June 16, 2013 9:47PM

A Reply to Epstein & Pilon on NSA’s Metadata Program

Last week, my colleague Roger Pilon and Prof. Richard Epstein co-wrote a Chicago Tribune op-ed defending the National Security Agency’s bulk metadata collection program. I had not, initially, intended to respond directly: Cato scholars often disagree among themselves—as Roger and I long have in this area—and normally it suffices for us each to state our own affirmative arguments and let readers decide for themselves which is most convincing. However, as I now see that some observers—and in particular, a significant number of libertarians—have mistakenly taken this to mean that “Cato” supports the NSA program, which continues to dominate the news, I feel it’s necessary to say something here about why I (and, as I believe, the majority of my colleagues) reject that view.

In an area where so much remains secret, it is impossible to have a sensible debate unless we are at least clear on the public facts.  So before I address their broader arguments, it is necessary to correct a few important factual errors in the Tribune piece. Pilon and Epstein write:

The names linked to the phone numbers are not available to the government before a court grants a warrant on proof of probable cause, just as the Fourth Amendment requires.

This is incorrect. Nothing in the law would require a warrant to get the name associated with a number, and the public statements of FBI Director Robert Mueller directly contradict this claim.

At the risk of stating the obvious: phone numbers can often be associated with names by a simple Google search, and the NSA and FBI have access to far larger databases that would likely make such an association trivial.

But even if that weren’t the case, 18 USC §2709 allows names, addresses, and other “basic subscriber information” associated with a number to be obtained via a National Security Letter based on a certification of “relevance” to an investigation, with no need for judicial approval. As Director Mueller explained at a recent hearing, this is precisely how such information would be obtained here, assuming it were not already available.

Indeed, once that warrant is granted to examine content, the content can be used only for national security issues, not even ordinary police work.

This is also incorrect. Under 50 USC §1801, the minimization procedures governing information acquired from electronic surveillance shall “allow for the retention and dissemination of information that is evidence of a crime which has been, is being, or is about to be committed and that is to be retained or disseminated for law enforcement purposes.” As the FISA House Report makes clear, this does not refer to terrorism or espionage related crimes, which can already be retained and disseminated as “foreign intelligence information,” but rather to information about crimes “totally unrelated to intelligence matters.”

As the Eighth Circuit explained in one case where information from FISA intercepts was used in criminal prosecution, U.S. v. Isa:

[FISA] specifically authorizes the retention of information that is “evidence of a crime,” and provides procedures for the retention and dissemination of such information. There is no requirement that the “crime” be related to foreign intelligence. Indeed, the legislative history of Section 1801(h)(3) suggests the contrary.

This may well be appropriate in certain circumstances, but the breadth of FISA surveillance and the sheer volume of crimes on the books make it a significant loophole. In any event, appropriate or not, Epstein and Pilon misstated the relevant law.

They next suggest that the metadata program was used to“discern the pattern that let it thwart the 2009 New York subway bombing plot by Colorado airport shuttle driver Najibullah Zazi.” While the full facts here remain unclear, this conflicts with what is publicly understood about that investigation. House Intelligence Committee Chairman Mike Rogers has claimed that the program “was used” in the Zazi case, but the public record indicates that Zazi was identified, not via some sophisticated pattern analysis, but from his correspondence with an Al Qaeda e-mail account that was being directly monitored after being located on another terrorists’ laptop.  

Conceivably this account is a cover story designed to protect a predictive data mining program, but any such assertion would be pure speculation at this stage. Whatever subsequent role the NSA metadata program may have played in keeping tabs on Zazi, it is unclear the same could not have been accomplished using traditional, particularized pen register and records orders. In any event, again, there is as yet no public evidence for Pilon and Epstein’s assertion.

Finally, they write:

The critics would be more credible if they could identify a pattern of government abuses. But after 12 years of continuous practice, they can't cite even a single case.

If Epstein and Pilon refer here specifically to this phone records program, the objection is merely rather strange: This is a program so highly classified that even passing allusions to it have been redacted from published Inspector General audits of §215.  What possible record exists to cite? The rampant abuses uncovered by the Church Committee, recall, had in many instances gone undisclosed to the public for decades. This is for the unsurprising reason that when government officials illegally misuse information obtained in secret surveillance programs, they tend not to send out press releases about it, but rather make covert and indirect use of the information—as via targeted leaks—and conceal their actions as far as possible, which the shroud of secrecy facilitates.

However, if they refer more generally to government acquisition of phone records under the Patriot Act, the claim is again simply incorrect. “Abuse” is, to some extent, subjective: I would regard the bulk acquisition of all Americans phone logs under an authority to obtain records “relevant to an investigation” as itself abusive. But surely, at minimum, we must count instances explicitly characterized as “abuses” by the Justice Department Inspector General, who in a series of reports on FBI practices found “widespread and serious” misuse of call records authorities. These included systematic disregard for the required procedures for demanding records, false statements in affidavits to both telecommunications companies and the FISA Court, improper acquisition of journalists’ phone records, use of national security authorities in cases unrelated to national security, and attempts by superiors to retroactively conceal these improprieties when they were discovered internally after several years. The IG also noted a pattern of failure to report potential violations to the proper oversight board.

I have, incidentally, referenced these reports on occasion here on the Cato blog. Pilon and Epstein are free to disagree with the IG about the seriousness of these infractions, but again, it is simply inaccurate to say that critics of these authorities have never been able to cite any.

That covers the major strictly factual problems. Now to the more interesting points of legal and policy disagreement. Pilon and Epstein write:

Legally, the president is on secure footing under the Patriot Act, which Congress passed shortly after 9/11and has since reauthorized by large bipartisan majorities.

“Secure footing” seems awfully ambitious: At the very most, one can argue that this program may fall within the bounds of an interpretation that strains §215 to its absolute limit. But many, including one of the authors of the Patriot Act, James Sensenbrenner, argue vehemently that it does not. As Sensenbrenner writes:

Congress intended to allow the intelligence communities to access targeted information for specific investigations. How can every call that every American makes or receives be relevant to a specific investigation?

The theory used to justify this, as summarized by FBI Director Mueller, is that the entire body of phone records is “relevant to an investigation” because it plausibly contains records that will be relevant to some investigation at some point in the future. Former Justice Department lawyer Mark Eckenwiler—who is, shall we say, not exactly an ACLU type—describes this interpretation as “highly questionable,” which I’d call an understatement. By contrast, the Heritage Foundation’s Paul Rosenzweig argues that the program is legal under §215, though he adds that “whatever its legality, the entire order is remarkably overbroad and quite likely unwise.” At the very least, however, I think we can say that this is not what the “large bipartisan majorities” who approved the provision believed they were authorizing.

On, then, to the constitutional question. Pilon and Epstein write:

The text of the Fourth Amendment grasps that essential trade-off [between security and liberty] by allowing searches, but not "unreasonable" ones

This is true as far as it goes, but it’s important here to understand how this phrase was understood at the time of the Founding. There is no free-floating “reasonableness” standard found in the common law of search and seizure in the Founding Era.  Rather, the phrase “unreasonable searches” enters the American lexicon through the provision of the Massachusetts Constitution that served as a template for the Fourth Amendment. 

That was penned by John Adams, who scholars believe was invoking the language of his great mentor James Otis, who had famously insisted that any statute authorizing general, non-particularized searches was “against common right and reason” and therefore “void.” In other words, “unreasonableness” was not meant to invite the kind of “balancing test” so beloved by the modern Supreme Court—though as technology presents novel problems, some amount of that is, perhaps, inevitable. Rather, “unreasonableness” was specifically associated with the absence of particularity—of the kind exhibited by, for instance, an authority to indiscriminately collect all Americans’ phone records.

Of course, as Pilon and Epstein note, the courts do not simply engage in a kind of utilitarian balancing calculus every time the Fourth Amendment must be applied, but have crafted rules defining a “search” and laying out the circumstances in which it is justified:

In 1979, in Smith v. Maryland, the U.S. Supreme Court addressed that balance when it held that using a pen register to track telephone numbers did not count as an invasion of privacy, even in ordinary criminal cases. That's just what the government is doing here on a grand scale.

Two points here. First, while Smith v. Maryland and the “third party doctrine” it spawned remain operative, that decision has long been widely condemned as mistaken and incoherent by legal scholars, and it is especially strange to see it favorably invoked by two libertarians. As I outline in a recent Bloomberg piece, and as Prof. Christopher Slobogin details at greater length in his excellent paper “Subpoenas and Privacy,” the early roots of that decision lie in a series of early 20th century cases that represent precisely the type of results-oriented jurisprudence Pilon normally decries: In a reversal of earlier precedents, the Court ruled that the government could compel the production of business records without meeting Fourth Amendment standards, not because the Framers had expected businesses to be denied protection—they rather clearly had—but because to hold otherwise would “practically nullify” the plethora of new federal business regulations Congress was passing.

Smith extended that logic to corporate records of personal information—conflating, incidentally, two lines of not-obviously-applicable cases involving undercover informants and tax records being prepared specifically for submission to the government—on the theory that persons waived their “reasonable expectation of privacy” by disclosing that information to a business, regardless of any contractual guarantees of confidentiality. The Court, in effect, obliterated the distinction between voluntary sharing of information with a particular private entity—for limited and contractually defined purposes—and the compulsory production of that information by government for its own purposes. This is not a line of reasoning one normally expects to see endorsed by libertarians.

The second point to make here is that, even if we wish to accept the shoddy reasoning of Smith, it makes a difference when the acquisition is on a “grand scale.” In a 1983 ruling that found no Fourth Amendment violation in the short-term tracking of a single automobile, Justice Rehnquist acknowledged in passing that “dragnet-type law enforcement practices” involving mass tracking might require the Court “to determine whether different constitutional principles may be applicable.”

In the far more recent case of United States v. Jones, the court unanimously rejected long term tracking of a vehicle using a GPS device, though on a variety of grounds. Justice Alito’s concurrence—whose reasoning was explicitly endorsed by five justices—observed that while short term observation of a vehicle’s public travel violated no expectation of privacy, “society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.” Alito suggests that the Court’s guiding principle should be the “preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted”—noting that while short term visual tailing and surveillance was surely possible at the time of the Founding, 24-hour monitoring for weeks at a time would not have been. It should go without saying that what would have been impossible at an individual level was simply inconceivable at the level of society as a whole.

This more structural approach, which focuses on preserving an overall balance between state control and citizen autonomy, seems to me more appropriate for evaluating mass surveillance programs such as the NSA’s. As I argue in another recent article, while there are good reasons to question whether the intrusion involved in obtaining communications logs is really as “trivial” as Epstein and Pilon suggest, the crucial question is not really whether the short term-benefit of a particular government search outweighs its immediate harm or inconvenience—though I note that the marginal benefit of the NSA program over narrower methods remains as yet asserted rather than demonstrated. By that standard, surely many warrantless searches would pass muster, and the Supreme Court’s 7-2 ruling, in Bond v. United States, that the Fourth Amendment prohibits even the squeezing of luggage would be entirely baffling.

Rather, the appropriate question is whether the creation of a system of surveillance perilously alters that balance too far in the direction of government control, whether or not we have problems with the current use of that system. We might imagine a system of compulsory cameras installed in homes, activated only by warrant, being used with scrupulous respect for the law over many years. The problem is that such an architecture of surveillance, once established, would be difficult to dismantle, and prove too potent a tool of control if it ever fell into the hands of people who—whether through panic, malice, or a misguided confidence in their own ability to secretly judge the public good—would seek to use it against us.  

While I hold much of Epstein’s and Pilon’s work in high regard, I believe both their research and their reasoning in this case to be faulty, and hope they will reconsider their position on this important issue. If they remain unpersuaded, then I at least hope that readers who look to Cato for guidance on these questions will recognize that theirs is not the position held by all—or, indeed, most—Cato scholars.