Bulk metadata collection: statutory and constitutional considerations.
The government has indicated that the information obtained from this program is important because, "by analyzing it, the Government can determine whether known or suspected terrorist operatives have been in contact with other persons who may be engaged in terrorist activities, including persons and activities within the United States." (220) The government sees the enormous number of records as central to the success of the program. (221) Once the records are obtained--once the "haystack" is created--the government can then go about finding out who the threats are--the proverbial needles in the haystack. (222)
This process is backwards. The whole point of FISA is for the government to first identify the target, and then to use this identification to obtain information. In contrast, the government is now arguing that it can obtain information as a way of figuring out who the targets should be. This directly contradicts FISA's design.
3. No Higher Threshold for U.S. Persons
In addition, as detailed above, there are myriad ways in which FISA creates extra protections for U.S. persons. In light of the historical context, the reason for this is clear. The statute arose from revelations about the cavalier manner in which the intelligence agencies were treating Americans' right to privacy. New protections thus centered on creating higher standards for targeting U.S. persons, as well as for later analysis and dissemination of U.S. persons' information.
Outside of minimization procedures relating to the downstream manipulation and dissemination of information, however, the telephony metadata program does not recognize a higher protection for U.S. persons at the moment of data acquisition. The failure to create higher standards thus runs counter to the approach Congress adopted in passing FISA.
E. Role of the Foreign Intelligence Surveillance Court
In at least three important ways, FISC no longer serves the purpose for which it was designed. First, Congress created the court to determine whether the executive branch had met its burden of demonstrating that there was sufficient evidence to target individuals within the United States, prior to collection of such information. The telephony metadata program demonstrates that FISC has abdicated this responsibility to the executive branch generally, and to the NSA in particular. Continued noncompliance underscores concern about relying on the intelligence community to protect the Fourth Amendment rights of U.S. persons.
Second, Congress did not envision a lawmaking role for FISC. Its decisions were not to serve as precedent, and FISC was not to offer lengthy legal analyses, crafting in the process, for instance, exceptions to the Fourth Amendment warrant requirement or defenses of wholesale surveillance programs.
Third, questions have recently been raised about the extent to which FISC can fulfill the role of being a neutral, disinterested magistrate. Congress went to great lengths, for instance, to try to ensure diversity on the court. To the extent that the appointments process implies an ideological predilection, at a minimum, it is worth noting that almost all of the judges who serve on FISC and FISCR are Republican appointees. The rate of applications being granted, in conjunction with the in camera and ex parte nature of the proceedings, also raises questions about the extent to which FISC serves as an effective check on the executive branch. The lack of technical expertise of those on the court further introduces questions about the judges' ability to understand how the authorities they are extending to the NSA are being used.
1. Reliance on NSA to Ascertain Reasonable, Articulable Suspicion
In 1978 Congress created FISC to serve as a neutral, disinterested observer. In this capacity, one of its principal responsibilities was to ascertain whether the government had demonstrated probable cause that individuals to be targeted under FISA were foreign powers or agents thereof, and likely to use the facilities to be placed under surveillance. As was previously discussed, consistent with this approach, in 1998 Congress introduced the business records provision, requiring in the process that the government submit a statement of "specific and articulable facts" to the court in support of its application. Although the showing was eliminated in 2001, four years later Congress re-introduced a requirement that the government submit a statement of facts establishing "reasonable grounds to believe that the tangible things" to be obtained are "relevant to an authorized investigation." This language puts the court in the position of verifying whether the government has met its burden of proof prior to intelligence collection. The court, however, no longer serves in this function.
To the contrary, FISC's primary order authorizing the collection of telephony metadata required that designated NSA officials make a finding that there is "reasonable, articulable suspicion" (RAS) that a seed identifier proposed for query is associated with a particular foreign terrorist organization prior to its use. It is thus left to the executive branch to determine whether the executive branch has sufficient evidence to place individuals or entities under surveillance.
The dangers associated with the court removing itself from the process are clear. Documents recently released under court orders in a related FOIA case establish that for nearly three years, the NSA did not follow these procedures (223)--even though numerous NSA officials were aware of the violation. (224) Noncompliance incidents have continued. Collectively, these incidents raise serious question as to whether FISC is performing the functions for which it was designed.
a. Failure to Report Initial Noncompliance
Although the NSA had been contravening the order since May 2006, it was not until early 2009, when representatives of the Department of Justice met with NSA representatives to be briefed on the NSA's handling of the telephony metadata, that the illegal behavior was brought to FISC's attention. (225) President Barack Obama took office on January 20, 2009; it appears that recognition of the noncompliance occurred during the transition. During the briefing and in subsequent discussions, DOJ representatives inquired about the alert process. Learning of the process being used, DOJ personnel expressed concern that the program had been misrepresented to FISC. (226) The NSA had been using identifiers employed to collect information under Executive Order 12,333--not FISA--to search the telephony database. (227) This meant that the standards applying to foreigners were used in relation to U.S. persons.
The DOJ informed FISC within a week of the meeting that the government had been querying the business records in a manner that contravened both the original order and sworn statements of several executive branch officials. (228) FISC was not amused. Judge Reggie Walton expressed concern "about what appears to be a flagrant violation of its Order in this matter." (229) The NSA had repeatedly misled FISC in its handling of the database. (230) FISC immediately issued an order, directing the NSA to comprehensively review the agency's handling of telephony metadata. (231) It gave the government until February 17, 2009 to file a brief to defend its actions and to help FISC to determine whether further action should be taken against the government or its representatives. (232)
The NSA initially admitted only "that NSA's descriptions to [FISC] of the alert list process ... were inaccurate and that the Business Records Order did not provide the Government with authority to employ the alert list in the manner in which it did." (233) It further acknowledged, "the majority of telephone identifiers compared against the incoming BR metadata in the rebuilt alert list were not RAS-approved." (234) The actual numbers, reported to FISC in February 2009, were staggering: as of January 15, 2009, "only 1,935 of the 17,835 identifiers on the alert list were RAS-approved." (235)
It was not that the NS A was unaware of the requirements established by the statute and by FISC. The Attorney General had, consistent with the primary order, established minimization procedures, among which was the following:
Any search or analysis of the data archive shall occur only after a particular known telephone number has been associated with [REDACTED] More specifically, access to the archived data shall occur only when NSA has identified a known telephone number for which, based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the telephone number is associated with [REDACTED] organization; provided, however, that a telephone number believed to be used by a U.S. person shall not be regarded as associated with [REDACTED] solely on the basis of activities that are protected by the First Amendment to the Constitution. (236)
Nevertheless, apparently, neither the Signals Intelligence Directorate nor the Office of the General Counsel had caught the fact that nearly ninety percent of the queries to the bulk dataset had been illegal. (237) Nor had they realized that their reports to FISC claiming that only RAS-approved numbers were being run against the bulk metadata were false. (238)
Meanwhile, the NSA had disseminated 275 reports to the FBI as a result of contact chaining and queries of NSA's archive of telephony metadata. (239) Thirty-one of these had resulted directly from the automated alert process. (240) In a careful use of language, the government noted, "NSA did not identify any report that resulted from the use of a non-RAS-approved 'seed' identifier." (241) The government did not detail how complete the NS A had been in considering the reports; nor did it claim that none of the reports had resulted from non-RAS-approved identifiers. (242) The government also did not address the dissemination of metadata reports within NSA and subsequent actions that resulted from the process.
Despite the gross violation of FISC's order, the government argued that FISC should neither rescind nor modify its order. (243) As required by FISC, the NSA had undertaken an end-to-end system engineering and process review (technical and operational) of its handling of business records metadata; it had undertaken a review of domestic identifiers to ensure that they are RAS-compliant; and it had undertaken an audit of all queries made of the business records metadata repository since November 1, 2008 with the purpose of determining if any queries had been made using non-RAS-approved identifiers. (244) The NSA had again trained its employees and adopted new technologies to limit the number of "hops" permitted from an RAS-approved seed identifier to three. (245) The government offered to take additional steps to avoid having the program shut down, all of which amounted to involving DOJ's National Security Division more deeply in the telephony metadata program. (246)
b. Further Noncompliance
Although the January 2009 incident represents the first admission of noncompliance that was made public, it is far from the first--or only--time that the NS A acted outside the scope of its authority to collect records under section 215 of the USA PATRIOT Act. (247) Recently released documents provide myriad further examples.
In September 2006, for instance, the NSA's Inspector General expressed concern that the agency was collecting more data than authorized under the order. (248) The NSA had been obtaining 16-digit credit card numbers as well as names or partial names contained in the records of operator-assisted calls. (249) It later emerged that an over-collection filter inserted in July 2008 failed to function. (250)
On October 17, 2008, the government reported to FISC that, after FISC authorized the NSA to increase the number of analysts working with the business records metadata, and had directed that the NSA train the newly-authorized analysts, thirty-one (out of eighty-five) analysts subsequently queried the business records metadata in April 2008 without even being aware that they were doing so. (251) The upshot was that NSA analysts used 2373 foreign telephone identifiers to query the business records metadata without first establishing reasonable, articulable suspicion. (252) Despite taking corrective steps, on December 11, 2008, the government notified FISC that an analyst had not installed a modified access tool and, resultantly, had again queried the data using five identifiers for which no RAS standard had been satisfied. (253)
Just over a month later, the government informed FISC that, between December 10, 2008 and January 23, 2009, two analysts had used 280 foreign telephone identifiers to query the business records metadata without first establishing RAS. (254)
The process initiated in January 2009 identified additional incidents where the NSA had failed to comply with FISC's orders. (255) In February 2009, the NSA brought two further matters to FISC's attention. The first centered on the NSA's use of one of its analytical tools to query the business records metadata, using non-RAS-approved telephone numbers. (256) This tool had been used since FISC's initial order in May 2006 to search both the business records metadata and other NSA databases. (257) Also in February 2009, the NSA notified DOJ's National Security Division that the NSA's audit had identified three analysts who conducted chaining on the business records metadata using fourteen telephone identifiers that had not been RAS-approved before the queries. (258)
In May 2009, two additional compliance issues arose. (259) The first compliance incident is completely redacted. The second notes a dissemination-related problem: that the unminimized results of some queries of metadata had been "uploaded [by the NSA] into a database to which other intelligence agencies ... had access." (260) According to the government, providing other agencies access to this information may have resulted in the dissemination of U.S. person information in violation of both U.S. Signals Intelligence Directive 18 as well as the more restrictive conditions FISC imposed in BR 09-06. (261)
c. FISC Response
Repeatedly, instead of rescinding prior collection programs, FISC merely imposed further requirements on the government. (262) By spring of 2009, FISC had become fed up with the NSA--yet, not fed up enough to actually halt the program. Instead, it insisted on two procedures designed to give FISC greater insight into how the NSA was using and distributing information related to the telephony metadata: that the NSA return to FISC before each query of the database, and that the NSA file weekly reports with FISC detailing any dissemination of the information. Both protections proved temporary.
FISC's first temporary solution was to require what traditional FISA actually required: NSA application to FISC prior to targeting. Between institution of the review and the final report, FISC required the NSA to seek approval to query the database on a case-by-case basis. FISC was particularly concerned that the NSA had averred that having access to all call detail records
"is vital to NSA's counterterrorism intelligence mission" because "[t]he only effective means by which NSA analysts are able continuously to keep track of [REDACTED] and all affiliates of one of the aforementioned entities [who are taking steps to disguise and obscure their communications and identities], is to obtain and maintain an archive of metadata that will permit these tactics to be uncovered. (263)
According to FISC, the NSA had also suggested that:
To be able to exploit metadata fully, the data must be collected in bulk.... The ability to accumulate a metadata archive and set it aside for carefully controlled searches and analysis will substantially increase NSA's ability to detect and identify members of [REDACTED]. (264)
Because the order being sought meant, if granted, that the NSA would be collecting call detail records of U.S. persons located within the United States, who were not themselves the target of any FBI investigation and whose metadata could not otherwise be legally obtained in bulk, FISC had adopted minimization procedures. It had required, inter alia, that:
[A]ccess to the archived data shall occur only when NSA has identified a known telephone identifier for which, based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the telephone identifier is associated with [REDACTED]. (265)
FISC had a difficult time believing the NSA's claim that its noncompliance with FISC's orders resulted from NSA personnel believing that FISC's restrictions on access to the business records metadata only applied to "archived data" (that is, data located in certain databases). "That interpretation of [FISC's] Orders," Judge Reggie Walton wrote, "strains credulity." (266) The NSA had compounded its bad behavior by repeatedly submitting inaccurate descriptions of how it developed and used the alert list process. (267) In support of its claim that the program was vital for U.S. national security, the NSA had offered as evidence the paltry claim that, after nearly three years of sweeping up all telephony metadata, the NSA had generated 275 domestic security reports that, in turn, had spurred three preliminary investigations. (268)
FISC objected to the government's assertion that FISC "need not take any further remedial action." (269) FISC has also noted that, until the NSA has completed the review, "[FISC] sees little reason to believe that the most recent discovery of a systemic, ongoing violation--on February 18, 2009--will be the last." (270) Accordingly, starting in March 2009, though the NSA could continue to collect data and to test the telephony metadata system, it would only be allowed to query it with a FISC order--or, in an emergency, to query the database and then to inform FISC by 5:00 PM, Eastern Time, on the next business day. (271) In September 2009, however, FISC lifted the requirement for the NSA to seek approval in every case. (272)
The second protection FISC introduced was, starting on July 3, 2009, to require the NSA to file a weekly report with FISC, listing each time, over the seven-day period ending the previous Friday, in which the NSA had shared, "in any form, information obtained or derived from the [REDACTED] BR metadata collections with anyone outside NSA." (273) Again, consistent with traditional FISA, FISC added special protections for U.S. persons:
For each such instance, the government shall specify the date on which the information was shared, the recipient of the information, and the form in which the information was communicated (e.g., written report, email, oral communication, etc.). For each such instance in which U.S. person information has been shared, the Chief of Information Sharing of NSA's Signals Intelligence Directorate shall certify that such official determined, prior to dissemination, the information to be related to counterterrorism information and necessary to understand the counterterrorism information or to assess its importance. (274)
In August 2009, the government submitted its end-to-end assessment of the NSA telephony metadata system. (275) FISC lifted its requirements, leaving future dissemination decisions up to the NSA. Whether the requirements with which the NSA was left effectively check the exercise of authorities is questionable. Before the dissemination of information of U.S. persons' information outside the Agency, an NSA official must determine that the information is "related to counterterrorism information and is necessary to understand the counterterrorism information or assess its importance." (276) Because the government already considers all of the information in the database to be relevant to counterterrorism investigations, and has already argued to FISC (and FISC has agreed), that the collection of such data is necessary to understand its counterterrorism information, the degree to which this restriction really prevents such dissemination is open to question.
d. Technological Gap
A critical part of FISC's failure to provide effective oversight of the process relates to FISC's decision to have the NSA perform the targeting decision. Part of the problem also stems from FISC's discomfort with the technological aspects of the collection and analysis of digital information. For much of the discussion of noncompliance incidents, for instance, it appears that neither the NSA nor FISC had an adequate understanding of how the algorithms operate. Nor did they understand the type of information that had been incorporated into different databases, and whether they had been subjected to the appropriate legal analysis before data mining.
A similar problem may accompany the reporting requirements to Congress. In March 2009, for example, the DOJ submitted several FISC opinions and government filings--relating to the discovery and remediation of compliance incidents in its handling of bulk telephony metadata--to the Chairmen of the Intelligence and Judiciary Committees. (277) A subsequent letter noted that the House and Senate Intelligence and Judiciary Committees had received briefings in March, April, and August before receiving a copy of the NSA's review in September 2009. (278) To the extent that the representations of the agency are heavily dependent on technical knowledge, the implications may not be readily apparent to lawmakers.
2. Issuance of Detailed Legal Reasoning and Creation of Precedent
To enforce the specialized probable cause standard encapsulated in FISA, Congress created a court of specialized but exclusive jurisdiction. (279) Its job was to ascertain whether sufficient probable cause existed for a target to be considered a foreign power, or an agent thereof; whether the applicant had provided the necessary details for the surveillance; and whether the appropriate certifications and findings had been made.
It is thus surprising that the government considers these orders now to be evidence of precedent, on the basis of which, it argues, the programs are legal. In ACLU v. Clapper, (280) for instance, the government responded to the argument that it had exceeded its statutory authority under FISA by arguing:
[S]ince May 2006, fourteen separate judges of the FISC have concluded on thirty-four occasions that the FBI satisfied this requirement, finding "reasonable grounds to believe" that the telephony metadata sought by the Government "are relevant to authorized investigations ... being conducted by the FBI ... to protect against international terrorism. (281)
The government went on to cite Judge Eagan's August 2013 memorandum opinion in further support of its interpretation of "relevance." (282) These were the only points of reference that mattered: "Considering that the Government has consistently demonstrated the relevance of the requested records to the FISC's satisfaction, as Section 215 requires, it is difficult to understand how the government can be said to have acted in excess of statutory authority." (283)
Even more surprising than the role the granting of orders is playing for establishing legal precedent is the revelation that FISC has greatly broadened the "special needs" exception to the Fourth Amendment to embrace wholesale data collection. (284) Although the Supreme Court has never recognized such an exception, FISC's unique constitutional interpretation has served to authorize broad collection of information on U.S. citizens. Notably, because of the secret nature of FISC's proceedings and the ex parte nature of the court, there are no advocates who could appeal a decision based on this interpretation to the Supreme Court. Consequently, an unreviewable, complex body of law, establishing doctrines unrecognized by the Supreme Court, has emerged as precedent for future application to FISC.
In In re Directives, FISCR looked back at its decision in In re Sealed Case to confirm "the existence of a foreign intelligence exception to the warrant requirement." (285) It acknowledged that FISCR had "avoided an express holding that a foreign intelligence exception exists by assuming arguendo that whether or not the warrant requirements were met, the statute could survive on reasonableness grounds." (286) FISCR went on to determine that, as a federal appellate court, it would "review findings of fact for clear error and legal conclusions (including determinations about the ultimate constitutionality of government searches or seizures) de novo." (287) It then asserted, for the first time, a foreign intelligence surveillance exception to the Fourth Amendment:
The question ... is whether the reasoning of the special needs cases applies by analogy to justify a foreign intelligence exception to the warrant requirement for surveillance undertaken for national security purposes and directed at a foreign power or an agent of a foreign power reasonably believed to be located outside the United States. Applying principles derived from the special needs cases, we conclude that this type of foreign intelligence surveillance possesses characteristics that qualify it for such an exception. (288)
The court analogized the exception to the 1989 Supreme Court consideration of the warrantless drug testing of railway workers, on the grounds that the government's need to respond to an overriding public danger could justify a minimal intrusion on privacy. (289) The government subsequently cited In re Directives in its August 9, 2013 white paper, defending the telephony metadata program, in support of an exception to the Fourth Amendment warrant requirement. (290)
FISC continues to go beyond its mandate. In August 2013, for instance, FISC issued a twenty-nine-page Amended Memorandum Opinion regarding the FBI's July 18, 2013 application for the telephony metadata program. (291) Appending the seventeen-page order to the opinion, Judge Claire V. Eagan considered Fourth Amendment jurisprudence, the statutory language of Section 215, and the canons of statutory construction to justify granting the order. (292) Similarly, in a 2002 per curiam opinion, FISCR suggested the case raised "important questions of statutory interpretation, and constitutionality" and concluded "that FISA, as amended by the Patriot Act, supports the government's position, and that the restrictions imposed by the FISA court are not required by FISA or the Constitution." (293)
Congress did not design the Foreign Intelligence Surveillance Court or the Court of Review to develop its own jurisprudence. Particularly in light of the secrecy and lack of adversarial process inherent in the court, it is concerning that FISC's decisions have taken on a force of their own in legitimizing the collection of information on U.S. citizens.
3. Judicial Design
As mentioned above, Congress tried to construct an evenhanded, neutral arbiter by requiring that (a) FISC judges be selected by the Chief Justice of the Supreme Court from at least seven different federal districts; (b) the judges serve staggered terms of up to seven years; and (c) having once served, such judges are ineligible for further service. (294) To ensure diversity, any federal district court judge (including a senior judge), who has not previously served on FISC, may be selected. (295) FISCR, in turn, is comprised of judges selected by the Chief Justice. (296)
This system has been called into question on two grounds: first, the lack of diversity regarding judicial appointment and, second, the high rate of applications being granted by FISC. Given these characteristics, critics question how effectively FISC operates as a check on the executive branch. The observations are important, but, without more information, it is difficult to determine the extent to which the current state of affairs has substantively impacted the process.
To the extent that political ideology is reflected in the appointments process, the court is heavily weighted toward one side of the political spectrum. The past two Chief Justices have been appointed by Republican presidents, and they have tended to select judges that have been nominated by Republican administrations. (297) Only one of the current eleven judges serving on FISC is a Democratic nominee. Over the past decade, of the twenty judges appointed to FISC and FISCR, only three have been Democratic nominees.
Although this raises questions about the even-handedness of the FISC appointments process, it would be premature to draw substantive conclusions based solely on the political makeup of the bench. Any meaningful examination of how composition influences the outcome of cases would need to compare either FISC decisions with other, more diverse courts, or the individual decisions reached by FISC judges appointed by one party with decisions reached by judges appointed by the opposing party.
Such studies would be almost impossible to conduct. FISC opinions are classified. Beyond this, they are sui generis, in that FISC is the only court that considers FISA applications. It also may be that externalities influence which judges opt for FISC membership. That is, more Republican appointees than Democratic appointees may inquire or make clear that they would be interested in serving on FISC. No studies have yet been conducted demonstrating why the appointments process aligns with political party, making any conclusions as to the effect somewhat arbitrary.
To the extent that political ideology enters into the equation, the way in which it has interacted with the court's role in establishing precedent deserves notice, as it undermines the appearance of a neutral arbiter and emphasizes deference to and support for greater power for the executive. According to the public record, FISCR, for instance, has only met twice: once in 2002 and once in 2008. (298) On both occasions, the panels consisted entirely of Republican appointees, some of whom had publicly argued that FISA was an unconstitutional usurpation of executive power.
Judge Laurence Silberman of the D.C. Circuit testified to Congress in 1978 (when FISA was being debated) that the legislation violated the Constitution. (299) Judge Silberman, who had previously served as Deputy Attorney General, was "absolutely convinced that the administration bill, if passed, would be an enormous and fundamental mistake which the Congress and the American people would have reason to regret." (300) For Judge Silberman, the judiciary's role in any national security electronic surveillance should be circumscribed. He explained:
I find the notion that the President's constitutional authority to conduct foreign affairs and to command the armed forces precludes congressional intervention into the manner by which the executive branch gathers intelligence, by electronic or other means, to be unpersuasive, and in that respect I agree with my colleague here to the left. But to concede the propriety of a congressional role in this matter is by no means--and this is the burden of my testimony--to concede the propriety or constitutionality of the judicial role created by the administration's bill. (301)
The Judge's chief concern was not a so-called "imperial presidency," but the advent of an "imperial judiciary." (302) The authorities transferred to FISC thus represented an unconstitutional erosion of executive power. (303) Another FISC judge, Ralph Guy, similarly argued for the government as a U.S. Attorney in United States v. United States District Court (304) that the President did not need a warrant to engage in national security surveillance. (305) Along with Judge Leavy, a Reagan appointee, Judges Silberman and Guy heard the first appeal in the history of FISA--issuing a decision that made it possible for the government to use the looser restrictions in FISA even in cases in which the primary purpose of the investigation was criminal in nature. (306)
With the court overwhelmingly constituted by nominees of one political party, it is perhaps unsurprising that some of the most important decisions have been made by panels entirely constituted by the same. The FISCR panel that appears to have created a foreign intelligence exception to the Fourth Amendment warrant requirement lacked a diverse political base. It included Chief Judge Selya and Senior Circuit Judges Winter and Arnold--appointees of Presidents Ronald Reagan and George H. W. Bush.
To the extent that political appointments stand in as a proxy for political ideologies, such as greater deference to the executive branch, the lack of diversity in the appointments process--especially in regard to some of the most important and far-reaching secret decisions issued by the court--raises important questions about the extent to which FISC, as conceived by Congress, is serving as neutral arbiter. Without more detailed information about the judicial process, however, the extent to which this is the case remains in question.
b. Order Rate
Augmenting concerns prompted by the lack of diversity in terms of appointments to FISC and FISCR is the rather notable success rate the government enjoys in its applications to the court. Scholars have noted that the success rate is "unparalleled in any other American court." (308) Over the first two and a half decades, for instance, FISC approved nearly every single application without any modification. (309) Between 1979 and 2003, FISC denied only three out of 16,450 applications. (310)
Since 2003, FISC has ruled on 18,473 applications for electronic surveillance and physical search (2003-2008), and electronic surveillance (2009-2012). (311) Court supporters note that a significant number of these applications are either modified or withdrawn by the government prior to FISC ruling. But even here, the numbers are quite low: 493 modifications still only comes to 2.6% of the total number of applications. Simultaneously, the government has only withdrawn twenty-six applications prior to FISC ruling. (312) These numbers speak to the presence of informal processes, whereby FISC appears to be influencing the contours of applications. Without more information about the types of modifications that are being required, however, it is impossible to gauge either the level of oversight or the extent to which FISC is altering the applications.
Critics also point to the risk of capture presented by in camera, ex parte proceedings, and note that out of 18,473 rulings, FISC has only denied eight in whole and three in part. Whatever the substantive effect might be, the presentational impact is of note.
Setting modifications aside for the moment, the deference that appears to exist regarding outright denials or granting of orders seems to extend to FISC rulings with regard to business records. Almost no attention, however, has been paid to this area. It appears that FISC has never denied an application for an order under this section. That is, of 751 applications since 2005, all 751 have been granted, as the following figure shows.
It is important to underscore that the lack of more contextual data cautions against inferring too much from the nonexistent rate of denial. In passing the tangible goods provision, Congress tied the court's hands, requiring FISC to grant applications once the statutory conditions are met. (342) To the extent, then, that FISC is deferential to the executive, responsibility lies at least in part with the legislature. In addition, it is almost impossible to tell, outside of the classified world, the extent to which the court pushes back on the DOJ--not just in regard to specific orders, but in relation to broader rules and procedures, as well as in an oversight capacity. Two examples come to mind.
In 2010, John D. Bates, Presiding Judge of FISC, issued a declassified Rules of Procedure, requiring notice and briefing of novel issues before the court. (343) This document suggested that FISC would not, in the future, simply accept applications in new areas of the law without first considering the underlying legal issues.
Second, the recently-released judicial opinions from 2009 suggest that FISC was pressuring the NSA with regard to its failure to ensure that the identifiers run against the database be subjected to a test of reasonable, articulable suspicion. The court was clearly uncomfortable with the pattern of misinformation that had marked the government's previous representations to FISC. But, these same documents also reveal the extent to which the court relies on the NSA to police its own activities--again raising questions about the extent to which FISC adequately performs its envisioned role. As a final note, it is important to recognize that the sheer volume of the numbers associated with the tangible goods provisions (751) is remarkable in part because any one order could result in the collection of millions of records on millions of people, as we have seen with the telephony metadata program. In light of the in camera, ex parte proceedings, these numbers raise further questions about FISC's role.
II. BULK COLLECTION AND FISA'S STATUTORY PROVISIONS
The telephony metadata program violates FISA's express statutory language in three areas: first, with regard to the language "relevant to an authorized investigation"; second, in relation to the requirement that the information sought be obtainable under subpoena duces tecum; and third, in its violation of the restrictions specifically placed on pen registers and trap and trace equipment.
A. "Relevant to an Authorized Investigation"
The government argues that the NSA's telephony metadata program is consistent with the language of 50 U.S.C. [section] 1861 in that all telephone calls in the United States, including those of a wholly local nature, are "relevant" to foreign intelligence investigations. The word "relevant" itself, the administration states, "is a broad term that connotes anything '[b]earing upon, connected with, [or] pertinent to a' specified subject matter." (344) Turning to its "particularized legal meaning," the government argues:
It is well-settled in the context of other forms of legal process for the production of documents that a document is 'relevant' to a particular subject matter not only where it directly bears on that subject matter, but also where it is reasonable to believe that it could lead to other information that directly bears on that subject matter. (345)
That massive amounts of data may be involved is of little import:
Courts have held in the analogous contexts of civil discovery and criminal and administrative investigations that 'relevance' is a broad standard that permits discovery of large volumes of data in circumstances where doing so is necessary to identify much smaller amounts of information within that data that directly bears on the matter being investigated. (346)
Applied to the telephony metadata program, though recognizing that the telephony metadata program is "broad in scope," the government argues that there are nevertheless "reasonable grounds to believe" that the category of data (i.e., all telephone call data), when queried and analyzed, "will produce information pertinent to FBI investigations of international terrorism." (347) For communications data, the government argues, connections between individual data points can only be reliably identified through large-scale data mining. (348) As DOJ explained to Congress: "The more metadata NSA has access to, the more likely it is that NSA can identify, discover and understand the network of contacts linked to targeted numbers or addresses." (349)
There are two sets of responses to the government's arguments. The first centers on the government's claim that all telephony metadata is relevant. The second concerns the connection in the statutory language between the relevance of the information to be obtained and "an authorized investigation." (350)
1. Relevance Standard
Four legal arguments undermine the government's claim that there are "reasonable grounds" to believe that hundreds of millions of daily telephone records are "relevant" to an authorized investigation. First, the NSA's interpretation of "relevant" collapses the statutory distinction between relevant and irrelevant records, thus obviating the government's obligation to discriminate between the two. Second, this reading renders meaningless the qualifying phrases in the statute, such as "reasonable grounds." Third, the government's interpretation establishes a concerning legal precedent. Fourth, the broad reading of "relevant" contravenes congressional intent.
First, in ordinary usage, something is understood as relevant to another thing when a demonstrably close connection between the two objects can be established. (351) This is also the way in which courts have consistently applied the term to the collection of information--as with grand-jury subpoenas, where the information collected must bear some actual connection to a particular investigation. (352)
In contrast, almost none of the information the government obtained under the bulk metadata collection program is demonstrably linked to an authorized investigation. The government itself has admitted this. Writing to Representative James Sensenbrenner, Peter Kadzik, the Principal Deputy Assistant Attorney General, acknowledged, "most of the records in the dataset are not associated with terrorist activity." (353) FISC Judge Reggie Walton drew the point more strongly:
The government's applications have all acknowledged that, of the [REDACTED] of call detail records NSA receives per day (currently over [REDACTED] per day), the vast majority of individual records that are being sought pertain neither to [REDACTED] ... In other words, nearly all of the call detail records collected pertain to communications of non-U.S. persons who are not the subject of an FBI investigation to obtain foreign intelligence information, [and] are communications of U.S. persons who are not the subject of an FBI investigation to protect against international terrorism or clandestine intelligence activities. (354)
In other words, most of the information being collected does not relate to any individuals suspected of any wrongdoing.
In defense of its broad interpretation, the government argues that it must collect irrelevant information to ascertain what is relevant. This means that the NSA, in direct contravention of the statutory language, is collapsing the distinction between relevant and irrelevant records--a distinction that Congress required be made before collection. Because of this collapse, the NSA is gaining an extraordinary amount of information. The records the government sought under the telephony metadata program detail the daily interactions of millions of Americans who are not themselves connected in any way to foreign powers or agents thereof. They include private and public interactions between senators, between members of the House of Representatives, and between judges and their chambers, as well as information about state and local officials. They include parents communicating with their children's teachers, and zookeepers arranging for the care of animals. Metadata information from calls to rape hotlines, abortion clinics, and political party headquarters are likewise not exempt from collection--the NSA is collecting all telephony metadata.
Second, in addition to collapsing the distinction between relevant and irrelevant records, reading FISA to allow this type of collection would neuter the qualifying phrases contained in 50 U.S.C. [section] 1861(b)(2)(A). The statute requires, for instance, that there be "reasonable grounds" to believe that the records being sought are relevant. (355) Although FISA does not define "reasonable grounds," the Supreme Court has treated this phrase as the equivalent of "reasonable suspicion." (356) This standard requires a showing of "specific and articulable facts which, taken together with rational inferences from those facts, reasonably warrant" an intrusion on an individual's right to privacy. (357)
The FISC order requires that Verizon disclose all domestic telephone records--including those of a purely local nature. (358) According to Verizon Communications News Center, as of last year the company had 107.7 million wireless customers, connecting an average of 1 billion calls per day. (359) It is impossible that the government provided specific and articulable facts showing reasonable grounds for the relevance of each one of those cus tomers or calls. Interpreting all records as relevant effectively renders the "reasonable grounds" requirement obsolete.
The statute does not explain precisely what makes a tangible item relevant to an authorized investigation. Nevertheless, the act suggests that tangible things are "presumptively relevant" when they:
[P]ertain to--(i) a foreign power or an agent of a foreign power; (ii) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation; or (iii) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of such authorized investigation. (360)
This section appears not to apply to the telephony metadata program. It would be impossible to establish that all customer and subscriber records pertain to a foreign power or an agent thereof, or to a particular, suspected agent of the same, who is the subject of an authorized investigation. Perhaps five or ten customers may fall into this category, but to include millions simply pushes the bounds of common sense. Accordingly, the telephony metadata are neither relevant nor presumptively relevant.
Third, the breadth of the government's interpretation establishes a troubling precedent. If all telephony metadata are relevant to foreign intelligence investigations, then so are all e-mail metadata, all GPS metadata, all financial information, all banking records, all social network participation, and all Internet use. Both the DOJ and FISC have suggested that there may be other programs in existence that operate in a similar fashion. (361) Some media reports appear to support this. On September 28, 2013, for instance, the New York Times reported that the NSA "began allowing the analysis of phone call and email logs in November 2010 to begin examining Americans' networks of associations." (362) If all telephony metadata are relevant, then so are all other data--which means that very little would, in fact, be irrelevant to such investigations. If this is the case, then such an interpretation radically undermines not just the limiting language in the statute, but the very purpose for which Congress introduced FISA in the first place.
Fourth, the government's interpretation directly contradicts Congress's intent in adopting Section 215. At the introduction of the measure, Senator Arlen Specter explained that the language was meant to create an incentive for the government to use the authority only when it could demonstrate a connection to a particular suspected terrorist or spy. (363) During a House Judiciary Committee meeting on July 17, 2013, Representative James Sensenbrenner (R-WI) reiterated that Congress inserted "relevant" into the statute to ensure that only information directly related to national security probes would be included--not to authorize the ongoing collection of all phone calls placed and received by millions of Americans not suspected of any wrongdoing. (364) Soon afterwards, he wrote:
This expansive characterization of relevance makes a mockery of the legal standard. According to the administration, everything is relevant provided something is relevant. Congress intended the standard to mean what it says: The records requested must be reasonably believed to be associated with international terrorism or spying. To argue otherwise renders the standard meaningless. (365)
Other members of Congress have made similar claims. (366)
2. Connection to "an Authorized Investigation"
There are three ways in which the telephony metadata program violates FISA's requirement in section 1861 that the order be sought for use in an "authorized investigation." (367) First, the guidelines establishing when such an investigation exists apply solely to the initial collection of the information. The FISC order, by contrast, allows the collection of the data on an ongoing basis, tying instead the search of such information to authorized investigations. Second, under the Attorney General guidelines, for each of the levels there is a predicate specificity required before the collection of information: namely, that the investigation be premised on specific individuals, groups, or organizations, or violations of criminal law. The telephony metadata program, in contrast, requires no such specificity before the collection of the data. Third, the orders issued by FISC empower the NSA to conduct searches of the data in future authorized investigations. In other words, the collection of the metadata is considered relevant to investigations generally. This means that the orders do not, in fact, relate to (existing) authorized investigations.
a. Collection of the Information
FISA, as mentioned above, requires that the government submit a statement of facts demonstrating reasonable grounds to believe that the records being sought are relevant to an authorized investigation (other than a threat assessment). (368) Its definition of an "authorized investigation" refers to guidelines approved by the Attorney General under Executive Order 12,333. (369) The most recent of these guidelines, the Attorney General's Guidelines for Domestic FBI Operations, provides three categories of investigations: assessments (i.e., "threat assessments" under the 2003 guidelines and Section 215); predicated investigations (subdivided into "preliminary" and "full" investigations); and enterprise investigations (a variant of full investigations). (370) FISA, as noted above, makes it clear that the tangible records in question may not be sought as part of the first level of national security investigations, the assessment stage. (371) There is an important reason for this restriction. It is the most general level and, as such, lacks the factual predicate required for the use of more intrusive techniques of information gathering.
Between 2003 and 2008, for instance, at the threat assessment stage the FBI could collect information on "individuals, groups, and organizations of possible investigative interest, and information on possible targets of international terrorist activities or other national security threats." (372) But the only techniques allowed, as noted by the Attorney General, were "relatively nonintrusive investigative techniques." (373) This included:
[O]btaining publicly available information, accessing information available within the FBI or Department of Justice, requesting information from other government entities, using online informational resources and services, interviewing previously established assets, non-pretextual interviews and requests for information from members of the public and private entities, and accepting information voluntarily provided by governmental or private entities. (374)
Nowhere in the discussion of the threat assessment stage did the 2003 guidelines contemplate the use of court-ordered surveillance.
In 2008, the Attorney General expanded the tools that could be used during the assessment stage to include: publicly available information; all available federal, state, local, tribal, or foreign governmental agencies' records; online services and resources; human source information; interviews or requests for information from members of the public and private entities; information voluntarily provided by governmental or private entities; observation or surveillance not requiring a court order; and grand jury subpoenas for telephone or electronic mail subscriber information. (375) The addition of the last two items broadened the type of information that could be obtained. Similarly, whereas the previous guidelines noted that mail covers, mail openings, and nonconsensual electronic surveillance or any other investigative technique covered by 18 U.S.C. [section][section] 2510-2521 "shall not be used during a preliminary inquiry," (376) the 2008 guidelines dropped any equivalent language.
Even with the broadening, however, under FISA, tangible goods may not be obtained under section 215 during the assessment stage. The purpose is to place a higher burden on the government to justify the use of more intrusive surveillance. If such methods are to be used, and the related information collected, there must be a factual predicate establishing a higher level of suspicion as to the presence of criminal activity or a threat to national security. (377)
For preliminary investigations, this means that the government must have information or an allegation indicating the existence of criminal activity or a threat to U.S. national security prior to initiating the investigation. (378) For a full investigation, there must be "an articulable factual basis for the investigation that reasonably indicates" criminal activity or a threat to U.S. national security. (379) For an enterprise investigation (a variant of a full investigation), there must be an articulable factual basis for the investigation reasonably indicating "that the group or organization may have engaged or may be engaged in, or may have or may be engaged in planning or preparation or provision of support for" racketeering, international terrorism or other threats to U.S. national security, domestic terrorism, furthering political or social goals wholly or in part through activities that involve force or violence and a violation of federal criminal law, or a closed range of other offences. (380) The guidelines thus distinguish between the different levels based on a factual predicate of wrongdoing, which then acts as a valve on the level of intrusiveness that the government can adopt in collecting more information.
In contrast, the primary order for the telephony metadata program does not follow this approach. Instead, it authorizes the collection of data for 90-day periods without any factual predicate supporting the acquisition or collection of data. It is thus incompatible with the approach adopted in the Attorney General's guidelines. The order also shifts the emphasis to the analysis of such data--which is to be conducted in connection with an authorized investigation. This is not, however, what is required by the FBI's own guidelines. It is the collection of such information that is premised on the existence of an authorized investigation--not the subsequent analysis of data in the course of the same.
According to the Attorney General's guidelines, for predicate investigations (for which tangible items orders under Section 215 may be sought) specificity is required before the collection of information--namely, the investigation must be premised on the past or present wrongdoing or foreign intelligence activities of specific individuals, groups, or organizations. The telephony metadata program, in contrast, collects all call records, without specifying the individuals, groups, or organizations of interest.
For the past decade, specificity has been integral to the guidelines' approach. Under the 2003 Attorney General's guidelines, for instance, preliminary investigations were authorized "when there is information or an allegation indicating that a threat to the national security may exist." (381) Such investigations were particular, in that they related to specific individuals, groups, and organizations. (382)
Under the 2008 guidelines, a preliminary investigation must relate to "a" federal crime or threat to national security. (383) For foreign intelligence gathering, the guidelines require that only full investigations be used. (384) These are defined in singular terms, such as "[a]n activity constituting a federal crime or a threat to national security." (385) Alternatively, the circumstances may indicate that "[a]n individual, group, organization, entity is or may be a target of attack, victimization, acquisition, infiltration, or recruitment in connection with criminal activity." (386) For enterprise investigations, the text of the guidelines clearly refers to "the group or organization." (387)
Not only are the investigations specific regarding the targets, they are specific regarding the facts that support the initiation of the predicate investigation. For enterprise investigations, this means that there must be "an articulable factual basis for the investigation that reasonably indicates that the group or organization" was involved in the commission of certain crimes and activities. (388) Full investigations, in turn, require specific and articu-articulable facts giving reason to believe that a threat to national security may exist. (389) Like preliminary investigations, such inquiries are specific in that they may relate to individuals, groups, and organizations. (390) In contravention of the Attorney General guidelines, the telephony metadata program collects data, using precisely those tools that are limited to preliminary and full investigations, absent the specificity otherwise required.
c. Future Authorized Investigations
Third, FISA contemplates the relevance of information to an investigation already in existence at the time the order is granted. The statutory language is very specific. Applications must include "a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation." (391) The placement of the word "are" before the word "relevant" suggests that at the time the records are being sought, their relevance to an investigation must be established.
The orders issued by FISC, however, depart from the statutory language, empowering the NSA to obtain the data in light of their relevance to future "authorized investigations"--and requiring telecommunications companies to indefinitely provide such information in the future. (392) How can the court know that all such telephony data will be relevant to investigations that are not yet opened? As noted by amici in In re Electronic Privacy In formation Center, Congress could have used any number of alternative auxiliary verbs--"such as 'can'; 'could'; 'will'; or 'might.' But it chose not to do so. Instead, Congress required relevance to an investigation existing at the time of the application." (393)
In addition, the information sought must be relevant "to an authorized investigation." This is both singular ("an") and past tense, in that it has already been "authorized." The House Report that accompanied the first introduction of the business records provisions explained that the purpose of this language was to provide "for an application to the FISA court for an order directing the production of tangible items such as books, records, papers, documents and other items upon certification to the court that the records sought are relevant to an ongoing foreign intelligence investigation." (394) Yet, how can the court with any certainty suggest that all investigations in the future will be authorized?
The government's argument, instead of centering on a particular investigation, appears to create a categorical exception for the collection of records. Specifically, it argues that when the government "has reason to believe that conducting a search of a broad collection of telephony metadata records will produce counterterrorism information ... the standard of relevance under Section 215 is satisfied." (395) That is, the determination depends on the nature of the information to be extracted, not on the prior existence of a directly related, authorized investigation. "Authorized investigations" thus become merely a category for which the information is useful. (396) The language in the FISC order is not "an authorized investigation," but, rather, "authorized investigations." (397)
That the government has one investigation open on al Qaeda, or even "thousands of open full or enterprise investigations on terrorist groups or targets, and their sponsors, some or all of which could underlie the bulk telephony metadata collection applications and orders," (398) fails to justify the collection of so many records--indeed, most of those collected--that are not in any way directly connected to these authorized investigations. This interpretation, moreover, contradicts congressional intent. As Representative F. James Sensenbrenner, one of the principal authors of the USA PATRIOT Act, noted, "Congress intended to allow the intelligence communities to access targeted information for specific investigations. How can every call that every American makes or receives be relevant to a specific investigation? This is well beyond what the Patriot Act allows." (399)
B. Subpoena Duces Tecum
The only express limit on the type of tangible item that can be subject to an order under 50 U.S.C. [section] 1861 is that it "can be obtained with a subpoena duces tecum issued by a court of the United States in aid of a grand jury investigation or with any other order issued by a court of the United States directing the production of records or tangible things." (400) Although it may be said as a general matter that Congress intended intelligence collection to be subject to different standards than those that apply in a criminal context, in at least the provisions relevant to tangible goods, it is clear that a criminal standard governs the type of information that can be obtained via order. Specifically, the collection must be consistent with a subpoena duces tecum.
The government argues that the telephony metadata program is consistent with this provision, and that its determination must be given the highest level of deference by the courts. (401) FISC has expressed its agreement with the government's position:
Call detail records satisfy [the subpoena duces tecum] requirement, since they may be obtained by (among other means) a 'court order for disclosure' under 18 U.S.C. [section] 2703(d). Section 2703(d) permits the government to obtain a court order for release of non-content records, or even in some cases of the contents of a communication, upon a demonstration of relevance to a criminal investigation. (402)
To evaluate the government's claim, it is first necessary to consider the legal instrument. A subpoena duces tecum is a writ or process used to command a witness to bring with him and produce to the court books, papers, and other items, over which he has control and which help to elucidate the matter at hand. (403) Unlike warrants, something less than probable cause is required. (404) The rationale behind this is that the purpose of the instrument is not to conduct a search absent a suspect's consent, but, rather, to obtain documents and information that the prosecution has concluded will be material in a case. (405)
The authority to issue a subpoena is not unlimited. Under the Federal Rules of Criminal Procedure, "the court may quash or modify the subpoena if compliance would be unreasonable or oppressive." (406) Precisely what counts as reasonable (or not) is heavily context-dependent. (407) In United States v. Nixon, (408) the Court laid out a three-part test, requiring the government to establish relevancy, admissibility, and specificity, in order to enforce a subpoena in the trial context. (409)
The Nixon standard, however, does not apply in the context of grand jury proceedings. (410) In 1991 the Court explained:
The multifactor test announced in Nixon would invite procedural delays and detours while courts evaluate the relevancy and admissibility of documents sought by a particular subpoena.... Requiring the Government to explain in too much detail the particular reasons underlying a subpoena threatens to compromise the 'indispensable secrecy of grand jury proceedings.' Broad disclosure also affords the targets of investigation far more information about the grand jury's workings than the Rules of Criminal Procedure appear to contemplate. (411)
The Court went on to note that this does not mean that the grand jury's investigatory powers are limitless; to the contrary, they are still subject to Rule 17(c). (412) Nevertheless, grand jury subpoenas are given the benefit of the doubt, with the burden of showing unreasonableness on the recipient seeking to avoid compliance. (413) For claims of irrelevancy, motions to quash "must be denied unless the district court determines that there is no reasonable possibility that the category of materials the Government seeks will produce information relevant to the general subject of the grand jury's investigation." (414)
At the broadest level, then, the government's assertion, at least with regard to the burden of proof regarding the information to be obtained and the deference afforded a grand jury subpoena, appears to be valid. But there are three critical flaws in the government's reasoning: first, subpoenas may not be used for fishing expeditions; second, they must be focused on specific individuals or alleged crimes prior to the collection of information; and third, the emphasis is on past wrongdoing--not on potential future relationships and actions. In addition, remarkably, FISC has admitted that the telephony metadata order it issued violates the statutory language requiring that the information to be obtained comport with the requirements of a subpoena.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||I. Bulk Collection in the Context of FISA's General Approach D. Broad Surveillance in Place of Particularization 2. Absence of Prior Targeting into II. Bulk Collection and FISA's Statutory Provisions B. Subpoena Duces Tecum, p. 805-852|
|Author:||Donohue, Laura K.|
|Publication:||Harvard Journal of Law & Public Policy|
|Date:||Jun 22, 2014|
|Previous Article:||Bulk metadata collection: statutory and constitutional considerations.|
|Next Article:||Bulk metadata collection: statutory and constitutional considerations.|