Bulk metadata collection: statutory and constitutional considerations.

Author:Donohue, Laura K.
Position:I. Bulk Collection in the Context of FISA's General Approach D. Broad Surveillance in Place of Particularization 2. Absence of Prior Targeting into II. Bulk Collection and FISA's Statutory Provisions B. Subpoena Duces Tecum, p. 805-852
  1. Absence of Prior Targeting

    The government has indicated that the information obtained from this program is important because, "by analyzing it, the Government can determine whether known or suspected terrorist operatives have been in contact with other persons who may be engaged in terrorist activities, including persons and activities within the United States." (220) The government sees the enormous number of records as central to the success of the program. (221) Once the records are obtained--once the "haystack" is created--the government can then go about finding out who the threats are--the proverbial needles in the haystack. (222)

    This process is backwards. The whole point of FISA is for the government to first identify the target, and then to use this identification to obtain information. In contrast, the government is now arguing that it can obtain information as a way of figuring out who the targets should be. This directly contradicts FISA's design.

  2. No Higher Threshold for U.S. Persons

    In addition, as detailed above, there are myriad ways in which FISA creates extra protections for U.S. persons. In light of the historical context, the reason for this is clear. The statute arose from revelations about the cavalier manner in which the intelligence agencies were treating Americans' right to privacy. New protections thus centered on creating higher standards for targeting U.S. persons, as well as for later analysis and dissemination of U.S. persons' information.

    Outside of minimization procedures relating to the downstream manipulation and dissemination of information, however, the telephony metadata program does not recognize a higher protection for U.S. persons at the moment of data acquisition. The failure to create higher standards thus runs counter to the approach Congress adopted in passing FISA.

    E. Role of the Foreign Intelligence Surveillance Court

    In at least three important ways, FISC no longer serves the purpose for which it was designed. First, Congress created the court to determine whether the executive branch had met its burden of demonstrating that there was sufficient evidence to target individuals within the United States, prior to collection of such information. The telephony metadata program demonstrates that FISC has abdicated this responsibility to the executive branch generally, and to the NSA in particular. Continued noncompliance underscores concern about relying on the intelligence community to protect the Fourth Amendment rights of U.S. persons.

    Second, Congress did not envision a lawmaking role for FISC. Its decisions were not to serve as precedent, and FISC was not to offer lengthy legal analyses, crafting in the process, for instance, exceptions to the Fourth Amendment warrant requirement or defenses of wholesale surveillance programs.

    Third, questions have recently been raised about the extent to which FISC can fulfill the role of being a neutral, disinterested magistrate. Congress went to great lengths, for instance, to try to ensure diversity on the court. To the extent that the appointments process implies an ideological predilection, at a minimum, it is worth noting that almost all of the judges who serve on FISC and FISCR are Republican appointees. The rate of applications being granted, in conjunction with the in camera and ex parte nature of the proceedings, also raises questions about the extent to which FISC serves as an effective check on the executive branch. The lack of technical expertise of those on the court further introduces questions about the judges' ability to understand how the authorities they are extending to the NSA are being used.

  3. Reliance on NSA to Ascertain Reasonable, Articulable Suspicion

    In 1978 Congress created FISC to serve as a neutral, disinterested observer. In this capacity, one of its principal responsibilities was to ascertain whether the government had demonstrated probable cause that individuals to be targeted under FISA were foreign powers or agents thereof, and likely to use the facilities to be placed under surveillance. As was previously discussed, consistent with this approach, in 1998 Congress introduced the business records provision, requiring in the process that the government submit a statement of "specific and articulable facts" to the court in support of its application. Although the showing was eliminated in 2001, four years later Congress re-introduced a requirement that the government submit a statement of facts establishing "reasonable grounds to believe that the tangible things" to be obtained are "relevant to an authorized investigation." This language puts the court in the position of verifying whether the government has met its burden of proof prior to intelligence collection. The court, however, no longer serves in this function.

    To the contrary, FISC's primary order authorizing the collection of telephony metadata required that designated NSA officials make a finding that there is "reasonable, articulable suspicion" (RAS) that a seed identifier proposed for query is associated with a particular foreign terrorist organization prior to its use. It is thus left to the executive branch to determine whether the executive branch has sufficient evidence to place individuals or entities under surveillance.

    The dangers associated with the court removing itself from the process are clear. Documents recently released under court orders in a related FOIA case establish that for nearly three years, the NSA did not follow these procedures (223)--even though numerous NSA officials were aware of the violation. (224) Noncompliance incidents have continued. Collectively, these incidents raise serious question as to whether FISC is performing the functions for which it was designed.

    1. Failure to Report Initial Noncompliance

      Although the NSA had been contravening the order since May 2006, it was not until early 2009, when representatives of the Department of Justice met with NSA representatives to be briefed on the NSA's handling of the telephony metadata, that the illegal behavior was brought to FISC's attention. (225) President Barack Obama took office on January 20, 2009; it appears that recognition of the noncompliance occurred during the transition. During the briefing and in subsequent discussions, DOJ representatives inquired about the alert process. Learning of the process being used, DOJ personnel expressed concern that the program had been misrepresented to FISC. (226) The NSA had been using identifiers employed to collect information under Executive Order 12,333--not FISA--to search the telephony database. (227) This meant that the standards applying to foreigners were used in relation to U.S. persons.

      The DOJ informed FISC within a week of the meeting that the government had been querying the business records in a manner that contravened both the original order and sworn statements of several executive branch officials. (228) FISC was not amused. Judge Reggie Walton expressed concern "about what appears to be a flagrant violation of its Order in this matter." (229) The NSA had repeatedly misled FISC in its handling of the database. (230) FISC immediately issued an order, directing the NSA to comprehensively review the agency's handling of telephony metadata. (231) It gave the government until February 17, 2009 to file a brief to defend its actions and to help FISC to determine whether further action should be taken against the government or its representatives. (232)

      The NSA initially admitted only "that NSA's descriptions to [FISC] of the alert list process ... were inaccurate and that the Business Records Order did not provide the Government with authority to employ the alert list in the manner in which it did." (233) It further acknowledged, "the majority of telephone identifiers compared against the incoming BR metadata in the rebuilt alert list were not RAS-approved." (234) The actual numbers, reported to FISC in February 2009, were staggering: as of January 15, 2009, "only 1,935 of the 17,835 identifiers on the alert list were RAS-approved." (235)

      It was not that the NS A was unaware of the requirements established by the statute and by FISC. The Attorney General had, consistent with the primary order, established minimization procedures, among which was the following:

      Any search or analysis of the data archive shall occur only after a particular known telephone number has been associated with [REDACTED] More specifically, access to the archived data shall occur only when NSA has identified a known telephone number for which, based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the telephone number is associated with [REDACTED] organization; provided, however, that a telephone number believed to be used by a U.S. person shall not be regarded as associated with [REDACTED] solely on the basis of activities that are protected by the First Amendment to the Constitution. (236) Nevertheless, apparently, neither the Signals Intelligence Directorate nor the Office of the General Counsel had caught the fact that nearly ninety percent of the queries to the bulk dataset had been illegal. (237) Nor had they realized that their reports to FISC claiming that only RAS-approved numbers were being run against the bulk metadata were false. (238)

      Meanwhile, the NSA had disseminated 275 reports to the FBI as a result of contact chaining and queries of NSA's archive of telephony metadata. (239) Thirty-one of these had resulted directly from the automated alert process. (240) In a careful use of language, the government noted, "NSA did not identify any report that resulted from the use of a non-RAS-approved 'seed' identifier." (241) The government did not detail how complete the NS A had been in considering the reports; nor did it claim that none of the reports had resulted from...

To continue reading