Earlier this month, the public learned that the National Security Agency (NSA) has suspended a program conducted under Section 215 of the USA Patriot Act to collect records of Americans’ calls and text messages. An aide to the House Minority Leader stated in a March 2 podcast that the program has not been operated for the past six months. Charlie Savage then publicized the disclosure and elaborated on the story in The New York Times, and subsequently, NSA Director Paul Nakasone, speaking at the RSA conference, “confirmed reporting that the agency is re-evaluating the future” of the program.
Congress authorized the program in question when it enacted the USA Freedom Act in June 2015, almost exactly two years after Edward Snowden’s first leaked documents were published, and following an intensive period of public debate over government surveillance. Upon its enactment, President Obama stated that “this legislation will strengthen civil liberty safeguards and provide greater public confidence in these [Patriot Act] programs, including by prohibiting bulk collection through the use of Section 215.”
The USA Freedom Act was supposed to end bulk surveillance of Americans. It amended Section 215 to replace the highly controversial bulk telephone metadata collection program with a much narrower authority for collecting “call detail records” (CDRs). CDRs consist of metadata that show “session-identifying information” for which phone numbers or other identity numbers are contacting which other numbers and when. The new Section 215 CDR program authorizes collection of the same type of metadata as the former bulk collection program, but the program is narrower than the previous one in several respects. Most significantly, the government can no longer collect all the CDRs generated by any communications providers in bulk. Rather, the telephone metadata is stored by providers, and the government can only obtain calling records associated with particular targeted numbers that have been approved by the FISA Court. As explained further below, the government now sends its “query” terms to the providers and they run the queries in their databases and send back the query results.
But even with the providers holding the data and conducting the queries, the replacement CDR program still permits the government to collect vast amounts of data, including the calling patterns of people who are not suspected of any wrongdoing. What’s more, a series of recent disclosures indicates that the new program is no more valuable than the ineffective former bulk collection program that it replaced. These revelations should demonstrate to Congress that as the December 2019 sunset date for Section 215 approaches, it should start by carrying out the promise of the USA Freedom Act, by eliminating the CDR program and truly ending bulk collection of Americans’ records.
In a recent piece, Susan Landau explains how changes in technology and in the communications practices of key terrorist groups have decreased the value in collecting CDRs. I fully support her implied conclusion that the current Section 215 CDR program is not worth the effort for the government. But, I want to expand upon and suggest important adjustments to some of her points, partly based on my experience serving on the skeletal staff that supported the Privacy and Civil Liberties Oversight Board (PCLOB) in its examination of the former telephone records program, and its Report on Section 215. Ultimately, I urge that Congress should terminate the current CDR program, based on both its ineffectiveness and its privacy intrusiveness.
The new Section 215 CDR program is no more valuable than the ineffective bulk collection program that it replaced
In assessing the counterterrorism value of the current program, it is important to be clear that the former bulk collection program was never effective. Landau correctly recounts that the Intelligence Community had cited 54 cases in which they claimed that the Section 215 program or the program under Section 702 of FISA were valuable, and that the PCLOB’s review found that only a single terrorist suspect was identified by the bulk phone records program. But the report’s conclusions were even more striking. It clarified that of the 54 cases cited by the government, only 12 involved the use of the Section 215 program – the remainder involved Section 702 of FISA. After examining seven different metrics for efficacy, the PCLOB concluded that:
[W]e have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack. And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. In that case, moreover, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program.
All publicly available evidence suggests that the new CDR program has not been any more valuable to U.S. counterterrorism efforts. As Landau also recounts, in June 2018, the NSA announced that it had experienced “technical irregularities” in some collected CDRs and this had caused the NSA to receive CDRs it was not entitled to collect. The NSA was unable to separate out the valid CDRs, and therefore the agency chose to delete the entire database of CDRs collected since the new program began in late 2015.
While the NSA should be commended for deciding to delete the improper records and for its transparency regarding this decision, there have been no indications that the deletion of the database interfered with U.S. counterterrorism efforts. Further, despite stating in its June press release that the “root cause of the problem has since been addressed for future CDR acquisitions,” shortly thereafter, the NSA secretly decided to suspend the program. The NSA recently confirmed that they are re-evaluating the future of the program, further demonstrating its questionable utility.
The impact of changing technology
Landau also states that terrorist operatives are now more likely to use encrypted chats for communications rather than calls, and encrypted chats “do not leave CDRs in their wake.” I’m not sure whether the second part of this statement is accurate. From a legal perspective, encrypted messaging may leave behind CDRs, since the USA Freedom Act definition refers to “session-identifying information” and does not explicitly preclude coverage of records showing the participants in, and time of, encrypted chats. As a practical matter, we do not have public information on whether the government has sought such records from companies that provide encrypted messaging services. Terrorist operatives also may use foreign messaging services that are beyond the reach of U.S. government Section 215 orders.
But even if the current program enables the collection of CDRs for encrypted chats, Landau’s further point remains that changes in technology, the shift to a broad cellular marketplace, and the “complexities” of systems that connect phone users can lead to significant difficulties in conducting the CDR collection program. David Kris has also cautioned that the program may be too complex to be sustainable.
There is no justification for the substantial privacy threats still posed by the current Section 215 CDR program
If a surveillance program is not effective, there is no justification for any intrusions on privacy rights. As noted, publicly available evidence indicates that the current CDR program is not valuable to the Intelligence Community, but it still threatens privacy. To appreciate this point, it helps to recall how the former bulk phone records program operated. Under that program, the government obtained orders from the FISA Court to compel various phone companies in the United States to hand over all their CDRs on an ongoing basis. The NSA would then “query” the massive CDR database to conduct “contact chaining,” assessing who was talking to whom and when, and building out networks. First, a designated NSA official would determine there was “reasonable, articulable suspicion” (RAS) that an initial “seed” number was “associated with” a terrorist organization. Analysts would then input that approved seed into the database. They would get back all CDRs of calls to or from that seed (numbers in contact with the seed are the “first hop”), records of all calls to or from all first hop numbers (out to the “second hop”), and records of all calls to or from second hop numbers (“third hop”).
This bulk collection and contact chaining provided detailed portrayals of patterns of daily life. As the PCLOB’s Report on Section 215 found, the “aggregation of numerous calling records over an extended period of time can paint a clear picture of an individual’s personal relationships and patterns of behavior. This picture can be at least as revealing of those relationships and habits as the contents of individual conversations – if not more so.” And, as I have argued previously, under the Supreme Court’s subsequent decision in Carpenter v. United States, this extensive and highly intrusive collection would violate the Fourth Amendment because when collected in bulk, phone metadata can reveal the “privacies of life” as much as the cellphone location information at issue in Carpenter.
The USA Freedom Act provided several key reforms to Section 215 designed to prohibit bulk collection and to replace the program with a narrower authority for ongoing collection of CDRs. First, the Act added a requirement that for all Section 215 applications for business records (not just for CDRs), the government must use a “specific selection term” to identify the records it seeks. For call detail records, this means “a term that specifically identifies an individual, account, or personal device.” Although, as noted below, the definition is broader for other types of business records, this limit should prevent any bulk collection of records resembling the former bulk phone records program. Second, communications companies now store their CDRs rather than sending them all to the NSA. Third, the FISA Court must now approve each seed number and find there is “reasonable, articulable suspicion” (RAS) that the selection term is connected to international terrorism. Fourth, under the new program, the providers run the “queries” for the NSA and then send back the query results. The NSA sends an approved seed number to providers and gets back all the CDRs for the seed number (first hop), plus all the CDRs for the second hop, on an ongoing basis for up to 180 days. The program does not include a third hop.
Despite these reforms, the NSA has collected vast amounts of data under the new CDR program. The Intelligence Community’s 2018 Statistical Transparency Report revealed that during calendar year 2017, there were 40 targets for orders to obtain CDRs, but 534,396,285 CDRs were collected. Although the government has explained that there is some duplication in counting because it may receive the same record multiple times from different providers, that is still an incredible amount of records for a program that was supposed to replacebulk collection.
More significantly, since the current program still permits two “hops,” this means the NSA can collect the complete calling patterns for a 180-day period for any phone number that has been in touch with a targeted number, without any RAS determination on these first hop numbers. Thus, the NSA can obtain all the CDRs for numerous people who are not suspected of any wrongdoing. Although the current program has eliminated the third hop and the government must adopt minimization procedures that impose some limits on its retention of the CDRs it collects, the program still permits the NSA to obtain information showing the associations and patterns of activity of many people beyond their RAS-approved targets.
Congress should end the Section 215 CDR program. There is no justification for reauthorizing an ineffective program that can collect massive amounts of revealing information about people who are not suspected of wrongdoing. Moreover, to ensure that there can be no more bulk collection under Section 215, at least one further reform is needed. The definition of “specific selection term,” which applies to business records other than CDRs, also includes the ambiguous and overbroad phrase “or any other specific identifier.” The government has not publicly explained what type of identifier it would need beyond the definition’s list of “a term that specifically identifies a person, account, address, or personal device,” and the vague and malleable “any other” clause creates risks of abuse. Congress should delete that phrase.
As Congress debates reauthorization of expiring Patriot Act provisions, there are many other reforms it should enact, including adding limits to prevent discriminatory targeting and expanding the authority of the “amicus” in the FISA Court to access materials and seek appeals. But, as a first step, Congress should fulfill the promise of the USA Freedom Act to end bulk collection of Americans’ records.
IMAGE: The National Security Agency (NSA) headquarters at Fort Meade, Maryland, as seen from the air, January 29, 2010. SAUL LOEB/AFP/Getty Images.