Skip to main content
Menu

Main navigation

  • About
    • Annual Reports
    • Leadership
    • Jobs
    • Student Programs
    • Media Information
    • Store
    • Contact
    LOADING...
  • Experts
    • Policy Scholars
    • Adjunct Scholars
    • Fellows
  • Events
    • Upcoming
    • Past
    • Event FAQs
    • Sphere Summit
    LOADING...
  • Publications
    • Studies
    • Commentary
    • Books
    • Reviews and Journals
    • Public Filings
    LOADING...
  • Blog
  • Donate
    • Sponsorship Benefits
    • Ways to Give
    • Planned Giving

Issues

  • Constitution and Law
    • Constitutional Law
    • Criminal Justice
    • Free Speech and Civil Liberties
  • Economics
    • Banking and Finance
    • Monetary Policy
    • Regulation
    • Tax and Budget Policy
  • Politics and Society
    • Education
    • Government and Politics
    • Health Care
    • Poverty and Social Welfare
    • Technology and Privacy
  • International
    • Defense and Foreign Policy
    • Global Freedom
    • Immigration
    • Trade Policy
Live Now

Blog


  • Blog Home
  • RSS

Email Signup

Sign up to have blog posts delivered straight to your inbox!

Topics
  • Banking and Finance
  • Constitutional Law
  • Criminal Justice
  • Defense and Foreign Policy
  • Education
  • Free Speech and Civil Liberties
  • Global Freedom
  • Government and Politics
  • Health Care
  • Immigration
  • Monetary Policy
  • Poverty and Social Welfare
  • Regulation
  • Tax and Budget Policy
  • Technology and Privacy
  • Trade Policy
Archives
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • June 2006
  • May 2006
  • April 2006
  • Show More
July 24, 2013 3:14PM

The Talking Points for NSA’s Dragnet Don’t Hold Up

By Julian Sanchez

SHARE

A bipartisan group of legislators in the House—spearheaded by Rep. Justin Amash (R-Mich) and John Conyers (D-Mich)—is bucking both the Obama administration and Republican party leadership to push an appropriations measure defunding the National Security Agency's dragnet phone records programs. The measure would forbid the government from using any resources to execute a Patriot Act §215 "business records" order unless it is limited to the specific targets of specific investigations—effectively barring use of that authority to vacuum up the phone records of millions of innocent Americans. Predictably, the intelligence community and its proxies in Congress are pushing back ferociously, circulating an "Open Letter of Support" for the dragnet program from former intelligence officials. It's worth surveying their main talking points to see just why they aren't persuasive. Note that they begin, as many defenders of the phone dragnet do, by lumping it together with the very different PRISM program, which involves monitoring of international e-mail and Internet traffic:

We are convinced that both programs are vitally important to our national security. The Director of the NSA, Gen. Keith Alexander, has publicly attested that these programs have been instrumental in helping to prevent attacks on the United States and its allies, including the plot to bomb the New York City subway.

The bundling here is important. Alexander did, at a June 18 hearing, assert that PRISM had been "critical" in disrupting a number of "terror events," mostly overseas.  But when pressed specifically by Rep. Jim Himes (D-Conn.) on whether the §215 call records program had been "essential" in any cases, Alexander conspicuously dodged the question. He would not identify even a single case in which the bulk phone records collection had been "essential," or even claim that there was such a case that he couldn't discuss specifically. 

As for the plot to bomb New York's subway system, the Atlantic convincingly marshalls evidence from the public record showing that the key initial leads in that case did not come from either PRISM or the §215 program. And with those leads, traditional intelligence authorities would have allowed the investigation to proceed more or less as it did. In particular, there is no indication whatever that the use of phone records to identify associates of plotter Najibullah Zazi required a massive database of all Americans' calls: Ordinary police, after all, do similar detective work all the time, but with targeted orders based on particularized suspicion.

The crucial general point to understand about these claims for the efficacy of these programs is that if you have unlimited authority, then that will be what you end up using even if more limited authority would have sufficed. If we had never passed the Fourth Amendment, and the government could get "general warrants," allowing police to search any home at will, they would never bother getting specific warrants based on probable cause. Then, every time police solved a crime through a search, they could accurately say "You see, we used a general warrant!"  But that would be no argument for general warrants. The question to ask is: "Why couldn't you have done it with a specific warrant instead?"  We haven't heard, at least publicly, any very good answers to that question when it comes to the NSA call dragnet.

Both programs are based on statutes thoroughly debated, enacted by overwhelming majorities, and reauthorized repeatedly by Congress since the attacks of 9/11, and each is supported by court orders periodically approved by the federal judges who sit on the Foreign Intelligence Surveillance Act court.

The claim that these statutes have been "thoroughly debated" is absurd. They have repeatedly been subject to rushed debate in which it was clear that most members of Congress had no idea how the law had been interpreted to grant spying power of extraordinary breadth. Consider a slightly orthogonal example, which I explain in more detail in my paper on the Patriot Act. In 2006, Congress amended §215 to add protections for certain types of sensitive records, such as medical and educational records. What nobody appears to have understood is that the Department of Justice had interpreted existing statutes governing those records to trump §215, which lacks a "notwithstanding any other law" clause. Only after that amendment did DOJ conclude that §215 could be used for such records, since they were now explicitly referenced. Now, one may reasonably think that's an acceptable outcome, but what's important is that nobody who voted on that amendment understood what its effect would be. Majority approval cannot legitimize laws when the people voting don't understand what the laws do.

The telephone metadata program is supported by a business records order under section 215 of the PATRIOT Act. The database includes only the X's and O's of phone calls, not the substance of anyone's communications. These are purely transactional business records that phone companies use for billing purposes, and telephone subscribers do not have a reasonable expectation that this transactional metadata will remain private.

This argument becomes no more convincing through repetition. Metadata is, in fact, incredibly sensitive information—even more so on the Internet, but for phone calls too. The assertion that people "do not have a reasonable expectation of privacy" in business records is a fiction endorsed in a 1979 Supreme Court ruling that has been all but uniformly denounced by Fourth Amendment scholars. As one of its very few academic defenders, Orin Kerr, has put it: "The third-party doctrine is the Fourth Amendment rule scholars love to hate. It is the Lochner of search and seizure law, widely criticized as profoundly misguided." Of course people expect their phone records to be private. Are we to believe people call suicide hotlines, divorce lawyers, and substance abuse counselors expecting that such information would become public? Of course not. It doesn't pass the straight face test. 

Indeed, when they are not trying to to excuse warrantless invasions, other government agencies recognize the obvious truth that ordinary people regard this information as sensitive and private, and require companies to take steps to safeguard that information. As a recent statement from the Federal Communications Commission put it, explaining a ruling to that effect:

When mobile carriers use their control of customers’ devices to collect information about customers’ use of the network, including using preinstalled apps ... carriers are required to protect that information. This sensitive information can include phone numbers that a customer has called and received calls from, the durations of calls, and the phone’s location at the beginning and end of each call.

The "third party doctrine" as applied to telecommunications records was wrong when first established, and is positively dangerous in a world of powerful Big Data analytic tools and Internet technology that puts the most intimate facets of our lives in trusted "third party" hands.  Back to the talking points:

The court order circumscribes how and when the database is used. It does not permit random searching through the data to find suspicious patterns. The data can only be accessed when the government has a particular phone number that it reasonably suspects is used by a foreign terrorist organization. Testing the suspicious number against this database is one of the best tools we have to discover new phone numbers that are being used by terrorist agents.

We do not really know how far this is true, since the public has still not seen the "primary" orders used, and I will register a measure of skepticism that the government decided to strain the law and build this massive database to do a handful of targeted queries. But even if they did, once the massive database of records is established, the rules governing its use can be changed at any time by a judge on the secret FISA court. And even under the current rules, the determination of when "reasonable suspicion" exists to query that database is left to executive branch employees, not neutral magistrates. The §215 provision was written to specifically require the Court to make a finding that the records sought were relevant. Instead, they've allowed the NSA to obtain everyone's records, the vast majority of which are obviously not relevant to any particular investigation, and then delegated to NSA staff the determination of which records are relevant. Moreover, we now know that NSA performs "contact chaining,"  meaning they analyze records up to three "hops" away from a "suspicious" phone number. Thus, information about the private calls of thousands of innocent Americans are drawn into each query. That the numbers pulled up aren't directly associated with names is cold comfort when a Google search—to say nothing of the NSA's vast databases—will often provide that information.

The principal question raised about this program is, “How can such a large collection of data be "relevant" to an authorized counterterrorism investigation, as required by section 215?” In reality, this use of the “relevance” standard is not extraordinary or unprecedented. The same standard supports similar acquisitions of large data collections by other government agencies in regulatory investigations conducted using administrative subpoena authorities―which, unlike section 215, do not typically require court approval.

This claim is truly shameless coming from people with legal training. Mark Eckenwiler—the former DOJ attorney who has been one of the most steadfast defenders of Patriot Act surveillance powers—correctly told the Wall Street Journal that if a prosecutor "served a grand-jury subpoena for such a broad class of records in a criminal investigation, he or she would be laughed out of court." Legislators have repeatedly challenged intelligence officials to cite any specific examples of comparably broad subpoenas, and they have come up blank—because there simply aren't any.  It is true that regulatory agencies sometimes obtain "large data collections" of corporate records under administrative subpoenas when they are investigating the conduct of that corporation to ensure compliance with the law—not to sift through the private activity of ordinary citizens. The situations are comparable only if, absurdly, you count gigabytes but ignore the nature of the data and the purpose of its acquisition.

The talking points close with a predictable assertion that closing down vaccum-cleaner collection of phone data will "leave the Nation at risk." But it is just that: a bald assertion with no basis in any public evidence, predicated on the arrogant assumption that merely uttering the word "risk" will leave us too timid and frightened to ask questions. Every major carrier keeps these records for well over a year, and in many cases much longer. Has there been any case where records that would not have been available from the carrier proved essential to preventing an attack? You would imagine someone would have said so if there were.

It is no surprise that the officials signing this letter believe that the programs they supervised are prudent and crucial. No doubt most employees of every government agency—from EPA to FCC—would say exactly the same thing. In those cases, we understand that the officials in question are well-meaning, but hardly impartial, and we don't take their conclusions about the value of their agency's activity as gospel. We shouldn't do so here either.

Some other critics of the Conyers/Amash amendment do raise somewhat more reasonable points: It is a relatively blunt instrument, and going forward it might be desirable to tweak the rules so that this type of bulk collection remains forbidden, while other potentially legitimate uses of §215 to obtain records that may not directly "pertain to the subject of an investigation" are permitted. That's a conversation that should begin only after it's clear that the indiscriminate mass collection of data about all Americans is off the table.

Related Tags
Defense and Foreign Policy, Government and Politics, Constitutional Law, Technology and Privacy, Robert A. Levy Center for Constitutional Studies

Stay Connected to Cato

Sign up for the newsletter to receive periodic updates on Cato research, events, and publications.

View All Newsletters

1000 Massachusetts Ave, NW,
Washington, DC 20001-5403
(202) 842-0200
Contact Us
Privacy

Footer 1

  • About
    • Annual Reports
    • Leadership
    • Jobs
    • Student Programs
    • Media Information
    • Store
    • Contact

Footer 2

  • Experts
    • Policy Scholars
    • Adjunct Scholars
    • Fellows
  • Events
    • Upcoming
    • Past
    • Event FAQs
    • Sphere Summit

Footer 3

  • Publications
    • Books
    • Cato Journal
    • Regulation
    • Cato Policy Report
    • Cato Supreme Court Review
    • Cato’s Letter
    • Human Freedom Index
    • Economic Freedom of the World
    • Cato Handbook for Policymakers

Footer 4

  • Blog
  • Donate
    • Sponsorship Benefits
    • Ways to Give
    • Planned Giving
Also from Cato Institute:
Libertarianism.org
|
Humanprogress.org
|
Downsizinggovernment.org