A question our clients occasionally ask us is, “How do I know the government isn’t tapping my phone and listening to my conversations?”
For those asking this question who live in the United States, we have good news and bad news.
First, the Good News …
Unless you’re a suspected drug trafficker, the government probably isn’t tapping your phone. It turns out that only a small number of legally authorized wiretaps occur each year. According to Uncle Sam’s 2021 Wiretap Report, in 2021, federal and state courts issued 2,245 orders for the interception of wire, oral or electronic communication.
More good news – the number of wiretap requests is going down. The 2021 wiretap totals decreased 6% from 2020. Over the last decade, the drop in the number of wiretaps is even more remarkable. For instance, in 2012, US courts issued 3,395 wiretap orders.
The vast majority – nearly 90% – of wiretap applications cited drug trafficking as the offense supposedly justifying a wiretap. The most common location specified in applications was a “portable device, carried by/on an individual,” e.g., a cellular phone. This accounted for 94% of wiretaps authorized in 2021.
These statistics don’t include wiretaps made to gather intelligence-related information. In 2021, the Foreign Intelligence Surveillance Court (FISC), which is responsible for reviewing intelligence-related wiretap requests, authorized 318 national security and foreign intelligence related surveillance operations without modifications. Most of these applications were for wiretaps by the National Security Agency (NSA) or the FBI. For an FISC wiretap application to be approved, the government must demonstrate probable cause that the target is a “foreign power” or an “agent of a foreign power.”
The Court modified the orders sought in an additional 113 applications. And it denied four applications completely and 20 applications in part.
Even better news…the number of FISC-authorized wiretaps is falling even more quickly than the number of “ordinary” wiretaps. In 2020, the FISC received 579 such applications. It granted 404 orders, modified 138 other applications, partially denied 24 orders, and denied 13 applications altogether.
These statistics are even more remarkable when compared to a decade ago. In 2012, the FISC authorized 1,788 intelligence gathering operations; again, mostly wiretaps, up from 1,745 in 2011. And not a single application was turned down.
Should we be jumping up and down to celebrate the fact that Uncle Sam cares so much about our privacy that he no longer wants to listen in on our conversations?
In a word … no.
Now for the Bad News…
Unfortunately, the small number of wiretaps authorized, combined with the downward trend in wiretap applications, doesn’t mean our friends in the law enforcement and intelligence community are diligently protecting our privacy.
To begin with, wiretaps themselves are much more comprehensive than they once were. Instead of recording only what a particular suspect is saying, law enforcement and intelligence agencies now assemble transcripts of telephone conversations, e-mail messages, etc. into massive databases. Those databases can subsequently be queried for names, e-mail addresses, or keywords.
What’s more, it’s highly misleading to conclude that the government’s electronic surveillance is decreasing, despite the statistics we just mentioned.
Consider electronic surveillance authorized by the FISC, for example. In 2008, President George W. Bush signed off on a law called the FISA Amendments Act. (FISA stands for the “Foreign Intelligence Surveillance Act,” a law enacted in 1978 to regulate how the NSA and other intelligence agencies carry out surveillance operations.)
The most controversial provision of this law is Section 702. It gives the government broad authority to collect “foreign intelligence information” from domestic companies. This includes not only traditional internet service providers, but also companies like Amazon, Facebook, Google, and Netflix.
Section 702 requires the government to develop procedures to minimize data collected about US citizens or residents. But to the extent that data collected incidentally during surveillance of a foreign target implicates a US citizen or resident in a crime, law enforcement may use that data to prosecute them.
What’s more, under Section 702, the FISC has no role in reviewing surveillance against individual targets. It merely reviews the procedures that intelligence agencies plan to use and their efforts to reduce the amount of information collected on Americans.
Effectively, the FISC is approving thousands of surveillance warrants at a time. Once approved, the FISC’s only role is to intervene if the procedures set out in the law aren’t followed. And it turns out that in many cases, they aren’t.
This became evident in the FBI’s investigation of Carter Page, an advisor to Donald Trump during Trump’s successful bid to become president in 2016. That turned out to be the tip of the iceberg. Since then, it’s become apparent that the entire system is vulnerable to agents suppressing or overlooking evidence that tends to weaken their case when seeking permission for surveillance.
It gets worse. A great deal of FISA-related surveillance doesn’t involve wiretaps. Instead, investigators seek “metadata” – e.g., the number you called, how long a conversation lasted, and on what date you had it. Or in the context of e-mail, the “from” and “to” fields in a message, the message subject, the date the message was sent, and the IP addresses associated with the message.
This information can be highly revealing. When analyzed over time, metadata reveals who you’re closest to, who you work with, and the importance of the various connections you have to other people. Indeed, former Sun Microsystems engineer Susan Landau says, metadata “is much more intrusive than content.”
We can’t say for sure, but we suspect that despite the declining number of FISC warrants, this is a big reason why FISA-related data requests are soaring. For instance, Google reports that the number of non-content related FISA requests – i.e., metadata requests – increased from fewer than 500 in 2014 to more than 40,000 in 2020.
Law enforcement and intelligence authorities also don’t need a warrant to access your location data, as tracked by your smartphone. Indeed, as we observed last year, they simply purchase this data from private companies. Sale of this information is perfectly legal.
If you’d rather not be subjected to this type of surveillance, there are some simple precautions you can take. To begin with, use non-US e-mail service providers. The one we use here at Nestmann is Protonmail.
We’ve also said it’s time to say goodbye to Google. The breadth of the data Google collects is staggering. And while we give Google credit for being somewhat transparent in disclosing how it handles government requests for user information, we believe a better solution is to simply “divorce” the company.
For searching, use the many available alternatives that don’t maintain search records, such as Duck, Duck, Go, or our favorite, Epic Search. For Google’s Gmail service, Protonmail is a far more private alternative.
In addition, we routinely use a virtual private network (VPN) when we’re online. A VPN, if properly configured, will encrypt your entire data stream. That will not only make it impossible for anyone to track your IP address, but also protect you from surveillance by your internet service provider. Here at Nestmann, we use ExpressVPN.
And if you don’t want to subject yourself and your smartphone to warrantless surveillance? Keeping your phone in airplane mode disables its identifying signal, but you can still use Wi-Fi. And you can use apps like Signal, which offers end-to-end encryption for messages and voice calls.
As with everything else privacy-related, big brother and big business have a vested interest in keeping tabs on you. That means no one will protect your privacy for you – you need to do it yourself. Now would be a good time to start.