Thoughts on Two Propositions: The “Power of Metadata,” and Providing Privacy Protections to Foreigners

Last month, I had the privilege of participating in three different forums on the Snowden leaks and congressional considerations of reforming the Foreign Intelligence Surveillance Act (FISA): a hearing before the Senate Judiciary Committee, Continued Oversight of the Foreign Intelligence Surveillance Act  on October 2nd; a panel sponsored by the New York Institute for the Humanities at NYU and the Brennan Center for Justice at NYU Law School, The State of Surveillance: Legal, Cultural and Technological Perspectives, on October 23rd; and a briefing sponsored by the Congressional Internet Caucus, The NSA Internet Surveillance System: Who Has Oversight and How Transparent is the Program?, on October 25th. In these conversations, as well as in others that have taken place recently in and around town, two lines of argument in favor of restricting current surveillance activities appear to be gaining favor. One argument, directed at the 215 program, is what I’ll call the “power of metadata” argument. The second argument, directed at NSA foreign intelligence collection more generally, and raised most recently in a Lawfare/Just Security exchange between Ben and my Georgetown Law colleague David Cole, is that a new surveillance regime perhaps could be developed that protects foreign persons’ fundamental human right to privacy. As Members of Congress consider proposals to reform FISA, a few thoughts on each of these two arguments: First, the “power of metadata.” The argument goes something like this: metadata, that is, the information about our communications (such as dialed digits or other identifiers), can be assembled and analyzed in a way that it previously could not, both due to the way that data is communicated, retained and collected, as well as through tools that are now available to analyze it. Therefore, the argument goes, if the government collects large volumes of Americans’ metadata, and then assembles, maps and/or analyzes that information, the government could learn an awful lot about a person, or a group of persons, simply by looking at metadata. Accordingly, metadata is a very powerful tool and there should be limits on the government’s collection and use of it. (An extended discussion of this argument is contained in Princeton Professor Edward Felton’s written statement for the record before the Senate Judiciary Committee.) Fair enough. I certainly would not argue with this general proposition, and, in fact, agree that it would be, if not unlawful, certainly very creepy for the government to assemble large maps of Americans’ metadata and all that that would reveal. The problem with this argument made in the context of the debate concerning the current NSA surveillance activities under FISA, and the 215 program in particular, is that the worrisome assemblage of Americans’ metadata bears no relation to the existing 215 program. And therefore it is somewhat misleading to warn off lawmakers from allowing the 215 program to continue on the power of metadata argument. To recap: the bulk telephony metadata program under section 215 collects a large swath of Americans’ telephone call detail records. The records are collected under FISA Court order that requires that the data acquired under this program: (i) only be used for counterterrorism purposes; (ii) only be queried by trained, designated personnel and that the queries themselves are approved by a smaller number of designated supervisory personnel; (iii) only be queried according to standards set out in the order; (iv) be destroyed within five years of collection; and (v) be subject to additional handling and processing procedures as directed by the FISC in its order. (See, for example, Judge Mary McLaughlin’s October 18, 2013 opinion and order.) The Court has said that without these and additional limits in place, the Court would not have approved the program. (See Judge Claire Eagan’s August 29, 2013 opinion at p.11]. In short, without taking on all the various arguments about the 215 program here, it is worth at least distinguishing the confines of this program with the larger concerns presented by the power of metadata argument. Second, affording privacy protections to foreigners. The Snowden leaks have apparently put both specific collection programs, as well as, more recently, targeting details about NSA’s foreign intelligence collection relevant to foreign affairs, in the spotlight. As a result, this public display of how the intelligence business works has prompted advocacy in favor of redesigning signals intelligence activities in a way that recognizes a fundamental human right to privacy. One suggestion is that FISA’s traditional probable cause requirements could, perhaps, be applied to foreigners. Turns out it does not require much imagination at all to picture how at least one configuration of this proposal might function. Trouble is, we already ran that play. And there are good reasons why Congress tore it out of the playbook a few years ago. The reasons are on the public record, but in short, the government had found itself in a position where it was seeking individual probable cause-based orders from the FISC to target terrorists overseas. Two parallel processes caused this to happen. The first was described in a written statement for the record by the Director of National Intelligence before the Senate Judiciary Committee on September 25, 2007:

…[P]rior to Congress passing the Protect America Act last month, in a significant number of cases, IC agencies were required to make a showing of probable cause in order to target for surveillance the communications of a foreign intelligence target located overseas. Then, they needed to explain that probable cause finding in documentation, and obtain approval of the FISA Court to collect against a foreign terrorist located in a foreign country. Frequently, although not always, that person's communications were with another foreign person located overseas. In such cases, prior to the Protect America Act, FISA’s requirement to obtain a court order, based on a showing of probable cause, slowed, and in some cases prevented altogether, the Government's ability to collect foreign intelligence information, without serving any substantial privacy or civil liberties interests. (DNI Statement, p.6-7)

In a separate but somewhat related chain of events and as described in the Senate Select Committee on Intelligence’s Report of October 26, 2007, in January 2007, the Attorney General announced that collection that had previously been conducted under the Terrorist Surveillance Program had transitioned to collection authorized by the FISC. The FISC’s authorization was based on findings that “’there is probable cause to believe that one of the communicants is a member or agent of al Qaeda or an associated terrorist group.’” (SSCI report p.5). According to the SSCI report, Congress subsequently received the Administration’s proposal to modernize FISA in April 2007. The report went on to state:

The Administration’s proposal for FISA modernization was comprehensive, and had been coordinated within the Department of Justice and the intelligence community. At the end of May 2007, however, attention was drawn to the FISA Court. When a second judge of the FISA Court considered renewal of the January 2007 FISA orders, he issued a ruling that the DNI later described as significantly diverting NSA analysts from their counterterrorism mission to provide information from the Court. In late July, the DNI informed Congress that the decision of the second FISA Court judge had led to the degraded capabilities in the face of a heightened terrorist threat environment. The DNI urged the Congress to act prior to the August recess to eliminate the requirement of a court order to collect foreign intelligence about foreign targets located overseas. (SSCI report p.5-6)

In August 2007, Congress enacted the Protect America Act of 2007, an interim law. Next came the FISA Amendments Act of 2008, including the significant section 702, which enabled collection against foreigners reasonably believed to be outside the United States to proceed, not under probable cause requirements, but under a Director of National Intelligence and Attorney General approved certification, and under targeting and minimization procedures approved by the FISC. The resolution made sense then, and still does.