If you haven’t done so already, you really ought to read David Kris’s very thoughtful and comprehensive paper on the Section 215 metadata collection program, a précis of a forthcoming supplement to his and Doug Wilson’s authoritative treatise. Orin Kerr rightly calls it “essential reading for those interested in the legality of the program.” Its footnotes alone are, as Ben Wittes notes, “an incredible annotated bibliography of the entire 215 debate that will function as a roadmap for anyone doing research on this subject.” Moreover, the final nine pages of the paper, in which David discusses possible changes in the way the government might treat the confidentiality of intelligence programs, is an ideal introduction to what ought to be a very important debate in the coming months and years about secrecy, transparency, and democratic accountability.
In Orin’s view, the Kris paper is “the Best Defense (By Far) of the Lawfulness of the NSA’s Telephony Metadata Program.” As I read it, however, David is somewhat more equivocal about whether the program is legal under the governing statutes–at the very least, he raises serious questions about whether the government’s interpretation proves too much. (David does not devote much attention to the Fourth Amendment question. Like Orin himself, David assumes that Smith v. Maryland virtually settles the question for now. Although he notes that Justice Sotomayor’s concurrence would call into question the scope of the third-party doctrine, he does not address what the Alito and Sotomayor opinions for five Justices in Jones might presage about how a majority of the Court would approach the question, nor does he speculate on how the Court might view the third-party doctrine in light of the increasing ability of the government to use powerful computer algorithms to mine “big data” and thereby learn far more about individuals than could have been contemplated in Smith. I think Steve Schulhofer has it right when he writes that “The concurring Justices, who together represented a majority of the Court, clearly are ready to rein in the widest implications of Smith v. Maryland and its progeny, but none of them indicated precisely how or in what ways they are prepared to do so. Therefore any judgment about the constitutionality of the NSA program–that is, an informed prediction of what the Court will do when presented with this issue–is at best uncertain.”)
But regardless of whether Orin’s characterization is correct, David’s paper will, with good reason, be looked to as the most serious and authoritative treatment of the statutory question thus far available (at least pending further briefing by the ACLU and DOJ in the S.D.N.Y. litigation later later today). And David does, at a minimum, attempt to flesh out the best case in support of the government’s reading, even though he also raises some doubts. Accordingly, I thought it would be worthwhile to raise a couple of counterarguments that David does not address.
My reason for doing so is not so much to influence public debate or the pending litigation on the merits of the section 215 question, because I think that question should and will shortly be overtaken by events. Now that the cat is out of the bag and we’re having a public debate about telephony metadata collection, it’s likely Congress will act, either to expressly prohibit such collection, or to specifically authorize it in its current form, or to authorize it subject to new, more robust conditions, procedures and oversight. No matter which of these options Congress chooses, the statutory question of whether the program has been authorized by statute, from 2006 to the present day, will be rendered moot. (Not the Fourth Amendment question, of course. Litigation presumably will continue on that subject, assuming Congress reauthorizes the program in some form and does not foreclose constitutional challenges.)
The reason I address these statutory questions here is, instead, because of what they reveal about the inadequacy of the existing nonadversarial FISC process when it comes to adjudicating important legal questions.
The disclosures of the past several weeks have demonstrated, I think, that the FISC is extremely resolute, and careful, about ensuring that the NSA and FBI comply with the terms of the FISC’s own orders, including the so-called “minimization” requirements–in part because the lawyers in David’s own former shop, DOJ’s National Security Division, take very seriously their responsibility to bring to the court’s attention any compliance problems. When it comes to the more fundamental legal questions about the proper statutory and constitutional scope of a proposed program, however, the FISC process is not nearly as thorough or reliable, in large measure because the court hears from only one side.
Exhibit A is Judge Eagan’s August 29, 2013 opinion upholding the legality of the metadata bulk collection program, which is troubling in several important respects that should give anyone pause about the way the FISC system currently operates. Ben Wittes and Jane Chong describe that opinion as “illuminating” and “an excellent opinion for the government.” I have serious doubts, however, whether many government officials consider the opinion to be “excellent,” or even helpful, since what it “illuminates” about the current FISC system is not a very pretty picture.
For all that appears, for instance, Judge Eagan’s opinion was the first instance in which a FISC judge engaged in a sustained analysis of the very difficult statutory and constitutional problems raised by this program — seven years after the program was first brought before the court. In the very first order that has been made available, for example–issued by Judge Howard in August 2006–the court merely stated in a single conclusory sentence that the statutory standard had been satisfied (see paragraph 3). Each subsequent order thus far released–until Judge Eagan’s opinion one month ago–repeated that same perfunctory conclusion, without any statutory or constitutional analysis. I do not mean to suggest that the FISC judges never took seriously the legal questions. DOJ apparently filed a memorandum on those questions in 2006 (see the reference on pages 18-19 of Judge Eagan’s opinion), and it’s fair to assume that the FISC judges read the government’s arguments carefully. The judges might even have pushed back orally on certain of DOJ’s arguments, as the FISC reportedly is in the habit of doing. But careful, serious consideration of the constitutional and statutory questions? It appears that Judge Eagan was the first to do so, at least in writing. (Judge Eagan does cite a 2010 FISC opinion on “relevance” of bulk collections under the FISA pen register provision, which Julian Sanchez surmises was an opinion validating bulk collection of Internet metadata. But Judge Eagan does not cite any previous FISC precedents on section 215, other than Judge Walton’s opinion on a discrete statutory question from December 2008, on which more below.) If this is right, i.e., if the issues were not thoroughly analyzed, at least in writing, for the first several years of the program, it’s not because the FISC judges are “rubber stamps,” or because they don’t care about the law — it’s because no one explained to them just why the statutory and constitutional questions are so difficult. [UPDATE: The Washington Post reported on October 12th that back in May 2006, two months after Congress added the “relevance” requirement to Section 215, Judge Kollar-Kotelly issued an 80+-page opinion, said to be “painstakingly thorough,” that served as the legal basis for the FISC’s May 2006 authorization. If this is correct, it is not clear why Judge Eagan did not make any reference to Judge Kollar-Kotelly’s opinion. But perhaps it’s not correct: The Post story also reports that a senior DOJ official “told The Post that no 2006 Kollar-Kotelly opinion is based on [section 215].” We shall see.]
Moreover, Judge Eagan appears to have been strangely resistant to consideration of the best arguments on both sides. By the time she ruled, the ACLU had filed a brief in support of its motion for summary judgment in the S.D.N.Y. litigation, and the government had filed its opening brief in support of its motion to dismiss, and had made public its “White Paper” on the Section 215 program. All of these documents — not to mention briefs in other cases, many blog posts, etc. — contain arguments that are far more challenging and sophisticated than anything that appears in her opinion. Yet there’s no indication that she considered any of these arguments — and in footnote 4 of her opinion she even acknowledges, as though it were a virtue, that she had declined to review the government’s White Paper! I’m not sure what explains such willful blindness, but it doesn’t offer much reason for confidence in the FISC’s ability to carefully consider important legal questions.
In terms of substance, there are many things missing from Judge Eagan’s opinion that one would expect to see discussed if there had been robust adversarial engagement. Judge Eagan did not, for example, discuss any arguments about how the Court’s decision in Jones might affect constitutional application of the “third party” doctrine to a context far removed from that found in Smith. She did not address why her reading of the “relevance” requirement of section 215 would appear to prove too much–to make virtually every business record in the nation “relevant” to an FBI investigation, at least to the extent such records reveal individuals’ communications or interactions. And in the section of her opinion where she concludes that the 2011 Congress “ratified” the government’s reading of section 215 (a question that is relevant only if section 215 did not originally authorize the sort of “bulk metadata” collection at issue here), she does not address whether the ratification doctrine is apposite in a case where the interpretation in question was rendered in secret and without adversarial briefing (see page 58 of the Kris paper, and Point 4 of Orin’s post); where most members of Congress presumably were unaware of either the reasoning (if any) the FISC might have offered in support of idiosyncratic reading of “relevant,” or any arguments against that reading; where most or all members presumably were unaware that there was a a serious question of whether the program is prohibited by another federal statute, ECPA (see below); where the issue could not, in any event, be debated in Congress; and where it might well be that some members who knew of the program, and who did not agree with the FISC’s interpretation, nevertheless still favored, and voted for, PATRIOT Act reauthorization notwithstanding their disagreement about one discrete program.
Most notable, however, is that Judge Eagan does not even address what appear to me to be the two most significant statutory arguments against the metadata collection program — presumably because no one brought them to her attention.
“Relevance” Under Section 215
The first overlooked counterargument involves Judge Eagan’s reading of the “relavance” requirement of Section 215. In order for the FISC to order production of identified “tangible things” to the government, the FBI must provide a statement of facts showing–and the court must find–“that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized [FBI] investigation (other than a threat assessment) . . . to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.” 50 U.S.C. 1861(b)(2)(A), (c)(1).
In construing this requirement, Judge Eagan first adopted DOJ’s argument that tangible things are “relevant to” an authorized terrorism investigation if they “bear upon, or are pertinent to,” that investigation. That’s certainly a fair, even if contestable, definition of relevance. The problem, of course, is that the vast majority of the metadata that are collected in a “bulk” dataset–especially when it includes the metadata of virtually every phone call in the nation–will turn out not to bear upon, or be pertinent to, such an FBI investigation.
So why does Judge Eagan conclude that all those data are “relevant” to such an investigation? By reasoning that collection of virtually all Americans’ metadata is “necessary” in order to permit NSA (not hte FBI) to do the sorts of algorithmic data searches that allow the agency to determine “connections between known and unknown international terrorist operatives”–connections that are then shared with the FBI for its terrorism investigations. Because collecting all of the data is “necessary” to facilitate such data-mining, explains Judge Eagan, those data are “relevant” to an investigation. (See pp. 19-22 of her opinion.)
This reasoning–reflected as well at pages 20 to 22 of the Kris paper, and at pages 8-9 and 12-14 of the government’s White Paper–is problematic for several reasons. For starters, even if access to such vast reservoirs of data makes it substantially easier for NSA computers to ferret out terrorist connections–something that could hardly be denied–such collection is not in any strong sense “necessary” to the NSA’s objectives: The agency found plenty of such terrorism connections even before this program was in place; and it would be able to discover many more such connections–even if not as many–if service providers were required to retain the records, and the agency then directed the providers to search for records on a retail basis whenever the NSA provided an “identifier” (such as a terrorist phone number). (See more on this in Point 3 of Orin Kerr’s post on the Eagan opinion.)
So, perhaps Judge Eagan simply means that having all the data in one place is “necessary” to NSA’s data-mining in the sense that such bulk collection is conducive, or very helpful, to making such searches more effective. Which is undoubtedly true . . . but of course it would also be true of virtually any vast database of information, and so it’s a theory without an obvious stopping point: As David Kris explains, the more information the NSA has, the easier it is for its powerful computers to discern terrorist connections.
More to the (statutory) point, however, there’s a non sequitur at the heart of Judge Eagan’s reasoning. Demonstrating that possession of the entire bulk set of records is “necessary”–in any sense, weak or strong–to permit NSA to successfully find more terrorism connections than it otherwise would, does not establish that all the collected records are relevant to–that they “bear upon, or are pertinent to”–an FBI terrorism investigation. To be sure, having the records all in one place, in NSA possession, makes such an investigation easier, precisely because it allows the NSA to more easily separate the wheat from the chaff–the relevant from the irrelevant, as it were. But that is not the statutory standard. Section 215 does not say, for example, that the FISC may require production of any “tangible things, possession of which would make it easier for the government to find information relevant to a terrorism investigation.” The standard is, instead, that there must be reasonable grounds to believe that the “tangible things” produced–the records themselves–are relevant to an FBI investigation. And that is simply not true of the vast majority of collected telephony metadata records, for, as David notes (p.28), the government has conceded that “only the tiniest fraction of the data collected reflects communications between suspected terrorists and persons in any way associated with terrorism.”
Look at it this way: If the entire database of telephony metadata were, indeed, “relevant to” FBI terrorism investigations, as the statute requires, then presumably all of those metadata would be turned over to the FBI in the first instance. After all, shouldn’t the Bureau have access to all evidence that (it is reasonable to believe) will be relevant to such an investigation?
But, tellingly, the FISC has not allowed that. Even though section 215 contemplates that the tangible goods will be produced to the FBI (see page 29 of the Kris paper), the FISC instead requires that the bulk telephony metadata be produced directly to the NSA. And not only that: The FISC actually forbids the NSA from disseminating any of the data to the FBI until the NSA has culled particular information about individuals from the vast database, and a high-level NSA official has determined that any of that information identifying a U.S. person–a minuscule subset of all the records produced to the NSA–“is in fact related to counterterrorism information and that it is necessary to understand the counterterrorism information or assess its importance” [page 13 of Judge Eagan’s primary order, attached to her opinion]. Only that information–not the entire bulk metadata set–may be shared with the Bureau. As Judge Eagen notes (page 23 of her opinion), without this and other minimization requirements, “no Orders for production would issue from this Court.”
This very reasonable and necessary restriction imposed by the FISC — that the FBI itself can obtain only the tiny percentage of data about U.S. persons that are “in fact related to counterterrorism information and . . . necessary to understand the counterterrorism information or assess its importance” — is fundamentally inconsistent with the notion that the entire database of metadata, from which the NSA culls that tiny subset, is “relevant” to an FBI investigation.
David Kris recognizes that the FISC’s theory of “relevance” is counterintuitive because it is potentially boundless: “[H]ere’s the problem,” he writes in footnote 79: “[I]f that constitutes relevance for purposes of Section 215 then isn’t all data relevant to all investigations?” Or, at the very least, wouldn’t all data concerning communications between or interactions among individuals (including the content of all communications) be “relevant,” under this theory, to terrorism investigations, since analysis of such “bulk data” might be the “‘only practical means to find th[e] otherwise invisible connections [between individual datapoints]'”? (page 34, citing the government’s White Paper at 5).
Judge Eagan does not even grapple with such concerns. The Kris paper does. Like the government’s White Paper (at pages 9-11), David places a great deal of weight on the analogy to grand jury subpoenas (see pages 23-26 of his paper). He notes first that Section 215 prohibits the FISC from ordering production of a tangible thing unless it could “be obtained with a subpoena duces tecum issued by a court of the United States in aid of a grand jury investigation or with any other order issued by a court of the United States directing the production of records or tangible things.” 50 U.S.C. 1861(c)(2)(D). And he further notes that in the grand jury context courts have occasionally upheld the production of large databases on the ground that such databases might contain evidence that could be identified pursuant to a further search that would be relevant to the grand jury investigation, even if much of the database is unlikely to be relevant.
OK, but what follows from this? The United States appears to suggest that if the database could be obtained via a grand jury subpoena, then the database it is relevant, as a matter of law, for purposes of the requirement of section 1861(b)(2)(A).
This grand-jury subpoena argument is problematic even on its own terms. As David concedes (page 26), no court has ever approved a grand jury subpoena that is remotely as broad as an order requiring production of all of everyone’s telephony metadata. I doubt there’s a district judge in the nation who would ever contemplate enforcing a grand jury subpoena of such scope. As the Kris paper further explains (p.24), a leading opinion by Judge Mukasey suggests that courts will rarely enforce grand jury subpoenas even of much narrower databases, where the grand jury does not need to do a “fishing expedition” of such a database in order to obtain the needed information.
The more fundamental objection, though, is that even if the government were able to satisfy the grand jury subpoena provision of section 215, that would not satisfy the relevance provision of section 215. They are two distinct requirements, and the latter is more demanding than the former. The government’s argument improperly conflates the two.
David relies, as does the United States, upon a statement of the Court in United States v. R. Enterprises, 498 U.S. 292, 301 (1991), that a motion to quash a grand jury subpoena “must be denied unless the district court determines that there is no reasonable possibility that the category of materials the Government seeks will produce information relevant to the general subject matter of the grand jury’s investigation.” But the statute at issue in the grand jury context requires no more than that. Federal Rule of Criminal Procedure 17(c) simply provides that “[t]he court on motion made promptly may quash or modify the subpoena if compliance would be unreasonable or oppressive.” That rule does not require that the “category of materials” sought, let alone all of the tangible records requested, would in fact be relevant to the grand jury investigation–it is sufficient, instead, that there be a reasonable possibility that the records “will produce” relevant information to the grand jury.
Section 215, by contrast, requires specifically not only that the records sought could be obtained pursuant to a grand jury subpoena under that Rule 17(c)/R. Enterprises standard, but also that the FISC find “that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized [FBI] investigation (other than a threat assessment).”
Congress added the relevance requirement in 2006. Before then, satisfaction of the grand-jury subpeona standard was perhaps the most significant hurdle for the government in asking for a Section 215 order. But the 2006 amendment to Section 215 did not simply recodify the grand jury subpoena standard–indeed, in that case it would have been a superfluous amendment. Under the 2006 amendment, there must be reasonable grounds to believe that the actual, “tangible things” sought are relevant to an FBI investigation, a standard more searching than the grand jury subpoena standard. (The government’s White Paper quotes Senator Kyl as saying during the 2006 legislative debate that “relevance . . . is the standard for obtaining every other kind of subpoena, including . . . grand jury subpoenas.” Senator Kyl was simply wrong about that. The 2006 amendment did not merely re-enact the existing grand jury subpoena requirement.) In sum, even if the government could satisfy the grand jury subpoena standard (but see the doubts expressed above), that would not establish the showing of relevance that section 215 requires. (The United States, and the Kris paper, also rely on the notion of “relevant” evidence in the civil discovery context, in which Federal Rule of Civil Procedure 26(b)(1) authorizes a party to obtain discovery regarding any nonprivileged matter “relevant to the subject matter involved in the pending action.” The Court has construed this “relevance” standard broadly to encompass any matter that reasonably could lead to other matter that could bear on any issue in the case. But that’s a dead end here, too, because the vast majority of information in the NSA’s bulk metadata collection will not reasonably lead to other matters that bear on a terrorism investigation. It is therefore not surprising that the government does not cite any civil discovery order remotely analogous to the orders at issue here.)
The ECPA Prohibition
You wouldn’t know it from Judge Eagan’s opinion–or from David Kris’s paper, for that matter–but Congress has actually considered the specific question about whether and under what circumstance service providers may disclose to the government the telephony metadata of their customers, and has enacted a statute dealing specifically with that question–a statute that expressly prohibits such disclosure. Moreover, the prohibition in question was enacted as part of the very same law that includes Section 215, namely, the PATRIOT Act of 2001.
A provision of the Electronic Communications Protection Act (ECPA), 18 U.S.C. 2702(a)(3), states that “a provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by paragraph (1) or (2)) to any governmental entity.”
Statutory language doesn’t often get much clearer than that: A provider of remote computing service or electronic communication service to the public — a category that includes phone service providers — cannot knowingly convey consumer records or information to any governmental entity.
Remarkably, Congress added this prohibition to ECPA in section 212(a)(1)(B)(iii) of the 2001 PATRIOT Act itself–the same law in which section 215 expanded the “business records” provision upon which the government relies here. The two provisions are only three pages apart in the Statutes at Large. In other words, the government is relying here upon a broad, general “business records” provision included in the PATRIOT Act; but in that very same legislation, Congress included another provision specifically involving the business records of telephone customers, and in that more specific provision it precluded the very sort of records transfer at issue here.
To be sure, the ECPA prohibition is not absolute. Congress did include some exceptions. Subsection 2702(c), entitled “Exceptions for disclosure of customer records,” provides that a service provider “may divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by subsection (a)(1) or (a)(2)),” in six specified circumstances:
(1) as otherwise authorized in section 2703;
(2) with the lawful consent of the customer or subscriber;
(3) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service;
(4) to a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency;
(5) to the National Center for Missing and Exploited Children, in connection with a report submitted thereto under section 2258A; or
(6) to any person other than a governmental entity.
What’s missing from this list? The “tangible things,” business records provision, which appears just three sections later in the PATRIOT Act. Section 215 is not included among the enumerated exceptions. And thus if the canon that the “specific governs the general” is to be any guide, a statutory provision specifically about telephony metadata, which prohibits providers from disclosing customer records to any government entity except in circumstances not apposite here, would presumably supersede the general provisions of section 215–a provision that does not mention electronic communication service providers, let alone customer telephony records.
The Department of Justice, to its credit, appears to have brought this apparent statutory conflict to the attention of the FISC in late 2008, which prompted Judge Reggie Walton to issue a short opinion, recently posted on the DNI website, in which he concluded that notwithstanding the specificity of section 2702 respecting phone customer records, and notwithstanding Congress’s express enumeration of specified exceptions that do not include Section 215 business-record orders, Congress implicitly established another exception in section 215.
Judge Walton’s analysis relied entirely on the fact that, under one of the exceptions to section 2702(c), the FBI can issue a “national security letter” (NSL) to an electronic communications service provider, requesting that it disclose a customer’s call records, without the approval or involvement of the FISC. See 18 U.S.C. 2709. (An NSL is an “administrative subpoena,” which is expressly excepted from the prohibition of section 2702(c)(3) pursuant to section 2703(c)(2), which in turn is incorporated by reference in section 2702(c)(1).) Judge Walton reasoned that it would have been “anomalous” for Congress to permit the Bureau to obtain such records from providers with a simple letter signed by an FBI official, but to have prohibited the FBI from obtaining the same metadata with FISC approval and the oversight and minimization requirements prescribed by section 215. Thus, he concluded, Congress must have meant to include a business records exception to the prohibition in section 2702(c)(3), even though the legislature neglected to mention it in the statute or its legislative history.
This reasoning is dubious, at best. For one thing, the standard for disclosure pursuant to a 2079 NSL is at least somewhat more demanding than the standard under 215. For a terrorism-based 2709 NSL, the FBI Director or another high-ranking officer must certify that the records sought “are relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities”; but for a Section 215 order, it is sufficient that the FISC find only that there “are reasonable grounds to believe that the tangible things sought are relevant” to such an authorized investigation. So perhaps the juxtaposition of the two statutes is not as anomalous as Judge Walton assumed.
But even if the two statutes did create the anomaly identified by Judge Walton, that would hardly be justification for adding an implicit exception to the express exceptions Congress enacted. It remains the case that in the very same statute in which Congress expanded the business records provision, it also specifically set out the particular exceptions to the section 2702(c)(3) prohibition–and did not include section 215 among them. Perhaps this was a mere oversight, in which case one would expect the executive branch to have proposed an amendment to section 2702 during the past dozen years, as part of one of numerous reauthorizations of, and amendments to, the PATRIOT Act. But it has not done so. And unless and until the statute is so amended, it’s hard to see why the FISC can address an anomaly in the law by creating a new, implicit exemption to a statutory prohibition. Indeed, the Office of Legal Counsel concluded in 2008 that it is inappropriate to infer extra-statutory exceptions to section 2702 of ECPA, in particular, citing the canons that (i) “Where there is an express exception, it comprises the only limitation on the operation of the statute and no other exceptions will be implied” and (ii) “Where a general provision in a statute has certain limited exceptions, all doubts should be resolved in favor of the general provision rather than the exceptions.”
In addition, Judge Walton’s comparison of section 215 to section 2709 NSLs is telling in another way–not one that supports the NSA metadata collection program, but one that instead calls into question the FISC’s underlying interpretation of the “relevance” requirement in Section 215 itself.
As noted above, the “relevance” standards in the two statutes are very similar. (For present purposes, the only real difference is the “reasonable grounds to believe” modifier in Section 215.) If the FISC were correct that a bulk metadata collection held by NSA is, in its entirety, “relevant” to FBI terrorism investigations because having such a database is “necessary” to permit NSA to be more effective in identifying terrorist connections (see discussion above), then presumably the same would be true under the 2709 relevance standard, which would mean that the FBI could obtain all telephony phone records of everyone in the nation simply by issuing a handful of NSLs, without any FISC involvement at all, and without the minimization requirements of Section 215.
It is hard to imagine that is correct. If the FBI tried to use the reasoning of the FISC in order to request the records of all of a provider’s customers, and to do so on a perpetual, prospective basis, pursuant to NSLs and without an order from the FISC, it’s fair to assume that at least some service providers would balk–they would be deeply concerned about relying on the government’s very aggressive, and unexpected, reading of the “relevance” standard. After all, the common understanding of 2709 NSLs was and is that they are to be used to obtain the discrete records of particular targets, on an individualized (and time-specific) basis, not the sort of undifferentiated, bulk transfers of all customers records at issue here. Therefore a reasonable provider would understandably be loath to rely upon the say-so of the FBI Director that 2709 allows NSLs of such a breathtaking scope, especially since that would have been a significant deviation from established NSL practice. (Recall that those same service providers had just experienced the intense controversy of participating in the “Terrorist Surveillance Program,” in which they had relied upon certifications of legality by the Attorney General that turned out to be invalid.)
And indeed, that appears to be exactly what happened: A former FISA judge recently recounted that he would sometimes ask government attorneys why they were using the surveillance court to issue Section 215 orders, rather than simply demanding the metadata from providers by way of NSLs. The DOJ lawyers reportedly told the judge: “Well these companies aren’t very comfortable giving us this without a court order.” That’s hardly surprising. Indeed, Judge Walton himself appears to have acknowledged that the databases at issue under the Section 215 orders could not be obtained via NSLs. Less than three months after he turned aside any concerns about ECPA, he opined that “nearly all of the call detail records collected . . . are data that otherwise could not be legally captured in bulk by the government.” If that statement is accurate–if all these metadata could not have been collected by way of NSLs–it’s hard to see why such bulk call records can be “legally captured” pursuant to Section 215, either.
Thus, not only is Judge Walton’s analysis of the ECPA prohibition questionable in its own right, but he has also identified yet another reason why the FISC’s reading of the “relevance” standard in Section 215 is open to serious question.
* * *
Perhaps I am wrong about all of this. Perhaps the government and Judge Eagan have the better of the case on “relevance.” And perhaps ECPA section 2702(c)(3) does not prohibit the transfer of customer records to the NSA. I would not reach any firm conclusions myself on such questions until, at a minimum, I saw and considered DOJ’s arguments in response. As I noted at the outset, however, the ultimate merits of such arguments don’t really matter going forward, since Congress presumably will establish the rules of the road prospectively. The relevant point, for now, is that Judge Eagan did not even consider these and many other important arguments, and that, with the exception of Judge Walton’s unsatisfying opinion in 2008, it’s not clear that the FISC has ever engaged the arguments fully, the way an Article III court would do in the context of adversarial litigation.
This experience ought to inform Congress’s deliberations about whether and how to create adversary proceedings for adjudication of at least some of the questions that come before the FISC, on this and other programs of consequence. And as to that important policy debate, I can highly recommend pages 36-41 of David Kris’s paper, which discusses the various advantages and disadvantages of various proposals to establish a more adversarial FISC system.
All of this assumes, however, that such programs will be authorized (or not) only in secret, before the FISC. The broader and more important question is whether the debate about authorizing bulk data collection programs of this sort ought to be much more transparent as a matter of course. If Congress agrees that the current public and legislative debate is worthwhile, and a preferable way of deciding whether and how such programs should be implemented, then it could legislate to that effect, in which case there would not be as much of a need for the FISC itself to resolve many of the more sensitive and important legal questions. And so I happily end where I began–by recommending the final nine pages of David’s paper, where he initiates an important discussion about transparency, secrecy and democratic deliberation.