INTRODUCTION I. BULK COLLECTION IN THE CONTEXT OF FISA'S GENERAL APPROACH A. Prior Domestic Surveillance 1. NSA Programs a. Project MINARET b. Operation SHAMROCK 2. Broader Context B. Protections Built into FISA 1. Entity Targeted Prior to Acquisition 2. Probable Cause and Showing of Criminal Wrongdoing Prior to Collection 3. Minimization Procedures for Acquisition and Retention 4. Establishment of the Foreign Intelligence Surveillance Court and Court of Review C. Subsequent Amendment 1. Physical Search, Pen-Trap 2. Business Records, Tangible Goods, and Section 215 D. Broad Surveillance in Place of Particularization 1. Wholesale Collection of Information 2. Absence of Prior Targeting 3. No Higher Threshold for U.S. Persons E. Role of the Foreign Intelligence Surveillance Court 1. Reliance on NS A to Ascertain Reasonable, Articulable Suspicion a. Failure to Report Initial Noncompliance b. Further Noncompliance c. FISC Response d. Technological Gap 2. Issuance of Detailed Legal Reasoning and Creation of Precedent 3. Judicial Design a. Appointments b. Order Rate II. Bulk Collection and FISA's Statutory Provisions A. "Relevant to an Authorized Investigation 1. Relevance Standard 2. Connection to "an Authorized Investigation a. Collection of the Information b. Specificity c. Future Authorized Investigations B. Subpoena Duces Tecum 1. Fishing Expeditions 2. Specificity 3. Past Crimes 4. March 2009 FISC Opinion C. Evisceration of Pen-Trap Provisions D. Potential Violation of Other Provisions of Criminal Law III. Constitutional Considerations A. The Problem with Smith v. Maryland B. More Intrusive Technologies and Their Impact on Privacy C. Judicial Tension: Trespass and Katz's Reasonable Expectation of Privacy 1. The Prohibition on General Warrants 2. Search of Metadata and the Reasonable Expectation of Privacy D. The Proverbial Needle in the Haystack IV. Conclusion INTRODUCTION
On May 24, 2006, the Foreign Intelligence Surveillance Court (FISC) approved an FBI application for an order, pursuant to 50 U.S.C. [section] 1861, requiring Verizon to turn over all telephony metadata to the National Security Agency. (1) The Court subsequently approved similar applications for all major U.S. telecommunication service providers. Over the next seven years, FISC issued orders renewing the bulk collection program thirty-four times. (2) Almost all of the information obtained related to the activities of law-abiding persons who were not the subjects of any investigation. (3)
This program remained secret until mid-2013, when a combination of leaks by Edward Snowden, a former National Security Agency (NSA) employee, and Freedom of Information Act litigation launched by the Electronic Frontier Foundation, forced key documents into the public domain. (4) In response, the Obama Administration issued statements, fact sheets, redacted FISC opinions, and even a White Paper, acknowledging the existence of the program and arguing that it is both legal and constitutional. (5)
According to these documents, the purpose of the telephony metadata program is to collect information related to counterterrorism efforts and foreign intelligence. (6) These data include all communications routing information, including (but not limited to) session identifying information (for example, originating and terminating telephone number, identity of the communications device, etc.), trunk identifier, and time and duration of the call. (7) The metadata collected as part of this program does not include the substantive content of communications, nor does it include subscribers' names, addresses, or financial information. (8)
Although many of the details about the telephony metadata program remain classified, from what has been made public by the government, it appears that the NSA takes all information obtained and feeds it into a bulk data set, which is then queried with an "identifier," referred to as a "seed." (9) The NSA uses both international and domestic identifiers. (10) FISC requires that the NSA establish a "reasonable, articulable suspicion" that a seed identifier used to query the data is linked to a foreign terrorist organization before running it against the bulk data. Once obtained, information responsive to the query can be further mined for information. The NSA can analyze the data to ascertain second-and third-tier contacts, in steps known as "hops." (11)
As a practical matter, the NSA interprets the primary order as authorizing the agency to retrieve information as many as three tiers away from the initial identifier. (12) The government refers to this process as "automated chaining." (13) These results can then be further queried for "foreign intelligence purposes." (14) In some cases, this information can then be forwarded to the FBI for further investigation, including using the information for an application for an electronic intercept order under Title I of the Foreign Intelligence Surveillance Act. (15) On at least three occasions, the government has obtained authorization to expand the telephone identifiers that the NSA could query. (16)
Since the advent of the program FISC has acknowledged "that the vast majority of the call-detail records provided are expected to concern communications that are (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls." (17) The rationale behind collecting this information is that:
International terrorist organizations and their agents use the international telephone system to communicate with one another between numerous countries all over the world, including to and from the United States. In addition, when they are located inside the United States, terrorist operatives make domestic U.S. telephone calls. The most analytically significant terrorist-related communications are those with one end in the United States or those that are purely domestic, because those communications are particularly likely to identify suspects in the United States--whose activities may include planning attacks against the homeland. (18) The program is thus designed to obtain foreign intelligence and to protect against international terrorist threats both in the United States and overseas. Under the Foreign Intelligence Surveillance Act (FISA), which governs the program, the data obtained is understood as "presumptively relevant to an authorized investigation" where the government can establish that the information pertains to (a) a foreign power or an agent of a foreign power, (b) the activities of a suspected agent of a foreign power who is the subject of such authorized investigation, or (c) an individual in contact with, or known to, a suspected agent of a foreign power who is the subject of an authorized investigation. (19)
However important the purpose, the National Security Agency's bulk collection of telephony metadata embodies precisely what Congress sought to avoid by enacting the 1978 Foreign Intelligence Surveillance Act in the first place. In so doing, the program violates the spirit, as well as the letter, of the law. It also gives rise to troubling constitutional concerns.
Part I of this Article begins by pointing out that the reason Congress introduced FISA was to make use of new technologies and to enable the intelligence community to obtain information vital to U.S. national security, while preventing the NS A and other federal intelligence-gathering entities from engaging in broad domestic surveillance. The legislature sought to prevent a recurrence of the abuses of the 1960s and 1970s that accompanied both the Cold War and the rapid expansion of communications technologies.
Congress accordingly circumscribed the NSA's authorities by limiting them to foreign intelligence gathering. It required that the target be a foreign power or an agent thereof, insisted that such claims be supported by probable cause, and heightened the protections afforded to the domestic collection of U.S. citizens' information. Initially focused on electronic surveillance, FISA expanded over time to incorporate physical searches, pen registers and trap and trace, and searches of business records and tangible goods. The NSA program reflects neither the particularization required by Congress prior to acquisition of information, nor the role Congress anticipated for FISC and the Foreign Intelligence Surveillance Court of Review (FISCR).
The bulk collection program, moreover, as pointed out in Part II of this Article, violates the statutory language in three important ways: (1) it fails to satisfy the requirement that records sought be "relevant to an authorized investigation;" (2) it fails to satisfy the statutory provision that requires that information sought also could be obtained via subpoena duces tecum; and (3) it bypasses the statutory framing for pen registers and trap and trace devices.
Part III of this Article suggests that the bulk collection of U.S. citizens' metadata also gives rise to serious constitutional concerns. Efforts by the government to save the program on grounds of third party doctrine are unpersuasive in light of the unique circumstances of Smith v. Maryland and the significant privacy invasions resulting from the universal use of pen registers and trap and trace devices, the evolution of social norms, and the advent of new technologies. In addition, the role of compulsion with regard to the FISC orders (in contrast to the consent of the telephone company in 1979) implicates the Fourth Amendment.
Further examining the Supreme Court's jurisprudence, Part III goes on to note that over the past decade, tension has emerged between the view that new technologies should be considered from the perspective of trespass doctrine and the view that Katz's reasonable expectation of privacy test should apply. Cases involving, for instance, GPS chips, thermal scanners, and highly-trained dogs divide along these lines. Regardless of which approach one...