isn't a better way'' than conducting mass surveillance of telephone records, when the question is defense of the US against terror threats. Even assuming this is true, it is hardly the point:  While collecting data every call made by every person in the US may contribute to security of our country, this is no different than saying that by lowering the speed limit to 1 mph you could eliminate almost all traffic fatalities, or by outlawing all knives including kitchen cutlery you can reduce the number of stabbings. Is wholesale monitoring of our telephone and online behavior a price we are willing to pay for increased safety?

On the eleventh day of surveillance, my government gave to me… Google cookies tracking.

Well, it wouldn’t be Christmas without something about cookies, but in this case it’s a Naughty Santa Agency that is gobbling them up. Recent reports say that NSA is able to use Google ad tracking cookies to “single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer.” Ho Ho Ho!

On the twelfth day of surveillance, my government gave to me… hints that more is coming.

It’s not just the NSA that collects bulk data under the Patriot Act. Recently, the New York Time reported that the CIA uses the statute as its authorization to collect bulk data about foreign financial transactions, including those into and out of the United States. Ominously, the Times cited anonymous officials who indicated that other bulk collection program have yet to come to light.

But let’s end on a positive note. The recent pivot by major technology companies to begin putting public pressure on the US government to change its surveillance programs, the holding by a federal judge the bulk collection of telephone metadata is likely unconstitutional, and the recommendations by a presidential task force to substantially curtail the NSA surveillance programs, may indicate that the tide is turning. Let’s see what the New Year brings.

Happy Holidays!

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Written by:

Davis Wright Tremaine LLP

Davis Wright Tremaine LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.