Surveillance: NSA Warrantless Wiretapping

Will Anyone Care About the Postal Service's Metadata Program

By Benjamin Wittes
Tuesday, October 28, 2014, 8:38 AM

I'm very interested to watch how the political system responds to this New York Times story about the U.S. Postal's Service very old, sort-of-bulk metadata program. The Times reports:

In a rare public accounting of its mass surveillance program, the United States Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations.

The story goes on to clarify that this is not 50,000 requests to open people's mail. These are what are called "mail covers"---which is basically an ongoing accounting of what is on the outside of the envelopes going to someone's mailbox. It is, in other words, a metadata program. As the Times describes it:

At the request of state or federal law enforcement agencies or the Postal Inspection Service, postal workers record names, return addresses and any other information from the outside of letters and packages before they are delivered to a person’s home.

Law enforcement officials say this deceptively old-fashioned method of collecting data provides a wealth of information about the businesses and associates of their targets, and can lead to bank and property records and even accomplices. (Opening the mail requires a warrant.)

It's a metadata program that has a few big differences from the NSA's highly controversial bulk telephony metadata program---and these differences that don't all cut the same direction.

First off, the program is old, very old. Mail covers have been going on since the 19th Century. This has no legal significance but it may be optically significant.

Second, mail covers are done on the basis of individual suspicion; while the numbers are big, the Postal Service is not seeking to acquire all metadata on everyone, the way NSA is. It only collects when (as the regulation specifies):

(2) When a written request is received from any law enforcement agency in which the requesting authority specifies the reasonable grounds to demonstrate the mail cover is necessary to:
(i) Protect the national security,
(ii) Locate a fugitive,
(iii) Obtain information regarding the commission or attempted commission of a crime, or
(iv) Assist in the identification of property, proceeds or assets forfeitable because of a violation of criminal law.

On the other hand, third, the numbers are huge. NSA collects all telephony metadata---or seeks to, at least---but the number of initial queries of that data is tiny, a few hundred a year. The Postal Service, by contrast, is collecting metadata on tens of thousands of people in the United States.

Fourth, mail covers are not subject to judicial review. As the above language suggests, they proceed on the basis of a request from a law enforcement agency to the Postal Service. Nothing more.

Fifth, as the Times story reflects and in sharp contrast to the NSA metadata program, this program does not appear to be especially well or carefully run:

The audit found that in many cases the Postal Service approved requests to monitor an individual’s mail without adequately describing the reason or having proper written authorization.

In addition to raising privacy concerns, the audit questioned the efficiency and accuracy of the Postal Service in handling the requests. Many requests were not processed in time, the audit said, and computer errors caused the same tracking number to be assigned to different surveillance requests.

“Insufficient controls could hinder the Postal Inspection Service’s ability to conduct effective investigations, lead to public concerns over privacy of mail and harm the Postal Service’s brand,” the audit concluded.

What's more, sixth, as the Times story also reflects, it's apparently not too difficult to find examples of political abuse:

In Arizona in 2011, Mary Rose Wilcox, a Maricopa County supervisor, discovered that her mail was being monitored by the county’s sheriff, Joe Arpaio. Ms. Wilcox had been a frequent critic of Mr. Arpaio, objecting to what she considered the targeting of Hispanics in his immigration sweeps.

The Postal Service had granted an earlier request from Mr. Arpaio and Andrew Thomas, who was then the county attorney, to track Ms. Wilcox’s personal and business mail.

Using information gleaned from letters and packages sent to Ms. Wilcox and her husband, Mr. Arpaio and Mr. Thomas obtained warrants for banking and other information about two restaurants the couple owned. The sheriff’s office also raided a company that hired Ms. Wilcox to provide concessions at the local airport.

“We lost the contract we had for the concession at the airport, and the investigation into our business scared people away from our restaurants,” Ms. Wilcox said in an interview. “I don’t blame the Postal Service, but you shouldn’t be able to just use these mail covers to go on a fishing expedition. There needs to be more control.”

She sued the county, was awarded nearly $1 million in a settlement in 2011 and received the money this June when the Ninth Circuit Court of Appeals upheld the ruling. Mr. Thomas, the former county attorney, was disbarred for his role in investigations into the business dealings of Ms. Wilcox and other officials and for other unprofessional conduct. The Maricopa County Sheriff’s Office declined to comment on Mr. Arpaio’s use of mail covers in the investigation of Ms. Wilcox.

All of this raises the question: Will this program generate the sort of outrage, legal challenge, and feverish energy for legislative reform that the NSA program has? Or will it fall flat?

I have this feeling that the answer is the latter: The Postal Service's looking at the outside of letters at the request of law enforcement just won't have the same legs as does the big bad NSA looking at the routing information for telephone calls. The reason, I suspect, is not that there are profound legal differences between the two programs. Yes, one can certainly argue that the difference between a program that aspires to be totalizing and one that is notionally targeted, even if very large, is fundamental enough to justify regarding the former with great skepticism and tolerating the latter with a shrug. On the other hand, one could just as easily argue that a program that involves the active perusal of tens of thousands of people's metadata without strict controls is far more threatening than one that involves tight procedures under judicial oversight and involves initial queries of only a few hundred people's data.

The reason, I suspect, that this program will not excite the same sorts of passions as does the NSA's program is that it involves old technology---paper---and it's been going on for a long time. And we all have a certain comfort level with the idea that the Postal Service looks at the outside of our mail to deliver it and we thus don't feel a special expectation of privacy in the information on the outside of the envelope. In other words, it's just mail. Most of it is junk anyway. So we shrug.

I'll be fascinated to see if this gut instinct proves right or wrong.