What's In that House Metadata Bill Anyway?

The big news last week in NSA reform was the White House’s announcement of its plan to end the NSA’s metadata program, but it wasn’t the only news. The bipartisan leadership of the House Intelligence Committee introduced legislation to end bulk collection as well. Civil libertarians have greeted this proposal with less enthusiasm than they have the White House proposal, but it too will become part of the push and pull of the legislative response to 215. So here’s a summary and some comments. The FISA Transparency and Modernization Act begins with a set of prohibitions on collection, including on the collection of “call detail records”—that is, original and terminating telephone numbers and text message numerical information, the time and duration of calls, and various phone identifiers—under Section 501 of the Foreign Intelligence Surveillance Act. These provisions are, in notable respects, broader than the White House’s proposal in that they would also forbid the collection of records of electronic communications, library records and book sales, firearm sales, tax returns, education, or medical history “without the use of specific identifiers or selection terms.” The largest portion of the bill, taking up more than half of the legislation, provides procedures for targeted acquisitions of terrorist and foreign agent non-content communications records, which is to say metadata. And here is where the bill does somewhat less than the administration proposes. The provision, rather than requiring an individual order to telephone companies for records associated with individual phone numbers, looks to be modeled on Section 702, where the FISA court approves procedures and issues basket orders for collection following those procedures. It would authorize the collection for up to one year of the metadata of an individual or facility that, “based on reasonable and articulable suspicion” and subject to the Fourth Amendment, is a foreign power, agent of a foreign power, or is associated or in contact with an agent of a foreign power. Under it, the Attorney General would adopt civil liberties and privacy protection procedures, subject to FISC review, designed to “minimize the impact of [such acquisitions] on the privacy and civil liberties of Unites States persons” and reasonably limit the collection and use of information “associated with a specific person when such records are not necessary to understand foreign intelligence information or assess the importance of such information.” The Attorney General and the DNI would be empowered under such orders to direct an electronic communications service provider to immediately provide the government with such records in a format specified by the government, while authorizing providers to challenge these directives through the FISC. At least as we read it, this provision could potentially permit the metadata program to expand in an important respect: It is not limited by its terms to counterterrorism. The current metadata program is strictly a counterterrorism program, though 215 by its terms is not limited to counterterrorism either. Allowing metadata queries based on any foreign power nexus seems, on its face anyway, like it might support a broadening. In theory, of course, this broadening could take place under Section 215 too, but the House language seems to invite it. The House bill thus tees up two very important questions Congress will have to confront as it considers what to do about the metadata program: (1) Should there be judicial review of the collection only as a programmatic matter or on an individualized basis, and (2) should this be by statute just a counterterrorism program or should it tolerate collection for more general foreign intelligence purposes? The bill also contains a number of miscellaneous provisions responding to both recent critiques of FISA authority, as well as executive branch efforts to update the law. Section 5 of the bill provides the Foreign Intelligence Surveillance Court with a mechanism for appointing outside experts, approved by the executive branch, as amicus curiae “to assist . . . in the consideration of” certain government collection applications that present a novel or significant interpretation of the law. There are also a number of structural changes to the National Security Agency. Section 7 orders the Director of National Intelligence to review for declassification (in redacted form) each FISC decision, order, and opinion “that includes significant construction or interpretation of” FISA. The DNI may seek a national security waiver for a particular order, but in that case the DNI must make available an unclassified summary of the decision. Section 8 requires the Attorney General to publicly report on the number of identified instances in which the content of a communication of a United States person was incidentally collected under a lawful FISA acquisition program. Section 9 requires the DNI to submit annual reports to the congressional intelligence committees on intelligence community violations of the law or an executive order, particularly E.O. 12333. Section 10 orders the elements of the intelligence community to seek approval of the procedures of such elements every five years to determine whether technological advances have affected the privacy protections that the procedures afford to United States persons, aspects of the existing procedures impair efforts to ascertain the activities, capabilities, plans, and intentions of foreign powers, organizations, and persons, and any modifications are necessary. Finally, sections 12 and 13 address the handling of classified information, requiring continual monitoring of those with access to classified information and determinations that those with security clearance “continue[] to meet the requirements for eligibility for access to classified information.” They also require the DNI to ensure that contractors employed by the intelligence community with access to classified information comply with certain security plans.