Since I first wrote about the U.S. government’s (“USG”) bulk collection of telephony metadata in September, public understanding of the program has changed dramatically. Dozens of opinions, orders and thousands of pages of court and oversight documents have been declassified (perhaps to preempt other disclosures), offering new details about the inception and operation of bulk metadata collection programs under the Bush and Obama administrations. Two federal judges — one in the District of Columbia and another in the Southern District of New York — have reached alternate conclusions about the telephony program’s legality and Fourth Amendment reasonableness, potentially setting the stage for future Supreme Court review.
President Obama delivered a much hyped speech on surveillance reform at the Justice Department, in which he declared an end to the program “as it currently exists” while largely deferring to Congress the substantive contours of such a transition. While the President did embrace some substantial changes (such as a more adversarial Foreign Intelligence Surveillance Court process and ex ante judicial review of querying terms to determine whether they satisfy the reasonable articulable suspicion (“RAS”) standard), he rejected many of the more fundamental changes recommended by an independent executive branch agency charged with overseeing the privacy interests of Americans. In the report, a majority of the agency declared the program statutorily inadequate and constitutionally unreasonable.
Recall that §501 of the Foreign Intelligence Surveillance Act, pursuant to which the telephony metadata program currently operates, was initially enacted as §215 of the PATRIOT Act. While its progenitor, operating from 1998 to 2001, authorized particularized collection at certain facilities or common carriers, the post September 11 iteration empowered the FISC to grant “an order requiring the production of any tangible things” for an investigation to obtain foreign intelligence information or protect against international terrorism. Though it did undergo further broadening in scope until its current language came into force in 2006, it is true that §501 did not initially operate to authorize bulk collection after periodic ex ante scrutiny by the FISC. Instead, bringing bulk metadata collection under the FISC was a response of executive branch lawyers to internal dissension about the lawfulness of the Terrorist Surveillance Program’s (“TSP”) bulk collection programs. The first and greatest source of controversy was the collection of electronic communications or Internet metadata, which eventually was brought under the auspices of the FISC through a separate provision of FISA before being discontinued for operational reasons by the Obama administration in 2011. (In 2004, then Assistant Attorney General and current FBI Director James Comey was part of a dramatic hospital standoff after which he and the largest contingent of cabinet officials ever threatened to resign, on the grounds that the TSP’s bulk electronic metadata program could no longer continue under Article II alone and in disregard of FISA).
The second, and the object of the first Snowden disclosure, was the bulk collection of telephony metadata from telecommunications providers. The Department of Justice first linked §501 to bulk metadata collection in a 2006 memorandum it filed before the FISC. From a statutory perspective, detractors have two primary criticisms. First, the program actually operates by putting providers under a legal obligation to furnish records produced in the future, regardless of whether the relevant account existed at the time of the FISC’s ninety-day authorization. This could be read to contradict with the statute’s already expansive authority to make an application for the production of “any tangible things.” Second, among other things, §501 requires that there be reasonable grounds to believe an acquisition is “relevant to an authorized investigation,” that is one to obtain foreign intelligence information not concerning a U.S. person or to protect against international terrorism.
Critics argue that virtually all of Americans’ telephony metadata cannot possibly be relevant to any such investigation. Alternatively, the DOJ has argued that since all records are needed for sufficiently inclusive intelligence contact-chaining — the initial impetus for the program, as such a capability would have allowed the USG to discern that one of the September 11 hijackers was already in the United States when he communicated with a known terrorist-affiliated number in Yemen — they are, in fact, all relevant to an authorized investigation. As one member of the Privacy and Civil Liberties Board articulated, however, from a statutory perspective relevance is hardly the most apposite legal concept for a program authorizing the bulk collection of anything. This is further complicated by recent reports that telephony bulk metadata acquisition in practice only constitutes about 20-30% of what the FISC authorizes. While it may not disturb the soundness of the legal rationale — insofar as an encapsulating definition of relevance remains fixed to the purpose of an international terrorism investigation — this revelation is quite inculpatory from a policy perspective. Whereas in September, I explained the operative analogy of needing the entire ‘haystack’ to find the ‘needle’ of a terrorist threat, the bulk telephony program actually operates by searching for such a needle in less than a third of that haystack.
Of course, §501 is also subject to the constitutional constraint of Fourth Amendment reasonableness. As my previous article explained, justifying the warrantless, programmatic bulk collection of metadata relies on the “third party doctrine.” Because records voluntarily disclosed to third parties possess no reasonable expectation of privacy, the logic goes, the Fourth Amendment’s warrant requirement is inapplicable. However, when the Supreme Court in 1979 initially recognized the legality of collecting metadata without a warrant, it did so in the context of the comparatively rudimentary pen register. Today, however, metadata is increasingly prevalent and revealing. Last year, the Fifth Circuit held that the third party doctrine governed the collection of GPS locational information from cell phones. And just last week, a federal district judge in Texas ruled that the metadata embedded in photos posted online carried no such expectation either.
As Justice Sotomayor and Alito’s concurring opinions from United States v. Jones most notably recognize, these technological developments have the capacity to change which expectations of privacy society is prepared to consider reasonable. Recognizing the doctrine is “ill suited to the digital age, in which people reveal a great deal of information to third parties in the course of carrying out mundane tasks,” Justice Sotomayor’s concurrence in particular warned it would be necessary to “reconsider the premise” of the doctrine that “treats secrecy as a prerequisite for privacy.” This recalibration is exactly what has been taking place in the district courts: while one continued to abide by that controlling 1979 Supreme Court decision, Smith v. Maryland, another abandoned it on the grounds that its content/non-content distinction no longer held in the digital age. In a way, Judge Leon’s opinion in Klayman v. Obama enjoining the telephony metadata program was inappropriate, casting aside unequivocally controlling precedent to decide questions of law anew for the appellate courts. On another level, though, this is simply what district court judges do: mix it up, at least until repudiated by a higher authority. As this process of recalibration continues in each of the coordinate branches, privacy-concerned citizens should take solace in their agency. For no matter how indirectly, it is important to remember that societal expectations ultimately govern privacy expectations and thus, how the Fourth Amendment’s protections evolve to meet changing circumstances.