Who Says the NSA's Metadata Collection Is Legal?
June 18, 2013
Jun 18, 2013
7 Min read time
Above: National Security Administration headquarters in Fort Meade, Maryland (Wikimedia)
Many Americans don’t know quite what to make of the government harvesting reams of “metadata” from our telephone calls. For a sizeable proportion of the over-30 population, the very term “metadata” signifies to the listener that he is in over his head and might as well stop listening. To be sure, a person might understand that techniques called “data mining” and “pattern matching” can be used to glean detailed and sensitive information from the dry facts about whom we call and when. But it’s hard to internalize a concern that feels more like science fiction than reality.
That’s one reason the public’s response to the story about the National Security Agency’s collection of domestic phone records turns so heavily on its perceived legality. Government officials’ defense of the program has focused on its approval by federal judges and oversight by “all three branches of government.” In other words, whatever you might think about metadata (probably not much), the program is legal, and so there’s nothing to worry about.
The public appears to have embraced this characterization. A recent Pew Research poll found that 56 percent of Americans think the government’s collection of their telephone records is acceptable. In recent media appearances, I’ve been posed many questions beginning with: “We know the program is legal, but . . .”
Not so fast. A person might need a degree in computer science to understand the variety of ways metadata can be manipulated. But no law degree is needed to understand the words of section 215 of the Patriot Act, which is the provision that supposedly authorizes the government’s domestic telephone records collection program. Here’s what section 215 says the government can obtain from telephone companies or other third parties with an order from the Foreign Intelligence Surveillance Court (FISC):
[T]he Director of the Federal Bureau of Investigation . . . may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) . . .
Here’s what the government is required to include in its application for a court order requiring companies to turn over records or other “tangible things”:
a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation . . . to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities . . .
Here’s what section 215 says about the circumstances under which the FISC may issue the requested order:
Upon an application made pursuant to this section, if the judge finds that the application meets the requirements of subsections (a) and (b), the judge shall enter an ex parte order . . . approving the release of tangible things.
In short: the government may apply for an order requiring companies to turn over records, and the judge may grant the order if the government’s application sets out facts establishing that the records are relevant to a foreign intelligence or international terrorism investigation.
Now, let’s review what we know about the government’s actual program. The Guardian produced a FISC order showing that a subsidiary of Verizon was ordered to produce all of the telephone metadata of all of its subscribers for a three-month period. Senator Diane Feinstein soon confirmed that this order was essentially boilerplate and likely had been issued every 90 days for the past seven years. Reports followed that the other major American telephone companies were part of the program as well.
James Clapper, the Director of National Intelligence, acknowledged the program (although he didn’t confirm its scope). He justified the bulk collection in part by pointing to restrictions on “querying” the collected information:
By order of the FISC, the Government is prohibited from indiscriminately sifting through the telephony metadata acquired under the program. . . . The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization.
That may sound reassuring. But nothing in section 215 allows the government to collect now and establish relevance later. The statute clearly requires the government to show in its application that the records sought are relevant to an ongoing investigation, and it authorizes the judge to issue an order only if that showing is made.
Why, then, did the FISC approve the program? Until the government decides to release the court’s legal opinion, we can only speculate. One possibility is that the FISC deemed all metadata of all Americans’ phone calls to be “relevant” to an authorized investigation. Such an anemic definition of “relevance” would render this limitation in the statute meaningless. That would contradict a basic rule of statutory interpretation: judges should presume Congress meant its words to have effect.
A second possibility is that the FISC believed the government’s program adhered to the basic purpose and spirit of the statute, if not the letter. If the words of the statute were any less clear, the government would be free to make that argument (although a good lawyer could easily rebut it—more on that later). But there is no ambiguity on this point in section 215. Another basic rule of statutory interpretation: the language of the statute, if clear, must be honored.
A third possibility—one that’s supported by the latest report from the Washington Post—is that the government defines the “tangible things” it is obtaining, not as the records of individual subscribers, but as entire data sets held by Verizon and other companies. In that case, the government could describe the data set as “relevant” if it contained any relevant data whatsoever. That interpretation, too, would largely eviscerate section 215’s “relevance” requirement. The government could always describe a larger universe of information in which specific relevant information resides, thereby sweeping in huge amounts of irrelevant material.
The departure from the statute’s terms—allowing the government to establish relevance after collection rather than before—isn’t just a technicality. As the saying goes, possession is nine tenths of the law. Once the records are in the government’s possession, the government is left to police its own compliance with whatever restrictions the FISC has put in place. The retrieval of this data takes place within virtual fortresses surrounded by layer upon layer of high-tech security. If a government official were to access data improperly, there is absolutely no way the FISC—or Congress—would know. It goes against the very purpose of section 215 to delegate the FISC’s gatekeeper function to the party that wants to get through the gate.
It seems the FISC got it wrong—and we shouldn’t be surprised. The FISC operates outside the normal adversarial process that characterizes American courts. In the vast majority of cases, the government is the only party that appears. The facts and legal arguments heard by the judge are the ones the government chooses to present. In ordinary litigation, each party conducts discovery in order to disgorge the evidence his or her opponent would prefer to keep hidden. No such process takes place in a FISC proceeding. Moreover, there is no opposing counsel to rebut the government’s legal arguments. On top of that, the FISC judges come to know the limited set of government officials who present the applications; in a sense, they work together. Small wonder that the court has denied only 11 of the more than 30,000 applications made since 1978.
It’s no scandal for a judge to reach the wrong result. Our regular federal court system has two levels of appeal for exactly that reason. There is a FISA appeals court, too—the “Foreign Intelligence Surveillance Court of Review”—but it’s of little use in cases where the FISC grants the government’s application. After all, the FISC’s order is secret; and even if the people whose records are at stake knew about the order, they aren’t parties to the case and can’t appeal. The Court of Review serves the government only.
There are many aspects of the government’s program that may elude a layperson’s comprehension. But there is room for common sense in this debate. Even for those who don’t know what metadata is, the fact that the government wants it so badly should indicate it’s not just a bunch of trivial numbers. And even for those who haven’t studied the law, it’s clear that a statute requiring the government to show a record’s relevance before obtaining it doesn’t permit indiscriminate, dragnet collection. If a secret court says otherwise, that may say more about the limitations of secret judicial review than it does about the program’s legality.
While we have you...
...we need your help. Confronting the many challenges of COVID-19—from the medical to the economic, the social to the political—demands all the moral and deliberative clarity we can muster. In Thinking in a Pandemic, we’ve organized the latest arguments from doctors and epidemiologists, philosophers and economists, legal scholars and historians, activists and citizens, as they think not just through this moment but beyond it. While much remains uncertain, Boston Review’s responsibility to public reason is sure. That’s why you’ll never see a paywall or ads. It also means that we rely on you, our readers, for support. If you like what you read here, pledge your contribution to keep it free for everyone by making a tax-deductible donation.
June 18, 2013
7 Min read time