In Joseph Heller’s novel, Catch-22, Capt. John Yossarian, a World War II airman stationed near Rome, gets frustrated over the practice of the military police who cite a rule called Catch-22 whenever they want to arrest someone. “Did they show it to you?” he shouts at an elderly Italian woman who witnessed the police take away his friends. “Did you even make them read it?”
The woman tells Yossarian that the law says the police don’t have to show anyone a copy of Catch-22.
“What law is that?” he asks.
“Catch-22,” she says.
This kind of circularity is not a joke but a commonplace in tyrannies, where the law is a justification unto itself. In free societies, healthy law depends on citizens challenging such fiat justifications whenever they crop up. A lawsuit filed by our civil liberties organization, the Project for Privacy and Surveillance Accountability, is challenging just such a circular and utterly lawless practice by the National Security Agency over its warrantless acquisition of the digital information of millions of Americans. We are hoping that a federal judge in Delaware will break the government’s circular logic and force our government to obey the law.
The issue involves the NSA’s practice of purchasing people’s highly personal digital information scraped from our apps and sold by third-party data brokers. A dozen federal agencies, ranging from the FBI to the IRS and the Department of Homeland Security, vacuum up the digital data of tens of millions of people, which reveals much about one’s financial, romantic, and religious lives, as well as political beliefs and activities. Our digital lives contain the privacies of our lives, more candid than any diary.
The government is beginning to recognize that such massive and intrusive snooping of the nation’s online population is becoming untenable. A senior advisory group informed Director of National Intelligence Avril Haines in 2022 that purchased data “includes information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained, if at all, only through targeted (and predicated) collection, and that could be used to cause harm to an individual’s reputation, emotional well-being, or physical safety.”
The panel recommended a proposal that each agency within the intelligence community “develop more precise sensitivity and privacy-protecting guidance” for the use of such information. A bill that passed the House last year, the Fourth Amendment Is Not For Sale Act, would go further, requiring probable cause warrants as required by the Constitution. But if guidelines and guardrails are on the menu at the NSA, civil libertarians will take what we can get.
We thus used the Freedom of Information Act to request that the NSA produce records showing how much money it spent on people’s data, the size of the datasets purchased, and the sources of the data. We also asked for the frequency with which the agency acquires data on people and businesses within the United States from third-party data brokers. We excluded from our request any personal data on people.
In July 2024, the NSA replied that it could not disclose “the existence or non-existence of the requested information” because it would be “harmful to an interest that is protected.” Because our request excluded any personal information of Americans, it couldn’t be harmful to them. So harmful to whom?
Here’s where Catch-22 comes into play. In denying our FOIA request, federal agencies often issue a blanket “Glomar response.” This is a judicially created doctrine first issued when a Los Angeles Times reporter broke a story in the mid-1970s that the CIA had retrieved chunks of a sunken Soviet nuclear submarine using a bespoke crane ship, the Glomar Explorer. Ever since, the Glomar doctrine has allowed the government to respond to a FOIA request by refusing to confirm or deny the existence of the requested records.
There are two problems with the NSA’s use of a Glomar response. First, our filing doesn’t concern a secret CIA program to recover a Soviet submarine with cryptographic machines and nuclear-tipped torpedoes. We seek top-line facts the public and Congress should know — how much is the NSA spending on collecting people’s personal information, and who is selling it to them? Our query includes an internal NSA policy document likely responsive to our FOIA request because it was identified as such in the report by the NSA’s advisory panel.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
Second, the NSA responded that its records are protected by Glomar even though the NSA did not search for these records. How can the agency determine these are nuclear-torpedo-level secrets when it hasn’t even looked at them?
Congress should weigh in on whether the expansive Glomar responses from the NSA and other agencies conform to the law. Otherwise, as Heller wrote, we could one day jeopardize our “traditional rights and independence by daring to exercise them.”
Gene Schaerr is the general counsel of the Project for Privacy and Surveillance Accountability.