29 January 2014

PCLOB on NSA metadata collection

The US Privacy and Civil Liberties Oversight Board (PCLOB) "in-depth analysis of the bulk telephone records program operated by the National Security Agency" under s 215 of the USA PATRIOT Act and review of the operation of the Foreign Intelligence Surveillance Court (FISC or FISA court) [PDF] features the following summary -
Overview of the Report
A. Background: Description and History of the Section 215 Program
The NSA’s telephone records program is operated under an order issued by the FISA court pursuant to Section 215 of the Patriot Act, an order that is renewed approximately every ninety days. The program is intended to enable the government to identify communications among known and unknown terrorism suspects, particularly those located inside the United States. When the NSA identifies communications that may be associated with terrorism, it issues intelligence reports to other federal agencies, such as the FBI, that work to prevent terrorist attacks. The FISC order authorizes the NSA to collect nearly all call detail records generated by certain telephone companies in the United States, and specifies detailed rules for the use and retention of these records. Call detail records typically include much of the information that appears on a customer’s telephone bill: the date and time of a call, its duration, and the participating telephone numbers. Such information is commonly referred to as a type of “metadata.” The records collected by the NSA under this program do not, however, include the content of any telephone conversation. After collecting these telephone records, the NSA stores them in a centralized database. Initially, NSA analysts are permitted to access the Section 215 calling records only through “queries” of the database. A query is a search for a specific number or other selection term within the database. Before any specific number is used as the search target or “seed” for a query, one of twenty-two designated NSA officials must first determine that there is a reasonable, articulable suspicion (“RAS”) that the number is associated with terrorism. Once the seed has been RAS-approved, NSA analysts may run queries that will return the calling records for that seed, and permit “contact chaining” to develop a fuller picture of the seed’s contacts. Contact chaining enables analysts to retrieve not only the numbers directly in contact with the seed number (the “first hop”), but also numbers in contact with all first hop numbers (the “second hop”), as well as all numbers in contact with all second hop numbers (the “third hop”).
The Section 215 telephone records program has its roots in counterterrorism efforts that originated in the immediate aftermath of the September 11 attacks. The NSA began collecting telephone metadata in bulk as one part of what became known as the President’s Surveillance Program. From late 2001 through early 2006, the NSA collected bulk telephony metadata based upon presidential authorizations issued every thirty to forty-five days. In May 2006, the FISC first granted an application by the government to conduct the telephone records program under Section 215. The government’s application relied heavily on the reasoning of a 2004 FISA court opinion and order approving the bulk collection of Internet metadata under a different provision of FISA.
On June 5, 2013, the British newspaper The Guardian published an article based on unauthorized disclosures of classified documents by Edward Snowden, a contractor for the NSA, which revealed the telephone records program to the public. On August 29, 2013, FISC Judge Claire Eagan issued an opinion explaining the court’s rationale for approving the Section 215 telephone records program. Although prior authorizations of the program had been accompanied by detailed orders outlining applicable rules and minimization procedures, this was the first judicial opinion explaining the FISA court’s legal reasoning in authorizing the bulk records collection. The Section 215 program was reauthorized most recently by the FISC on January 3, 2014.
Over the years, a series of compliance issues were brought to the attention of the FISA court by the government. However, none of these compliance issues involved significant intentional misuse of the system. Nor has the Board seen any evidence of bad faith or misconduct on the part of any government officials or agents involved with the program. Rather, the compliance issues were recognized by the FISC — and are recognized by the Board — as a product of the program’s technological complexity and vast scope, illustrating the risks inherent in such a program.
B. Legal Analysis: Statutory and Constitutional Issues
Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description. While the Board believes that this program has been conducted in good faith to vigorously pursue the government’s counterterrorism mission and appreciates the government’s efforts to bring the program under the oversight of the FISA court, the Board concludes that Section 215 does not provide an adequate legal basis to support the program.
There are four grounds upon which we find that the telephone records program fails to comply with Section 215. First, the telephone records acquired under the program have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as “relevant” to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis as they are generated (instead of turning over records already in their possession) — an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.
In addition, we conclude that the program violates the Electronic Communications Privacy Act. That statute prohibits telephone companies from sharing customer records with the government except in response to specific enumerated circumstances, which do not include Section 215 orders.
Finally, we do not agree that the program can be considered statutorily authorized because Congress twice delayed the expiration of Section 215 during the operation of the program without amending the statute. The “reenactment doctrine,” under which Congress is presumed to have adopted settled administrative or judicial interpretations of a statute, does not trump the plain meaning of a law, and cannot save an administrative or judicial interpretation that contradicts the statute itself. Moreover, the circumstances presented here differ in pivotal ways from any in which the reenactment doctrine has ever been applied, and applying the doctrine would undermine the public’s ability to know what the law is and hold their elected representatives accountable for their legislative choices.
The NSA’s telephone records program also raises concerns under both the First and Fourth Amendments to the United States Constitution. We explore these concerns and explain that while government officials are entitled to rely on existing Supreme Court doctrine in formulating policy, the existing doctrine does not fully answer whether the Section 215 telephone records program is constitutionally sound. In particular, the scope and duration of the program are beyond anything ever before confronted by the courts, and as a result of technological developments, the government possesses capabilities to collect, store, and analyze data not available when existing Supreme Court doctrine was developed. Without seeking to predict the direction of changes in Supreme Court doctrine, the Board urges as a policy matter that the government consider how to preserve underlying constitutional guarantees in the face of modern communications technology and surveillance capabilities.
C. Policy Implications of the Section 215 Program
The threat of terrorism faced today by the United States is real. The Section 215 telephone records program was intended as one tool to combat this threat — a tool that would help investigators piece together the networks of terrorist groups and the patterns of their communications with a speed and comprehensiveness not otherwise available. However, we conclude that the Section 215 program has shown minimal value in safeguarding the nation from terrorism. Based on the information provided to the Board, including classified briefings and documentation, we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack. And we believe that in only one instance over the past seven years has the program arguably contributed to the identification of an unknown terrorism suspect. Even in that case, the suspect was not involved in planning a terrorist attack and there is reason to believe that the FBI may have discovered him without the contribution of the NSA’s program.
The Board’s review suggests that where the telephone records collected by the NSA under its Section 215 program have provided value, they have done so primarily in two ways: by offering additional leads regarding the contacts of terrorism suspects already known to investigators, and by demonstrating that foreign terrorist plots do not have a U.S. nexus. The former can help investigators confirm suspicions about the target of an inquiry or about persons in contact with that target. The latter can help the intelligence community focus its limited investigatory resources by avoiding false leads and channeling efforts where they are needed most. But with respect to the former, our review suggests that the Section 215 program offers little unique value but largely duplicates the FBI’s own information gathering efforts. And with respect to the latter, while the value of proper resource allocation in time-sensitive situations is not to be discounted, we question whether the American public should accept the government’s routine collection of all of its telephone records because it helps in cases where there is no threat to the United States.
The Board also has analyzed the Section 215 program’s implications for privacy and civil liberties and has concluded that they are serious. Because telephone calling records can reveal intimate details about a person’s life, particularly when aggregated with other information and subjected to sophisticated computer analysis, the government’s collection of a person’s entire telephone calling history has a significant and detrimental effect on individual privacy. The circumstances of a particular call can be highly suggestive of its content, such that the mere record of a call potentially offers a window into the caller’s private affairs. Moreover, when the government collects all of a person’s telephone records, storing them for five years in a government database that is subject to high-speed digital searching and analysis, the privacy implications go far beyond what can be revealed by the metadata of a single telephone call.
Beyond such individual privacy intrusions, permitting the government to routinely collect the calling records of the entire nation fundamentally shifts the balance of power between the state and its citizens. With its powers of compulsion and criminal prosecution, the government poses unique threats to privacy when it collects data on its own citizens. Government collection of personal information on such a massive scale also courts the ever-present danger of “mission creep.” An even more compelling danger is that personal information collected by the government will be misused to harass, blackmail, or intimidate, or to single out for scrutiny particular individuals or groups. To be clear, the Board has seen no evidence suggesting that anything of the sort is occurring at the NSA and the agency’s incidents of non-compliance with the rules approved by the FISC have generally involved unintentional misuse. Yet, while the danger of abuse may seem remote, given historical abuse of personal information by the government during the twentieth century, the risk is more than merely theoretical.
Moreover, the bulk collection of telephone records can be expected to have a chilling effect on the free exercise of speech and association, because individuals and groups engaged in sensitive or controversial work have less reason to trust in the confidentiality of their relationships as revealed by their calling patterns. Inability to expect privacy vis-à-vis the government in one’s telephone communications means that people engaged in wholly lawful activities — but who for various reasons justifiably do not wish the government to know about their communications — must either forgo such activities, reduce their frequency, or take costly measures to hide them from government surveillance. The telephone records program thus hinders the ability of advocacy organizations to communicate confidentially with members, donors, legislators, whistleblowers, members of the public, and others. For similar reasons, awareness that a record of all telephone calls is stored in a government database may have debilitating consequences for communication between journalists and sources.
To be sure, detailed rules currently in place limit the NSA’s use of the telephone records it collects. These rules offer many valuable safeguards designed to curb the intrusiveness of the program. But in our view, they cannot fully ameliorate the implications for privacy, speech, and association that follow from the government’s ongoing collection of virtually all telephone records of every American. Any governmental program that entails such costs requires a strong showing of efficacy. We do not believe the NSA’s telephone records program conducted under Section 215 meets that standard.
D. Operation of the Foreign Intelligence Surveillance Court
Congress created the FISA court in 1978 in response to concerns about the abuse of electronic surveillance. This represented a major restructuring of the domestic conduct of foreign intelligence surveillance, with constitutional implications. Prior to then, successive Presidents had authorized national security wiretaps and other searches solely on the basis of their executive powers under Article II of the Constitution. The Foreign Intelligence Surveillance Act (“FISA”) of 1978 provided a procedure under which the Attorney General could obtain a judicial warrant authorizing the use of electronic surveillance in the United States for foreign intelligence purposes.
Over time, the scope of FISA and the jurisdiction of the FISA court have evolved. Initially, the FISC’s sole role was to approve individualized FISA warrants for electronic surveillance relating to a specific person, a specific place, or a specific communications account or device. Beginning in 2004, the role of the FISC changed when the government approached the court with its first request to approve a program involving what is now referred to as “bulk collection.” In conducting this study, the Board was told by former FISA court judges that they were quite comfortable hearing only from government attorneys when evaluating individual surveillance requests but that the judges’ decision making would be greatly enhanced if they could hear opposing views when ruling on requests to establish new surveillance programs.
Upon the FISC’s receipt of a proposed application, a member of the court’s legal staff will review the application and evaluate whether it meets the legal requirements under FISA. The FISC’s legal staff are career employees who have developed substantial expertise in FISA, but they serve as staff to the judges rather than as advocates. While their role includes identifying any flaws in the government’s statutory or constitutional analysis, it does not reach to contesting the government’s arguments in the manner of an opposing party. The FISA court process for considering applications may include a hearing, and FISC judges have the authority to take testimony from government employees familiar with the technical details of an application. FISA does not provide a mechanism for the court to invite non-governmental parties to provide views on pending government applications or otherwise participate in FISC proceedings prior to approval of an application.
FISA also established a Foreign Intelligence Court of Review (“FISCR”), comprised of three judges drawn from U.S. district courts or courts of appeals. Appeals to the FISCR have been rare: thus far there have been only two decisions issued by the court. Electronic communications service providers have some limited ability to appeal FISC orders, but FISA does not provide a way for the FISCR to receive the views of other non-governmental parties on appeals pending before it.
The FISC’s ex parte, classified proceedings have raised concerns that the court does not take adequate account of positions other than those of the government. It is critical to the integrity of the process that the public has confidence in its impartiality and rigor. Therefore, the Board believes that some reforms are appropriate and would help bolster public confidence in the operation of the court. The most important reforms proposed by the Board are: (1) creation of a panel of private attorneys, Special Advocates, who can be brought into cases involving novel and significant issues by FISA court judges; (2) development of a process facilitating appellate review of such decisions; and (3) providing increased opportunity for the FISC to receive technical assistance and legal input from outside parties.
E. Transparency Issues
In a representative democracy, the tension between openness and secrecy is inevitable and complex. The challenges are especially acute in the area of intelligence collection, where the powers exercised by the government implicate fundamental rights and our enemies are constantly trying to understand our capabilities in order to avoid detection. In this context, both openness and secrecy are vital to our survival, and we must strive to develop and implement intelligence programs in ways that serve both values.
Transparency is one of the foundations of democratic governance. Our constitutional system of government relies upon the participation of an informed electorate. This in turn requires public access to information about the activities of the government. Transparency supports accountability. It is especially important with regard to activities of the government that affect the rights of individuals, where it is closely interlinked with redress for violations of rights. In the intelligence context, although a certain amount of secrecy is necessary, transparency regarding collection authorities and their exercise can increase public confidence in the intelligence process and in the monumental decisions that our leaders make based on intelligence products.
In the aftermath of the Snowden disclosures, the government has released a substantial amount of information on the leaked government surveillance programs. Although there remains a deep well of distrust, these official disclosures have helped foster greater public understanding of government surveillance programs. However, to date the official disclosures relate almost exclusively to specific programs that had already been the subject of leaks, and we must be careful in citing these disclosures as object lessons for what additional transparency might be appropriate in the future.
The Board believes that the government must take the initiative and formulate long-term solutions that promote greater transparency for government surveillance policies more generally, in order to inform public debate on technology, national security, and civil liberties going beyond the current controversy. In this effort, all three branches have a role. For the executive branch, disclosures about key national security programs that involve the collection, storage and dissemination of personal information — such as the operation of the National Counterterrorism Center — show that it is possible to describe practices and policies publicly, even those that have not been otherwise leaked, without damage to national security or operational effectiveness.
With regard to the legislative process, even where classified intelligence operations are involved, the purposes and framework of a program for domestic intelligence collection should be debated in public. During the process of developing legislation, some hearings and briefings may need to be conducted in secret to ensure that policymakers fully understand the intended use of a particular authority. But the government should not base an ongoing program affecting the rights of Americans on an interpretation of a statute that is not apparent from a natural reading of the text. In the case of Section 215, the government should have made it publicly clear in the reauthorization process that it intended for Section 215 to serve as legal authority to collect data in bulk on an ongoing basis.
There is also a need for greater transparency regarding operation of the FISA court. Prospectively, we encourage the FISC judges to continue the recent practice of writing opinions with an eye to declassification, separating specific sensitive facts peculiar to the case at hand from broader legal analyses. We also believe that there is significant value in producing declassified versions of earlier opinions, and recommend that the government undertake a classification review of all significant FISC opinions and orders involving novel interpretations of law. We realize that the process of redacting opinions not drafted for public disclosure will be more difficult and will burden individuals with other pressing duties, but we believe that it is appropriate to make the effort where those opinions and orders complete the historical picture of the development of legal doctrine regarding matters within the jurisdiction of the FISA court. In addition, should the government adopt our recommendation for a Special Advocate in the FISC, the nature and extent of that advocate’s role must be transparent to be effective.
It is also important to promote transparency through increased reporting to the public on the scope of surveillance programs. We urge the government to work with Internet service providers and other companies to reach agreement on standards allowing reasonable disclosures of aggregate statistics that would be meaningful without revealing sensitive government capabilities or tactics. We recommend that the government should also increase the level of detail in its unclassified reporting to Congress and the public regarding surveillance programs. 
PCLOB’s recommendations are -
R1: The government should end its Section 215 bulk telephone records program.
The Section 215 bulk telephone records program lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value. As a result, the Board recommends that the government end the program.
Without the current Section 215 program, the government would still be able to seek telephone calling records directly from communications providers through other existing legal authorities. The Board does not recommend that the government impose data retention requirements on providers in order to facilitate any system of seeking records directly from private databases.
Once the Section 215 bulk collection program has ended, the government should purge the database of telephone records that have been collected and stored during the program’s operation, subject to limits on purging data that may arise under federal law or as a result of any pending litigation. The Board also recommends against the enactment of legislation that would merely codify the existing program or any other program that collects bulk data on such a massive scale regarding individuals with no suspected ties to terrorism or criminal activity. Moreover, the Board’s constitutional analysis should provide a message of caution, and as a policy matter, given the significant privacy and civil liberties interests at stake, if Congress seeks to provide legal authority for any new program, it should seek the least intrusive alternative and should not legislate to the outer bounds of its authority.
The Board recognizes that the government may need a short period of time to explore and institutionalize alternative approaches, and believes it would be appropriate for the government to wind down the 215 program over a brief interim period. If the government does find the need for a short wind-down period, the Board urges that it should follow the procedures under Recommendation 2 below.
R2: The government should immediately implement additional privacy safeguards in operating the Section 215 bulk collection program.
The Board recommends that the government immediately implement several additional privacy safeguards to mitigate the privacy impact of the present Section 215 program. The recommended changes can be implemented without any need for congressional or FISC authorization. Specifically, the government should: (a) reduce the retention period for the bulk telephone records program from five years to three years; (b) reduce the number of “hops” used in contact chaining from three to two; (c) submit the NSA’s “reasonable articulable suspicion” determinations to the FISC for review after they have been approved by NSA and used to query the database; and (d) require a “reasonable articulable suspicion” determination before analysts may submit queries to, or otherwise analyze, the “corporate store,” which contains the results of contact chaining queries to the full “collection store.”
R3: Congress should enact legislation enabling the FISC to hear independent views, in addition to the government’s views, on novel and significant applications and in other matters in which a FISC judge determines that consideration of the issues would merit such additional views.
Congress should authorize the establishment of a panel of outside lawyers to serve as Special Advocates before the FISC in appropriate cases. The Presiding Judge of the FISC should select attorneys drawn from the private sector to serve on the panel. The attorneys should be capable of obtaining appropriate security clearances and would then be available to be called upon to participate in certain FISC proceedings.
The decision as to whether the Special Advocate would participate in any particular matter should be left to the discretion of the FISC. The Board expects that the court would invite the Special Advocate to participate in matters involving interpretation of the scope of surveillance authorities, other matters presenting novel legal or technical questions, or matters involving broad programs of collection. The role of the Special Advocate, when invited by the court to participate, would be to make legal arguments addressing privacy, civil rights, and civil liberties interests. The Special Advocate would review the government’s application and exercise his or her judgment about whether the proposed surveillance or collection is consistent with law or unduly affects privacy and civil liberties interests.
R4: Congress should enact legislation to expand the opportunities for appellate review of FISC decisions by the FISCR and for review of FISCR decisions by the Supreme Court of the United States.
Providing for greater appellate review of FISC and FISCR rulings will strengthen the integrity of judicial review under FISA. Providing a role for the Special Advocate in seeking that appellate review will further increase public confidence in the integrity of the process.
R5: The FISC should take full advantage of existing authorities to obtain technical assistance and expand opportunities for legal input from outside parties. FISC judges should take advantage of their ability to appoint Special Masters or other technical experts to assist them in reviewing voluminous or technical materials, either in connection with initial applications or in compliance reviews. In addition, the FISC and the FISCR should develop procedures to facilitate amicus participation by third parties in cases involving questions that are of broad public interest, where it is feasible to do so consistent with national security.
R6: To the maximum extent consistent with national security, the government should create and release with minimal redactions declassified versions of new decisions, orders and opinions by the FISC and FISCR in cases involving novel interpretations of FISA or other significant questions of law, technology or compliance.  FISC judges should continue their recent practice of drafting opinions in cases involving novel issues and other significant decisions in the expectation that declassified versions will be released to the public. The government should promptly create and release declassified versions of these FISC opinions.
R7: Regarding previously written opinions, the government should perform a declassification review of decisions, orders and opinions by the FISC and FISCR that have not yet been released to the public and that involve novel interpretations of FISA or other significant questions of law, technology or compliance.
Although it may be more difficult to declassify older FISC opinions drafted without expectation of public release, the release of such older opinions is still important to facilitate public understanding of the development of the law under FISA. The government should create and release declassified versions of older opinions in novel or significant cases to the greatest extent possible consistent with protection of national security. This should cover programs that have been discontinued, where the legal interpretations justifying such programs have ongoing relevance.
R8: The Attorney General should regularly and publicly report information regarding the operation of the Special Advocate program recommended by the Board. This should include statistics on the frequency and nature of Special Advocate participation in FISC and FISCR proceedings.
These reports should include statistics showing the number of cases in which a Special Advocate participated, as well as the number of cases identified by the government as raising a novel or significant issue, but in which the judge declined to invite Special Advocate participation. The reports should also indicate the extent to which FISC decisions have been subject to review in the FISCR and the frequency with which Special Advocate requests for FISCR review have been granted.
R9: The government should work with Internet service providers and other companies that regularly receive FISA production orders to develop rules permitting the companies to voluntarily disclose certain statistical information. In addition, the government should publicly disclose more detailed statistics to provide a more complete picture of government surveillance operations. The Board urges the government to pursue discussions with communications service providers to determine the maximum amount of information that companies could voluntarily publish to show the extent of government surveillance requests they receive per year in a way that is consistent with protection of national security. In addition, the  government should itself release annual reports showing in more detail the nature and scope of FISA surveillance for each year.  
R10: The Attorney General should fully inform the PCLOB of the government’s activities under FISA and provide the PCLOB with copies of the detailed reports submitted under FISA to the specified committees of Congress. This should include providing the PCLOB with copies of the FISC decisions required to be produced under Section 601(a)(5).24  
R11: The Board urges the government to begin developing principles and criteria for transparency. The Board urges the Administration to commence the process of articulating principles and criteria for deciding what must be kept secret and what can be released as to existing and future programs that affect the American public.
R12: The scope of surveillance authorities affecting Americans should be public.
In particular, the Administration should develop principles and criteria for the public articulation of the legal authorities under which it conducts surveillance affecting Americans. If the text of the statute itself is not sufficient to inform the public of the scope of asserted government authority, then the key elements of the legal opinion or other documents describing the government’s legal analysis should be made public so there can be a free and open debate regarding the law’s scope. This includes both original enactments such as 215’s revisions and subsequent reauthorizations. While sensitive operational details regarding the conduct of government surveillance programs should remain classified, and while legal interpretations of the application of a statute in a particular case may also be secret so long as the use of that technique in a particular case is secret, the government’s interpretations of statutes that provide the basis for ongoing surveillance programs affecting Americans can and should be made public.
A later report by PCLOB is noted here.