Senators’ Questionable Claims about NSA Bulk Collection

On May 7th, 2015, the Second Circuit issued a ruling that declared the NSA’s bulk collection of Americans’ phone records was clearly unlawful under the Section 215 of the PATRIOT Act. The ruling provided another boost to supporters of surveillance reform and the backers of the USA FREEDOM Act. Hours after the ruling came down, several U.S. Senators – Mitch McConnell, Richard Burr, Tom Cotton, Jeff Sessions, and Marco Rubio – took to the Senate Floor to forcefully defend the NSA’s bulk collection program. The Senators made some statements that merit a second look, and serious skepticism. Claim 1: The NSA’s bulk collection of Americans’ phone records is essential to national security. “Under consideration in the House and proposed in the Senate is the so-called USA FREEDOM Act, which will eliminate the essential intelligence this program collects.” – Senator Tom Cotton The weight of public evidence contradicts this claim, based on statements from experts with access to classified intelligence.

*  The Attorney General and the Director of National Intelligence stated that the USA FREEDOM Act of 2014 – which is generally identical to or less restrictive of surveillance than the 2015 bill – “preserves essential Intelligence Community capabilities” though the bill “bans bulk collection under a variety of authorities."

*  The President’s Review Group noted in 2014 that the bulk collection program yielded information that was “not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.”

*  The Privacy and Civil Liberties Oversight Board stated in 2014: “Based on the information provided to the Board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.”

*  Senators Wyden, Heinrich, and Udall said in 2013 “[We] have reviewed this surveillance extensively and have seen no evidence that the bulk collection of Americans’ phone records has provided any intelligence of value that could not have been gathered through less intrusive means.”

It’s important not to conflate the value of Sec. 215 overall with the effectiveness of the use of Section 215 for bulk collection. Sec. 215 can be used for targeted – not just bulk – data collection. The USA FREEDOM Act ends nationwide bulk collection under Sec. 215, but preserves the government’s ability to use Sec. 215 for more targeted collection. What is at stake with USA FREEDOM is not Sec. 215 itself, but its continued use for bulk domestic surveillance. Claim 2: The bulk collection program could have stopped 9/11. “Here is the truth. If this program had existed before 9/11, it is quite possible we would have known that 9/11 hijacker Khalid Al Mihdhar was living in San Diego and was making phone calls to an Al Qaeda safe house in Yemen.” – Senator Marco Rubio A bulk collection program was not necessary to find Al Mihdhar prior to 9/11. As the PCLOB report details, the NSA had already begun intercepting calls to and from the safe house in Yemen in the late 1990s. Since the government knew the number of the safe house, and Al Mihdhar was calling that number, it would only be necessary to collect the phone records of the safe house to discover Al Mihdhar in San Diego. This is, in fact, an example of how targeted surveillance would have been more effective than bulk collection. The 9/11 Commission Report and other sources note that the CIA was aware of Mihdhar well before the attack and missed multiple opportunities to deny him entry to the U.S. or intensify their surveillance of him. Claim 3: Bulk collection of phone records is the same as a subpoena. “This is the way the system works and has worked for the last 50 years--40 years at least. A crime occurs. A prosecutor or the DEA agent investigates. They issue a subpoena to the local phone company that has these telephone toll records--the same thing you get in the mail--and they send them in response to the subpoena.” – Senator Jeff Sessions The Second Circuit opinion, which held that the bulk collection program is unlawful, included a lengthy comparison of subpoenas and the bulk collection program. The bulk collection program encompasses a vastly larger quantity of records than could be obtained with a subpoena. The Second Circuit notes that subpoenas typically seek records of particular individuals or entities during particular time periods, but the government claims Sec. 215 provides authority to collect records connected to everyone – on an “ongoing daily basis” – for an indefinite period extending into the future. Claim 4: The government is only analyzing a few phone records. “The next time that any politician--Senator, Congressman--talking head, whoever it may be, stands up and says ``The U.S. Government is […] going through your phone records,'' they are lying. It is not true, except for some very isolated instances--in the hundreds--of individuals for whom there is reasonable suspicion that they could have links to terrorism.” – Senator Marco Rubio The NSA’s telephony bulk collection program collects the phone records of millions of Americans with no connection to a crime or terrorism. These records are stored with the NSA and they are analyzed scores of times each year when the NSA queries the numbers’ connection to the phone numbers of suspects. Moreover, until 2014, when the NSA suspected a phone number was connected to terrorism, the NSA analyzed the phone records “three hops” out – querying those who called those who called those who called the original suspect number. As a result, the PCLOB estimated, a single query could subject the full calling records of over 420,000 phone numbers to deeper scrutiny. In 2014, the President limited the query to “two hops” – though this can still encompass the full call records of thousands of phone numbers. The USA FREEDOM Act (Sec. 101) would authorize the government to obtain “two hops” worth of call records from telecom companies. Claim 5: The USA FREEDOM Act threatens privacy by leaving phone records with telecom companies. “[T]he opponents of America's counterterror programs would rather trust telecommunication companies to hold this data and search it on behalf of our government. […] In addition to making us less safe, the USA FREEDOM Act would make our privacy less secure.” – Senator Mitch McConnell The telecom companies already have the phone records since the records are created in the normal course of their business. The USA FREEDOM Act does not shift control of data from NSA to telecoms; the bill limits the volume of what the government can collect from companies with a single 215 order. Keeping the records with the phone companies, as the USA FREEDOM Act would require, does not create a new privacy intrusion, or, according to the public record, pose new security risks. In contrast, it is highly intrusive for the government to demand companies provide a copy of the communication records of millions of Americans on a daily basis to a secretive military intelligence agency for data mining. One last important point: The discussion on the Senate Floor centered exclusively on the bulk collection of phone records. However, the debate and the legislation before Congress are not just about one telephony metadata program. The debate is over whether the government should have the authority to collect a variety of records in bulk under the PATRIOT Act. The government has claimed that its bulk collection authority extends to any type of record that can reveal hidden relationships among individuals – which could include phone call, email, cell phone location, and financial transaction records. Framing the issue in terms of phone records makes the problem seem much smaller than it is, especially as our society moves into a technology-enabled future where each individual will create much more metadata and digital records than the present. The stakes are high.

***

Harley Geiger is Advocacy Director and Senior Counsel at the Center for Democracy & Technology (CDT). He works on issues related to civil liberties and government surveillance, computer crime, and cybersecurity. From 2012-2014, Harley served as Senior Legislative Counsel for U.S. Representative Zoe Lofgren of California. There he was the lead staffer for technology and Internet issues, and was instrumental in helping develop Rep. Lofgren’s Internet freedom agenda, including legislation to reform the Foreign Intelligence Surveillance Act, ECPA, the Computer Fraud and Abuse Act, and copyright laws. Harley worked at CDT from 2008-2012 as Staff Attorney and Senior Policy Counsel, focusing on surveillance, consumer privacy, health information technology, and data security.