What the NSA phone-records grab means — and doesn't mean
On Wednesday evening, The Guardian's Glenn Greenwald published a top-secret court order telling Verizon to turn over metadata on millions of business customers — length of calls, phone numbers of both parties, phone-specific identification information, and probably proximate call location, but not the content of calls — to the National Security Agency for three months, from April 25 until July 19, on a daily basis.
This is a big deal, Greenwald says, because it "shows for the first time that under the Obama administration the communication records of millions of U.S. citizens are being collected indiscriminately and in bulk — regardless of whether they are suspected of any wrongdoing." It appears, Greenwald adds, to be a continuation of the type of data-mining operation secretly authorized by George W. Bush in October 2001, exposed in 2006, to great furor, then made legal by Congress in 2008.
We don't know much about how the NSA and other spy agencies work, since their rules are classified. But here's what we know — and think we know — about this potential bombshell of a leak:
The NSA can do this — legally?
The short answer is: Yes, probably. Section 215 of the 2001 Patriot Act gives the federal government broad authority to demand a number of "tangible things," including phone records, from telecommunications firms, as long as the Foreign Intelligence Surveillance Court (FISC) agrees they are "relevant" to a national security investigation.
Civil liberties and privacy groups have been arguing that the federal government is misinterpreting the law. "This confirms what we had long suspected" since at least 2006, Cindy Cohn of the Electronic Frontier Foundation tells The Washington Post. "Section 215 is written as if they're going after individual people based on individual investigations.... There's no way all of our calling records are relevant to a terrorism investigation."
There are a few important caveats here, says Orin Kerr at The Volokh Conspiracy. First, the law "says that the 'things' that are collected must be relevant to a national security investigation or threat assessment, but it says nothing about the scope of the things obtained." It would be "surprising — and troubling" — if the Obama administration is counting whole phone-log databases as a "thing," but that's the larger problem: Figuring out what this court order means. "While this is potentially a huge story," Kerr says, "we don't yet have substantial certainty that the facts are what they have been reported to be."
The Guardian has the FISC order but was unable to get anyone to say anything about its context. I don't think we yet know if this 3-page order is what it appears to be, or if there is some other document that may reveal limitations not clear from the 3-page order. Note that the order is titled "Secondary Order," which presumably means that there is a primary one that it follows; we don't know what that order said. [Volokh Conspiracy]
The other big question mark, says Marc Ambinder at The Week, is why the FBI sought the information.
The language [in the law] doesn't rule out such bulk disclosures, but it suggests that the FBI or NSA has to provide the FISC with a good reason for doing so. The court finds that an undefined "application" from the FBI satisfies that Patriot Act provision... [but] we don't know what application the FISC order responds to. [The Week]
Let's be clear, says Joshua Foust at his blog. "The NSA, despite the broad nature of its warrant request, did nothing illegal, and the supposed illegality of the FISC procedure has not been demonstrated."
Who's affected by the data culling?
The court order is aimed at all customers of Verizon Business Network Services. That is "one of the nation's largest telecommunications and internet providers for corporations," say Charlie Savage and Edward Wyatt in The New York Times. "It is not clear whether similar orders have gone to other parts of Verizon, like its residential or cell phone services, or to other telecommunications carriers."
Previous reporting, says Greenwald in The Guardian, "has suggested the NSA has collected cell records from all major mobile networks." Martin Longman at Booman Tribune speculates that the same is true here: "Since this is a leaked court order, I think we can safely assume that all the other phone carriers received a court order, too."
Who authorized the phone-log haul?
Roger Vinson, a senior federal judge on the Foreign Intelligence Surveillance Court (FISC). Before this order was made public, Vinson was perhaps most famous for ruling that the ObamaCare individual mandate to buy insurance is unconstitutional — a decision not upheld by the Supreme Court.
Funny how things work out: The Tea Party hero who struck down Obamacare also authorized the NSA Verizon warrant. twitter.com/nycsouthpaw/st…
— southpaw (@nycsouthpaw) June 6, 2013
Under the Patriot Act, such NSA requests can be approved by either a FISA court judge or "a United States Magistrate Judge under chapter 43 of title 28, United States Code, who is publicly designated by the Chief Justice of the United States to have the power to hear applications and grant orders for the production of tangible things under this section on behalf of a judge of that court."
Was this a one-off thing?
We don't know. But an unidentified "expert in this aspect of the law" tells The Washington Post that this order appears to be, as the Post puts it, "a routine renewal of a similar order first issued by the same court in 2006."
The expert, who spoke on the condition of anonymity to discuss sensitive issues, said that the order is reissued routinely every 90 days and that it is not related to any particular investigation by the FBI or any other agency. The expert referred to such orders as "rubber stamps" sought by the telephone companies to protect themselves after the disclosure in 2005 that widespread warrantless wiretaps could leave them liable for damages. [Washington Post]
"My own understanding," says Ambinder at The Week, "is that the NSA routinely collects millions of domestic-to-domestic phone records."
It does not do anything with them unless there is a need to search through them for lawful purposes. That is, an analyst at the NSA cannot legally simply perform random searches through the stored data. He or she needs to have a reason, usually some intelligence tip. That would allow him or her to segregate the part of the data that's necessary to analyze, and proceed from there.
In a way, it makes sense for the NSA to collect all telephone records because it can't know in advance what sections or slices it might need in the future. It does not follow that simply because the NSA collects data that it is legal for the NSA to use the data for foreign intelligence or counter-terrorism analysis. [The Week]
Why is everyone making such a big deal of this?
The idea that the government is spying on its own citizens is kind of creepy. It's important to note that this isn't wiretapping, and "this sort of fishing expedition can sometimes be useful to counter-terrorism," says Juan Cole at Informed Comment, "but fishing expeditions into private papers and records are a violation of the U.S. constitution," and a recipe for all sorts of potential political abuses.
The government should only be allowed to see private information if there is reasonable cause to think something illegal is going on. Going looking into private records to see if patterns emerge that suggest illegality is the action of a totalitarian government, not a democratic one. The USA Patriot Act was a Sovietization of American law and practice and 2001 was year one of the fall of the Republic, when the Fourth Amendment and aspects of the First Amendment were abrogated. [Informed Comment]
In fairness, "the government can't keep this information forever, nor can they share information on a willy-nilly basis," says Booman Tribune's Longman. "And it's too much information for them to look at without running it through sophisticated computers."
Those computers aren't looking to see if you're cheating your business partner or fooling around on your husband. But this is concerning nonetheless, because they're using a provision of a law that is supposed to allow the government to snoop on business records in certain defined circumstances to sweep up every electronic communication in the country. [Booman Tribune]
Who's to blame?
The Obama administration, for one. On Thursday, a senior administration official confirmed that the government is vacuuming up massive amounts of phone logs, arguing that such data collection is "a critical tool in protecting the nation from terrorist threats to the United States."
If you're upset about the government possibly knowing who you call and when, you could also blame the FISC judges who sign off on the data sweeps. But if you really want to nail someone, look to your senator or congressman, says Joshua Foust. "All of the opprobrium you should feel at the government's ridiculously broad surveillance powers needs to be directed at CONGRESS, which keeps approving them while voting they stay secret."
Congress voted to legalize expansive surveillance powers in 2001 (The USA Patriot Act), 2008 (retroactive immunity for warrantless NSA wiretaps in the FISA Amendments Act), and in 2012 (renewing the FISA Amendments Act). Congress declined to force administration transparency/honesty on secret interpretations of the law in 2001 (USA Patriot Act), 2008 (NSA immunity), 2011 (the [Sen. Ron] Wyden amendment to the NDAA, which would have required interpretations not be secret) & 2012 (the similar [Sen. Jeff] Merkley amendment to the NDAA). Those last two actually got voted down, which means Congress voted to enable secret government legal interpretation. [Joshua Foust]
What's the fix?
Sen. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) — both on the Senate intelligence committee — have been publicly urging the Obama administration to lay out its interpretation of Section 215 of the Patriot Act for at least a year. "As we see it, there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows," they wrote in a letter to Attorney General Eric Holder. "This is a problem, because it is impossible to have an informed public debate about what the law should say when the public doesn't know what its government thinks the law says."
Other people, like Juan Cole, want the Patriot Act — or as he calls it, "the most un-American and anti-patriotic piece of legislation since the Alien and Sedition Act" — repealed, or at least greatly scaled back. This data reaping is "astonishing and appalling on many levels," says Andrew Kirell at Mediaite, but it is not surprising in post-9/11 America.
This latest example of Obama overreach is sure to rankle the feathers of conservatives.... While many of these same conservatives were rah-rah'ing the expansion of the NSA and United States Foreign Intelligence Surveillance Court during the Bush years, it is a pleasant change to see them finally care about FISA. Welcome aboard. Now it's up to the liberals who rightly lauded Obama's anti-FISA stance in 2008 to swallow their pride as well and take a stand against this administration's overreach, despite what they might see as partisan opportunism coming from the right.
As the last 13 years have proven, regardless of who is in the White House the security state will continue to expand. And it will take some hypocrisy on both sides to finally end it. [Mediaite]
This data-mining could be "Orwellian," or it could be narrower than we think, says Ambinder. "Unfortunately, we don't know precisely what the NSA can do because its rules are highly classified." At the very least, "this disclosure will hopefully force the government to clarify the rules it uses to actually analyze the data it collects."