US CONGRESSIONAL RESEARCH SERVICE: Overview of Constitutional Challenges to NSA Collection Activities


by Edward C. Liu Legislative Attorney, Andrew Nolan Legislative Attorney and  Richard M. Thompson II Legislative Attorney


Beginning in summer 2013, media reports of foreign intelligence activities conducted by the National Security Agency (NSA) have been widely published. The reports have focused on two main NSA collection activities approved by the Foreign Intelligence Surveillance Court (FISC) established under the Foreign Intelligence Surveillance Act (FISA) of 1978. The first is the bulk collection of telephony metadata for domestic and international telephone calls. The second involves the interception of Internet-based communications and is targeted at foreigners who are not within the United States, but may also inadvertently acquire the communications of U.S. persons. As public awareness of these programs grew, questions about the constitutionality of these programs were increasingly raised by Members of Congress and others. This report provides a brief overview of these two programs and the various constitutional challenges that have arisen in judicial forums with respect to each.

A handful of federal courts have addressed the Fourth Amendment issues raised by the NSA telephony metadata program. FISC opinions declassified in the wake of the public’s awareness of the NSA telephony metadata program have found that the program does not violate the Fourth Amendment. Similarly, in ACLU v. Clapper, the federal District Court for the Southern District of New York held that a constitutional challenge to the telephony metadata program was not likely to be successful on the merits. On appeal, the United States Court of Appeals for the Second Circuit refrained from reaching the merits of this Fourth Amendment challenge, but instead resolved the case on statutory grounds, holding that the metadata program exceeded statutory authorization under Section 215 of the PATRIOT Act. However, the panel did engage in a general discussion about the Fourth Amendment principles implicated by this program, including the effect of modern technology on American’s expectations of privacy. Both the district courts for the Southern District of California and the District of Idaho have found the bulk metadata program constitutional under existing Supreme Court precedent. In Klayman v. Obama, the federal District Court for the District of Columbia held that there is a significant likelihood that a challenge to the constitutionality of the NSA telephony metadata program would be successful.

Constitutional challenges to the NSA’s acquisition of Internet communications of overseas targets under FISA have arisen in a number of different contexts. First, such challenges have arisen in both the FISC and the Foreign Intelligence Surveillance Court of Review as part of those courts’ roles in approving the parameters of these collection activities. Secondly, constitutional challenges have been brought in traditional federal courts as civil actions by plaintiffs asserting an injury or in criminal proceedings by defendants who have been notified that evidence against them was obtained or derived from collection under Section 702. While the FISA courts have at times curbed the government’s ability to engage in surveillance activity to ensure compliance with the Fourth Amendment, the one federal court to address the issue has upheld the program against constitutional challenge.




COE Human Rights Commissioneer : Reinforcing democratic oversight of security services cannot be further delayed

Strasbourg, 5 June 2015 – “The current systems of oversight of national security services in Europe remain largely ineffective. Revelations over the last years about security operations which have violated human rights should have prompted reforms in this field, but progress has been disappointingly slow. European countries must now ensure more democratic and effective oversight of what their security services do and avoid future operations leading to new human rights violations,” said today Nils Muižnieks, Commissioner for Human Rights, while presenting a report on this topic.

The report intends to provide guidance to strengthen human rights protection in the field of security services. It sets forth a number of measures necessary for making national oversight systems more effective and the security services accountable and fully compliant with human rights standards.  “Security service activities impact a variety of human rights, including the right to life, to personal liberty and security, and the prohibition of torture or inhuman, cruel and degrading treatment. They also impinge on the right to privacy and family life, as well as the rights to freedom of expression, association and assembly, and fair trial. It is therefore crucial that security services uphold the rule of law and human rights in undertaking their tasks.”

Council of Europe member states have taken diverse approaches to oversight, which include parliamentary committees, independent oversight bodies, institutions with broader jurisdictions such as ombudspersons, data commissioners and judicial bodies. However, none abides fully to internationally established norms. Drawing upon international and European standards and national practices, the paper sets out the most significant objectives and overriding principles that can enable more effective oversight of security services. “It is necessary to keep oversight democratic, primarily through the involvement of parliaments. It is also crucial to ensure prior authorisation of the most intrusive measures, including surveillance, and to establish a body able to issue legally binding decisions over complaints by individuals affected by security activities, as well as to access all intelligence-related information,” said the Commissioner.

“Security services exist to protect our democracies. Their work is fundamental to ensure that we all can live in security. This paper intends to show how their activities can be best sustained by policies which ensure their lawfulness and accountability. Ensuring that security agencies operate under independent scrutiny and judicial review does not reduce their effectiveness. On the contrary, governments would increase their credibility among the public and weaken support for anti-democratic causes if they show as much resolve in safeguarding human rights as in fighting terrorism.”

The executive summary and the Commissioner’s recommendations are also available in French and German. Translations into Turkish and Russian are under way.

To read more about the Commissioner’s work on counter-terrorism and human rights, please visit this page.

Press contact in the Commissioner’s Office:
Stefano Montanari, + 33 (0)6 61 14 70 37;; Twitter: @CommissionerHR; Facebook; youtube

The Commissioner for Human Rights is an independent, non-judicial institution within the Council of Europe, mandated to promote awareness of, and respect for, human rights in the 47 member states of the Organisation. Elected by the Parliamentary Assembly of the Council of Europe, the present Commissioner, Mr Nils Muižnieks, took up his function on 1 April 2012



by Vasiliki Chalkiadaki

I. Introduction

France’s history of terrorism is neither new nor exclusively Islamist-related. At the end of the 1970s, France experienced a wave of terrorist activity both from left-revolutionary groups, such as the Action Directe,1 and from nationalist-separatist groups, especially those active in Brittany, Corsica, and the Basque Country.2 By the early 1980s, however, France had become a target of Islamist terrorist groups and has remained so ever since, as the gunmen attack on the Paris headquarters of the satirical magazine Charlie Hebdo on 7 January 2015 demonstrated.3

The history of contemporary French counterterrorism legislation dates back to 1986, with the law on counterterrorism of 9 September 1986. Before the latter, France dealt with terrorist attacks by means of special laws on state security that had been enacted during the Algerian wars (1954–1962), which provided for an intensive limitation of individual rights and even for a special court to deal with the relevant offences (Cour de Surete de l’Etat, “Court of State Security”)4 that was abolished only in 1982. Therefore, until 1986, no specific counterterrorism legislation existed.

Before 1986, terrorist acts were characterized as “serious violent acts threatening the integrity and the security of the state” and treated accordingly.5

This paper presents the impact that the latest terrorist attack (hereafter: the Charlie attack) has had so far on France’s counterterrorism legislation (part III). After a brief historical overview of current legislative measures (part II), the following aspects are examined as being the effects of the attack:

  • the enactment of a series of provisions, mainly in the Code of Internal Security (Code de securite interieure, hereafter: Cod. Sec. Int.);
  • the exponentially increasing number of prosecutions on the basis of already existing substantive criminal law provisions (especially the glorification of terrorism and the preparation of terrorist acts);
  • the planning of new measures and the drafting of the relevant provisions regarding the financing of terrorism to reinforce the already existing framework on terrorist financing.
  • II. Historical overview Continue reading “THE FRENCH “WAR ON TERROR” IN THE POST-CHARLIE HEBDO ERA”

The US legal system on data protection in the field of law enforcement. Safeguards, rights and remedies for EU citizens


by Francesca BIGNAMI (*)

In US law, there are a number of different legal sources that govern data protection in the field of federal law enforcement. This study first considers the two most important sources of data protection law^the Fourth Amendment to the US Constitution and the Privacy Act of 1974. It then turns to the most significant methods of information collection that are available for ordinary criminal investigations and national security investigations and the data protection guarantees set down under the laws authorizing and regulating such information collection.

The Fourth Amendment prohibits “unreasonable searches and seizures” by the government. Reasonableness is established if the search or seizure is conducted pursuant to a valid warrant, that is, a judicial order based on a showing of probable cause and on a particular description of the property to be searched and the items to be seized. Reasonableness can also be established if one of the exceptions to the warrant requirements exists. In the data protection context, however, the application of the Fourth Amendment is relatively limited because of the third-party records doctrine which holds that individuals do not have an expectation of privacy in personal data that they voluntarily turn over to third parties like financial institutions and communications providers. With regard to EU citizens, the Supreme Court has held that foreign citizens resident abroad are not covered by the Fourth Amendment.

Among U.S. laws, the Privacy Act of 1974 is the closest analogue to a European data protection law in that it seeks to regulate comprehensively personal data processing, albeit only with respect to federal government departments and agencies. It regulates the collection, use, and disclosure of all types of personal information, by all types of federal agencies, including law enforcement agencies. At a general level, the Privacy Act contains most of the elements of the EU right to personal data protection. However, it only protects US citizens and permanent residents, not EU citizens.

Furthermore, there are a number of exemptions available specifically for law enforcement agencies. As a result, the benefits of the proposed legislation on judicial redress for EU citizens are unclear. The proposed legislation contemplates three types of law suits, two of which are designed to protect the right of access to and correction of personal data, and one of which enables individuals to obtain compensation for unlawful disclosures of personal data. Since law enforcement agencies commonly exempt their data bases from the access requirements of the Privacy Act, the right of action for intentional or willful disclosures that cause actual damage is the only one that would be available on a general basis.

In investigations involving ordinary crime, there are at least three different methods of personal data collection available to law enforcement officials: (1) use of private sources like commercial data brokers; (2) court and administrative subpoenas; (3) electronic surveillance and access to electronic communications based on a court order under the Electronic Communications Privacy Act. These information-gathering methods afford the same level of data protection for US and EU citizens.

With respect to EU data protection law, however, some of these methods contain relatively few data protection guarantees.

In the case of private sources of personal data, this is attributable to the absence of a comprehensive data protection scheme in the private sector and the vast quantities of personal information freely available to market actors and, consequently, also to law enforcement officials. With respect to the subpoena power and access to communications metadata and subscriber records (under the Stored Communications Act and the Pen Register Act), the lack of significant data protection guarantees is associated with the standard of “relevance” to any type of criminal investigation and the permissive application of that standard by the courts. The law and jurisprudence of “relevance,” in turn, is driven by the failure of US law to recognize a robust privacy interest in the personal data held by corporate entities and other third parties.

In investigations involving national security threats, which can involve both an intelligence and a law enforcement component, there are a number of additional means available to the government: (1) a special type of administrative subpoena known as a “national security letter”; (2) surveillance authorized by the Foreign Intelligence Surveillance Act (FISA); (3) any other form of intelligence gathering authorized by Executive Order 12,333 (and not covered by FISA). The information gathered through such methods can be shared with criminal prosecutors if relevant for law enforcement purposes.

Foreign intelligence gathering, both inside and outside the United States, follows a two-track scheme, one for US persons and another for non-US persons. With the exception of FISA electronic and physical surveillance orders, the data protection guarantees afforded to non-US persons are minimal. The stated intent of Presidential Policy Directive 28 is to provide for stronger personal data protection for non-US persons, but it is difficult to come to any conclusions at this point in time on what effect it will have.

More generally, even with respect to US persons, personal data protection under foreign intelligence law raises a couple of questions.

The first concerns the point in time when the right to privacy is burdened by government action. The US government has suggested that in the case of bulk collection of personal data, harm to the privacy interest only occurs after the personal data is used to search, or results from a search of, the information included in the data base.

This position stands in marked contrast with EU law, where it is well established that bulk collection, even before the personal data is accessed, is a serious interference with the right to personal data protection because of the number of people and the amount of personal data involved.

The second question concerns the conditions under which personal data can be shared between intelligence and law enforcement officials. In the realm of data processing by law enforcement and intelligence agencies, the European courts have emphasized that intrusive surveillance can only be conducted to combat serious threats that are carefully defined in law. They have also held that the information that results from such surveillance can only be used to combat those serious threats, whether to take national security measures or to prosecute the associated criminal offenses. In US law, by contrast, the law allows for intelligence to be transferred to the police and criminal prosecutors for any type of law enforcement purpose.

Continue reading here 

(*) Prof. at George Washington University Law School, Washington, DC, USA

Europe and “Whistleblowers” : still a bumpy road…

by Claire Perinaud (FREE Group trainee) The 9th and the 10th of April was organized in Paris by the University Paris X Nanterre la Défense in collaboration with the University Paris I Sorbonne a Conference on «  whistleblowers and fundamental rights »[1] which echoed a rising debate on the figure of  wistleblowers  after the numerous revelations of scandals and corruption which occurred last years, with some of them directly linked to EU institutions. In the following lines I will try to sketch a) the general framework then b) the main issues raised during the Conference

A) The general framework 

The term « whistle-blower » was created by Ralph Nader in 1970 in the context of the need to ensure the defense of citizens from lobbies. He defined « whistle blowing » as « an act of a man or woman who, believing that the public interest overrides the interest of the organization he serves, blows the whistle that the organization is in corrupt, illegal, fraudulent or harmful activity »[2]. The interest of scholars and lawyers to the figure of whistle-blowers in the United States dates back to the adoption by the Congress in 1863 of the False claims act which is deemed to be the first legislation related to the right of alert[3].
The system which developed afterwards is notably based on the idea that whistle-blowing is a strong mechanism to fight corruption and has to be encouraged by means of financial incentives[4]. If this mechanism is of utmost importance in the United States, protection of whistle blowers is only slowly introduced in Europe[5]
With numerous scandals related to systemic violations of human rights, the subject is progressively dealt with in the European Union (EU) and in the Council of Europe. Nevertheless, in both organizations, the protection of whistleblowers remain at the stage of project or only recommendations to the states.

The Council of Europe… Continue reading “Europe and “Whistleblowers” : still a bumpy road…”



by Alex Tinsley, (*)

(*) Legal & Policy Officer (Head of EU Office) at Fair Trials, based in Brussels. Twitter: @AlexLouisT

On 9 April 2015, the European Court of Human Rights (‘ECtHR’) gave judgment in A.T. v Luxembourg. The judgment, which will become final unless referred to the Grand Chamber, in finding a violation of Article 6 of the European Convention on Human Rights (ECHR), develops the principles established in the Salduz v Turkey. At the invitation of Fair Trials International, third party intervener, it also takes into account, for the first time, Directive 2013/48/EU on access to a lawyer in criminal proceedings (the ‘Access to a Lawyer Directive’), a possible indicator of future convergence in this area.


The applicant, A.T. was questioned by police following surrender under a European Arrest Warrant (‘EAW’) (as to the cross-border aspect, see the post-script). On arrival, he demanded a lawyer. Police gave information (it is unclear what) which led him to accept to be questioned without one. He denied the offences. He was then questioned again before the investigating judge, with a lawyer present but (a) without having had the chance to talk with that lawyer beforehand and (b) without the lawyer having had sight of the case file prior to that questioning; again, he denied the offences.

A.T. argued that his defence rights had been breached as he had been denied access to a lawyer. The appeal court, and then the Court of Cassation, rejected this, essentially finding that he had agreed to be questioned without a lawyer and that no obligation arose to remedy any prejudice caused. With local remedies exhausted, A.T. applied to the ECtHR arguing a violation of Article 6 ECHR.

The legal territory: the Salduz principle Continue reading “A.T. V LUXEMBOURG: THE START OF THE EU-ECHR STORY ON CRIMINAL DEFENCE RIGHTS”

The EU’s new (internal) security agenda


by Chris Jones, May 2015

For anyone interested in an overview of the substantial law and order bureaucracy that the European Union and its Member States have constructed over the last four decades, and the direction in which it is heading, the European Commission’s recently-published ‘European Agenda for Security’ is worth a read. This article provides an overview of the key points.

The Agenda [1] opens by stating:
“The European Union aims to ensure that people live in an area of freedom, security and justice, without internal frontiers. Europeans need to feel confident that, wherever they move within Europe, their freedom and their security are well protected, in full compliance with the Union’s values, including the rule of law and fundamental rights.”
It follows on from the EU’s 2010 Internal Security Strategy and the ‘action plan’ that sought to implement it.
The Agenda was formally requested by the Justice and Home Affairs Council in December 2014, [2] through a set of conclusions that call for many of the same proposals put forward by the Commission.
It sets out a five-year “shared agenda between the Union and the Member States” that is supposed to lead to “an EU area of internal security where individuals are protected in full compliance with fundamental rights.”

On the basis of the Commission’s communication and ongoing political and legal developments, it is doubtful – to say the least – whether the proposed “full compliance with fundamental rights” will be achieved.
Instead, the Agenda looks likely to legitimise more repressive laws and policies at EU and national level.
What’s the Agenda? The Agenda will improve:

  • “information exchange”, including of personal data;
  • “increased operational cooperation” between policing, security, border guard and customs agencies, prosecutors, companies, etc.; and
  • “mutual trust [between different national authorities], drawing on the full range of EU policies and tools.”

The three main priorities are “terrorism, organised crime and cybercrime”, although the Commission is “remaining vigilant to other emerging threats [to security] that might also require a coordinated EU response.” The Commission’s broad concerns are that:
“In recent years new and complex threats [to security] have emerged highlighting the need for further synergies and closer cooperation at all levels [of state and industry]. Many of today’s security concerns originate from instability in the EU’s immediate neighbourhood and changing forms of radicalisation, violence and terrorism. Threats are becoming more varied and more international, as well as increasingly cross-border and cross-sectorial in nature.
There are undoubtedly a number of serious ongoing crises within the EU’s “immediate neighbourhood”. Nevertheless, this rather vague statement also to some extent encourages fear of the unknown. In any case, it provides significant leeway for developing new laws, policies and activities.

The key principles The Agenda has five: Continue reading “The EU’s new (internal) security agenda”

The surveillance society (4): a further study for the European Parliament

Following the so called “Snowden revelations” at the end of the last legislature the European Parliament adopted a wide ranging resolution addressing the main problems arising from an emerging surveillance society.  The resolution adopted inter alia “A European Digital Habeas Corpus” deemed to  protect  fundamental rights in a digital age.

Work on this sensitive issue is continuing also in this legislature as the European Parliament has to play a pivotal role in the establishment of the European Digital Agenda, the reform of data protection and to approve an “umbrella” agreement with the United States which is deemed to cover also the access to personal data for security purposes.

To support this Parliamentary strategy several studies have been done the last of them being a study done by the EP “Scientific and Technology Options Assessment “(STOA) which was presented in the responsible Parliamentary Committee (LIBE) Meeting on 23 April 2015.

The aim of the study is to propose measures to reduce the risks identified with the current generation of networks and services and to identify long-term technology oriented policy options for a better, more secure and more privacy friendly internet, whilst at the same time allowing governmental law enforcement and security agencies to perform their duties, and obtain quickly and legally all the information needed to fight crime and to protect national security interests.

The first part of the study concludes with a list of security solutions to help citizens protect themselves from illicit mass surveillance activities. In its Conclusions it recognise that “Mass surveillance is a reality today and has been applied for years by national intelligence agencies of a number of countries, namely those allied in the Five Eyes coalition, but also including EU members and other countries. The agencies involved in mass surveillance practices justify these methods with the doctrine of pre-emptive prevention of crime and terrorism and adopt the principle of omniscience as its core purpose. This objective of intercepting all communication taking place over Internet or telephone networks is in many cases pursued by applying questionable, if not outright illegal intrusions in IT and Telecommunication systems.This strategy accumulates an amount of information that can only be processed and analysed by systems of artificial intelligence, able to discern patterns which indicate illegal, criminal, or terrorist activities. While warranted and lawful interception of data on targeted suspects is a required and undisputed tool for law enforcement to access evidence, the generalised approach of information gathering through mass surveillance is violating the right to privacy and freedom of speech. The delegation of decisions on suspicious data patterns or behaviour of citizens to intelligent computer systems is furthermore preventing accountability and creating the menace of an Orwellian surveillance society. Many citizens are not aware of the threats they may be subject to when using the Internet or telecommunication devices. As of today, the only way for citizens to counteract surveillance and prevent breach of privacy consists in guaranteeing uncorrupted end-to-end encryption of content and transport channel in all their communications. Due to the amount/complexity/heterogeneity of tools this is however a task too complex to achieve for most of technically unexperienced user. This situation calls for both, awareness creation and the provision of integrated, user friendly and easy to use solutions that guarantee privacy and security of their communications. But policy makers must understand that the problem of mass surveillance can not be solved on a technical terrain, but needs to be addressed on a political level. An adequate balance between civil liberties and legitimate national security interests has to be found, based on a public discussion that empowers citizens to decide upon their civil rights affected and the societal values at stake”.

The second part of the study concludes with the proposal of several policy options with different levels of public intervention and technological disruption.

A STOA options brief below provides  an overview of all the policy options and  Two short Video-Clips  have been published on YouTube to raise the awareness of the public.

Further information