Speaking of laws which seem ridiculous in the face of advancing technology, Lawfare‘s Timothy Edgar cites American surveillance laws:
As it turns out, the widely-held theory that the NSA had figured out another way to obtain the data [concerning bulk collection of Internet metadata within the United States] – with less oversight – is correct. According to a new document obtained under FOIA by New York Times reporter Charlie Savage:
The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. . . .
The N.S.A. had long barred analysts from using Americans’ data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown. The inspector general report cited that change to the N.S.A.’s internal procedures.
The other replacement source for the data was collection under the FISA Amendments Act of 2008, which permits warrantless surveillance on domestic soil that targets specific noncitizens abroad, including their new or stored emails to or from Americans.
Mr. Edgar concludes:
The lawfulness of bulk collection and applicable privacy rules should not depend on the technical details of the NSA’s collection – such as where the data is collected and exactly what fields are obtained – that have nothing to do with the privacy interests involved. But this is exactly how the law works today. Savage’s piece is a further reminder of just how incoherent our surveillance laws have become.
In other words, your privacy is at risk if your Internet sojourns take your data streams out of the United States, which, when put that way, have a certain poetic propriety which I find appealing, for, with the exception of certain diplomatic personnel, an American in another country is not immune to the laws of that country, but subject to them. Nevertheless, Mr. Edgar’s comments are of a more serious nature.
With regard to location, it’s an interesting question – when your data stream is outside the United States, can an agency forbidden from collecting data about you ignore that law? I’m no lawyer, so I can only claim that it seems like common sense to say the answer should be ‘No’ – as the implications of the statement is that a goal is denied to the NSA, not a method.
With regard to the fields collected, I’m not certain this is a technicality so much as it defines the issue. How about anonymous collection of metadata? Is that illegal? I suppose I’m not up enough on the controversy to understand the implications at question.
Nor can I think of analogous situations from pre-Internet era.
