Tag: FISA

Wyden Pressing Intel Officials on Domestic Location Tracking

Back in May, during the debates over reauthorization of the Patriot Act, Sens. Ron Wyden (D-OR) and Mark Udall (D-CO) began raising a fuss about a secret interpretation of the law’s so-called “business records” authority, known to wonks as Section 215, arguing that intelligence agencies had twisted the statute to give themselves domestic surveillance powers Congress had not anticipated or intended. At the time, I marshaled a fair amount of circumstantial evidence that, I thought, suggested that the “secret authority” involved location tracking of cell phones. Wyden backed off after being promised a secret hearing to address his concerns—but indicated he’d be returning to the issue if he remained unsatisfied. The hearing occurred early last month. Now I suspect we’re seeing the other shoe dropping.

At a confirmation hearing this morning for Matthew Olsen, who’s been tapped to head the National Counterterrorism Center, Wyden repeatedly asked the nominee whether the intelligence community “use[s] cell site data to track the location of Americans inside the country.” This comes on the heels of a letter Wyden and Udall sent to Director of National Intelligence James Clapper demanding an answer to the same question. Olsen was unsurprisingly vague, calling it a “complicated question” but allowing that there were “certain circumstances where that authority may exist.” The committee was promised a memo explaining those “circumstances” by September. That means that just about ten years after Congress approved the Patriot Act, a handful of legislators may get the privilege of learning what it does. Ah, democracy.

On a related note, one of the data points I cited in my previous post was that Wyden’s Geolocation Privacy and Surveillance Act had, somewhat unusually, been structured primarily as a reform to the Foreign Intelligence Surveillance Act (FISA), which governs intelligence spying, only later incorporating the same protections into the statutes governing ordinary criminal investigations. Especially striking was the inclusion of a specific prohibition on the use of Section 215 for location tracking, above and beyond the general warrant requirement. Since that writing, however, the bill gained Republican co-sponsorship, and dropped the changes to FISA that had previously been the bill’s centerpiece. Instead, the bill now contains an explicit exception for FISA “electronic surveillance,” in addition to the section providing for location tracking authorized by either a criminal or a FISA warrant. I’m not privy to whatever negotiations necessitated that change, but it’s hard to imagine anyone would have insisted on such a substantial restructuring if the intelligence community weren’t doing at least some location tracking pursuant to a lower standard than probable cause.

It’s not entirely clear exactly what the current version of the bill would permit, however. FISA is mentioned twice in the draft: once as part of a vague general exemption for “electronic surveillance,” and then again as one of the sources of authority for a “warrant” to do geolocation tracking. At a first pass, though, those two definitions ought to overlap, because FISA requires a secret intelligence court to issue a warrant based on probable cause (to believe the target is an “agent of a foreign power”) for government monitoring that falls within the FISA’s definition of “electronic surveillance,” in contrast with the far laxer standards that apply to the use of Section 215. It’s therefore an interesting puzzle what, exactly, that exception is meant to permit. Possibly the idea is to permit the (otherwise prohibited) “use” and “disclosure” of geolocation information already obtained without a warrant in order to target future judicially authorized “electronic surveillance,” but it’s hard to be sure. What does seem increasingly sure, however, is that location tracking is connected to the controversy over Section 215—and that Congress owes the American people a debate over the proper use and scope of that power, which it has thus far refused to have.

No Time to Debate Patriot

Back in February, Democratic leader Harry Reid promised fellow senator Rand Paul that—after years of kicking the can down the road—there would be at least a week reserved for full and open debate over three controversial provisions of the Patriot Act slated to expire this weekend, with an opportunity to propose reforms and offer amendments to any reauthorization bill.  And since, as we know, politicians always keep their promises, we can look forward to a robust and enlightening discussion of how to modify the Patriot Act to better safeguard civil liberties without sacrificing our counterterror capabilities.

Ha! No, I’m joking, of course. Having already cut the legs out from under his own party’s reformers by making a deal with GOP leaders for a four-year extension without reform, Reid used some clever procedural maneuvering to circumvent Rand Paul’s pledged obstruction, slipping the Patriot extension into an unrelated small-business bill that’s privileged against filibusters. All this just to prevent any debate on amendments—the most prominent of which, the Leahy-Paul amendment, is frankly so mild that it ought to be uncontroversial. (Among other things, it modifies some portions of the statute already found constitutionally defective by the courts, and codifies some recordkeeping and data use guidelines the Justice Department has already agreed to implement voluntarily.) Apparently it’s too much to even allow these proposals to be debated and voted on.

One reason may be that a growing number of senators—most recently Ron Wyden and Mark Udall—have been raising concerns about a classified “sensitive collection program” that makes use of the sunsetting “business records provision,” also known as Section 215.  They’ve joined Dick Durbin and (former Senator) Russ Feingold in hinting that there may be abuses linked to this program the public is unaware of, and that, moreover, the secret Foreign Intelligence Surveillance Court has interpreted this provision (in a classified ruling, of course) in a way that the general public would find surprising, and which goes beyond the law’s apparent intent. Intelligence operations, of course, must remain secret, but this means we are now governed by a body of secret law, potentially at odds with citizens’ understanding of the public statute—with the result that we cannot even know the true reason that common sense reforms, once endorsed unanimously by the Senate Judiciary Committee, cannot be adopted. This is—to put it very mildly—not how a democracy is supposed to function. Equally troubling, there’s strong circumstantial evidence (which I’ll outline in a separate post) that the program in question may involve large-scale cell phone location tracking and data mining—a conclusion shared by several other analysts who’ve followed the issue closely.

The one silver lining here is that, while press may not have the patience for a complicated policy debate involving byzantine intelligence law—especially now that many Democrats have decided that powers which raised the specter of tyranny under George W. Bush are unobjectionable under an Obama administration—they are always happy to cover a legislative boxing match. Perhaps, thanks to Sen. Paul’s intransigence, we’ll finally see a little sunlight shed on these potent and secret surveillance powers.

Julian Sanchez Talks Online Privacy on Monday, March 28 at 1pm ET on Facebook

Please join us this coming Monday, March 28 at 1pm Eastern on our Facebook page for a live video presentation, powered by Livestream, from Cato research fellow Julian Sanchez on the current state of online privacy policy.

Here is a brief list of topics he’ll cover:

  • An update on current challenges to overturn FISA, and what it means for you and me if those challenges succeed or fail
  • How this relates to current and recent efforts to reauthorize the Patriot Act, including a recap of testimony Sanchez recently delivered to the U.S. Senate Subcommittee on Crime, Terrorism, and Homeland Security
  • What’s on the FBI’s surveillance wish list
  • Reflections on the idea of an “online privacy bill of rights

We hope you can join us next Monday at 1pm Eastern for this event. Be sure to log in to Livestream with your Facebook account so you can chat with each other and submit questions–we’ll try to take as many as we can.

Not a fan of the Cato Institute yet? Join us below:


How Many 215 Orders?

There was an interesting exchange during a Senate Intelligence Committee hearing yesterday concerning the use of the Patriot Act’s §215 orders for business records and other tangible things. FBI Director Robert Mueller hinted that the orders may have been used to track purchases of hydrogen peroxide purchases in the investigation of aspiring bomber Najibullah Zazi, while Sen. Ron Wyden (D-Oreg.) asserted that there is “a huge gap today between how you all are interpreting the PATRIOT Act and what the American people think the PATRIOT Act is all about and it’s going to need to be resolved.”

Let’s leave our curiosity about that by the wayside for the moment, though. I’m curious about one simple empirical claim Mueller made in his testimony: That the provision has been used over 380 times since 2001. I assume he’d know, but that seems inconsistent with what’s been publicly reported to date. It’s worth noting that there are actually minor discrepancies between the numbers provided in Congressional Research Service reports, audits from the Office of the Inspector General, and the Justice Department’s annual reports to Congress. But there are plenty of legitimate reasons these numbers might vary depending on how you count, and the total variance is a difference of about 17 orders total over the years.

We know from those Inspector General reports that the majority of those 215 orders issued were “combination” orders issued in tandem with another type of surveillance order called a “pen register” so that investigators could get subscriber information about the people whose communications patterns they were tracking. When Congress amended the Patriot Act in 2006, it built that authority right into the pen register statute, making it unnecessary to seek those “combination” orders. Prior to the amendment, the government got 173 of those “combination” orders. “Pure” 215 orders, which are now the only type needed, have been used much more sparingly. None were issued at all until 2004, and from 2004 through 2009 (depending on whose tally you want to use) there were between 75 and 92 orders issued (for an average of 12–15 annually since 2004). Throw in the combination orders and the upper-bound number through the end of 2009 is 265 orders.

Unless I’ve miscounted or missed something significant—you can get the reports at the links above and check my math—that leaves 115 orders unaccounted for, assuming Mueller’s number is accurate. There are two possibilities, then: Either the government got ten times as many orders in 2010 as the historical average (the figures should be out sometime in April) or there are a whole lot of these missing from the public reporting. Possibly these have something to do with the “sensitive collection program” in which these orders play a key role, alluded to in a Justice Department official’s testimony at a hearing during the 2009 reauthorization debate. Either alternative seems like it would merit additional scrutiny. I sent an e-mail seeking clarification this morning to some of the experts at the Congressional Research Service responsible for keeping legislators informed on these issues, but haven’t yet heard back.

I’m not belaboring this because it’s inherently hugely significant whether the government has used this authority 265 times or 380. Ideally, in the coming months we’ll see a substantial narrowing of National Security Letter authority, which would predictably lead to a large increase in the number of 215 orders issued. And that would be entirely proper, since it would mean more information being sought pursuant to a judicial order rather than FBI fiat. What I do think is significant, however, is that this reminds us how little we know—and how little the vast majority of legislators know—about the use of these powers. In contrast with criminal investigative tools, these powers are entirely covert: People whose records are swept up by the government almost never learn about it, and the recipients of the orders are subject to an effectively permanent gag on speaking about them. Rulings of the secret FISA Court interpreting the scope of these authorities are never made public. Our assurance that they have been or will continue to be used properly rests entirely on the minimal required reporting to Congress and the findings of internal audits. And yet it’s hard to pin down the facts on even this most elementary factual question about 215 orders: How many times have they been used?

Despite this, we have legislators confident enough that these expanded powers are both so necessary and so well controlled that they’re advocating making them permanent. I wish I were as confident.

Why the Senate’s Vote on the Patriot Act Is Actually Pretty Good News

Last night, By an overwhelming 86-to-12 margin, the Senate approved a temporary 90-day extension of three controversial provisions of the Patriot Act scheduled to sunset at the end of the month. The House just voted to move forward on a parallel extension bill, which will presumably pass easily. Because I’m seeing some civil libertarian folks online reacting with dismay to this development, I think it’s worth clarifying that this is relatively good news when you reflect on the outlook from just a couple of weeks ago.

The House has already approved a one-year extension that would plant the next reauthorization vote on the right eve of primary season in a Presidential election cycle, all but guaranteeing a round of empty demagoguery followed by another punt. As of last week, everyone expected the Senate to bring Sen. Dianne Feinstein’s three year reauthorization—which also extends the odious FISA Amendments Act of 2008—to the floor. The discussion on the Senate floor last night makes it clear that this didn’t happen because of pushback from legislators who were sick of kicking the can and wanted time to hold hearings on substantive reforms.

This is actually a better outcome than simply letting the three sunsetting powers lapse—which, realistically, was not going to happen anyway. First, because at least one of the expiring authorities, roving wiretaps, is a legitimate tool that ought to be available to intelligence investigators if it’s amended to eliminate the so-called “John Doe” loophole. Second, because while all three of these provisions have serious defects that raise legitimate concerns about the potential for abuse, they are collectively small beer compared with National Security Letters, which have already given rise to serious, widespread, and well documented abuses. One of the three sunsetting powers has never been used, and the other two are invoked a couple dozen times per year. All three involve court supervision. The FBI issues tens of thousands of National Security Letter requests each year, the majority targeting American citizens and legal residents, without any advance court approval. The vast majority of the thousands of Americans whose financial and telecommunications records are seized each year are almost certainly innocent of any wrongdoing, but their information is nevertheless retained indefinitely in government databases. With very few exceptions, these people will never learn that the government has been monitoring their financial transactions or communication patterns. Forcing a debate now on the expiring provisions opens a window for consideration of proposals to rein in NSLs—including a new sunset that would create pressure for continued scrutiny.

A new Pew poll released this week reports that Americans remain fairly evenly split on the question of whether the Patriot Act is “a necessary tool that helps the government find terrorists” or “goes too far and poses a threat to civil liberties.” (Perhaps unsurprisingly, with the change of administration, Democrats have become more supportive and Republicans somewhat more skeptical.) But this is actually a signally unhelpful way to frame debate about legislation encompassing hundreds of reforms to the byzantine statutory framework governing American intelligence investigations—more a toolbox than a “tool.” The question shouldn’t be whether you’re “for” or “against” it, but whether there are ways to narrow and focus particular authorities so that legitimate investigations can proceed without sweeping in so much information about innocent people. A three-month extension signals that Congress is finally, belatedly, ready to start having that conversation.

The Heritage Foundation on the Patriot Act

If you wonder why House Republicans were so keen on ramming through an extension of the Patriot Act without hearings or debate, take a gander at the Heritage Foundation’s blog post and Web memo on the topic. I want to run through the latter in some detail, because I think it’s telling just how poorly the case against reform stands up to scrutiny in the rare instances when the law’s defenders feel obliged to make an argument more sustained than “Boo! Terrorists!” 

Here’s how they begin:

With at least 36 known plots foiled since 9/11, the United States continues to face a serious threat of terrorism. As such, national security investigators continue to need these authorities to track down terror leads and dismantle plots before the public is in any danger. These three amendments—which have been extensively modified over the years by Congress and now include significant new safeguards, including substantial court oversight—are vital to this success.

I’ve debated co-author Jena McNeil Baker on Patriot a few times, and she invariably leads off with a running tally of foiled terror plots. I’m not sure exactly which cases make her current list, but in the past she’s cited yahoos like the Lackawanna Six, who don’t appear to have had any actual plot to dismantle, and since our last exchange the FBI has augmented the count via its innovative strategy of planning terror attacks for itself to foil.

But let’s all agree the terror threat is real and serious even without this sort of inflation. What evidence do the authors have that any of the three expiring authorities were “vital” in any of those cases? There just isn’t any. Even if it were true, the authors would have no basis in the public record for the assertion. The evidence we do have, however, suggests just the opposite. Lone Wolf has never been used, so it certainly wasn’t vital. FISA roving authority has been granted an average of 22 times per year since Patriot, and in many of those cases, investigators found they didn’t end up needing to use it. And none of the reports I can recall reading on apprehended wannabe-terrorists suggested that they were practicing sophisticated countersurveillance tactics. The Office of the Inspector General couldn’t find any major case developments attributable to 215 business record orders, which also don’t seem to be used that frequently.

If one of the sunsetting powers had played an important role in disrupting a concrete plot or attack, though, you’d think Justice Department officials would have every incentive to say so loudly and unambiguously, even if they couldn’t get into operational specifics. While these facts are suggestive, of course, I can’t say with certainty that the two powers that have actually been used definitely didn’t play a vital role in any of those (let’s be generous) 36 cases. It would be more convenient if I could say so, but I’m at something of a disadvantage here: In the absence of evidence, I lack the panache needed to make whatever sweeping assertions would help my position. I can only say that all the evidence we do have cuts against that bold claim.

We move to roving wiretaps, which we’re told are a “garden variety” surveillance tool used “routinely” in criminal investigations. The authors seem to be operating with highly idiosyncratic definitions of those terms: In 2009, there were 2,376 wiretap warrants issued for criminal investigations, of which 16 were roving. But routine or not, pretty much everyone in fact agrees that roving authority should be available for intelligence investigations. Astonishingly, the Heritage memo never even mentions the actual issue civil libertarians have with this provision: that unlike the parallel criminal authority, it permits roving warrants that don’t name an individual target. So the authors spend five paragraphs mounting an irrelevant defense of a power nobody contests in principle, but never informs their readers about the real point of controversy, let alone argue for the asymmetry.

Next, business record orders. The blog post summarizing the Web memo confusingly claims that there was no FISA authority to compel the production of records before Patriot, which isn’t true. There just had to be some factual basis (not even “probable cause”) for thinking the records belonged to a terrorist or foreign agent. Oddly, while the Heritage memo does reference Patriot’s expansion of the types of records that could be obtained, it fails to mention the elimination of this key requirement—which, again, is precisely the change to which critics have objected. We’re also told that heightened standards apply to demands for records that “might have the slightest relation to freedom of speech and expression,” which is ridiculous. Library and bookstore records get a bit more protection because librarians raised an admirable fuss about this provision, but there’s no similar protection for records of people’s online reading habits, which have at least as much bearing on modern speech and expression as someone’s library borrowing. There’s the usual analogy between this authority and prosecutorial or grand jury subpoenas, but (perhaps you’re noticing a pattern here) the big, glaring difference between them is not even mentioned: Those processes are ultimately public, and that publicity serves as the strongest practical check on prosecutors who might be tempted to sweep too broadly, while giving third-party record holders a far stronger incentive to challenge improper requests on behalf of their customers.

By the time we get to Lone Wolf, it feels like they’re not even trying anymore:

While the FBI has confirmed that this section has never actually been used, it needs to be available if the situation arises where a lone individual may seek to do harm to the United States.

Why can’t they use the same criminal authority they’re forced to rely on when a lone individual who’s a citizen seeks to do harm to the United States? Why are the extraordinary breadth and secrecy of FISA surveillance, designed for dealing with state-sponsored espionage agencies and global terror networks, necessary when the adversary is some guy acting alone? Crickets.

Finally, we get these two howlers in the conclusion:

Little evidence has ever been proffered to demonstrate any PATRIOT Act misuse…. The act has been narrowed and refined continuously, contributing to the fact that no single provision of the PATRIOT Act has ever been found unconstitutional.

Now, as it happens, both of those claims are pretty clearly false. Federal courts have, in fact, found the gag provisions of the National Security Letter statutes to be unconstitutional—though the court opted to impose its own set of requirements rather than voiding the statutes outright. As for misuse, I’ll defer to the Inspector General of the Department of Justice, who characterized the FBI misuse of that authority uncovered by his office as “widespread and serious.”

But these are, in any event, absurd standards. Covert surveillance whose targets are never informed about it turns out to be rather difficult to challenge in court—harder still when the government can assert a state secrecy privilege that prevents courts from reaching the merits of the challenges that do arise. The identification of rule violations mostly relies on self-policing by intelligence agencies—which report plenty, though they often take their sweet time about it. More importantly, if the intended use of these authorities is to allow the government to siphon up vast amounts of information about thousands of mostly innocent Americans, and retain that information forever in massive classified databases, focus on “misuse” is something of a red herring. The “correct” use is too intrusive.

So this is what the best case for Patriot reauthorization without reform looks like, apparently: bold assertions offered without supporting evidence, and a persistent refusal to engage the actual objections raised by critics. No wonder they’re so anxious to bypass a debate.

Patriot Reauthorization Vote Fails… Now What?

First, the good news: Last night, civil libertarians had a rare excuse to pop champagne when an effort to fast-track a one-year reauthorization of three controversial Patriot Act provisions–set to expire at the end of the month–failed in the House of Representatives. As Slate’s Dave Weigel notes, the vote had been seen as such a sure thing that Politico headlined its story on the pending vote “Congress set to pass Patriot Act extension.” Around this time last year, a similar extension won House approval by a lopsided 315-97 vote.

Now the reality check: The large majority of representatives also voted for reauthorization last night: 277 for, 148 against. The vote failed only because GOP leadership had sought to ram the bill through under a “suspension of the rules”–a streamlined process generally used for the most uncontroversial bills, limiting debate and barring the introduction of amendments–which required a two-thirds majority for passage. Given last week’s developments in the Senate, it’s still a near certainty that the expiring provisions will be extended again before the end of the month. In fact, there’s a Rules Committee meeting today to get the bill back on the House floor. Also, while the defection of 26 Republicans who voted against reauthorization is the first real pushback against leadership we’ve seen since the GOP took the House, some of the talk that’s circulated about a Tea Party backlash against the surveillance state seems premature. As Weigel notes, just eight of the 26 Republican “no” votes were incoming freshmen, and many representatives prominently associated with the Tea Party were on the other side. Some of the resistance seems to have been generated by the fast-track approach, as there haven’t been any hearings or mark-ups on Patriot legislation.

That said, the tide does seem to be shifting somewhat. The failure of the fast-track vote means that we may see the reauthorization introduced under rules that would allow amendments aimed at remedying the civil liberties problems with the three expiring provisions, or with the still more controversial Patriot expansion of National Security Letter authority, which under current law does not expire. For those just tuning in, the sunsetting Patriot provisions are:

Lone Wolf

So-called “lone wolf” authority allows non-citizens in the U.S. who are suspected of involvement in terrorist activities to be monitored under the broad powers afforded by the Foreign Intelligence Surveillance Act (FISA), even if they are not connected to any overseas terror group or other “foreign power.” It was passed after FBI claimed the absence of “lone wolf” authority stymied efforts to monitor the infamous “20th 9/11 Hijacker”–but a bipartisan Senate report found that this failure was actually the result of a series of gross errors by the FBI, not any gap in government surveillance powers. Moreover, Lone Wolf blurs the traditional–and constitutionally significant–distinction between foreign intelligence, where the executive enjoys greater latitude, and domestic national security investigations. The way the statute is written, Lone Wolf authority is only available in circumstances where investigators would already be able to obtain a criminal terrorism wiretap. Given of the sweeping nature of FISA surveillance, that more narrow criminal surveillance authority should be employed when the special needs imposed by the involvement of a “foreign power” are not present.

Roving Wiretaps

Roving wiretap authority allows intelligence wiretap orders to follow a target across multiple phone lines or online accounts. Similar authority has been available in criminal investigations since 1986, but Patriot’s roving wiretaps differ from the version available in criminal cases, because the target of an order may be “described” rather than identified. Courts have stressed this requirement for identification of a named target as a feature that enables criminal roving wiretaps to satisfy the “particularity” requirement of the Fourth Amendment. Patriot’s roving taps, by contrast, raise the possibility of “John Doe” warrants that name neither a person nor a specific “place” or facility–disturbingly similar to the “general warrants” the Founders were concerned to prohibit when they crafted the Fourth Amendment. Given the general breadth of FISA surveillance and the broad potential scope of online investigations, John Doe warrants would pose a high risk of “overcollecting” innocent Americans’ communications. Most civil liberties advocates would be fine with making this authority permanent if it were simply modified to match the criminal authority and foreclose the possibility of “John Doe” warrants by requiring either a named individual target or a list of specific facilities to be wiretapped.

Section 215

Section 215 expanded the authority of the FISA Court to compel the production of business records or any other “tangible thing.” While previously such orders were limited to narrow classes of businesses and records, and required a showing of “specific and articulable facts” that the records sought pertain to an agent of a foreign power, Patriot stripped away those limits. The current law requires only a showing of “reasonable grounds” to believe records are “relevant” to an investigation, not probable cause, and has no requirement that people whose information is obtained be even suspected of any connection to terrorism. And the recipients of these orders are barred from Proposals to restore some of the previous checks on this power–requiring some demonstrable connection to terroris–initially received bipartisan support last year, but were torpedoed when the Justice Department objected that this limitation would interfere with a secret “sensitive collection program.” Several senators briefed on the program have expressed concern that this sweeping collection authority was being reauthorized without adequate public understanding of its true purpose.

So those are the sunsetting provisions–though a lot of the debate last year very justifiably centered on the need to reform National Security Letters, which we know to be constitutionally defective, and which have already been subject to serious abuses. One reason reform keeps getting postponed is that Congress is busy and tends not to make time for these issues until the sunset deadlines are right around the corner–at which point a reliable band of pundits and legislators imply that absolute bedlam will ensue unless every single surveillance authority is extended–meaning reform will have to wait until later, at which point it will be an emergency all over again. Once you start looking at the numbers, though, all these Chicken Littles begin to look faintly ridiculous.

The Lone Wolf provision is such an essential intelligence tool that it has never been used. Not a single time. And again, by the terms of the statute, it only applies under circumstances where a criminal wiretap warrant would already be available if Lone Wolf authority didn’t exist. Roving authority is granted by the FISA Court an average of 22 times per year, and in many (if not most) of those cases it never actually has to be used–surveillance is limited to named facilities. To put that in context, the FISA court issued 1,320 electronic surveillance orders in 2009, and that was the first time in 5 years the number fell below 2,000. So we’re talking about maybe 1 percent of FISA surveillance, which judging by internal oversight reports, is a good deal less than the portion that ends up sitting untranslated for months anyway. Similarly, there were 21 business records orders under §215 issued in 2009–and remember, that authority doesn’t disappear if this provision sunsets, it just reverts to its narrower, pre–Patriot version, where the court needs to see actual evidence that the records have some connection to a suspected terrorist. Surveys by the Inspector General’s office found no instances in which a major case development resulted from 215 information. The idea that we’d somehow be in grave danger if these provisions lapsed for a few months just doesn’t hold up, but there’s no reason Congress can’t pass a two-month extension while they consider some of the reforms already on the table, just as they did last year.

So let’s stop living in a state of perpetual panic. Some of these provisions we’d be better off without. Some, like roving wiretaps, just need minor tweaks to close loopholes for misuse. Some–I’m looking at you, National Security Letters–require substantial reform. Many of these changes ought to be common sense, and have attracted bipartisan support in the past. But let’s stop kicking the can down the road and saying we’ll debate the proper limits on the surveillance state when there’s time. It’s important enough that Congress can make time.