One year ago, the Privacy and Civil Liberties Oversight Board (PCLOB) reviewed the National Security Agency’s bulk telephony metadata program and concluded the program was both illegal and imprudent as a policy matter. Under this program conducted pursuant to Section 215 of the USA PATRIOT Act, the NSA on a daily basis indiscriminately collects Americans’ calling records from telephone companies, including each call’s date and time, duration, and participating telephone numbers. This “metadata” does not include the contents of telephone conversations. The program is intended to enable the government to identify communications among known and unknown terrorism suspects. PCLOB recommended that the program be discontinued and that the government instead seek telephone call records directly from phone companies on a case-by-case basis where there is evidence of potential terrorist activity.
As a policy matter, President Obama agreed. While he has the authority to terminate the 215 program on his own, he asked Congress to pass legislation that would allow the government to request call records from telephone companies pursuant to individual court orders where there is a reasonable suspicion that the phone number being queried is associated with certain terrorist organizations. This legislation, the USA FREEDOM Act, stalled in the Senate last fall. But on February 3, the Administration renewed its call for passage, saying: “[t]his legislation not only satisfies the President’s requirements, but also responds to the recommendations from the Privacy and Civil Liberties Oversight Board . . . to end the bulk collection of telephony metadata records under Section 215 of USA PATRIOT Act.”
Last month, the National Research Council (NRC) of the National Academy of Sciences released a report in which it determined that "[t]here is no software technique that will fully substitute for bulk collection" of signals intelligence and, finding more drawbacks than benefits to having phone companies instead of the government hold call records, recommended focusing instead on use controls of collected information to address privacy concerns of people who are not the targets of surveillance.
The NRC’s conclusion about the relative merits of aggregated data pooling generally should not deter the President from terminating the 215 telephony metadata program on his own or Congress from passing the USA FREEDOM Act.
In its Section 215 report, PCLOB found that bulk collection of Americans’ phone call metadata was not effective in identifying terrorist plots or terrorists, concluding there was "little evidence that the unique capabilities provided by the NSA’s bulk collection of telephone records actually have yielded material counterterrorism results that could not have been achieved without the NSA’s Section 215 program." Balanced against this slim record of efficacy, the government’s collection of information about countless private interactions between people not suspected of any wrongdoing clearly risks chilling freedom of speech, association and religion, and as well as risking future data abuse by government officials. The NRC chose not to address this policy debate and also devoted little effort to considering alternatives to bulk collection that would be comparably effective and better protect privacy and civil liberties, acknowledging it "did not investigate the full range of alternatives that intelligence agencies could bring to bear."
Given our country’s tremendous technological capabilities and ingenuity, it would not seem an insurmountable challenge to develop a system that would permit the government to directly query a handful of telephone companies’ databases using specific search terms. Edward Felten, Princeton professor of computer science and director of its Center for Information Technology Policy, has noted that building software that would permit the search of billions of phone records, even when those records are stored by various phone companies in different ways, is "not rocket science." We can do more than throw up our hands. Todd Hinnen, a former acting assistant attorney general for national security, said as much last year: “The United States has the best technologists and innovators in the world. I’m confident that if the intelligence community focuses on it and works with companies in the private sector, they can solve [the telephone records search] problem.”
Abandoning indiscriminate bulk collection in favor of targeted queries to individual telephone companies based on individualized suspicion is not only more privacy protective but better for national security. It turns out that the 215 program now only collects a small percentage of the total telephone records held by telephone companies. According to General Michael Hayden, former director of the NSA, by going to the telephone companies, the USA FREEDOM Act would give the NSA the capacity "to query the data in an exhaustive way, not that one third they've formerly gotten."
Why continue the 215 program when it lacks a valid legal foundation, raises serious and potentially constitutional threats to privacy and civil liberties, and has proven to be ineffective? Especially when an option is available that would better protect national security and better protect privacy and civil liberties? The NRC study should not impede Congress from passing the USA FREEDOM Act or President Obama from exercising his authority to end the government's bulk collection of citizens’ telephone records.
David Medine is the Chairman of the Privacy and Civil Liberties Oversight Board. Previously, Mr. Medine was an Attorney Fellow for the Security and Exchange Commission and a Special Counsel at the Consumer Financial Protection Bureau. From 2002 to 2012, he was a partner in the law firm WilmerHale, having previously served as a Senior Advisor to the White House National Economic Council from 2000 to 2001. From 1992 to 2000, Mr. Medine was the Associate Director for Financial Practices at the Federal Trade Commission. Follow him on Twitter @DavidMedine.