I will confess, when I contemplated the most paranoid scenarios for how the govenrment might use the Patriot Act’s §215 “business record” authority that still seemed realistic, I did not imagine they would use it to routinely collect all Americans’ phone (and perhaps Internet) records for years at a time. I thought perhaps in a panic they might do something similar for an entire city over the course of a month. Clearly, I was thinking too small. Still, I have just been reminded that when I testified about the reauthorization of this Patriot Act provision back in 2011 before the House Judiciary Committee, I did very specifically plead with members of Congress with access to the details to look into what we now know to be this bulk metadata program:

While both [National Security Letter & §215] powers have been expanded along multiple dimensions since 9/11, the main cause for concern in both cases has been the removal of the requirement that there be some evidence—not “probable cause,” but some evidence—linking the people whose records are sought to terrorism or espionage. Now records need only be “relevant” to an investigation, and in the case of §215 orders the court is required to deem records “relevant” if they pertain to someone connected, however tenuously, to a suspect under investigation. As the Justice Department readily acknowledges, these tools are used in the early phases of an investigation to broadly sweep in large amounts of data, mostly about innocent people, which is then stored indefinitely in classified government databases.


Here, again, we should bear in mind that while the easiest and most obvious response to any intelligence failure is always to grant more power to collect more information, the evidence is very thin that the problem before 9/11 was a lack of raw data. On the contrary, reflexively expanding collection authorities can exacerbate what has been colorfully characterized as the problem of “drinking from a firehose.” This can even lead to a vicious cycle, where it comes to seem that more and more data is needed to close down all the dead end leads generated by indiscriminate data collection. […]


Of special concern here is a “sensitive collection program” involving §215 alluded to by Acting Assistant Attorney General Hinnen last year in his testimony on these authorities. Though the Senate had previously unanimously approved an amendment limiting §215 authority to records pertaining to the activities of terror suspects or their associates, a similar reform appears to have been abandoned last year following claims by the Justice Department that such a change would hamper that secret program. Soon afterward, Sen. Russ Feingold purported to have knowledge of clear misuse of §215 unknown to the general public.


If nothing else, I would urge those with access to the relevant details to take a long, hard look at that. But I would also suggest that we should be highly skeptical of any intelligence program that cannot function within even those very modest limitations. The United States was able to observe the time‐​tested principle of individualized suspicion in a decades‐​long conflict with a hostile empire armed with nuclear weapons. We should not assume it is an insuperable handicap against scattered bands of religious fanatics.

I guess they either didn’t, or didn’t think it was a problem.