Debate: Metadata and the Fourth Amendment

This post is the first in a series of posts from Just Security‘s Jennifer Granick and Guest Author Orin Kerr debating the constitutionality of the NSA’s telephony metadata program.  Be sure to check back later today for a response from Orin Kerr.

In June, Americans learned that the United States National Security Agency (NSA) collects records and maintains a database of essentially all our international and domestic phone call records from the past five years. The Bush and Obama Administrations asserted that the Fourth Amendment does not protect Americans from mass collection and/or analysis of these phone records, and the Foreign Intelligence Surveillance Court (FISC), which has authorized the phone records collection program since 2006, agrees.

This view is wrong. The very purpose of the Fourth Amendment was to abolish indiscriminate exercise of government investigatory power against innocent individuals. A recent Supreme Court case considering GPS technology, which could be used for indiscriminate surveillance, held that the Fourth Amendment regulates its use.  Finally, the 1979 case of Smith v. Maryland, which the government and FISC use to justify the phone records program, is qualitatively and quantitatively different from the collection of sensitive information here, which reveals Americans’ relationships with doctors, lawyers, religious counselors, political organizations, friends, and family, even though we have engaged in no criminal activity and pose no threat to the national security.

First, some background: Starting in 2006, the NSA has obtained orders from the FISA Court or FISC under Section 215 of the USA Patriot Act, ordering telephone companies to provide it with this information, including “all call detail records or ‘telephony metadata’” which is “comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile Subscriber Identity (IMSI) number, International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier, telephone calling card numbers, and time and duration of call.” (2006 Order). The FISA court then allows NSA analysts to query the database of these numbers, using seed telephone numbers or other telephone identifiers which analysts have reasonable suspicion to believe are associated with particular terrorist activity.  The queries include “contact chaining” or hops, looking at numbers one, two or three steps removed from the suspicious identifier. Despite the FISC order limiting queries of the database to only approved identifiers, the NSA violated the restrictions from the get-go. (January 28, 2009 FISC Order Regarding Notice of Compliance Incident Dated January 15, 2009).

The government has said that this program does not violate the Fourth Amendment because of Smith v. Maryland (1979), where the Supreme Court found no constitutionally -protected reasonable expectation of privacy in phone numbers dialed.

General Warrants and the Purpose of the Fourth Amendment

This view ignores the first principles of the Fourth Amendment. Collecting narrow information about a single person is not constitutionally equivalent to mass surveillance of revealing data about every person. Rather, the Fourth Amendment was written for the very purpose of ending suspicionless surveillance.  It was enacted in response to general warrants and writs of assistance characteristic of the British and colonial eras.  These legal orders authorized dragnet searches rather than targeted searches based on justifiable suspicion.  Colonists hated these devices, calling them an instrument of arbitrary power, and an offense to contemporaneous notions of liberty.

Thus, the Founding Fathers wrote that in the new Republic, “no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized”. Existing appellate cases may not prove that indiscriminate collection of data on hundreds of thousands of innocent people is per se unconstitutional, but that’s because we haven’t had a lot of litigation about bulk information collection yet.  The practice is relatively new, and top secret.

But the very fact that a collection program impacts so many innocent people means the Fourth Amendment question is both important and hard.  As Judge Richard Posner wrote in U.S. v. Garcia in 2007:

 Technological progress poses a threat to privacy by enabling an extent of surveillance that in earlier times would have been prohibitively expensive. Whether and what kind of restrictions should, in the name of the Constitution, be placed on such surveillance when used in routine criminal enforcement are momentous issues that fortunately we need not try to resolve in this case.

Smith v. Maryland Doesn’t Resolve the Question.

The time for those “momentous issues” has come.  But one thing we can be sure about, these novel matters were not decided way back in 1979 in Smith v. Maryland.  Narrow information collection about a single person is not constitutionally equivalent to bulk collection of the phone records every person. Indeed, no Supreme Court Fourth Amendment case authorizes any mass surveillance technique.

Nor has the Court categorically held that the government is free to collect any and all collection of information that we might make freely available to third parties. To the contrary, in United States v. Jones (2012), the Supreme Court considered long-term recording and aggregation of location information from a GPS device police warrantlessly installed on a suspect’s car.  The government had argued that use of the device was not a search because it only revealed information the defendant already disclosed to others—the location of his vehicle on the public roads.

The Court unanimously rejected this argument, though for different reasons.  The majority held that attaching a GPS-tracking device to a vehicle and using the device to monitor the car’s movements over a period of twenty-eight days was a Fourth Amendment “search” because it interfered with the defendant’s property interest in the car. In two concurring opinions, five Justices concluded that the surveillance “impinge[d] on expectations of privacy.” (United States v. Jones)

Justice Sotomayor explained:

 GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations. The Government can store such records and efficiently mine them for information years into the future. And because GPS monitoring is cheap in comparison to conventional surveillance techniques and, by design, proceeds surreptitiously, it evades the ordinary checks that constrain abusive law enforcement practices: limited police resources and community hostility.

These observations are equally true of the NSA’s phone tracking program.

This Program of Mass Surveillance is More Invasive Than The GPS Tracking in Jones and Wholly Unlike the Pen Register in Smith v. Maryland

The surveillance at issue in this Section 215 program is both deeper and broader than in Smith. Smith v. Maryland approved warrantless collection of phone numbers dialed by a single suspect over a short period of time.  There, the pen register collected only numbers dialed.  The information did not reveal “whether a communication existed …, the purport of any communication between the caller and the recipient of the call, their identities, nor whether the call was even completed”.

Here, the call detail records explicitly include time and duration of call, unique identifying numbers (IMSI and IMEI), the “trunk identifier” which reveals where the call entered the telecommunications system, and thus the caller’s location, with an unknown degree of precision. Certain telephone numbers are used for a single purpose: rape crisis, addiction or suicide hotlines, for example.  A thirty minute call to one of these numbers reveals the subject of the call. Similarly, dialing a priest, a criminal defense lawyer, or a marriage counselor reveals private facts about the caller.

The phone records program is also far broader than that in Smith, collecting call information for five years on, well, everybody.  This data creates a picture of Americans’ private interactions, that reveals our social networks, our friends’ identities, the strength of our relationship (how frequently and at what times of day we talk) and whether feelings are mutual (if you are calling him every time, then he’s just not that into you).

The difference in quantity and detail means the Section 215 surveillance is of a different, far more invasive nature, than that approved in Smith.

Telephone Customers May Have No Reason To Believe Their Phone Company Either Collects or Reveals The Call Detail Records Information

One of the grounds for the Smith decision was that customers had no reasonable expectation of privacy in phone numbers they dialed. That is because customers typically know that their service provider obtains and records this information for a variety of “legitimate business purposes”, including billing.

While it may be obvious that phone companies have the numbers I dialed, the average consumer has no idea what a trunk identifier, IMEI or IMSI is, or that the phone company keeps time and duration records for toll free calls.

And, while statutory rights do not define constitutional ones, the public’s expectation of privacy in these kinds of records is the reason behind laws that prohibit telecom providers from selling call detail records to marketers or other businesses without our approval.

Orin has said that if obtaining pen register information on one user is not a search, then obtaining the equivalent of that pen register information for even millions of users is still not a search. To the contrary, the relationship of general warrants to the adoption of the Fourth Amendment must inform the definition of “unreasonable searches and seizures” as well as the proper scope of warrants. To do so requires a far narrower leap than that over the chasm between Smith v. Maryland and the phone records program we are subject to today. 

About the Author(s)

Jennifer Granick

Surveillance and Cybersecurity Counsel at the ACLU's Project on Speech, Privacy and Technology Follow her on Twitter (@granick).