The NSA Can Neither Confirm nor Deny the Existence of a Company Allegedly Named Google

Via Reason's Hit and Run Blog comes a link to a case ruling against a Freedom of Information Act (FOIA) request concerning recent alleged collaborations between the National Security Agency (NSA) and Google.  Back in early 2010, it was widely reported that Google had suffered some hacking, originating from China, that compromised the Gmail accounts of a variety of large firms and human rights activists.  As the Court notes, it soon became public knowledge that Google had sought the assistance of the NSA following the attack.  The extent of the partnership is uncertain, but former NSA head Mike McConnell weighed in, stating that our “cyber security” will depend on sustained partnerships between private industries like Google and government agencies like the NSA.

The Electronic Privacy Information Center (EPIC) has been on top of Google and the “adequacy of [their] privacy and security safeguards” since before the China attack.  On February 10, 2010, they filed the FOIA at issue in this case requesting information concerning an agreement between NSA and Google regarding cyber security and any communications between Google and the NSA regarding Google’s security decisions regarding their Gmail and cloud-based services like Google Docs.  The NSA claimed an exemption and responded with a controversial Glomar denial.  A Glomar denial allows the government to respond to such a request with a refusal to “confirm or deny the existence or nonexistence” of the records sought.  Let me state that the unintentional hilarity of the language used in a Glomar response does not necessarily make it invalid or otherwise nasty; nevertheless, a Glomar denial may cause gratuitous injuries to the cause of transparency (more on that later). 

Section 552(b) of the FOIA lists nine exemptions allowing a government to refuse disclosure of the information requested.  Here, the government invokes “FOIA Exemption 3” which shields “records that are ‘specifically exempted from disclosure by statute.’”  The government points to Section 6 of the National Security Agency Act (NSAA) which prevents disclosure of information pertaining to “NSA’s organization, functions, or activities.”  This statute, for some obvious good reasons, shields quite a bit of information that the NSA may want to shield from an FOIA request.  Still, the D.C. Circuit Court has noted the obvious by stating that the vague terms of Section 6 should be “construed with sensitivity” in order to maintain the overriding purpose of the FOIA to foster an environment that generally favors openness to secrecy. 

In order to justify their Glomar response, the NSA bears the burden of proving the exemption through signed affidavits that provide, with some level of detail, the reason why disclosure would cause the harm contemplated under the FOIA exemption.  To boot, the agency must provide some logical basis for the court to believe that disclosure of the mere existence or nonexistence of any such records would cause the excepted harm. 

The Court makes their case with one 7-page affidavit (actual affidavit is about half-way down, titled Declaration of Diane M. Janosek).  They state that “to confirm or deny the existence of any such records would be to reveal whether NSA, in fulfilling one of its key missions, determined that vulnerabilities or cybersecurity issues pertaining to Google or certain of its commercial technologies could make U.S. government information systems susceptible to exploitation or attack by adversaries and, if so, whether NSA collaborated with Google to mitigate them.”  The agency’s theory is basically two-fold:  the recondite Glomar response is justified because if we speak about this at all people will assume that Google’s security problems are also the government’s problems or that Google’s encryption strategies are in and of themselves somehow related to the NSA’s encryption strategies.  

Fair enough.  I certainly don’t want the bad guys to know what type of strategies the NSA uses to protect sensitive government information.

From the 8-limbs of Pantanjali, Satya or truthfulness is one of the five Yamas.  The Yamas are best understood as the “shall-nots” of the 8-limbed path to rightful living, as in, one should abstain from untruthfulness because you position yourself against the grain of the universe.  Yogic scholars, like T.K.V. Desikachar, are quick to point out “that it is not always desirable to speak the truth come what may, for it could harm someone unnecessarily.”  If disclosing a governmental record would cause unnecessary harm, better to temper our truthfulness with the first Yama, Ahimsa or non-harming.  As the great classical liberal J.S. Mill wrote, the legitimate aim of government “is to prevent harm to others.”  Transparency comes to a halt when the rights and safety of others would be compromised by full disclosure.  Still, we have a system of courts for a reason, and they are fairly well equipped at figuring out whether disclosure would actually cause the harm claimed by the government while using precautions to make sure there is no ancillary disclosure of sensitive information during the case. 

With that in mind, I am sympathetic to EPIC’s plea that the Court should at all times have the goal of creating “as complete a public record as is possible.”  This brings us to subsection (b) of the FOIA which provides that “any reasonably segregable portion of a record shall be provided to any person requesting such record after deletion of the portion which are exempt under this subsection.”  This would require the agency to search for the records and undertake a studied inspection of the documents to figure out if any generally exempted records contain information that would not fit into the exemption.  Often, but not always, this leads to the production of a “Vaughn index” of the exempted records with brief descriptions as to what the document is and some basic facts as to why it fits into the exemption.  This allows the judge, and perhaps the opposing party, to start putting the pieces of the puzzle together or even just to hold the agency accountable for their claims.

In the present case, we don’t get a Vaughn index.  The Court is satisfied that the affidavit supports the agency’s Glomar response, ergo how could we index or not index something that may or may not exist?  As the Court states, “when the agency takes the position that it can neither confirm nor deny the existence of the requested records, ‘there are no relevant documents for the court to examine.’”  A little cryptic, but there is definitely some logic there.  Still, there is no template for a Vaughn index.  The court has the flexibility to get creative and discern some method of getting at the non-exempt information without compromising the legitimately exempt information.  Provided that the party has offered evidence to cast some doubt into the agency’s insistence that there is absolutely no relevant, non-exempt information, it seems the court does an injustice to the FOIA by shutting the case down right then and there. 

EPIC insists that the communications between Google and NSA may contain parts that do not reveal the NSA’s functions (for this core argument, start reading at p. 28).  They have stressed that the records likely contain some relevant material about Google’s activities (not the agency’s).  On 1-12-2010 Google both reported the attack and contacted the agency presumably for advice.  On 1-13-2010 Google changed their default setting on Gmail to encrypt traffic to and from its servers.  It does not seem that the Court can rule out the possibility that there is a lot in the correspondence pertaining to Google’s own security activities, and could be emancipated from the parts of the record that reveal the NSA’s activities.  The mere fact that the NSA responded to Google is already public knowledge.  Accordingly, I feel the Court could have leaned on the NSA to crack the door open just ever so slightly.  

Being so furtive about a topic that was widely reported on two years ago is the type of government behavior that needlessly invites conspiracy theories:  What if the NSA needs a Glomar denial because they had some agreement with Google prior to January 2010….  And what if that agreement was to the effect that Google could not sufficiently encrypt their Gmail accounts because they are bound to forward all sorts of our e-mails straight to the NSA?  A bare Glomar denial could make some curious people grasp at these types of straws.  This is the type of speculation that is largely unhelpful.  And conspiracy theories have the alluring power to trap otherwise thoughtful minds into firmly believing one story despite evidence to the contrary.  

The NSA has been increasing their profile (or shadow) dramatically over the past decade, culminating with the on-going construction of the Utah Data Center, or what many are calling a gigantic Spy Center.  Far be it from me to explain the stated and speculated purposes of this new facility, but you can click through to the links to at least get a feel for the unthinkable potential of such a place.  I’m afraid halting this particular case at a Glomar denial will only stoke the public’s worst fears about such an agency.  Let us remember that Congress has not yet passed the SECURE It act which would add a tenth exemption to the FOIA for “information shared with or provided to a cybersecurity center.”  If passed, this act would probably seal the door shut many, many times over.  Nearly every single person shares private information with commercial Internet companies.  We do so largely with the expectation that, despite oddly relevant advertisements for wedding planners popping up right after we get engaged, we are not inviting the government to collaborate with search engines about our shopping or reading habits.  Before Congress gives more power and more secrecy to the intelligence community, it would be nice to have even a vague understanding of some of the implications for using these here cyber tubes.     

The Courts on Drug Laws: Will They Ever Get Sober?

This article has been modified from a memo written for my Public Land Use class.  Ok, don’t leave just yet.  Since the original memo, the California Supreme Court has agreed to hear the cases I wrote about—yes, those very cases (plus two more).  Barring any intervening changes from the legislative branch, the Court will likely decide the fate of medical marijuana dispensaries (MMDs) in the Golden State.  Admittedly, the bulk of this story hinges on proper statutory construction and the legal doctrines of federal and state preemption.  This article offers glimpse into the finer points of these issues and how they affect medical marijuana.  But it is also the next chapter in a more important and interesting story about how our judicial branch has failed to use the legitimate power at its disposal to affirm important steps toward drug reform. 

The most high-profile of these reforms has been medical marijuana, with California leading the way.  In 1996, voters passed Proposition 215 with 56% of the vote.  The three-fold goals of the act were laid out for all to see: a) obtainability of marijuana for patients, b) exemptions from sanction for caregivers and patients, and c) encouragement toward the government to come up with a plan for distribution.  Upon passing, Prop 215 was immediately effective in creating exemptions for possession and cultivation of medical marijuana, and they specifically contemplated further action by the state legislature in devising a way for sick patients to safely and conveniently obtain the pot.  The legislature responded with fleetness not usually witnessed in Sacramento and passed the Medical Marijuana Program Act (MMPA) in 2003.  

The MMPA created the once-controversial Identification Card system, and sought to clarify a host of other attendant issues.  Most important for present purposes is Section 11362.775 which provides that qualified persons “who associate within the State of California in order collectively or cooperatively to cultivate marijuana for medical purposes, shall not solely on the basis of that fact be subject to state criminal sanctions under…” various sections in the code making it illegal to cultivate, possess, and maintain a place for the sale of marijuana.  The last exemption for these collective sales operations is freedom from Section 11570 making every building used to distribute a controlled substance a “nuisance which shall be [abated]…whether it is a public or private nuisance.”  The legalese of Section 11362.775 is a little vague and perhaps ambiguous in one part, but it is plain to see/read that the legislature is decriminalizing the operation of what has come to be known as medical marijuana dispensaries (provided they are non-profit collectives selling to qualified patients). 

One of the goals of the MMPA is “to promote uniform and consistent application of the act among the counties within the state.”  Localities have the a broad, general power to regulate local businesses through zoning and permitting, so long as they are not inconsistent with controlling State law.  This does not call for a uniform zoning code through all counties, but it does require the courts to set some guidelines in order to prevent severe erosions into the immunities provided by the CUA and the MMPA.  With all the belly-aching about the alleged looseness of these statutes, state judges should be perfectly capable of deciphering their plain meaning and principles and applying them faithfully and consistently to prospective situations.  Unfortunately, the State Supreme Court has agreed to hear these four cases precisely because the lower courts have produced more cacophony than harmonious principles when applying the MMPA. 

The first case, Traudt v. City of Dana Point, is a bit of a teaser.  It asks the preliminary question of who can bring a suit to challenge local zoning laws.  Is it the qualified patients, the primary caregiver, the business owner, somebody else, or nobody at all?  They call it “standing” and it is often needlessly abstruse. 

Pack v. Superior Court is the next case up for review.  The regulation at issue in Pack is Long Beach’s permitting scheme for MMDs.  Basically, the City holds a lottery in which the winners are granted one of a limited number of permits required to run a dispensary in town.  The dispensaries are charged a $10,000 permitting fee, and are subject to certain rules.  They must maintain an odor-absorbing ventilation system and send their product in to be quality tested by an independent expert. 

The Pack Court found that federal Controlled Substances Act (CSA) preempted Long Beach’s permitting scheme.  The theory is that Long Beach’s licensing scheme goes beyond mere decriminalization, universally recognized as copacetic with the CSA, and affirmatively authorizes conduct outlawed by the CSA—i.e. a city may direct local law enforcement to lay off dispensaries in compliance with certain restrictions, but they may not use large application fees and a lottery system which impliedly authorize distribution of a federally prohibited substance. 

The Supremacy Clause of the Federal Constitution makes it so state and local laws in conflict with federal law are preempted and invalid.  It is important to note that an obvious tension between the two laws does not mean that one of them is preempted.  There are areas in which different layers of government have the authority to act.  The courts have devised four different ways a federal law may preempt a state law, with corresponding tests to evaluate the fate of the state law.  The four subspecies of federal preemption are express, conflict, obstacle, and field preemption. Fortunately for us, there is an overriding touchstone in each analysis:  “preemption is fundamentally a question of congressional intent.”  Congress was kind enough to express their intentions in Section 903 of the CSA:

“No provision of this subchapter shall be construed as indicating an intent on the part of Congress to occupy the field in which the provision operates, including criminal penalties, to the exclusion of any State law on the subject matter…unless there is positive conflict between that provision of the subchapter and that State law so that the two cannot consistently stand together.”

Congress, self-conscious of the ways in which courts look for preemption, stated their intention not to preempt state law through field preemption or express preemption.  The one contested area is whether they leave the door open for either obstacle or conflict preemption, or only conflict preemption.  Obstacle preemption is found when the State law frustrates or somehow stands as an obstacle to the goals meant to be accomplished by the Federal law.  Conflict preemption is only found when it is impossible for the two laws to stand together, that is, it would be impossible for somebody to comply with the two laws at the same time. 

It is important to note that obstacle preemption is a much broader net with which to invalidate State laws—it is sometimes referred to as “implied” conflict preemption as opposed to the “positive” conflict preemption referred to in the statute.  Next, look at the language used in statute—no preemption “unless there is a positive conflict.”  By asserting that the CSA will only invalidate state laws in the narrow case of a positive conflict, basic statutory construction (and common sense) leads one to believe that Congress eschewed the application of the broader obstacle preemption.  Yet, the Pack Court invalidated the Long Beach permitting scheme on the basis of obstacle preemption (the first Court to do so in this type of case).  

The tragedy of this decision goes beyond the fact that the Court inaccurately applied the law to the facts of the case.  The real tragedy is that cities were already nervous about regulating dispensaries, and the Court was the one institution that actually had the ability (and the obligation) to quell some of their fears.  This judicial neglect is reflected in the sentiments expressed by Long Beach’s city attorney after the case, “the most logical thing to do is to ban that which we cannot regulate and permit.”  Los Angeles has been paring back their congeniality toward MMDs for some time, but this year the City Council began considering an outright ban on MMDs—with the Pack opinion used as justification.

City councils anxious to enact outright bans also use the next case up for review, City of Riverside v. Inland Empire Patient’s Health and Wellness Center, as justification.  In this dispute, a medical marijuana dispensary challenged Riverside’s ban on all dispensaries.  Riverside’s zoning code declared that all MMDs are a prohibited use, and as a prohibited use, the City considers any dispensary as a public nuisance.  Inland’s argument is that the CUA and the MMPA allow for local regulation of dispensaries, but an outright ban conflicts with the spirit and letter of State laws decriminalizing the distribution of medical.  Hence, we switch from federal preemption of state laws, to the potential state preemption of local laws. 

The California Constitution gives localities broad power to make and enforce zoning laws, but they may not duplicate or contradict general state laws.  Recall Section 11362.775, granting dispensaries immunity from public nuisance claims brought solely on the basis of the fact distribute marijuana.  The Court recognizes the infirmity with Riverside’s zoning code ban and abatement action, but they ultimately use a clever trick to rule against to uphold Riverside’s prohibition.  They claim that Riverside’s actions are not contradictory to the MMPA because the City’s public nuisance claim is supported by the fact that Inland Empire is in violation of the zoning code, and not “solely on the basis” of their distributing marijuana.  Considering that any MMD is technically violating the zoning code by virtue of existing, this is a tortured analysis of what is clearly going on here.

Still, you may be wondering:  how can medical marijuana advocates claim preemption of local laws under the MMPA when the very existence of dispensaries depends on these state and local rules surviving federal preemption?  Aren’t medical marijuana advocates being hoisted with their own petards in cases like Inland Empire?  The short answer is no, but the whole answer reveals the larger way in which preemption is meant to operate.  Let’s look at the laws at their basic, practicable level.  The federal CSA says pot distribution is criminal, whereas state law says pot distribution is not criminal.  In a bifurcated system, where federal law is generally supreme over state law, it is perfectly conceivable for these two laws to coexist.  California’s decision not to harass/criminalize dispensaries does not in any way prevent the Federal government from enforcing their law to their heart’s content.  Contra Pack, no need for preemption here.

On the other hand, when the State grants immunity to certain conduct, but local regulations make it impermissible to partake in such conduct we have a conceptual (and practical) disconnect.  How can a State extend their blessing to dispensaries when local regulations seek to shut down every single storefront in their town?  This is the classic case of preemption, and it is the courts jobs to identify it as such and allow the State law room to function.  The last of the four cases that the California Supreme Court will hear, People v. G3 Holistic, follows the Inland Empire Court and upholds a similar local zoning code against a challenge of state preemption. 

Despite the fact that California voters and the legislature have given MMDs the breath of life, these California appellate courts have muddled statutory interpretation and twisted legal doctrines in a way that will invite California localities to join the myriad governmental institutions dead-set on destroying California’s experiment with drug reform.  It is clear (at least since Gonzales v. Raich, which is a conversation for another time) that federal law enforcement has carte blanche to arrest marijuana distributors and sellers, even when they are complying with state law.  Indeed, there are strong institutional incentives for the DEA to enforce the federal drug laws in the face of state drug reform—stated simply, their jobs are at stake. 

That is just the start of the troubles facing MMDs.  In the face of criminal prosecution, the IRS still expects MMDs to pay their taxes.  However, federal Tax Courts have held that MMD owners are not allowed to take normal business expense deductions.  This is part of the federal government’s desperate attempt to make life impossible for state-law compliant MMDs, threatening land-lords who lease to such storefronts and banks who offer accounts for these business owners. 

Facing this onslaught from the Federal government, the failure to give effect to the CUA and the MMPA represents nothing short of treachery by these State appellate courts.  Sadly, this is par for the course.  The judiciary has tended to issue faulty opinions when adhering to the rule of law would make the war on drugs more difficult to execute.  Constitutional law expert Roger Pilon notes that in cases bearing on the drug war, “too often, the court has decided those cases not as a dispassionate adjudicator securing the rule of law but as a handmaiden to the political branches—one more agency in the war.” 

If the Courts facilitate the demise of medical marijuana experiments in the many states that recognize the failure of prohibition, it will be a tragedy in its own right.  However, as United States citizens, we must recognize the connection between the war on drugs and myriad erosions into our civil rights and liberties already sanctioned by the courts.  On behalf of the drug war, ostensibly impartial judges have upheld invasions into our privacy by drug-sniffing drugs, turned citizens into snitches through police abuse of confidential informants, eaten away at the “probable cause” requirement in the 4^th amendment by allowing suspicion-less drug testing, weakened property rights and encouraged police corruption by allowing aggressive asset forfeiture of merely accused drug offenders, sanctioned the increase militarization of peace officers with no-knock raids and heavy artillery, and flipped traditional evidentiary rules on their head in order to make it easier for prosecutors to trump up “intent to distribute” charges against defendants without having to prove their case.

It is well documented that the criminalization of victimless conduct creates perverse incentives for law enforcement to go to drastic measures to uncover these crimes.  I encourage you to read Randy Barnett’s treatment of this phenomena, but here is my attempt to condense just the beginnings of the problem:  when the legislature makes it a criminal offense for a)a person to consume their preferred substance and b) for people to voluntarily supply this consumer demand, police must use increasingly intrusive techniques to catch people violating the law because there is no complaining victim to help them find the offender.  Barnett notes that it doesn’t matter if you believe that drug offenders harm their communities and create a “victim” in a larger sense because the cogent point here is “there is no victim to complain to the police and to testify at trial.”  Since both parties to drug crimes are consenting, they will plan to break the law away from public scrutiny, necessitating increased police intrusions into private places.  If cops are serious about finding a good chunk of these criminals, they must compensate for the lack of reported offenses by ratcheting up surveillance.  And since mere possession is a crime and is also likely to be easily concealed, police will be tempted to undergo searches without probable cause.  These incentives have played out in real life, and the results have been pretty much all bad, ranging from annoying to heart-wrenchingly tragic. 

The moral of the story is that while we may expect the enforcement branch of government to ignore constitutional rights and statutory attempts at drug reform, the judiciary is designed to be immune from the political winds that have blown so strongly in favor of the war on drugs.  California, through their pioneering venture into medical marijuana, has in many ways been the bellwether in challenging this political orthodoxy. 

In fact, the State legislature has recently proposed AB 2312, which could right most of the wrongs perpetrated by the Pack and Inland Empire opinions.  The problem is that the Bill faces tough opponents galvanized by what they see as a blunt tool, making it unlikely to pass.  Most importantly, the bill is unnecessary and perhaps undesirable when compared to the proper interpretation and implementation of the MMPA.  The state appellate courts have botched this job, but the State Supreme Court will have their shot at redemption.  The proper holding will recognize that federal preemption has no place in the analysis when it comes to run-of-the-mill regulations of MMDs.  The Court should respect the MMPA by preventing a locality from banning MMDs qua MMDs, while providing guidelines that will allow cities to address their legitimate concerns about the location of MMDs in sensitive parts of their communities.  In the meantime, the public should remind their City Council that the Pack and Inland Empire decisions have been de-published and are not the law of the land.  Judges are often intoxicated by drug laws, but this review offers a choice opportunity for a little sobriety and the eventual return of level-headed reasoning after our long war on drugs.