Why The NSA Collecting Your Phone Records Is A Problem

Privacy advocates and surveillance experts have suspected for years that the government was using an expansive interpretation of the Patriot Act's §215 "business record" authority to collect bulk communications records indiscriminately. We now have confirmation in the form of a secret order from the secret Foreign Intelligence Surveillance Court to Verizon — and legislators are saying that such orders have been routinely served on phone carriers for at least seven years. (It seems likely that similar requests are being served on Internet providers — increasingly the same companies that provide us with wireless phone services).

Some stress that what is being collected is "just metadata"—a phrase I'm confident you'll never see a computer scientist or data analyst use. Metadata—the transactional records of information about phone and Internet communications, as opposed to their content—can be incredibly revealing, as the recent story about the acquisition of Associated Press phone logs underscores. Those records, as AP head Gary Pruitt complained, provide a comprehensive map of reporters' activities, telling those who know how to look what stories journalists are working on and who their confidential sources are. Metadata can reveal what Websites you read, who you communicate with, which political or religious groups you're affiliated with, even your physical location.

In a way, the ground was prepared for this indiscriminate collection of Americans' data way back in the 1970s, when the Supreme Court held, implausibly, that we surrender our expectation of privacy—and with it, the protection of the Fourth Amendment—just by using modern technology that leaves traces of our activity on someone else's computers. But Americans were also sold a false bill of goods when Congress passed and reauthorized the Patriot Act powers used here—which we were repeatedly assured were only intended to be used to track "bad guys." What we weren't told was that, if the government thinks datamining ALL our records might help identify "bad guys," then that information too is "relevant" to an investigation.

This collection is probably well enough intentioned. The problem is that these records are likely to be retained in databases indefinitely. Which means we don't just need to worry about whether the government's motives are pure when they collect the information. Even if they are, someone with access to that data, maybe in five or ten years, may be unable to resist the temptation to use that information for other purposes. That could mean investigating ordinary crimes: If you can data mine for suspicious terrorist activity patterns—which as Jim Harper and Jeff Jonas have pointed out is likely to be extremely difficult—you can plug in "suspicious patterns" that may identify drug dealers and tax cheats as well. Still more disturbing is the possibility that, the intelligence community has repeatedly done historically, those records could be exploited for illegitimate political purposes, or even simple greed. (Imagine probing communications for signs of an impending corporate merger, product launch, or lawsuit.)

We are, predictably, being told that this program is essential to protecting us from terrorist attacks. But the track record of such claims is unimpressive: They were made about fusion centers, and the original NSA warrantless wiretap program, and in each case collapsed under scrutiny. No doubt some of these phone records have proven useful in some investigation, but it doesn't follow that the indiscriminate collection of such records is necessary for investigations, any more than general warrants to search homes are necessary just because sometimes searches of homes are useful to police.

In the short term, we should hope for an Inspector General audit of this program, both to look for abuses—as a similar audit of National Security Letters uncovered "widespread and serious" misuse of authority—and to skeptically interrogate the claim that such sweeping collection is somehow indispensable to national security. In the longer term, we need to follow the suggestion of Justice Sotomayor in United States v. Jones and think hard about the "third party doctrine," which leaves all this increasingly voluminous and revealing metadata stripped of constitutional protection.