Defenders of the NSA’s notorious bulk telephony program have stressed since it was first disclosed that the massive database of calling information can only be used for national security investigations of foreign terror groups, and is tightly regulated by the FISA Court. This week, however, USA Today confirmed that the Drug Enforcement Administration’s own bulk telephony program, first reported in January, began nearly a decade before the attacks of September 11, 2001—vacuuming up records of Americans’ calls to a whopping 116 foreign countries “linked to drug trafficking” using administrative subpoenas. This is presumably the “massive database of phone records” referenced in a 2013 Reuters story on the shady practice of “parallel construction,” wherein state or local law enforcement agency are fed tips from DEA, then encouraged to “phony up investigations” (in the words of one Harvard law professor) in order to conceal the true origins of the information from courts and criminal investigations.
This is profoundly disturbing on many levels: First and foremost, it implies that the radical theory of “relevance” invoked to justify the NSA program—wherein an entire database is considered “relevant” if it can later be searched to find the tiny fraction of genuinely relevant records it contains—has been invoked by the government for decades, largely free of court scrutiny, and for routine criminal investigative purposes. As USA Today notes:
Agents gathered the records without court approval, searched them more often in a day than the spy agency does in a year and automatically linked the numbers the agency gathered to large electronic collections of investigative reports, domestic call records accumulated by its agents and intelligence data from overseas.
The program appears to have finally been halted in 2013 as a result of the initial Snowden disclosures when the Justice Department realized DEA’s continuing collection would be hard to square with a legal defense of the NSA program that emphasized the exigencies of national security investigations. Even if was the only form of bulk collection prior to the inauguration of NSA’s 215 database, it ought to raise some obvious concerns: How many criminal cases were prosecuted using this database, in potential violation of defendants’ due process rights? How many legitimate prosecutions were abandoned in order to protect the program, as the Reuters report suggests sometimes occurred, and as we know the FBI has also demanded to hide details about the use of Stingray devices? At the risk of stating the obvious: Something seems badly amiss when our law enforcement agencies routinely choose to let criminals walk free rather than subject their activities to court scrutiny.
A larger question raised by the program is whether this kind of fishing expedition by subpoena is more common than had previously been understood. Even legal experts normally quite friendly to broad government monitoring authorities were taken aback at the chutzpah of the government’s argument. Former DOJ attorney Mark Eckenwiler told the Wall Street Journal that a prosecutor who “served a grand-jury subpoena for such a broad class of records in a criminal investigation… would be laughed out of court.” But an administrative subpoena need never come before a court if most recipients comply without objection, and the issuing agency simply withdraws the request if one does move to quash. It would be hard to match the DEA’s telephone program for scale, but if the legal reasoning behind it has been embraced by the Justice Department since the early 90s, it becomes difficult to believe it was only ever invoked for this one, sui generis purpose.
The DEA program was, at least, apparently limited to international telecommunications records. This may be legally significant because, as Kevin Bankston of the New America Foundation has observed, the Electronic Communications Privacy Act contains a loophole permitting the government to obtain, for intelligence purposes, information pertaining to foreign or international communications by means other than “electronic surveillance.” Gathering billing records of international calls would fit the bill, and Bankston argues convincingly that it was this same provision the Justice Department retroactively invoked to sanctify its improper use of “blanket” National Security Letters. Plausibly this same provision would have muted any potential objections from the telephone companies to DEA’s bulk administrative subpoenas. Thus, it remains unclear whether the government believed similar bulk subpoenas could be used for domestic telecommunications records.
Most types of third-party records, however, lack the specific statutory protection provided by ECPA, which would leave enormous latitude for bulk acquisition for an agency that had come to believe its subpoena authorities were so expansive. At the very least, then, the disturbing details of the DEA program should prompt a searching inquiry into the scope of subpoenas issued by federal investigative agencies. As Christopher Slobogin argued in his excellent 2005 paper “Subpoenas and Privacy,” the steady erosion of protection for personal information stored in corporate record, combined with the technologically-driven explosion of such storage, have not only left huge swaths of intrusive governmental data gathering outside the protection of the Fourth Amendment, but have rendered much of it opaque to either public or judicial oversight. For all we’ve learned about the NSA’s vast surveillance capabilities since the Snowden revelations began, what Chris Soghoian has dubbed the “Surveillance Reporting Gap” leaves us disturbingly ignorant of the potentially enormous scale of monitoring by ordinary law enforcement.
Two final brief points are worth making as Congress approaches the deadline for reauthorizing or reforming §215 of the Patriot Act, the basis of NSA’s telephony program. First, the program’s defenders often suggest that had we only had some kind of bulk telephone database, the perpetrators of the 9/11 attacks could have been identified via their calls to a known safehouse in Yemen. Now, of course, we know that there was such a database—and indeed, a database that had already been employed in other counterterror investigations, including the 1995 Oklahoma City bombing. It does not appear to have helped. Second, we now know that DEA was able to “find another solution” to monitor calls related to suspected narcotics traffickers when the program was ended in 2013, using targeted orders. It is, according to reports, somewhat more costly and time consuming—but it ultimately achieves the same ends without requiring the government to vacuum up millions of innocent people’s international call records. Given the consensus of independent reviewers that the NSA equivalent has yielded extremely limited intelligence value, surely the burden should be on that agency to explain why it cannot employ the same approach.