Is the NSA’s Collection of Phone Records a Scandal?

Since the Guardian revealed a court order under which the National Security Agency is collecting telephone call data from Verizon, there have been howls of protest from some observers–Al Gore, Rand Paul and the New York Times editorial board, to name a few. But is there anything scandalous about the NSA data collection, or is it just business as usual?

Two preliminary observations: First, as John Nolte notes, the major American media have not broken the news of any of the major Obama administration scandals (assuming for the moment that this counts as one). Now, that is a scandal!

Second, the specific order that came to light relates to Verizon, but presumably other telecom companies are subject to similar data collection efforts. Not only that, the NSA could carry out analogous data collection with respect to emails and possibly other sorts of transactions, e.g. banking and credit cards, which could raise different privacy issues.

So, is this a good thing or a bad thing? No one is claiming it is illegal; the administration has an order from a FISA court. Further, the specific order that the Guardian disclosed is reportedly a continuation of a series going back to 2003, so the Obama administration–here, as in so many other instances–is carrying out the same Bush administration anti-terror practices that Obama denounced when he was a candidate.

The touchstone of the Fourth Amendment, which protects against unreasonable searches and seizures, is the reasonable expectation of privacy. If we say something in an elevator, we can’t complain if someone overhears it: we have no expectation of privacy, and there is no “search.” On the other hand, if we talk over the telephone, we assume that no one is listening in. As to the content of our telephone conversations, we clearly do have a reasonable expectation of privacy.

But how about the fact that we make a phone call to a particular number? As James Taranto notes, the Supreme Court held in Smith v. Maryland in 1979 that such data about the phone calls we make is not protected:

Given a pen register’s limited capabilities . . . petitioner’s argument that its installation and use constituted a “search” necessarily rests upon a claim that he had a “legitimate expectation of privacy” regarding the numbers he dialed on his phone.

This claim must be rejected. First, we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must “convey” phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills.

It strikes me that the distinction drawn by the court in Smith is an appropriate one. If the government wants to troll through records of telephone calls to look for patterns that may be relevant to a terrorism investigation, fine. But if it wants to eavesdrop on a conversation, then it has to identify a particular person and convince a court that the probable cause standard is satisfied.

Of course, one can imagine ways in which such a vast collection of data could be misused. But that risk is easy to overstate. It is not as though we are counting on the government not to “peek”: the data collected from companies like Verizon contains nothing at all about the contents of any conversation. So I don’t see the Verizon data collection in itself as especially problematic.

The more interesting question is whether government agencies are using different technologies to capture, not just metadata about communications, but the content of the communications themselves. It has been widely reported over a period of years that the NSA is able to intercept any cell phone or email communication world-wide, but to my knowledge, the exact scope of these capabilities has not been confirmed. A month ago, without drawing much notice, the Guardian claimed that the content of all domestic phone calls is somehow recorded and stored, and can be retrieved by law enforcement authorities:

On Wednesday night, [Erin] Burnett interviewed Tim Clemente, a former FBI counterterrorism agent, about whether the FBI would be able to discover the contents of past telephone conversations between [Tamerlan Tsarnaev and Katherine Russell]. He quite clearly insisted that they could:

BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It’s not a voice mail. It’s just a conversation. There’s no way they actually can find out what happened, right, unless she tells them?

CLEMENTE: No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It’s not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.

BURNETT: So they can actually get that? People are saying, look, that is incredible.

CLEMENTE: No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not.

I personally find that claim hard to believe. Moreover, the NSA has flatly denied that it intercepts or monitors domestic telephone or email communications. That, of course, is not necessarily inconsistent with the allegation that telephone conversations may be be recorded and stored by another agency (e.g., the FBI) or by telecom companies themselves.

I think we are overdue for a public debate about privacy. While today’s NSA disclosure doesn’t deserve to be considered a scandal, it would be good if it provides the occasion for congressional hearings and public debate on some fundamental topics: What level of domestic data collection is currently engaged in by what government agencies? And what degree of privacy do Americans want and expect in their digital and electronic communications? Since 9/11, there has properly been a veil of secrecy over our agencies’ intelligence-gathering capacities and techniques–albeit one that has often been pierced by leaks. That veil, it seems to me, should remain in place with regard to overseas efforts by the CIA, NSA and so on, and with regard to efforts that are directed at specific known or suspected terrorists.

But with regard to routine surveillance or interception of Americans’ domestic communications, carried out without probable cause or a search warrant, hasn’t the time come to lay the government’s cards on the table? It strikes me that whatever price might be paid in our anti-terror efforts will be small compared to the value of arriving at a consensus about what constitutes a reasonable expectation of privacy in the 21st century.

UPDATE: Coincidentally, the Washington Post published tonight a major story on a joint NSA/FBI program called PRISM:

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.

The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

Easily lost in the shuffle are these paragraphs:

The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.

In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to occasionally certify that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.

Nevertheless, this disclosure contributes to the urgency of a national dialogue on privacy.

Responses