How Solid Is the NSA’s Legal Footing?

Specifically, Paul, a Kentucky Republican, has pledged to spearhead a class‐​action lawsuit against the NSA on behalf of the millions of Americans whose phone and Internet activity logs have been vacuumed up under sweeping Patriot Act orders for “business records.” Yet the NSA program’s defenders insist it’s entirely legal — that the Constitution doesn’t even protect these records, making any court challenge a nonstarter.

The terrifying thing is they may be right, which means we need to seriously rethink how the Fourth Amendment works in the 21st century.

This isn’t to say that the bulk surveillance on the scale we have been hearing about is currently lawful under federal statute. The Republican author of the Patriot Act, Representative Jim Sensenbrenner of Wisconsin, says these spying practices exceed the authority Congress intended to give intelligence agencies. It hadn’t imagined that a power to obtain records relevant to specific investigations would be used to demand daily copies of every American’s information, just in case it proves relevant in the future.

General Warrants

Moreover, an entirely different section of the law provides authority to monitor future calling activities, as these orders do. But that provision is more explicitly limited to monitoring a specific list of individual targets, phone lines or online accounts — which makes the use of business‐​records powers to obtain the data in bulk seem like an effort to dodge those limits.

But what about the Fourth Amendment’s guarantee of “the right of the people to be secure” against “unreasonable searches and seizures”? Aren’t universal orders for phone and Internet logs precisely the kind of “general warrant” that inspired so much fear and loathing in the Framers of the Constitution?

Unfortunately, as the NSA dragnet’s defenders are quick to point out, that’s not how the Supreme Court sees things. In its earliest Fourth Amendment decisions, the court held that business records were as protected as any other private papers. But as the modern regulatory state grew in the early 19th century, the court changed its tune — not because there was any principled reason to think the Fourth Amendment hadn’t been meant to protect business papers, but because such protection “would practically nullify” the growing body of new federal laws regulating businesses.

At first, this didn’t seem to pose much threat to personal privacy: These were corporate files, not personal diaries, after all. Then, in a 1976 case called United States v. Miller, the court extended that logic to individual financial records that had been entrusted to banks.

Three years later, in Smith v. Maryland, telephone records were found to be unprotected as well. When you used technology that left traces of your activity in the phone company’s files, the court reasoned, you “assumed the risk” that the company would reveal that information — even if they had explicitly promised not to — and waived your “reasonable expectation of privacy” under the Fourth Amendment.

Even from the outset, this so‐​called third‐​party doctrine has been “the Fourth Amendment rule scholars love to hate,” as law professor Orin Kerr puts it, “widely criticized as profoundly misguided.” Even beyond the many technical problems with Smith’s legal reasoning, it seemed to defy common sense that people didn’t regard information about their communications — with a suicide hot line, a phone‐​sex operator, a divorce lawyer, a substance‐​abuse counselor — as private.

Digital Trail

Fast forward to the 21st century, and almost everything we do leaves a digital trail in a corporate computer somewhere. When you buy a book, join a political e‑mail list or read a website, a third‐​party record is created. Even the contents of your private messages or files stored in the “cloud” aren’t really yours, according to this doctrine. Federal law allows them to be obtained without a search warrant in many circumstances. Those old phone logs, meanwhile, have become far more revealing with the advent of cellular technology, which can track your geographical movements in increasingly precise detail.

The result is that a vast array of private information that would previously have required a physical search — and therefore a search warrant — to obtain is now available under a far lower standard. And much of that data concerns domains of speech and intimate association traditionally held to be protected by the First Amendment as well.

Simply by using modern technology, Americans have — for the most part unwittingly —abandoned the Fourth Amendment’s protection for a vast and growing portion of their intimate activities. Unsurprisingly, government requests for digital records have exploded, though even outside the realm of national security there are few public reporting requirements for such demands, making the real scope of surveillance hard to gauge.

A few judges and legislators have belatedly begun pushing back on this untenable state of affairs — in particular the assumption that stored files and e‑mails can sometimes be obtained without a warrant.

Justice Sotomayor even hinted at the need for more fundamental change in a recent ruling, writing that “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.”

The disclosure of the government’s vacuum‐​cleaner approach to phone and Internet records shows just how right she is. The point of the Fourth Amendment, after all, was precisely to put an end to those hated general warrants, which empowered government agents to search any person’s home and private papers at their discretion.

As the NSA has made all too clear, unless we update our concept of the Fourth Amendment to fit the realities of the Internet Age, those general warrants will be back — on a far larger scale, and in secret.