The NSA's Telephone Meta-Data Program: Part II

WASHINGTON, DC - DECEMBER 11:  Director of the National Security Agency Gen. Keith Alexander, and Deputy Attorney General Jam
WASHINGTON, DC - DECEMBER 11: Director of the National Security Agency Gen. Keith Alexander, and Deputy Attorney General James Cole testify during a hearing before the Senate Judiciary Committee December 11, 2013 on Capitol Hill in Washington, DC. The committee held the hearing on 'Continued Oversight of U.S. Government Surveillance Authorities.' (Photo by Alex Wong/Getty Images)

In my last post (The NSA's Telephone Meta-data Program: Part I) I explained the nature and operation of the NSA's bulk telephony meta-data program. In this post, I will examine the government's arguments for the meta-data program and the Review Group's analysis of those arguments.

In defending the bulk telephony meta-data program, the government offers essentially four arguments. First, it argues that the program is an important tool in the effort to keep our nation safe. Because the program enables the government to discover when a suspected terrorist is in contact with other possible terrorists inside the United States, it can provide critical data in the effort to "connect the dots." Indeed, the government argues, had the program been available in 2001, it might have enabled the government to prevent the terrorist attacks of September 11.

Second, the government argues that the collection and storage of bulk telephony metadata does not seriously intrude on individual privacy because individuals have voluntarily exposed their calling data to a third party -- that is, to their telephone service providers. As a general rule, the government argues, individuals have no reasonable expectation of privacy in information they voluntary expose to strangers.

Third, the government argues that the collection and storage of bulk telephony meta-data does not seriously intrude on individual privacy because the nature of the information at issue -- mere calling data -- does not itself reveal anything particularly private. It would be a different case, the government argues, if it was collecting and storing the content of telephone calls, which would be much more invasive of individual privacy.

Fourth, the government argues that it has in place rigorous oversight and review procedures to ensure that the database is not used for any improper purpose. Those restrictions prohibit any use of the data for any purpose other than to identify possible terrorist activity.

Taking these four considerations into account, the government concludes that the bulk telephony meta-data program furthers a compelling national interest without appreciably impairing individual privacy. It is therefore a reasonable program that should be retained as a matter of sound public policy.

In evaluating the section 215 bulk telephony meta-data program, the Review Group carefully evaluated and weighed each of these four considerations.

With respect to the government's first argument -- that the program plays an important role in keeping our nation safe, the Review Group concluded that, in fact, the meta-data program has "made only a modest contribution to the nation's security." Indeed, "section 215 has generated relevant information in only a small number of cases, and there has been no instance in which NSA could say with confidence that the outcome would have been different without the section 215 telephony meta-data program."

Moreover, the reason for keeping the program secret in the first place was to prevent potential terrorists from knowing of its existence. But "now that the existence of the program has been disclosed publicly," the Review Group added, "we suspect that it is likely to be less useful" than it was before. Thus, although recognizing that the meta-data program still has value, the Review Group concluded that it is not critical to protecting the national security.

With respect to the government's second argument -- that people don't really care about the privacy of this information or they wouldn't voluntarily expose it to their phone company, the Review Group concluded that this argument proved too much. "In modern society," we wrote, "individuals, for practical reasons, have to use banks, credit cards, e-mail, telephones, the Internet, medical services, and the like. Their decision to reveal otherwise private information to such third parties does not reflect a lack of concern for the privacy of the information, but a necessary accommodation to the realities of modern life. What they want -- and reasonably expect -- is both the ability to use such services and the right to maintain their privacy when they do so. As a matter of sound public policy in a free society, there is no reason why that should not be possible.

With respect to the government's third argument -- that the collection of bulk telephony meta-data does not seriously threaten individual privacy because it involves only transactional information, the Review Group agreed that the intrusion on privacy would be greater if the government collected the content of every telephone call than if it collects only the meta-data. At the same time, however, the Review Group noted that "the record of every telephone call an individual makes or receives over the course of several years can reveal an enormous amount about that individual's private life."

Quoting an opinion on a related issue by Supreme Court Justice Sonia Sotomayor, the Review Group pointed out that "telephone calling data can reveal 'a wealth of detail' about an individual's 'familial, political, professional, religious, and sexual associations.' It can reveal calls 'to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour-motel, the union meeting, the mosque, synagogue or church, the gay bar, and on and on.'"

Moreover, "knowing that the government has ready access to one's phone call records can seriously chill 'associational and expressive freedoms,' and knowing that the government is one flick of a switch away from such information can profoundly 'alter the relationship between citizen and government in a way that is inimical to society.' That knowledge can significantly undermine public trust, which is exceedingly important to the well-being of a free and open society." We therefore concluded that the limitation of the program only to telephone meta-data did not eliminate potentially serious concerns about individual privacy.

Finally, with respect to the government's fourth argument -- that the government's rigorous oversight of the program would prevent misuse of the data, the Review Group agreed that rigorous oversight was in place, but noted that "no system is perfect" and that there "is always a risk that the rules, however reasonable in theory, will not be followed in practice." Indeed, the Review Group observed that, despite careful safeguards, there had in the past been serious issues of unintentional noncompliance in the use of telephony meta-data program, issues that had had to be addressed -- quite sharply -- by the Foreign Intelligence Surveillance Court.

The Review Group pointed out that there are many different kinds of abuse. For example, an analyst with access to the information might decide "to query an innocent individual for any number of possible reasons, ranging from personal animosity to blackmail to political opposition." Even worse, "we cannot discount the risk, in light of the lessons of our own history, that at some point in the future, high-level government officials will decide" that this database "is there for the plucking." Americans, the Review Group observed, "must never make the mistake of wholly 'trusting' our public officials."

To underscore this point, the Review Group invoked the Report of the Church Committee, which noted more than 35 years ago, after reviewing the serious surveillance abuses of the 1960s and 1970s, that the "massive centralization of . . . information creates a temptation to use it for improper purposes, threatens to chill the exercise of First Amendment rights, and is inimical to the privacy of citizens."

In weighing all these considerations, the Review Group concluded that, even though the bulk telephony meta-data program might "make it easier for the government to protect the nation from terrorism," that in itself does not mean that it should be permitted. Noting that "every limitation on the government's ability to monitor our conduct makes it more difficult for the government to prevent bad things from happening," the Review Group emphasized that the ultimate "question is not whether granting the government authority makes us incrementally safer, but whether the additional safety is worth the sacrifice in terms of individual privacy, personal liberty, and public trust."

On that question, the Review Group concluded that, particularly in light of the availability of other means by which the government could achieve its objectives, "there is no sufficient justification for allowing the government to collect and store bulk telephony meta-data. We recommend that this program should be terminated as soon as reasonably practicable."

In my next post, I will spell out the "other means" by which the government can achieve its objectives, and I will also address the constitutionality of the telephony meta-data program, an issue that has come to fore in recent days as a result of two sharply conflicting judicial decisions on the issue.