Bill Belichick often implores his players to “ignore the noise.” Unfortunately, the noise surrounding this summer’s disclosures about the intelligence gathering activities of the U.S. government (“USG”) has obscured their significance. For while there remain normative legal questions on which reasonable people may disagree about data collection pursuant to Sections 215 and 702 of the Foreign Intelligence Surveillance Act (“FISA”), as amended, the portrayal of the USG’s actions as flagrantly illegal and constitutionally inimical is a false narrative. A closer examination of the authorities on which these activities are based has the effect of blocking out the noise, eschewing feigned indignation for purposeful debate and uncovering the questions whose answers over time will become both more pressing and more elusive.
The first of former NSA contractor Edward Snowden’s disclosures revolved around the collection of business records metadata (“BR metadata”) from telecommunications providers pursuant to a Foreign Intelligence Surveillance Court (“FISC”) order. BR metadata refers to descriptive information – such the duration of a call and the telephone numbers of its parties – that does not reveal the content of any communications. This order was neither individualized nor particularized; instead, it compelled Verizon to produce metadata for all of its customers. The authority for such broad collection derives from Section 215 of the USA PATRIOT Act of 2001 (“§215”), which amended FISA by empowering the FISC to grant “an order requiring the production of any tangible things…for an investigation to obtain foreign intelligence information…” Beyond vague auguries of an Orwellian demise, there are two questions that are essential to evaluating the the validity of §215’s current use and future operation.
1. Is the executive’s interpretation of §215’s relevance standard consistent with Congress’s intent?
The USG’s collection of business records has effectively “separate[d] search from seizure,” with metadata being collected in bulk but not queried unless a reasonable, articulable suspicion (“RAS”) has been demonstrated and confirmed. Whereas current procedures necessitate a RAS to believe the tangible things sought “are relevant to an authorized investigation,” from 2001 to 2006 the statute required only that they “are sought for an authorized investigation.” While subtle, this shift is critical: for how can every Verizon customer’s metadata be relevant to a foreign intelligence or international terrorism investigation? Indeed, at a July hearing of the House Judiciary Committee, multiple members indicated that Congress enacted this change to rebuke overinclusive collection.
While privacy advocates content that to posit the relevance of every American’s metadata “…is to deprive the word ‘relevance’ of any meaning,” there are legitimate reasons for asserting such a broad standard. As noted in the administration’s recently released White Paper on §215, courts have held in various contexts that even repositories of records were relevant because, inter alia, “…searching the entire repository is the only feasible means to locate the critical documents.” Under this logic, the standard is indeed satisfied, since the entire ‘haystack’ of metadata is reasonably required to identify the ‘needle’ of a foreign terrorist threat. Feasibility confers necessary elasticity as a limiting principle, capable both of maintaining a key counterterrorism tool’s effectiveness and recalibrating the acceptable privacy intrusion therein according to changing capabilities. If legislators are unsatisfied with this judicially scrutinized interpretation, though, it is incumbent on them to embed more explicit restrictions on BR metadata production (which they did not do during §215’s 2011 reauthorization and failed to do with the post-disclosure Amash Amendment).
2. Should the “third party doctrine” be reconsidered in light of modern communications technology?
Its legitimacy notwithstanding, the third party doctrine – which provides the preeminent constitutional justification for warrantless metadata collection – is predisposed toward anachronism. Building on the landmark case Katz v. United States‘s holding that the Fourth Amendment’s warrant requirement extends only to those cases in which individuals maintain a “reasonable expectation of privacy,” the Supreme Court ruled in United States v. Miller that records voluntarily disclosed to third parties did not confer such an expectation. The Court further extended this logic to telephony metadata specifically in Smith v. Maryland, holding that the installation of a pen register did not constitute a search within the meaning of the Fourth Amendment. In this way, the Court has consistently made a distinction between content and non-content, judging the former to fall within the warrant requirement and the latter to fall outside of it. The constitutional permissibility of collecting BR metadata is thus well established as a matter of current law.
The third party doctrine was crafted decades ago, however, under vastly different circumstances. As modern communications technology aggrandizes the scope of records voluntarily disclosed to third parties; renders them more revealing; and augments the USG’s ability to access them, the correlation between business records and non-content – and thus, the content/non-content distinction upon which the third party doctrine is constructed – grows threatened. For example, the USG has repeatedly denied that it compels telecommunications companies to include GPS locational information in their production of business records. However, the Fifth Circuit recently held that such information was in fact a business record and, consequently, compelling its warrantless production was not per se unconstitutional.
The Court’s 2012 decision in United States v. Jones is further illustrative of this tension between technological innovation and §215’s purpose and operation. The physical trespass involved proved dispositive to the Court’s analysis, so it did not reach the question of whether a person’s movements possessed a reasonable expectation of privacy when obtained through GPS information retained as a business record (rather than through the direct attachment of a GPS monitor). Nevertheless, Justice Sotomayor’s concurrence emphasized the growing obsolescence of the third party doctrine. “…[W]hatever the societal expectations,” she writes, “[internet browsing history, e.g.] can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy.” One cannot reasonably fault the executive for making use of a power that has been granted by Congress and scrutinized by the FISC. However, as Justice Sotomayor does in Jones, it is quite reasonable to question whether these branches should re-circumscribe the boundaries of that authority according to modern capabilities.
ADDENDUM:
Yesterday, the USG declassified another series of documents that confirmed previously alluded to compliance problems with §215. Specifically, they reveal that in 2009 the FISC was informed of a misrepresentation in metadata handling techniques by the Justice Department; determined such techniques were violative of RAS querying rules; and imposed stricter controls until compliance was achieved. (More to come when Ignoring the Noise takes on FISC oversight).
RT @BrownBPR: From Dan Duhaime: “Ignoring the Noise, Part I: Section 215 of the PATRIOT Act” http://t.co/yhptglY5CW