The NSA’s Surveillance of Metadata

By Adina Schwartz

I. A DESCRIPTION OF THE SURVEILLANCE

One of the major documents leaked by Edward J. Snowden and disclosed by Glenn Greenwald in The Guardian on June 5, 2013 was an order by the FISA Court (“FISC”) on April 25 of this year directing Verizon Business Network Services, Inc. to provide records of its “telephony metadata” for all calls between the United States and foreign countries and wholly within the United States, including local calls, to the NSA on an ongoing daily basis through July 13.  The Order specified that the metadata were to include, but not be limited to, incoming and receiving telephone numbers, times and durations of calls, International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) of telephones, calling card numbers, “comprehensive communications routing information” and “trunk identifiers” of calls.  By tracking the location of a call within a cellphone circuit, trunk identifiers enable a caller’s location to be traced within a square kilometer.  See Jeremy Byellin, “Can the Government Really Collect Phone Records from All of Verizon’s Customers?, June 6, 2013; Patrick Di Justo, “What the NSA Wants to Know About Your Phone Calls,” The New Yorker, June 7, 2013.

After the Verizon Order was published, The Wall Street Journal reported that in response to FISC Orders that had been renewed every three months beginning in 2006, AT&T and Sprint Nextel, as well as Verizon Business Services, had been providing the NSA with telephony metadata. The NSA had been assembling the companies’ data into huge databases with the intent of using data mining to uncover “the needle in a haystack,” i.e., previously unsuspected terrorist plots or suspicious connections among people.  Since the orders had been labeled “TOP SECRET NO FORN,” and “no forn” prohibits disclosure to foreign owners, due to their foreign ownership, neither T-Mobile nor Verizon Wireless had been ordered to provide metadata on their customers’ calls.  However, since the FISC Orders to the other telecommunications companies encompassed all calls between their customers and customers of T-Mobile and Verizon Wireless as well as all calls by T-Mobile and Verizon Wireless customers that used the other networks’ equipment at some point, it was estimated that since 2006, the NSA had been collecting metadata on 99% of calls within the United States and calls between the United States and other countries.  Danny Yadron & Evan Perez, “T-Mobile, Verizon Wireless Shielded from NSA Sweep,” Wall Street Journal, June 14, 2013.

After the massive metadata collection was revealed to the public, President Obama attempted to defuse concerns by stating that “Nobody is listening to your telephone calls;” the only thing being collected was metadata.  However, telephony metadata can reveal even more about people’s lives than the contents of telephone conversations, especially when huge datasets are assembled and searched for patterns among the telephone numbers on both ends of calls and the locations, durations, times and equipment used for the calls.  See John Naughton, “NSA Surveillance: Don’t underestimate the extraordinary power of metadata”, The Guardian, June 21, 2013; see also Di Justo, supra.

According to a New York Times editorial, “Tracking whom Americans are calling, for how long they speak, and from where, can reveal deeply personal information about an individual. Using such data, the government can discover intimate details about a person’s lifestyle and beliefs — political leanings and associations, medical issues, sexual orientation, habits of religious worship, and even marital infidelities. Daniel Solove, a professor at George Washington University Law School and a privacy expert, likens this program to a Seurat painting. A single dot may seem like no big deal, but many together create a nuanced portrait.”  “Surveillance: A Threat to Democracy,” June 11, 2013.

In a further attempt to defuse criticism, the Director of National Intelligence (“DNI”), James Clapper, differentiated between the dragnet collection of data and the narrower criteria for searches, explaining that the FISC Orders allowed metadata to “be queried [only] when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization.”  Siobhan Gorman, Evan Perez & Janet Hook, “U.S. Collects Vast Data Trove,” The Wall Street Journal, June 7, 2013.  By highlighting the ambiguity of the reasonable suspicion standard for queries, privacy expert Susan Landau pointed to important questions about when the FISC Orders allowed metadata to be searched.  Wells Bennet, “Susan Landau on Metadata,” Lawfare June 18, 2013.

In 2012, Attorney General Eric Holder signed guidelines extending to five years the period for which the National Counter Terrorism Center, which serves as a terrorist threat clearing house, can store private information about Americans when there is no suspicion of ties to terrorism.  Previously, the maximum storage period had been 180 days.  Charlie Savage, “U.S. Relaxes Limits on Use of Data in Terror Analysis,” NY Times, March 22, 2012.  If the five year retention period applies to the telephony metadata amassed by the NSA, there is no guarantee that the FISC’s current restrictions on searches will remain; less stringent requirements for the level of suspicion required for searches and/or more expansive definitions of the purposes for which the data may be searched may come into play during the period for which the data is stored.

Ironically, Stewart Baker’s endorsement seems to highlight the problems with DNI James Clapper’s position that the restricted criteria for searches cure any problems with the indiscriminate collection of metadata.  According to Baker, “there’s less difference between this ‘collection first’ program and the usual law enforcement data search than first meets the eye.  In the standard law enforcement search, the government establishes the relevance of its inquiry and is then allowed to collect the data.  In the new collection-first model, the government collects the data and then must establish the relevance of each inquiry before it’s allowed to conduct a search.  If you trust the government to follow the rules, both models end up in much the same place.”  “Minimization and the Collection First Surveillance Model,” Volokh Conspiracy, June 7, 2013. By contrast, recalling his involvement in the New York Times’ publication of the Pentagon Papers during the Vietnam War, Max Frankel warned against trusting the government when assessing the NSA’s surreptitious and indiscriminate collection of metadata.  According to Frankel, “Information that is gathered and managed in secret is a potent weapon — and the temptation to use it in political combat or the pursuit of crimes far removed from terrorism can be irresistible.”  “Where Did Our Inalienable Rights Go?,” June 23, 2013.

An editorial in the major international science journal, Nature, recalled the Total Information Awareness (“TIA”) program, “a research effort launched by the US Defense Advanced Research Projects in 2002 to develop data mining and other technologies to link and search disparate databases, for example to try to identify suspicious patterns to detect and track terrorists. ” “Track the Trackers: Oversight and public debate about access to personal data are crucial to preserving privacy,” Nature, 498 : 137-38 (June 13, 2013). According to the editorial, the revelations about the NSA’s metadata program showed that it “was probably a pyrrhic victory” for Congress to have responded to the public outcry about violations of privacy by defunding the TIA in 2003. Insisting that the notion that “people who have nothing to hide have nothing to fear … has long been debunked by academics,” the editorial urged government officials in the United States and elsewhere carefully to consider the 2008 report on the TIA by the National Research Council (“NRC”), which is the operating agency of the National Academy of Sciences, an independent body of distinguished scientists established by Congress in 1863 for the purpose of advising federal government agencies on scientific and technical questions.  Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment.  In particular, the Nature editorial claimed that the revelations about the NSA’s collection and data mining of telephony metadata highlighted the wisdom of the NRC Report’s calls for “’robust, independent oversight of government data mining and surveillance to ‘mine the miners and track the trackers.’” In addition, the editorial endorsed the Report’s questioning of “the feasibility and reliability of data mining to look for terrorists in massive data sets, and [its] concerns about the risk of law-abiding individuals and companies being falsely targeted.”

II. LEGAL ISSUES

Is There Statutory Authority for the NSA’s Indiscriminate Collection of Metadata?

The FISC Orders rely on Section 215 of the Patriot Act, 50 U.S.C. Sec. 1861, as the legal authority for ordering telecommunications providers to produce metadata to the NSA.  Under Section 215, a FISC judge may order the production of records only if he or she finds, on the basis of a “statement of facts” submitted by the government, that the records sought are “relevant to an authorized investigation … to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.”  Very arguably, the FISC has violated this relevance requirement since 2006 by ordering telecommunications providers to provide the NSA with metadata about all calls on their networks, regardless of whether there is reason to believe that any particular call or caller is connected with terrorism.

In an article in The Washington Post on June 15, 2013, Barton Gellman reported that on May 24, 2006, the FISC had departed from its previous interpretation and ruled that for purposes of determining whether a government request satisfied the relevance requirement of Section 215, “the entirety of a telephone company’s call database” would count as “the records sought.”  “U.S. surveillance architecture includes collection of revealing Internet, phone metadata”. Although the FISC decision has not been published, the logical consequence of assessing relevance on a database-wide level would seem to be that the government would not be barred from obtaining any information about anyone, so long as the information was included in a database and there was some reason to believe that some item or other about someone or other in the database might have some connection or other to an investigation of terrorism or to obtaining foreign intelligence.

An article in The Wall Street Journal states that “[i]n criminal cases, courts previously have found that very large sets of information didn’t meet the relevance standard because significant portions – innocent people’s information – wouldn’t be pertinent.”  Jennifer Valentino-DeVries & Siobhan Gorman, “Secret Court’s Redefinition of ‘Relevant’ Empowered Vast NSA Data-Gathering,” Wall Street Journal (Online) July 8, 2013.  A contrary database-wide interpretation would make the relevance requirement of Section 215 toothless and therefore would, seem to be an erroneous interpretation of the statute.  An additional strong argument against a database-wide interpretation of the relevance requirement is that the requirement was enacted for the purpose of tightening Section 215’s requirements for obtaining telephone records.  The Wall Street Journal reports that, “In 2005 and 2006, some lawmakers tried to tighten the Patriot Act when it came up for reauthorization.  At that time, the part of the law being used to get phone records required investigators simply to state that records were sought for an authorized investigation into terrorism or foreign intelligence – a lower standard than ‘relevant.’  Congress added the word ‘relevant’ to the law.”  Valentino-DeVries & Gorman, supra.

One of the authors of the Patriot Act, Congressman Jim Sensenbrenner, recently wrote, “How can every call that every American makes or receives be relevant to a specific investigation?  This is well beyond what the Patriot Act allows.”  “This Abuse of the Patriot Act Must End,” The Guardian, June 9, 2013. According to The Wall Street Journal, the Congressman stated that, “The government must request specific records relevant to its investigation.  … To argue otherwise renders the provision meaningless. … It’s like scooping up the entire ocean to guarantee you catch a fish.”  Valentino-DeVries & Gorman, supra.See also Elizabeth Goitein, “Who Says the NSA’s Metadata Collection Is Legal?” Brennan Center for Justice, June 18,2013; Orin Kerr, “Is Verizon Turning Over Records of Every Domestic Call to the NSAS?,” The Volokh Conspiracy, June 5, 2013. But see Valentino-DeVries & Gorman, supra (reporting that former Senator Russ Feingold warned on the Senate floor in February 2006 that “[r]elevance is a very broad standard that could arguably justify the collection of all kinds of information about law-abiding Americans,” and unsuccessfully argued for adding a stricter standard to Section 215).

Even If Section 215 Is Properly Interpreted to Authorize the FISC Orders, Does the NSA’s Surveillance of Metadata Violate the Constitution?

Does the Surveillance Amount to a Fourth Amendment Search?

The most fundamental question, in regard to the Fourth Amendment protections against unreasonable searches and seizures, is whether the United States Supreme Court’s decision in 1979 in Smith v. Maryland, 442 U.S. 735, establishes that because the NSA’s surveillance of 99% of telephone calls in the United States extends only to metadata, and not to the contents of conversations, Fourth Amendment protections do not apply.  In Smith, the Supreme Court held that a Fourth Amendment search had not occurred when the government ordered a telephone company to install a pen register to collect the numbers Smith dialed from his home telephone.  According to Stephen Schulhofer, Smith v. Maryland implies that “as of now, there’s absolutely no doubt that [the NSA’s surveillance of metadata is] constitutional.”  Jess Bravin, “Rules on Privacy Could Be Revisited,” Wall Street Journal, June 7, 2013. Similarly, Roger Pilon and Richard Epstein discount the possibility of any Fourth Amendment objection, claiming that the NSA’s metadata program is simply Smith v. Maryland “on a grand scale.” “NSA Surveillance in Perspective,” Chicago Tribune, June 12, 2013.  See also Orin Kerr, “Why Does a Terry Standard Apply to Querying the NSA Call Records Data Base?” Volokh Conspiracy, June 7, 2013; Valentino-DeVries & Gorman, supra.

The grander scale, however, involves dragnet data collection on all domestic calls within the United States and between the United States and foreign countries, rather than, as in Smith, the collection of the numbers dialed on a single telephone by a single suspect in a particular crime.  In further contrast to Smith, the metadata collected by the NSA extend not only to the telephone numbers on both ends of calls, but also to the durations and times of calls, the equipment and calling cards used, and cell phone callers’ physical locations throughout the duration of their calls.  Whereas the surveillance in Smith could uncover only the details of his personal life and associations that were implicit in the numbers dialed from his home phone, by using data mining to “connect the dots” among the much more extensive metadata amassed about virtually all United States phone calls, the NSA can uncover much more intimate details about far more people’s lives.

Very arguably, these differences in intrusiveness imply that the NSA’s metadata surveillance rises to the level of a Fourth Amendment search, even if Smith v. Maryland correctly held that the protections of the Fourth Amendment were not triggered by the much more limited surveillance there.  See Julian Sanchez, “A Reply to Epstein & Pilon on NSA’s Metadata Program,” Cato Institute, June 16, 2013.  The view that the intrusiveness of technology is relevant to determining whether the Fourth Amendment applies is implicit in the leading United States Supreme Court case, Katz v. United States, 389 U.S. 347 (1967), on the standard for determining whether a government intrusion counts as a Fourth Amendment search.  There, Justice Black was unable to convince any other justice of the argument, in his dissent, that the wiretapping of telephone conversations should not count as a Fourth Amendment search because it was merely a technologically souped-up version of the eavesdropping, or listening in after nightfall under the overhanging roofs of homes, that the Framers were aware of, but did not prohibit, in the Fourth Amendment.

Much more recently, in their separate concurrences in United States v. Jones, 132 S.Ct.  945 (2012), Justices Alito and Sotomayor both reasoned that because of the differences in the intrusiveness of the technology, the Supreme Court’s holding in 1983 in United States  v. Knotts, 460 U.S. 276, that the Fourth Amendment did not apply when a primitive radio frequency technology was used to track a car’s movements on a public highway, did not apply to GPS tracking.  See Sanchez, supra.  Joined by three other justices, Justice Alito went only as far as holding that in investigations of most offenses, long-term GPS tracking of a car’s movements would count as a Fourth Amendment search.  In reasoning that even short-term GPS tracking might implicate the Fourth Amendment, Justice Sotomayor raised concerns that apply at least as well to the NSA’s metadata program.  In particular, she highlighted that “GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations. … The Government can store such records and efficiently mine them for information years into the future.”  Justice Sotomayor also found it relevant, for purposes of determining whether GPS tracking constituted a Fourth Amendment search, that “the Government’s unrestrained power to assemble data that reveal private aspects of identity is susceptible to abuse. The net result is that GPS monitoring—by making available at a relatively low cost such a substantial quantum of intimate information about any person whom the Government, in its unfettered discretion, chooses to track—may ‘alter the relationship between citizen and government in a way that is inimical to democratic society.’”

As recognized in Justice Scalia’s majority opinion in Jones, as well as Justices Sotomayor’s and Alito’s concurrences, the Knotts Court itself acknowledged that “different constitutional principles may be applicable” if technology made “dragnet type law enforcement practices possible.”  This belies Orin Kerr’s claim that “existing Fourth Amendment doctrine doesn’t provide an obvious hook to say that [it] should make a difference” that the NSA is engaged in the “collection of metadata on large groups or even millions of people at once,” whereas both Smith v. Maryland and the Ninth Circuit case, United States v. Forrester, 495 F.3d 1041 (9th Cir. 2007), that extended Smith to Internet communications, “dealt with collection of metadata on individual suspects.”  Orin Kerr, “Hints and Questions About the Secret Fourth Amendment Rulings of the FISA Court,” Volokh Conspiracy, July 7, 2013.

If the NSA’s Metadata Program Counts as a Search, Does It Satisfy the Requirements of the Fourth Amendment?

Even if the NSA’s telephony metadata program counts as a Fourth Amendment search, the requirements of the Fourth Amendment might still be satisfied.  Babak Siavosky has suggested that the seeming Fourth Amendment problems with the NSA’s indiscriminate collection of metadata might be cured by the restrictions that the FISC Orders place on when data may be queried.  “Does the Fourth Amendment regulate the NSA’s analysis of call records? The FISC might have ruled it does,” Concurring Opinions.

The suggestion that the FISC Orders conform to the Fourth Amendment by “allowing the government to collect telephony metadata, but restricting the way that data is subsequently analyzed and accessed” seems incompatible, however, with the particularity requirement that the Fourth Amendment imposes on the “persons or things to be seized” as well as “the place to be searched.”  Keeping a vast trove of data for querying as additional people become targets may be nothing more than a technologically sophisticated analogue of the general searches by King George III’s men that the Framers abhorred and against which they erected the Fourth Amendment.

Does the Surveillance of Metadata Violate the First Amendment?

The Fourth Amendment concerns raised by technology that allows the government to compile detailed pictures of people’s lives are closely tied to the First Amendment’s concerns with freedom of expression and association. The concern that Justice Sotomayor raised in her concurrence in Jones that “[a]wareness that the Government may be watching chills associational and expressive freedoms” applies as least as well to the NSA’s wholesale collection of telephony metadata as to GPS tracking of automobile travel.  In his dissent in Smith v. Maryland, Justice Marshall recognized the threat to journalistic endeavors and to political association that is raised far more strongly by the NSA’s dragnet collection of metadata than by the targeted collection of numbers dialed that occurred in Smith.  He presciently wrote, “Many individuals, including members of unpopular political organizations or journalists with confidential sources, may legitimately wish to avoid disclosure of their personal contacts.  Permitting governmental access to telephone records on less than probable cause may thus impede certain forms of political affiliation and journalistic endeavor that are the hallmark of a truly free society.”

 III. CONCLUSION

The NSA’s metadata surveillance program raises profound issues about the relations between concerns for national security, on the one hand, and democratic accountability and individual privacy, on the other.  There are also major issues about the statutory basis and constitutionality of the program.

On July 8, 2013, the Electronic Privacy Information Center (“EPIC”) took the extraordinary step of petitioning the United States Supreme Court to review and vacate the FISC Order to Verizon for the production of metadata on all domestic calls.  In its petition for a writ of mandamus and prohibition or a writ of certiorari, EPIC argued that the FISC had exceeded its statutory authority under Section 215 of the Patriot Act, 50 U.S.C. Section 1861, in ordering the indiscriminate production to the NSA of telephony metadata.  “It is simply not possible that every phone record in the possession of a telecommunications firm could be relevant to an authorized investigation.  Such an interpretation of Section 1861 would render meaningless the qualifying phrases contained in the provision and would eviscerate the purpose of the Act.”  In requesting relief from the United States Supreme Court, EPIC further argued that it would be impossible for it to obtain relief from any other court or forum.

Earlier, on June 11, 2013, the American Civil Liberties Union (“ACLU”) filed a complaint in the federal district court for the Southern District of New York, alleging that the NSA’s surveillance of telephony metadata violated Section 215 of the Patriot Act and the First and Fourth Amendments.

As with all litigation, final resolutions are unlikely to come quickly.  It is also possible that, as in past litigation over alleged statutory and Constitutional violations by the NSA, the Obama administration will aggressively invoke various procedural barriers to a judicial decision on whether rights have been violated.  See, e.g., Clapper v. Amnesty International, 133 S.Ct. 1138 (2013); In re National Security Agency Telecommunications Records Litigation, 671 F.3d 881 (9th Cir. 2011); Jewel v. National Security Agency, 673 F.3d (9th Cir. 2011).

An informed legal assessment would be enormously aided by the publication of both the opinion that the FISC issued on May 24, 2006 on the interpretation of the relevance requirement of Section 215 of the Patriot Act and any further FISC opinions assessing the legality of the NSA’s surveillance of telephony metadata.  On June 12, 2013, in conjunction with the Media Freedom and Information Access Clinic at the Yale Law School, the ACLU filed a motion before the FISC seeking the publication of all its opinions interpreting Section 215 of the Patriot Act and evaluating its constitutionality.

The likelihood that the ACLU’s motion will result in prompt disclosure is called into question by the government’s continuing resistance, as of July 1, 2013, to a motion that the Electronic Frontier Foundation filed on July 26, 2012, requesting the disclosure of a FISC opinion whose existence was first revealed on July 20, 2012.  The opinion was reported to hold that the NSA had violated both the Fourth Amendment and the spirit of Section 702 of the FISA Amendments Act, 50 U.S.C. 1881a, through some of its surveillance of the contents of communications.

Also in an effort to foster informed debate, a bipartisan group of Senators introduced a bill on June 11, 2013, that would require the Attorney General to declassify significant Foreign Intelligence Surveillance Court (FISC) opinions pertaining to the breadth of the government’s authority to conduct surveillance under the Patriot and Foreign Intelligence Surveillance Acts.  See, e.g.,; Valentino-DeVries & Siobhan Gorman, supra (stating that the FISC’s rulings are “almost impossible to challenge because of the secret nature of the proceedings.”)

These attempts to unveil the FISC’s reasoning should be assessed against the background of President Obama’s avowed welcoming of debate on the scope of the NSA’s surveillance.