A Citizen's Guide to Why Your Phone Company Gives Data to the Feds
The Foreign Intelligence Surveillance Act Court released a top secret ruling explaining its rationale for allowing the NSA to collect daily records from domestic telephone providers. Allow us to translate.
On Tuesday afternoon, the Foreign Intelligence Surveillance Act Court released a top secret ruling explaining its rationale for allowing the NSA to collect daily records from domestic telephone providers. Allow us to translate from the original Legalese.
The entire opinion, which appears at the bottom of this post, is apparently the latest in a regular series of such documents released when the court renews the NSA's ability to collect phone call metadata. That collection came to light in June, following the first of many Guardian reports on documents revealed by Edward Snowden. At the time, the Director of National Intelligence admitted the existence of the program, but the rationale for its legality remained in question. In August, the FISA Court — or FISC, the top secret body that authorizes the program — ordered the government to review and declassify that rationale, which it has now done.
Here's how the court's reasoning goes.
1. Collecting phone record data for someone isn't a violation of the Fourth Amendment.
The FISC relies on the 1979 Supreme Court decision Smith v. Maryland (Wikipedia) as its rationale that the collection of such data is, in general, not a violation of the Constitutional prohibition against unreasonable search and seizure. The Smith decision has long provided the legal justification for data collection by law enforcement — specifically, the use of a "pen register," a device that records phone numbers involved in calls on a particular phone line. Admitting that the metadata collected by the NSA is broader than that (including duration and possibly location information), the FISC writes:
"Telephone users ... typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes." Furthermore, the Supreme Court found that once a person has transmitted this information to a third party (in this case, a telephone company), the person "has no legitimate expectation of privacy in [the] information .... " The telephone user, having conveyed this information to a telephone company that retains the information in the ordinary course of business, assumes the risk that the company will provide that information to the government. Thus, the Supreme Court concluded that a person does not have a legitimate expectation of privacy in telephone numbers dialed and, therefore, when the government obtained that dialing information, it "was not a 'search,' and no warrant was required" under the Fourth Amendment.
In short: You use a phone company. You know that the phone company has information about your calls. You recognize that the company might give that data to the government. Therefore, the government doesn't need a specific warrant to collect your information.
2. Collecting phone data for a lot of people isn't, either.
The argument here is different. The FISC writes:
… this Court found that "regarding the breadth of the proposed surveillance, it is noteworthy that the application of the Fourth Amendment depends on the government's intruding into some individual's reasonable expectation of privacy." The Court noted that Fourth Amendment rights are personal and individual, … and that "[s]o long as no individual has a reasonable expectation of privacy in meta data, the large number of persons whose communications will be subjected to the ... surveillance is irrelevant to the issue of whether a Fourth Amendment search or seizure will occur." Put another way, where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.
In other words, the Fourth Amendment protects the individual right to privacy. If the data collection doesn't violate that individual right, there's not suddenly a group right that it can violate. Or, more plainly, the FISC is saying that it's approving 300-plus million instances of individual, Fourth Amendment-approved data collection, in bulk.
3. Section 215 of the Patriot Act offers the legal ability to collect that data.
Just because something is constitutional doesn't make it legal. You need a law for that.
In this case, the law is the Patriot Act. Section 215 of that bill, first passed in 2001, gives the government the authority to collect "business records" as part of a terror investigation. The FISC is tasked with assuring that the legal provisions included in that section are met, including that the government has done what it can to minimize the collection of data that isn't constitutionally allowed. To that end, the FISC's authorizations for collection of phone data include various stipulations about how it should happen.
Then there's the question of how Section 215's business records provision applies to the phone metadata. The Court compares Section 215 with a similar section of 18 U.S.C. § 2703, noting key differences that it suggests broaden's Section 215's scope. For example:
Under this section [§ 2703], which is comparable to Section 215, the government must offer to the court "specific and articulable facts showing that there are reasonable grounds to believe that ... the records or other information sought, are relevant and material to an ongoing criminal investigation." (Emphasis added). Section 215, the comparable provision for foreign intelligence purposes, requires neither "specific and articulable facts" nor does it require that the information be "material." Rather, it merely requires a statement of facts showing that there are reasonable grounds to believe that the records sought are relevant to the investigation.
3a. Blame Congress — and your phone company.
But the FISC zeroes in on a way in which the Patriot Act deliberately loosens a standard created under the Foreign Intelligence Surveillance Act of 1978.
[T]he pre-PATRIOT Act version of FISA's business records provision required "specific and articulable facts giving reason to believe that the person to whom the records pertain is a foreign power or an agent of a foreign power." In enacting Section 215, Congress removed the requirements for "specific and articulable facts" and that the records pertain to "a foreign power or an agent of a foreign power." Accordingly, now the government need not provide specific and articulable facts, demonstrate any connection to a particular suspect, nor show materiality when requesting business records under Section 215. To find otherwise would be to impose a higher burden - one that Congress knew how to include in Section 215, but chose to dispense with.
Read this as: Congress wanted it this way — and it has chosen to renew the provision, as well.
But don't just blame Congress. The FISC notes that it offers an "adversarial process" that allows those served with orders to turn over data to challenge the order.
To date, no holder of records who has received an Order to produce bulk telephony metadata has challenged the legality of such an Order. Indeed, no recipient of any Section 215 Order has challenged the legality of such an Order, despite the explicit statutory mechanism for doing so.
4. This data collection is useful.
Because known and unknown international terrorist operatives are using telephone communications, and because it is necessary to obtain the bulk collection of a telephone company's metadata to determine those connections between known and unknown international terrorist operatives as part of authorized investigations, the production of the information sought meets the standard for relevance under Section 215.
Terrorists use phones. And, continuing on, we need a complete record of phone calls that can be searched after evidence comes to light, or else our ability to stop those terrorists will be negatively affected.
The government depends on this bulk collection because if production of the information were to wait until the specific identifier connected to an international terrorist group were determined, most of the historical connections (the entire purpose of this authorization) would be lost.
And, with that, the FISC approves the daily collection of your phone records, renewing the order every three months.
Photo: Former attorney general John Ashcroft holds up a report on Patriot Act activity. (AP)