When the Verizon telephony metadata issue first broke, I posed the following question about the government's legal position:
Because we have only the order itself, not the application that underlies it, we don’t know the government’s exact legal theory here. But I have a hard time imagining the application that could have produced it without authorizing programmatic collection of just about any data for any investigative purpose at all. Section 215, codified in law as 50 U.S.C. § 1861, allows the government to apply to the FISA court for an order for production “of any tangible things . . . for an investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities. . . .” To acquire such an order, the government does not have to do much—just as it doesn’t have to do much in a criminal investigation: It merely has to offer, in pertinent part, “a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation . . . to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.”
So presumably, the theory would have to be that the “tangible things” here are the giant ongoing flood of data from the telecommunications companies and that they are “relevant to an authorized investigation,” perhaps of Al Qaeda, “to protect against international terrorism.” That reading seems oddly consistent with the statutory text, which may be why the intelligence committee leadership seems so comfortable with the program.
But that still leaves the question of how it’s possible to regard metadata about all calls to and from a Dominos Pizza in Peoria, Illinois or all calls over a three month period between two small businesses in Juneau, Alaska as “relevant” to an investigation to protect against terrorism. I think the only possible answer to this question is that a dataset of this size could be “relevant” because there are ways of analyzing big datasets algorithmically to yield all kinds of interesting things—but only if the dataset is known to include all of the possibly-relevant material. The individual data may not be relevant, but the dataset or data stream is relevant because it is complete—and therefore is sure to include any communications by whomever we turn out to be concerned about.
But here’s the problem: if that constitutes relevance for purposes of Section 215 then isn’t all data relevant to all investigations? Grand jury subpoenas, after all, issue on the basis of relevance too—albeit relevance to a criminal investigation. Why couldn’t the FBI obtain all domestic metadata on the theory that some sort of data-mining would be useful in a mob investigation—and that a complete dataset is therefore “relevant” to it?
The government has now publicly answered this question---in a letter from the Justice Department's Office of Legislative Affairs to Rep. James Sensenbrenner. The explanation is interesting and valuable, and it contains some important clarifications. It's worth highlighting exactly what the department is arguing.
First, the department argues, unlike with respect to normal acquisition of data under a relevance standard, there is actually a two-tiered, layered access to metadata in this program. There is the acquisition itself, but there is also a series of internal controls over who can see the data and under what circumstances, controls imposed by the terms of the FISA Court's order:
In other words, the Justice Department is arguing that the point of relevance is not the dataset as a whole but the individual points of data revealed after the database has been queried. This may be a compelling argument for access to the dataset as a policy matter, but it is plainly inadequate as a legal matter. The "tangible thing" being produced under the order is not, after all, the individual items of data yielded after the database is queried. It is the database itself, and under Section 215 as it currently stands, that should be the item that has to be relevant to the investigation. So why is the dataset relevant?
To answer this question, the department goes a second step, arguing that the entire dataset is relevant because the telephone companies wouldn't maintain it on their own---and therefore, the individually-relevant items would not be available were the NSA to fail to preserve the whole thing:
In other words, the dataset is relevant as a whole, in the government's view, because parts of it are relevant---the only parts humans ever see---and those parts would not be available to investigators and analysts if the entire dataset were not preserved and placed in a form they could query.
I suspect a lot of people will disagree with this reading of Section 215. For what it's worth, my own view is that the government's policy position here is an entirely reasonable one, but the collection should probably take place under a statute that fits it better. It seems like a weird graft onto 215 to me---one that could have broader consequences for the concept of relevance. That is, there is nothing legally that would preclude the government from setting up a similar program to investigate mob or drug cases. The legal argument here is not specific to national security, after all. The principle that the whole is relevant because its parts are relevant and the parts wouldn't be available if the whole were not maintained---and won't be maintained if it's not produced---is a generalizable one.