Tag: Patriot Act

NSA: Keeping Us Safe From…Dope Peddlers

The Justice Department says it is reviewing the Drug Enforcement Administration’s “Special Operations Division”—the subject of an explosive report published by Reuters on Monday. The SOD works to funnel information collected by American intelligence agencies to ordinary narcotics cops—then instructs them to “phony up investigations,” as one former judge quoted in the story put it, in order to conceal the true source of the information. In some instances, this apparently involves not only lying to defense attorneys, but to prosecutors and judges as well.

DEA is taking a predictable “nothing to see here” stance in its public responses to the story, but on its face this seems like a fairly brazen violation of the right to due process. As several legal experts quoted in the Reuters article point out, the accused in our criminal justice system cannot effectively defend themselves unless they know how evidence against them was obtained, and this program is clearly designed to deprive them of that knowledge. Moreover, at least some of the information channeled to police derives from FISA electronic surveillance, and 50 USC §1806 explicitly requires the government to notify persons whenever it intends to use information “derived from” such intercepts against them in any legal proceeding. Flouting that requirement is doubly troubling because, in light of the Supreme Court’s recent ruling in Amnesty v. Clapper, the only way for any court to review the constitutionality of intelligence programs is for a defendant to raise a challenge after being informed that they’ve been subject to surveillance.

One way they’re able to get away with this is by exploiting the fact that our justice system relies so heavily on plea bargains. Prosecutors stack up charges against defendants in hopes of effectively coercing them into waiving their constitutional right to a jury trial and accepting a plea deal, which even for the innocent may make more sense than risking a conviction that could lead to an enormously longer jail sentence. Conveniently, avoiding a trial also greatly reduces the risk that one of these “phonied up” investigations will be exposed.

Atlas Bugged II: Is There an NSA Mass Location Tracking Program?

Way back in 2011—when “Snowden” was just a quiescent indie band from Atlanta—I wrote two posts here at the Cato blog trying to suss out what the “secret law” of the Patriot Act that Sen. Ron Wyden (D-OR) and others were raising alarms about might involve: “Atlas Bugged” and “Stalking the Secret Patriot Act.” Based on what seemed like an enormous amount of circumstantial evidence—which I won’t try to summarize here—I speculated that the government was likely engaged in some kind of large scale program of location tracking, involving the use of the Patriot Act’s Section 215 to bulk collect cell phone location records for data mining purposes.

I remained reasonably confident in my guess until the disclosure of the Section 215 bulk call records program, which was soon followed by insistent public statements from NSA officials that they did not collect location records “under this program.” That ubiquitous qualifier certainly left some wiggle room, but naturally the government collects location information in some circustances for intelligence purposes—at the very least when it has a FISA warrant for full electronic surveillance of a specific target—and it seemed only natural that if the government was engaged in bulk location tracking and data mining, it would obtain that information in tandem with its bulk collection of call detail records. So, I concluded, I had probably guessed wrong: The secret Section 215 program did involve bulk collection of phone records—but not phone location records.

Then, last week, Wyden gave a barnburner of a speech on NSA surveillance at the Center for American Progress—one that makes me think I may have guessed correctly after all. Between his talk and the question and answer sessions that followed, Wyden explicitly mentioned location tracking no fewer than five separate times—discussing it far more frequently than the program we actually know about, involving bulk collection of call records:

[A]s you listen to this talk, ponder that most of us have a computer in our pocket that potentially can be used to monitor us 24/7. […]

 This is particularly true if you’re vacuuming up cell phone location data, essentially turning every American’s cell phone into a tracking device. We are told this is not happening today, but intelligence officials have told the press that they currently have the legal authority to collect Americans’ location information in bulk. […]

The piece of technology we consider vital to the conduct of our everyday personal and professional life hapens to be a combination phone bug, listening device, location tracker, and hidden camera. […]

Today, government officials are openly telling the press that they have the authority to effectively turn Americans’ smart phones and cell phones into location-enabled homing beacons. […]

These smartphones that everybody’s got in their pockets […] can be used as a tracking system for everyone in this room, 24/7.

This is not exactly subtle. Wyden’s constant references to location tracking in this context would be nothing short of bizarre unless he had reason to believe that the governments assurances on this score are misleading, and that there either is or has been some program involving bulk collection of phone records. Wyden, of course, would know full well whether there is or is not any such program via his role on the Intelligence Committee—and his focus on location tracking over the activities we know NSA is engaged in, such as monitroing of Internet communications and bulk collection of phone records, would be an inexplicable obsession if he knew that no such program existed.

There’s another hint along these lines early in the talk, when Wyden says that “secret rullings of the Foreign Intelligence Surveillance Court have interpreted the Patriot Act as well as section 702 of the FISA statute in some surprising ways.” Wyden says that these rulings “can be astoundingly broad” and then adds: “The one that authorizes the bulk collection of phone records is as broad as any I have ever seen.” (Emphasis mine.) That’s a very specific word choice: not broader than any he has seen, or the broadest ruling he has seen—even though a ruling authorizing bulk collection of every American’s phone records would be the broadest anyone without access to classified information had ever seen—but rather as broad. As in: there are other rulings of comparable breadth, perhaps allowing bulk collection of other types of information about all Americans. Wyden gestures in this direction again later, calling it “especially troubling” that “there is nothing in the Patriot Act that limits this sweeping bulk colection to phone records.”

If this sounds like overreading, consider that actually it’s consistent with several Senators’ previous efforts to hint at the nature of their concerns without directly exposing classified programs. As Wyden noted at the outset of his talk, he and his colleague Mark Udall (D-CO) may not be able to “tap out the truth in Morse code,” but they have “tried just about everything else we could think of to warn the American people.” That means they have often, without explicitly disclosing classified information, given some very strong hints to what they were concerned about to those of us paying close attention. For instance, as I noted in one of those prior posts, Sen. Udall frequently explained his concerns using the same specific, and rather curiously worded example, warning that Section 215 gave the government “unfettered” access to “business records ranging from a cell phone company’s phone records to an individual’s library history.” (Emphasis mine.) The pointed contrast between “an individual’s” library records and “a cell phone company’s” phone records was, in retrospect, about as close as Udall could come to explicitly warning that phone records were being collected in bulk, not merely for specifically targeted individuals. Perhaps this talk was as close as Wyden can come to warning us—without coming right out and saying it—that there’s a bulk location tracking program yet to be disclosed.

10 Years of Patriot Act

It was ten years ago that President Bush signed the Patriot legislation into law.  If you wanted to find a textbook example of how not to make law, review the history of this law.  First, toss dozens of legal proposals together into a giant “package” and resist any effort to unpack it and hold separate votes.  Second, unveil the package at the last minute so members of Congress will not have an opportunity to study it.  Third, call it the “Patriot Act” so that any person voting against it will have to consider television ads declaring his/her opposition to the Patriot law.  Fourth, have the Attorney General declare over and over that if the law is not enacted right away, the terrorists may well launch more 9-11 attacks.  When members of Congress proposed attaching sunset provisions so that the law could go into effect, but would need reauthorization a few years later, the Bush administration fought the idea.

In the years afterward, the laws defenders like to pose the question, “Where are the abuses under this law?”  Some provisions, like those pertaining to National Security Letters, made it a crime for those served with them to tell anyone else about them.  That made it almost impossible to see what the FBI was doing.  In today’s Washington Post, Nicholas Merrill, explains what it was like to be on the receiving end of a National Security Letter:

In 2004, it wasn’t at all clear whether the FBI would charge me with a crime for telling the ACLU about the letter, or for telling the court clerk about it when I filed my lawsuit as “John Doe.” I was unable to tell my family, friends, colleagues or my company’s clients, and I had to lie about where I was going when I visited my attorneys. During that time my father was battling cancer and, in 2008, he succumbed to his illness. I was never able to tell him what I was going through.

For years, the government implausibly claimed that if I were able to identify myself as the plaintiff in the case, irreparable damage to national security would result. But I did not believe then, nor do I believe now, that the FBI’s gag order was motivated by legitimate national security concerns. It was motivated by a desire to insulate the FBI from public criticism and oversight.

Read the whole thing.   Nick Merill spoke at a Cato Capitol Hill Briefing a few months ago.

Some parts of the Patriot law were sensible, others were not.  For Cato scholarship on the subject, go here and here [pdf].

Tomorrow, Cato will be hosting a double book forum featuring ACLU President Susan Herman and bestselling author David Shipler.   Patriot Act issues will come up.

Stalking the Secret Patriot Act

Since this spring’s blink-and-you-missed-it debate over reauthorization of several controversial provisions of the Patriot Act, Senators Ron Wyden (D-OR) and Mark Udall (D-CO) have been complaining to anyone who’d listen about a “Secret Patriot Act“—an interpretation of one of the law’s provisions by the classified Foreign Intelligence Surveillance Court granting surveillance powers exceeding those an ordinary person would understand to be conferred from the text of the statute itself. As I argued at the time, there is an enormous amount of strong circumstantial evidence suggesting that this referred to a “sensitive collection program” involving cell phone location tracking—potentially on a mass scale—using Patriot’s “Section 215” or “business records” authority.

Lest anyone think they’d let the issue drop, Wyden and Udall last week released a sharply-worded letter to Attorney General Eric Holder, blasting the Justice Department for misleading the public about the scope of the government’s surveillance authority. The real audience for an open letter of this sort, of course, is not the nominal recipient, but rather the press and the public. Beyond simply reminding us that the issue exists, the letter confirms for the first time that the “secret law” of which the senators had complained does indeed involve Section 215. But there are some additional intriguing morsels for the attentive surveillance wonk.

The letter focuses particularly on “highly misleading” statements by Justice Department officials analogizing Section 215 powers to grand jury subpoenas. “As you know,” Wyden and Udall write, “Section 215 authorities are not interpreted in the same way that grand jury subpoena authorities are, and we are concerned that when Justice Department officials suggest that the two authorities are ‘analogous’ they provide the public with a false understanding of how surveillance law is interpreted in practice.”

Now, this is a little curious on its face. Ever since the original debate over the passage of the Patriot Act, its defenders have tried to claim that a variety of provisions allowing the FBI to more easily obtain sensitive records and documents were no big deal, because grand juries have long enjoyed similarly broad subpoena powers. The comparison has been specious all along: grand juries are an arm of the judicial branch designed (at leas in theory) to serve as a buffer between the power of prosecutors and the citizenry. It exists for the specific purpose of determining whether grounds for a criminal indictment exist, and is granted those broad subpoena powers precisely on the premise that it is not just another executive branch investigative agency. To argue, then, that it would make no difference if the FBI or the police could secretly exercise the same type of authority is to miss the point of how our system of government is meant to work in a pretty stunning way. It’s akin to suggesting that, since juries can sentence people to life in prison, it would be no big deal to give the president or the director of the FBI the same power.

That’s not what Wyden and Udall are stressing here, however. Rather, they seem to be suggesting that the scope of the 215 authority itself has been secretly interpreted in a way that goes beyond the scope of the grand jury subpoena power. Now that ought to be striking, because the grand jury’s power to compel the production of documents really is quite broad. Yet, what Wyden and Udall appear to be suggesting is that there is some kind of limit or restriction that does apply to grand jury subpoenas, but has been held by the secret court not to apply to Section 215 orders. One possibility is that the FISC may have seen fit to issue prospective 215 orders, imposing an ongoing obligation on telecommunications companies or other recipients to keep producing records related to a target as they’re created, rather than being limited to records and documents already in existence. But given the quantity of evidence that already suggests the “Secret Patriot Act” involves location tracking, I find it suggestive that the very short list of specific substantive limits on grand jury subpoena power in the U.S. Attorneys’ Manual includes this:

It is improper to utilize the grand jury solely as an investigative aid in the search for a fugitive in whose testimony the grand jury has no interest. In re Pedro Archuleta, 432 F. Supp. 583 (S.D.N.Y. 1977); In re Wood, 430 F. Supp. 41 (S.D.N.Y. 1977), aff’d sub nom In re Cueto, 554 F.2d 14 (2d Cir. 1977). … Since indictments for unlawful flight are rarely sought, it would be improper to routinely use the grand jury in an effort to locate unlawful flight fugitives.

As the manual makes clear, the constraints on the power of the grand jury generally are determined by its purpose and function, but locating subjects for the benefit of law enforcement (rather than as a means of securing their testimony before the grand jury) is one of the few things so expressly and specifically excluded. Could this be what Wyden and Udall are obliquely referring to?

On a possibly related note, the Director of National Intelligence’s office sent Wyden and Udall a letter back in July rebuffing his request for information about the legal standard governing geolocation tracking by the intelligence community. While refusing to get into specifics, the letter explains that “there have been a diverse set of rulings concerning the quantum of evidence and the procedures required to obtain such evidence.” Now, a bit of common sense here: it is inconceivable that any judge on the secret court would not permit cell phone geolocation tracking of a target who was the subject of a full-blown FISA electronic surveillance warrant based on probable cause. There would be no “diversity” if the intelligence agencies were uniformly using only that procedure and that “quantum of evidence.” This claim only makes sense if the agencies have sought and, under some circumstances, obtained authorization to track cell phones pursuant to some other legal process requiring a lower evidentiary showing. (Again, you would not have “diversity” if the court had consistently responded to all such requests with: “No, get a warrant.”)

The options here are pretty limited, because the Foreign Intelligence Surveillance Act only provides for a few different kinds of orders to be issued by the FISC. There’s a full electronic surveillance warrant, requiring a probable cause showing that the target is an “agent of a foreign power.” There’s a warrant for physical search, with the same standard, which doesn’t seem likely to be relevant to geotracking. The only other real options are so-called “pen register” orders, which are used to obtain realtime communications metadata, and Section 215. Both require only that the information sought be “relevant” to an ongoing national security investigation. For pen registers, the applicant need only “certify” that this is the case, which leaves judges with little to do beyond rubber-stamping orders. Section 215 orders require a “statement of facts showing that there are reasonable grounds” to think the information sought is “relevant,” but the statute also provides that any records are automatically relevant if they pertain to a suspected “agent of a foreign power,” or to anyone “in contact with, or known to” such an agent, or to the “activities of a suspected agent of a foreign power who is the subject of [an] authorized investigation.” The only way there can logically be “a diverse set of rulings” about the “quantum of evidence and the procedures required” to conduct cell phone location tracking is if the secret court has, on at least some occasions, allowed it under one or both of those authorities. Perhaps ironically, then, this terse response is not far short of a confirmation.

In criminal investigations, as I noted in a previous post, the Justice Department normally seeks a full warrant in order to do highly accurate, 24-hour realtime location, though it is not clear they believe this is constitutionally required. With a court order for the production of records based on “specific and articulable facts,” they can get call records generally indicating the location of the nearest cell tower when a call was placed—a much less precise and intrusive form of tracking, but one that is increasingly revealing as providers store more data and install ever more cell towers. For realtime tracking that is less precise, they’ll often seek to bundle a records order with a pen register order, to create a “hybrid” tracking order. Judges are increasingly concluding that these standards do not adequately protect constitutional privacy interests, but you’d expect a”diverse set of rulings” if the FISC had adopted a roughly parallel set of rules—except, of course, that the standards for the equivalent orders on the intelligence side are a good deal more permissive. The bottom line, though, is that this makes it all but certain the intelligence agencies are secretly tracking people—and potentially large numbers of people—who it does not have probable cause to believe, and may not even suspect, are involved in terrorism or espionage. No wonder Wyden and Udall are concerned.

“If He Approve, He Shall Sign It…”

The Patriot Act extension passed by Congress this week did not become the law of the land. It is void and without effect.

So may argue some future defendant whose conviction rests on evidence gotten under Patriot Act powers during the extended period Congress sought to establish in the bill it passed this week.

President Obama is at a meeting in Europe, so he had the bill signed by auto-pen. Representative Tom Graves (R-GA) has written a letter inquiring of the president whether he was presented the bill and truly intended to sign it.

Article I, Section 7 of the Constitution says:

Every Bill which shall have passed the House of Representatives and the Senate, shall, before it become a Law, be presented to the President of the United States; If he approve he shall sign it, but if not he shall return it…

Is presentment and signing a quaint formality? Something to put aside in light of modern technology and time-constraints? Or is it an important step in the law-making process, to be executed quite literally without deviation from past practice?

The answer lies mostly in consideration of what a signature is, and what it does. I looked into signatures, among many other identifiers and security techniques in my book, Identity Crisis.

Wikipedia has a definition of “signature” that’s good enough: “A signature is a handwritten (and sometimes stylized) depiction of someone’s name, nickname, or even a simple ‘X’ that a person writes on documents as a proof of identity and intent.” Key words: identity and intent.

In the world of identification and security, a signature is classed as a “behavioral biometric identifier.” That is, it’s a product of a given person’s bodily action that is distinctive enough to create strong evidence of the person’s presence.

A signature does many things, and inferences spill out from the presence of a mark on paper that is sufficiently similar to other marks made by a particular person. Because it’s left on the paper, a signature indicates that the person was in the presence of the document. This means in most cases that he or she could review it and had the opportunity, barring some exigency, to affirm its accuracy and completeness. By long-standing custom, absent duress or fraud, the signature indicates the giving of one’s assent or the placing of authority behind the content of the document. A signature supplies evidence—imperfect, to be sure—that a given person approved a given document.

Does a signature by auto-pen create the same inferences? Almost none of them. To know that President Obama indeed meant to affirm the bill, one would have to investigate how he was apprised of the bill’s content. Were there security measures in place to ensure that the communication about the document and the giving of assent were not altered or forged in transit from Washington, D.C. to Europe? One would need assurance that the controller of the auto-pen applied its mark to the exact document that the president was apprised of, and that no substitute document was inserted. All these problems are solved by bringing the person with authority into the same room with the document to manually apply the signature.

I haven’t a whiff of doubt that President Obama intended to sign the bill. The authority of the president and the gravity of bill-signing are such that I’m confident security measures were in place to control the security issues noted above.

But the question in a court case dealing with the presentment and signing requirement is not what happened with this particular bill. It is what should happen in all cases to help exclude the risks of fraud and duress in law-making—with much longer bills, for example, or some future circumstance when the president’s whereabouts or capacity might be unknown.

The authority of the president and the gravity of bill-signing actually cuts the other direction: The president should be in the same room as the actual document, applying his genuine signature to the artifact of a United States public law’s creation. It’s that important a function of the presidency.

Until biometrics and encryption are good enough that we can sign our mortgages remotely, it’s not too much to ask, having the president to sign legislation in person. If a criminal or two go free in the future because of the inadequacy of the process here, it will be worth it for the small security against fraudulent passage of legislation in a future full of uncertainties.

Atlas Bugged: Why the “Secret Law” of the Patriot Act Is Probably About Location Tracking

Barack Obama’s AutoPen has signed another four-year extension of three Patriot Act powers, but one silver lining of this week’s lopsided battle over the law is that mainstream papers like The New York Times have finally started to take note of the growing number of senators who have raised an alarm over a “secret interpretation” of Patriot’s “business records” authority (aka Section 215). It would appear to be linked to a “sensitive collection program” referenced by a Justice Department official at hearings during the previous reauthorization debate—one that would be disrupted if 215 orders were restricted to the records of suspected terrorists, their associates, or their “activities” (e.g., large purchases of chemicals used to make bombs). Naturally, lots of people are starting to wonder just what this program, and the secret interpretation of the law that may be associated with it, are all about.

All we can do is speculate, of course: only a handful of legislators and people with top-secret clearances know for sure. But a few of us who closely monitor national security and surveillance issues have come to the same conclusion: it probably involves some form of cellular phone geolocation tracking, potentially on a large scale. The evidence for this is necessarily circumstantial, but I think it’s fairly persuasive when you add it all up.

First, a bit of background. The recent fiery floor speeches from Sens. Wyden and Udall are the first time widespread attention has been drawn to this issue—but it was actually first broached over a year ago, by Sen. Richard Durbin and then-Sen. Russ Feingold, as I point out in my new paper on Patriot surveillance. Back in 2005, language that would have required Section 215 business record orders to pertain to terror suspects, or their associates, or the “activities” of a terror group won the unanimous support of the Senate Judiciary Committee, though was not ultimately included in the final reauthorization bill. Four years later, however, the Justice Department was warning that such a requirement would interfere with that “sensitive collection program.” As Durbin complained at the time:

The real reason for resisting this obvious, common-sense modification of Section 215 is unfortunately cloaked in secrecy. Some day that cloak will be lifted, and future generations will ask whether our actions today meet the test of a democratic society: transparency, accountability, and fidelity to the rule of law and our Constitution.

Those are three pretty broad categories of information—and it should raise a few eyebrows to learn that the Justice Department believes it routinely needs to get information outside its scope for counterterror investigations. Currently, any record asserted to be “relevant” to an investigation (a standard so low it’s barely a standard) is subject to Section 215, and records falling within those three categories enjoy a “presumption of relevance.” That means the judges on the secret Foreign Intelligence Surveillance Court lack discretion to evaluate for themselves whether such records are really relevant to an investigation; they must presume their relevance. With that in mind, consider that the most recent report to Congress on the use of these powers shows a record 96 uses of Section 215 in 2010, up from 22 the previous year. Perhaps most surprisingly though, the FISC saw fit to “modify” (which almost certainly means “narrow the scope of”) 42 of those orders. Since the court’s discretion is limited with respect to records of suspected terrorists and their associates, it seems probable that those “modifications” involved applications for orders that sweep more broadly. But why would such records be needed? Hold that thought.

Fast forward to this week. We hear Sen. Wyden warning that “When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry,” a warning echoed by Sen. Udall. We know that this surprising and disturbing interpretation concerns one of the three provisions that had been slated for sunset. Lone Wolf remains unused, so that’s out, leaving roving wiretaps and Section 215. In the context of remarks by Sens. Feingold and Durbin, and the emphasis recently placed on concerns about Section 215 by Sen. Udall, the business records provision seems like a safe bet. By its explicit terms, that authority is already quite broad: What strained secret interpretation of it could be surprising to both legislators and the general public, but also meet with the approval of the FISC and the Office of Legal Counsel?

For one possible answer, look to the criminal context, where the Department of Justice has developed a novel legal theory, known as the “hybrid theory,” according to which law enforcement may do some types of geolocation tracking of suspects’ cellular phones without obtaining a full-blown probable cause warrant. The “hybrid theory” involves fusing two very different types of surveillance authority. “Pen registers” allow the monitoring, in real time, of the communications “metadata” from phones or other communications devices (phone numbers dialed, IP addresses connected to). For cellular phones, that “metadata” would often make it possible to pinpoint at least approximately—and, increasingly, with a good deal of precision, especially in urban areas—the location of the user. Federal law, however, prohibits carriers from disclosing location information “solely” pursuant to a pen register order. Another type of authority, known as a 2703(d) order, is a bit like Patriot’s business records authority (though only for telecommunications providers), and is used to compel the production of historical (as opposed to real-time/prospective) records, without any exclusion on location information. The Justice Department’s novel theory—which I discussed at a recent Cato event with Sen. Wyden on geolocation tracking—is that by bundling these two authorities in a new kind of combination order, they can do real-time geolocation tracking without the need to obtain a full Fourth Amendment warrant based on probable cause. Many courts have been skeptical of this theory and rejected it—but at least some have gone along with this clever bit of legal origami. Using the broad business records power of Patriot’s Section 215 in a similar way, to enable physical tracking of anyone with a cellphone, would seem to fit the bill, then: certainly surprising and counterintuitive, not what most people think of when we talk about “obtaining business records,” but nevertheless a maneuver with a legal track record of convincing some courts.

Now, consider that Sen. Wyden has also recently developed a concern with the practice of mobile location tracking, which has become so popular that the U.S. Marshall Service, now the federal government’s most prolific (known) user of pen register orders, of which it issued over 6,000 last year, employs the “hybrid theory” to obtain location information by default with each such order. Wyden has introduced legislation that would establish standards for mobile location tracking, which has two surprising and notable feature. First, while the location tracking known to the public all involves criminal investigations subject to the Electronic Communications Privacy Act (ECPA), that’s not where Wyden’s bill makes its primary modifications. Instead, the key amendments are made directly to the Foreign Intelligence Surveillance Act—which language is then incorporated by reference into ECPA. Second, even though one section establishes the “exclusive means” for geolocation tracking, the proposal goes out of its way to additionally modify the FISA pen register provision and the Section 215 business records provision to explicitly prohibit their use to obtain geolocation information—as though there is some special reason to worry about those provisions being used that way, requiring any possible ambiguity to be removed.

Sen. Udall, meanwhile, always uses the same two examples when he talks about his concerns regarding Section 215: he warns about “unfettered” government access to “business records ranging from a cell phone company’s phone records to an individual’s library history,” even when the records relate to people with no connection to terrorism.  The reference to libraries is no surprise, because the specter of Section 215 being used to probe people’s reading habits was raised so insistently by librarians that it became common to see it referenced as the “library provision.” The other example is awfully specific though: he singles out cell phone records, even though many types of sensitive phone records can already be obtained without judicial oversight using National Security Letters. But he doesn’t just say “phone records”—it’s cell phone records he’s especially concerned about. And where he talks about “an individual’s” library records, he doesn’t warn about access to “an individual’s” cell phone records, but rather the company’s records.  As in, the lot of them.

Tracking the location of suspected terrorists, and perhaps their known associates, might not seem so objectionable—though one could argue whether Section 215’s “relevance” standard was sufficient, or whether a full FISA electronic surveillance warrant (requiring a showing of probable cause) would be a more appropriate tool. But that kind of targeted tracking would not require broad access to records of people unconnected to terror suspects and their known associates, which is hinted at by both Sen. Udall’s remarks and the high rate of modifications imposed on Section 215 orders by the FISA court. Why might that be needed in the course of a geolocation tracking program?

For a possible answer, turn to the “LocInt” or “Location Intelligence” services marketed to U.S. law enforcement and national security clients by the firm TruePosition. Among the capabilities the company boasts for its software (drawn from both its site and a 2008 white paper the company sponsored) are:

● the ability to analyze location intelligence to detect suspicious behavioral patterns,
● the ability to mine historical mobile phone data to detect relationships between people, locations, and events,
● TruePosition LOCINT can mine location data to find out if the geoprofile of a prepaid phone matches the geoprofile of a potential threat and identify it as such, and
● leveraging location intelligence, officials can identify mobile phones of interest that frequently communicate with each other, or are within close proximity, making it easier to identify criminals and their associates. [Emphasis added.]

Certainly one can see how these functions might be useful: terrorists trained in counterintelligence tactics might seek to avoid surveillance, or identification of co-conspirators, by communicating only in person. Calling records would be useless for revealing physical meetings—but location records are another story. What these functions have in common, however, is that like any kind of data mining, they require access to a large pool of data, not just the records of a known suspect. You can find out who your suspect is phoning by looking at his phone records. But if you want to know who he’s in close physical proximity to—with unusual frequency, and most likely alone—you need to sift through everyone’s phone location records, or at any rate a whole lot of them.  The interesting thing is, it’s not obvious there’s any legal way to actually do all that: full-fledged electronic surveillance warrants would be a non-starter, since they require probable cause for each target. But clearly the company expects to be able to sell these capabilities to some government entity. The obvious candidate is the FBI, availing itself of the broad authority of Section 215—perhaps in combination with FISA pen registers when the tracking needs to happen in real time.

As a final note of interest, the Office of the Inspector Generals’ reports on National Security Letter contain numerous oblique references to “community of interest [REDACTED]” requests. Traditional “community of interest” analysis means looking at the pattern of communications of not just the primary suspect of an investigation, but their whole social circle—the people the suspect communicates with, and perhaps the people they in turn communicate with, and so on. Apparently the fact that the FBI does this sort of traditional CoI analysis is not considered secret, because that phrase remains unredacted. What, then, could that single omitted word be? One candidate that would fit in the available space is “location” or “geolocation”—meaning either location tracking of people called by the suspect or perhaps the use of location records to build a suspect’s “community of interest” by “identify[ing] mobile phones…within close proximity” to the suspects. The Inspector General reports cover the first few years following passage of the Patriot Act, before an opinion from the Office of Legal Counsel held that NSLs could not properly be used to obtain the full range of communications metadata the FBI had been getting under them. If NSLs had been used for location-tracking information prior to that 2008 opinion, it would likely have been necessary to rely on Section 215 past that point, which would fit the timeline.

Is all of that conclusive? Of course not; again, this is speculation. But a lot of data points fit, and it would be quite surprising if the geolocation capabilities increasingly being called upon for criminal investigations were not being used for intelligence purposes. If they are, Section 215 is the natural mechanism.

Even if I’m completely wrong, however, the larger point remains: while intelligence operations must remain secret, a free and democratic society is not supposed to be governed by secret laws—and substantive judicial interpretations are no less a part of “the law” than the text of statutes. Whatever power the government has arrogated to itself by an “innovative” interpretation of the Patriot Act, it should be up to a free citizenry to consider the case for it, determine whether it is so vital to security to justify the intrusion on privacy, and hold their representatives accountable accordingly. Instead, Congress has essential voted blind—reauthorizing powers that even legislators, let alone the public, do not truly understand. Whether it’s location tracking or something else, this is fundamentally incompatible with the preconditions of both democracy and a free society.

‘Wait and Hurry Up’ in Debate over Patriot Act

If Senate leaders believed that expiring portions of the Patriot Act constituted an immediate increase in the risk of terrorism, it’s amazing that they waited until now to even nod toward debating the law’s renewal. A few thoughts from Cato Research Fellow Julian Sanchez on the current Patriot Act debate ripped from today’s podcast:

… Democrats have had no interest in pointing out how closely President Obama has followed the playbook written by George (W.) Bush. And of course Republicans are the ones who helped write that playbook, so they don’t have much interest in revisiting it.

On Section 215 of the Patriot Act:

It seems extremely likely from what we know so far that this business records authority has been transformed into a large-scale people-tracking authority. … It strikes me as extraordinarily subject to abuse. It strikes me as a dangerous power to grant, even in this most vital task.

Listen to the whole thing. And subscribe (iTunes).

Pages