How The Latest NSA Surveillance Story Is Different From the Last One:
Some blogs are suggesting the latest NSA domestic surveillance story is old news, and that the MSM is just pretending that this is a new story. See, e.g., Newsbusters, which is dedicated to "exposing and combating liberal media bias." I think a bit of clarification might be helpful here.

  As I see it, this story is really new, and is pretty different from the earlier NSA domestic surveillance stories from December and January. The earlier stories involved governmental tapping of telephone calls and e-mails when one party was outside the United States. That is, they involved the NSA recording the telephone calls and e-mails of people inside the United States from switches inside the United States when the other participant was outside the United States. Further, it seems that the government sharply limited that monitoring to a few hundred or a few thousand people, and only tapped calls when it had something like probable cause.

  Today's story is different. As best I can tell, it involves telephone companies disclosing account records of how their domestic customers were using their phones. In other words, the phone companies were disclosing lists of numbers dialed for domestic telephone subscribers to the NSA, rather than letting the NSA install switches and listen in on international calls. Further, they were doing this on a much larger scale: the disclosures were not pursuant to probable cause or reasonable suspicion. We don't know all the facts yet, but this looks new to me: It's non-content instead of content, broad scale instead of narrow, stored instead of real-time, provider disclosure instead of government tapping, and domestic accounts instead of intercepting traffic with at least one party overseas.
Cold Warrior:
The phone companies' (other than, apparently, Qwest) dirty little secret: a lot of this information has been available to private parties for a fee.

Google around a bit and you'll find companies that offer cell phone records from pretty much all the major wireless providers.

It sounds to me like the Government was doing pretty much the same thing.

I find it deeply troubling on a pure commercial privacy rights grounds that this information is made available to anyone. There are reasons for concern even if you are not a privacy freak: for example, do we want criminal organizations to be able to obtain cell phone records regarding an undercover law enforcement officer's calls?

Needless to say, there are even more reasons to be concerned when a government is doing the snooping.
5.11.2006 8:06pm
Cold Warrior:
See, for example:
5.11.2006 8:11pm
Cold Warrior:
I guess I should clarify my comment: the information has been available commercially through sleazy third party providers. In other words, there is no proof that any phone company has sold these records.

Interestingly, law enforcement agencies have purchased these records through those unscrupulous providers.

It appears that in this case, the feds simply cut out the middleman.
5.11.2006 8:21pm
Tom952 (mail):
This is just an election year bomb hurled by the left. It might earn AG Gonzalez a spanking, but who cares.

Border security and illegal immigration are issues that have much more effect on Americans.
5.11.2006 8:29pm
Cold Warrior,

Accessing another person's phone records by misrepresenting your identity is felony wire fraud. It was done, yes, but it was also illegal.
5.11.2006 8:31pm
The Drill SGT (mail):
As a general comment, in SIGINT speak, this is what is called Traffic Analysis.

Who calls whom,
In what order,

It tells you among other things:
- who gives the orders,
- who is in the same related groups
- clues on whether an operation is planned or underway
5.11.2006 8:32pm
SacSays (mail):
This is one more context where a fascinating question comes up: who owns information like this? I have a reasonable expectation that my phone conversations, themselves, are private, and therefore, in some sense, "owned" by me and the other party. But what about the information about that conversation -- who I called, what time, how long the conversation lasted, etc. The phone company keeps track of that information in order to properly bill me, and while I believe I have an expectation that this is also somehow "mine," it is also arguably also the "property" (in some sense) of the company.

Both state and federal laws protect the privacy of this information, but this situation raises the question of whether I should have some right to veto any release of this information (which I view as "mine"), or whether the phone company can release it, at least in some circumstances, without my knowledge or consent.

Many consumer privacy measures these days fall in this gray area. What right does my bank or credit card company have to use my information for its own commercial purposes? What uses may my HMO make of my medical information without obtaining my consent?

Full disclosure: I work for a California state Senator who is Joint Author of a bill, SB 202, which specifically makes a phone company's release of this kind of calling record a crime if it is released to anyone other than the customer. Little did we guess that the biggest violator of this principle would be our federal government.
5.11.2006 8:51pm
Heh. 'Wartime' surveillance of Americans-at-large gives a whole new meaning to Pogo's "We have met the enemy and he is us."
5.11.2006 9:03pm
I agree that there are two separate programs - one eavesdropping on the content of international calls, and the other gathering records (but not content) of domestic calls.

However, I think that the reporting back in December probably DID mix up the two programs, such that there was some reporting on the domestic, non-content-related program then. For example, take this excerpt from 12/24/05 NYTimes:

Officials in the government and the telecommunications industry who have knowledge of parts of the program say the N.S.A. has sought to analyze communications patterns to glean clues from details like who is calling whom, how long a phone call lasts and what time of day it is made, and the origins and destinations of phone calls and e-mail messages. Calls to and from Afghanistan, for instance, are known to have been of particular interest to the N.S.A. since the Sept. 11 attacks, the officials said.

This so-called ''pattern analysis'' on calls within the United States would, in many circumstances, require a court warrant if the government wanted to trace who calls whom.

The use of similar data-mining operations by the Bush administration in other contexts has raised strong objections, most notably in connection with the Total Information Awareness system, developed by the Pentagon for tracking terror suspects, and the Department of Homeland Security's Capps program for screening airline passengers. Both programs were ultimately scrapped after public outcries over possible threats to privacy and civil liberties.

But the Bush administration regards the N.S.A.'s ability to trace and analyze large volumes of data as critical to its expanded mission to detect terrorist plots before they can be carried out, officials familiar with the program say. Administration officials maintain that the system set up by Congress in 1978 under the Foreign Intelligence Surveillance Act does not give them the speed and flexibility to respond fully to terrorist threats at home.

A former technology manager at a major telecommunications company said that since the Sept. 11 attacks, the leading companies in the industry have been storing information on calling patterns and giving it to the federal government to aid in tracking possible terrorists.

''All that data is mined with the cooperation of the government and shared with them, and since 9/11, there's been much more active involvement in that area,'' said the former manager, a telecommunications expert who did not want his name or that of his former company used because of concern about revealing trade secrets.

Such information often proves just as valuable to the government as eavesdropping on the calls themselves, the former manager said.

Now, that was in an article purportedly on the international, content-related NSA program. But is that correct? Seems to me some or all of it might relate to the domestic, non-content related program "revealed" today in USAT.
5.11.2006 9:04pm
Rob McNickle (mail) (www):

As AS mentioned in the last comment, this program (collection of phone company records and data mining for terrorist patterns) was discussed in the Times stories in December of 2005. That's where the "old news" claims comes from.
5.11.2006 9:07pm
Barbara Skolaut (mail):
SacSays: "whether I should have some right to veto any release of this information (which I view as "mine"), or whether the phone company can release it, at least in some circumstances, without my knowledge or consent."

If this info is what I think it is (what other numbers called a specific number, when, &how long), the phone companies release it all the time - via subpoenas by lawyers. And I doubt they inform the party "owning" the phone number.
5.11.2006 9:13pm
SacSays (mail):
Barbara is certainly right. But that's what a subpoena is all about in this context -- getting permission from a court to obtain something that the government couldn't obtain just by asking. This is an extremely important distinction, I think. My ownership of the information would be vitiated by some kind of probable cause to believe I had done something wrong.

Here, there is no such probable cause, and, in fact, the NSA has told at least one company, Qwest, that it doesn't think it needs to have probable cause.

That's why the ownership question comes up so pointedly here. If the information is not mine, or more the company's than mine, then they have the right to use it however they wish without my consent. I don't think most people would view the ownership question in such stark terms, but in this case it does appear that both the government and the phone companies have -- my interest in this information (which is, in fact, considered private as to me in federal and state law) is negligible. I don't think very many people would agree with this view of the information about their calling records.
5.11.2006 9:20pm
The Drill SGT (mail):
My understanding was that police departments regularly can request and obtain this sort of data, called LUDS or Local Usage Detail in some areas, without warrants.
5.11.2006 9:21pm
Frank Drackmann (mail):
This is just a way for the Republicans to get Hilarys calls to her Lesbian lover made public in the guise of national security. Somewhere Richard Nixon is having a good laugh.
5.11.2006 9:22pm
Jeff Hartley (mail):
As two three others have noted, this specific program was reported late last year. I don't know why other media outlets ignored it, but they did.
5.11.2006 10:30pm
John Lederer (mail):
47 USC 222 governs release of the information.
5.11.2006 10:31pm
I wonder if the phone companies are actually selling the information to the government. I saw a reference to government "contracts" with the phone companies, which is what prompted by question.

I don't remember any privacy policy when I signed up for telephone service. I guess I just expected there to be one (though you do have to pay extra for an unlisted/unpublished number).

It rather reminds me of a reverse situation a few years ago when state Motor Vehicle Departments got in trouble for selling driver's license information to whomever chose to pay for it.
5.11.2006 11:00pm
Waldensian (mail):
Prof. Kerr:

What source or report leads you to conclude that the previously reported NSA program "only tapped calls when it had something like probable cause"? In this context, how does "something like probable cause" differ from actual "probable cause"?
5.11.2006 11:04pm
DJ (mail):
The answer may be that Prof. Kerr and Newsbusters may both be right. I'd urge folks to read this National Journal article (from March!), which does the best job of explaining what's likely going on here. (See )

The bottom line: The phone companies apparently gave NSA access to their switches and call logs, and, using this data, NSA "looked for patterns, and then wrote algorithms to detect them as they went along, tweaking the algorithms as needed." When these counter-terrorism algorithims find a match in call data that analysts recognize as signs of a plot, NSA moves forward and collects the content of the communication--often, as we've learned, without a warrant.

So the leaks we've heard appear to be part and parcel of a massive data mining program that NSA has implemented to help intelligence analysts identify communications that should be intercepted. Which may have helped prevent, I'd add, any domestic terrorism in this country for nearly five years.

Again, please read the NJ article.
5.11.2006 11:09pm
John Jenkins (mail):
As two three others have noted, this specific program was reported late last year. I don't know why other media outlets ignored it, but they did.

Possible reasons

1. Someone has a book coming out about it?
2. This year ends with an even number.
5.12.2006 12:32am
Harry Eagar (mail):
If traffic analysis of people trying to kill me is illegal, I want it legalized, and quickly.

Also, I'd like some smarter people managing these programs.
5.12.2006 12:35am
J.B.S (mail):
This is the point at which I am more scared of the United States government than I am of Islamic terrorists.
5.12.2006 12:47am
The Drill SGT (mail):
Jphn Lederer,

As I read your US code text, it seems to me that the relevant part is:

(3) Aggregate customer information
A telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service may use, disclose, or permit access to aggregate customer information other than for the purposes described in paragraph (1). A local exchange carrier may use, disclose, or permit access to aggregate customer information other than for purposes described in paragraph (1) only if it provides such aggregate information to other carriers or persons on reasonable and nondiscriminatory terms and conditions upon reasonable request therefor.

(h) Definitions
(2) Aggregate information
The term "aggregate customer information" means collective data that relates to a group or category of services or customers, from which individual customer identities and characteristics have been removed.

As I read it, NSA can request and get aggregate data, for example a file string like:

Calling number, start date/time, called number, end date/time

No warrant or notice needed. Elsewhere, NSA can buy a revsrse directory file and match back in names and addresses.

simple and seems to me to be legal.
5.12.2006 12:53am
WaPo confirms that this WAS reported before, at least in part:

The new report, by contrast, described a far broader form of surveillance, focused primarily on domestic phone-call records. Some of its elements have been disclosed before. The Los Angeles Times reported in December that AT&T provided the NSA with a "direct hookup" into a company database, code-named Daytona, that has been recording the telephone numbers and duration of every call placed on the AT&T network since 2001. The Electronic Frontier Foundation, which has sued AT&T over that and other alleged violations of privacy law, said the call database spans 312 terabytes, a quantity that would fill more than 400,000 computer compact discs.

That was a couple of paragraphs above where the article quoted Orin.
5.12.2006 1:29am
J.B.S. (mail):
Drill Sgt - I think you need to read that definition of "aggregate customer information" a little more carefully. What you described would not fall within the definition, because it discloses "individual customer characteristics".
5.12.2006 1:44am
Tom Holsinger (mail):
It's called a "pen register" and there many Volokh threads mentioning it, such as these two.

I suggest a Google advanced search for the complete term, "pen register", and the single word, "Volokh".

"I am shocked, SHOCKED! to find that there is gambling going on in this establishment!" "Your winnings, msieu."
5.12.2006 2:13am
Tom Holsinger (mail):
I strongly urge Democrats not to read Smith v. Maryland, 442 U.S. 735 (1979), because that would spoil all our fun.
5.12.2006 2:21am
Wintermute (mail) (www):
Orin's gonna go Democrat if this crap keeps on coming.

How much can you guys stomach?
5.12.2006 5:24am
This is the point at which I am more scared of the United States government than I am of Islamic terrorists.

Bah humbug. Does it also scare you that another government agency - the IRS - maintains an extensive database of all your personal and financial transactions, including investments, property you own, charitable contributions you make, and medical expenses you incur? The data the IRS has - and has been collecting for a long time - is a hell of a lot more significant to me than who I called and when.
5.12.2006 9:00am
Why all these IRS questions?

Is that supposed to be a FAVORABLE comparison? That the NSA is now as intrusive into the personal lives of ordinary Americans as the IRS? That's a SCARY thought, not a COMFORTING thought.
5.12.2006 11:04am
No, the NSA is not now as intrusive as the IRS, by any stretch of the imagination. The IRS affects us all, directly and significantly, every day. The NSA does not and will not.
5.12.2006 11:13am

Well, if the reports are true, then the NSA is in fact trying to get call records for every American, every day.

More broadly, though, I'm not sure what your point is. Is the idea that as long as a government agency falls short of the IRS in terms of power and intrusiveness with respect to ordinary Americans, it must be OK? I don't think that proposition makes much sense.
5.12.2006 12:25pm
unhyphenatedconservative (mail):
I think less people would be troubled by these sort of programs if Bush had done the more obvious things to secure our nation before moving onto eavesdropping and developing huge databases on American calling habits.

The argument, "I must do this to keep us safe" is pretty weak when Bush leaves our orders more vulnerable than a fraternity keg party.
5.12.2006 12:59pm