More Thoughts on the Legality of the NSA Call Records Program:
We now have a slightly better idea of the factual and legal issues surrounding the newly-disclosed NSA Call Records program, and I thought I would offer a second analysis that is more focused and more factually informed than the one I posted this morning. My still-very-tentative bottom line: The companies were probably violating the Stored Communications Act by disclosing the records to the NSA before the Patriot Act renewal in March 2006, although the new language in the Patriot Act renewal at least arguably made it more likely that the disclosure was legal under the emergency exception.
First, let's update the facts. It now looks relatively clear that the NSA was not directing the telephone companies to conduct any particular monitoring on the NSA's behalf. Rather, NSA officials were persuading the telephone companies to voluntarily disclose their call records to the government. In other words, the government wasn't actually doing the monitoring, but instead was encouraging the telephone companies to disclose call records to them that the telephone companies already had collected.
In light of those apparent facts, the key issue to me becomes whether the disclosures were permitted under the Stored Communications Act, and specificially 18 U.S.C. 2702. (For a "user's guide" to the Stored Communications Act, see here). Telephone companies are providers of "electronic communications service to the public" under the Act, and the Act regulates when providers can disclose non-content records of account information to the government. The ban is in Section 2702(a)(3):
Let's take each of these exceptions in turn.
(1) The first exception permits disclosure if the subscriber consents. There are no cases interpreting eactly what consent means in 2702(c)(2), but like many of the exceptions in the SCA it is clearly a copy of an analogous exception in the close cousin of the SCA, the federal Wiretap Act, 18 U.S.C. 2510-22. We do have lots of cases on what consent means in the context of the Wiretap Act, so those cases presumably create the applicable standard here. The basic rule: Consent means that the user actually agreed to the action, either explicitly or implicitly based on the user's decision to proceed in light of actual notice. Here's what the First Circuit said on this in United States v. Lanoue, 71 F.3d 966, 981 (1st Cir. 1995):
(2) The next possible exception is disclosure "as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service." This is known as the provider exception, and is also a copy of an analogous exception from the Wiretap Act, 18 U.S.C. 2511(2)(a)(i). You can read all about this exception here: basically, it gives providers rights to disclose information to the government to help the providers combat illegal service and unauthorized use of the network. It seems pretty clear that this doesn't apply: The cases make clear that the provider exception exists to further provider interests, not government interests.
(3) The third and final exception is the emergency exception, which permits providers to disclose "if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency." At the outset, it's worth noticing something very interesting about this language: It is almost brand spanking new. The language that passed as part of the Patriot Act in 2001 allowed disclosure only when "the provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of the information." This was the language in place from October 2001 until March 2006. Did the phone companies have such a belief under the 2001-06 language? I gather they had a reasonable belief of danger, but I don't know of a reason to think that they had a reasonable belief of "immediate" danger. If this was a program ongoing for several years, then it's hard to say that there was a continuing reasonable belief of immediate danger over that entire time.
As noted above, though, the Patriot Act renewal passed in March 2006 changed this language. And it did so in a way with potentially important implications for the legality of the NSA call records program. The new exception states that disclosure is permitted "if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency." Few people were paying attention to this change at the time, but I would guess that it was very important to the telephone companies: The change expanded the exception to allow disclosure when there is a good faith belief instead of a reasonable belief, and when there was a danger instead of an "immediate" danger. I wouldn't be surprised if the telephone companies were pushing the change in part out of concern for civil liability for their participation in the NSA call records program. (Or perhaps not, come to think of it: Does the new language suggest that the information disclosed needs to relate to the emergency to be covered? What if the provider doesn't know what information relates to the emergency?)
More tomorrow, I hope.
(cross posted at OrinKerr.com)
First, let's update the facts. It now looks relatively clear that the NSA was not directing the telephone companies to conduct any particular monitoring on the NSA's behalf. Rather, NSA officials were persuading the telephone companies to voluntarily disclose their call records to the government. In other words, the government wasn't actually doing the monitoring, but instead was encouraging the telephone companies to disclose call records to them that the telephone companies already had collected.
In light of those apparent facts, the key issue to me becomes whether the disclosures were permitted under the Stored Communications Act, and specificially 18 U.S.C. 2702. (For a "user's guide" to the Stored Communications Act, see here). Telephone companies are providers of "electronic communications service to the public" under the Act, and the Act regulates when providers can disclose non-content records of account information to the government. The ban is in Section 2702(a)(3):
[A] provider of . . . electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications . . . ) to any governmental entity.Of the possible exceptions to the statute, three are most likely to be relevant. They permit disclosure under the circumstances listed in 18 U.S.C. 2702(c), as amended by the Patriot Act renewal of 2006:
(2) with the lawful consent of the customer or subscriber;(Note that the link to the Cornell site's text of 2702 does not have the latest version of the exceptions, as it was last updated in the fall of 2005 and the exceptions were amended in March 2006. I was unable to find the new version on a website, and ended up taking it from Westlaw.).
(3) as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service;
(4) to a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency[.]
Let's take each of these exceptions in turn.
(1) The first exception permits disclosure if the subscriber consents. There are no cases interpreting eactly what consent means in 2702(c)(2), but like many of the exceptions in the SCA it is clearly a copy of an analogous exception in the close cousin of the SCA, the federal Wiretap Act, 18 U.S.C. 2510-22. We do have lots of cases on what consent means in the context of the Wiretap Act, so those cases presumably create the applicable standard here. The basic rule: Consent means that the user actually agreed to the action, either explicitly or implicitly based on the user's decision to proceed in light of actual notice. Here's what the First Circuit said on this in United States v. Lanoue, 71 F.3d 966, 981 (1st Cir. 1995):
Keeping in mind that implied consent is not constructive consent but 'consent in fact,' consent might be implied in spite of deficient notice, but only in a rare case where the court can conclude with assurance from surrounding circumstances that the party knowingly agreed to the surveillance. We emphasize that consent should not casually be inferred, particularly in a case of deficient notice. The surrounding circumstances must convincingly show that the party knew about and consented to the interception in spite of the lack of formal notice or deficient formal notice.Did users consent to the disclosure under this standard? The Washington Post reports that government lawyers seemed to think so, based on small print in the Terms of Service of the telephone service customer agreements:
One government lawyer who has participated in negotiations with telecommunications providers said the Bush administration has argued that a company can turn over its entire database of customer records — and even the stored content of calls and e-mails — because customers "have consented to that" when they establish accounts. The fine print of many telephone and Internet service contracts includes catchall provisions, the lawyer said, authorizing the company to disclose such records to protect public safety or national security, or in compliance with a lawful government request. . . . Verizon's customer agreement, for example, acknowledges the company's 'duty under federal law to protect the confidentiality of information about the quantity, technical configuration, type, destination, and amount of your use of our service,' but it provides for exceptions to 'protect the safety of customers, employees or property.' Verizon will disclose confidential records, it says, "as required by law, legal process, or exigent circumstances."This seems like a very unpersuasive argument in light of the cases construing consent under the Wiretap Act, of which the consent provision in the SCA is a mirror. It reminds me of the argument that a DOJ lawyer once tried to make that monitoring prison phones was allowed because language in the Code of Federal Regulations clearly notified prisoners that their phones would be monitored. According to the lawyer, the notice in the fine print of the CFR was sufficient to make the monitoring consensual. Judge Posner rejected the argument, calling it "the kind of argument that makes lawyers figures of fun to the lay community." United States v. Daniels, 902 F.2d 1238 (7th Cir. 1990). In light of these cases, I think the consent argument is weak. (Incidentally, if you look up Daniels, note that Posner incorrectly states later in the opinion that the Second Circuit accepted such a weak notice argument. If you read the Second Circuit case, it is clear that the CA2 did no such thing and that Posner was just being sloppy.)
(2) The next possible exception is disclosure "as may be necessarily incident to the rendition of the service or to the protection of the rights or property of the provider of that service." This is known as the provider exception, and is also a copy of an analogous exception from the Wiretap Act, 18 U.S.C. 2511(2)(a)(i). You can read all about this exception here: basically, it gives providers rights to disclose information to the government to help the providers combat illegal service and unauthorized use of the network. It seems pretty clear that this doesn't apply: The cases make clear that the provider exception exists to further provider interests, not government interests.
(3) The third and final exception is the emergency exception, which permits providers to disclose "if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency." At the outset, it's worth noticing something very interesting about this language: It is almost brand spanking new. The language that passed as part of the Patriot Act in 2001 allowed disclosure only when "the provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of the information." This was the language in place from October 2001 until March 2006. Did the phone companies have such a belief under the 2001-06 language? I gather they had a reasonable belief of danger, but I don't know of a reason to think that they had a reasonable belief of "immediate" danger. If this was a program ongoing for several years, then it's hard to say that there was a continuing reasonable belief of immediate danger over that entire time.
As noted above, though, the Patriot Act renewal passed in March 2006 changed this language. And it did so in a way with potentially important implications for the legality of the NSA call records program. The new exception states that disclosure is permitted "if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency." Few people were paying attention to this change at the time, but I would guess that it was very important to the telephone companies: The change expanded the exception to allow disclosure when there is a good faith belief instead of a reasonable belief, and when there was a danger instead of an "immediate" danger. I wouldn't be surprised if the telephone companies were pushing the change in part out of concern for civil liability for their participation in the NSA call records program. (Or perhaps not, come to think of it: Does the new language suggest that the information disclosed needs to relate to the emergency to be covered? What if the provider doesn't know what information relates to the emergency?)
More tomorrow, I hope.
(cross posted at OrinKerr.com)
Related Posts (on one page):
- Falkenrath on the NSA Call Records Program:
- Civil Liability and the NSA Call Records Program:
- More Thoughts on the Legality of the NSA Call Records Program:
- Thoughts on the Legality of the Latest NSA Program:
Actually evaluating this would require knowing much more about national security law, and doing more research, than I'm prepared for at quarter to 1. But it's a thought.
So what if the NSA isn't getting any of the raw data or doing any of the data mining? What if it's helping the telcos do their own data mining? It seems like an argument could be made that the product of this data mining would not be a "record" under the SCA or "customer proprietary network information" under the Communications Act.
Further evidence (from NYTimes):
It's the kind of argument that makes judges and the courts "figures of fun'. Good old Posner, slipping and sliding like a drunken ice skater.
I'm sure that the Administration will be willing to claim that we have been in an open-ended "emergency" since 9/11, and that every call record in the United States "relates" to that emergency. I'm also pretty sure that if that claim ever gets before a court, it will be soundly rejected as absurd.
When does the sum of the "small prices" become too large a price to pay? Before or after it's too late to do anything about any of the "small prices"?
A bunch of Afghan cave-dwellers is too trivial an enemy to flush the Consititution over.
I could probably agree with those who say you shouldn't "assume" that the govt is doing the right thing in regards to this program and that the probability for abuse is there. However, in order for there to be abuse, someone has to step up and say that the info was misused. Right now, all I read is conjecture and conspiracy theories about what "might/could/probably/etc" happens with the info.
To restate the obvious, this is a top secret program. If those in the know felt that this was an egregious violation of privacy, civil liberties, etc, then I would ASSUME that they took the required steps in informing the Inspector General of the NSA or DOJ. I read somewhere that Harry Reid knew about the program but wasn't satisfied with the briefings. What a cop out, if there's a problem, say it loud and clear so that those in position to fix it can fix it and keep the country safe. And please don't try to argue that his hands were tied. If this was such a violation of our rights, those in places of power should put their jobs on the line and become the whistleblower. Oh, that's right... it's not THAT important to lose a position of power over... /sarcasm.
To say what this program might/could do is a nonstarter. Guns could do a lot of things too, so could vehicles. But I believe that you would have to show some type of violation in order to have standing in the courts. From my limited understanding, courts are supposed to be reactionary.
It frustrates me when good debate is ruined by those who keep referring to what "might" happen. I don't know how many times my personal information is "sold" from company to company. Is that a violation of my privacy? I would think so!! But alas, the motives are different... on one hand, it's okay if you are selling my info for profit...
and it's NOT okay for someone who is trying to keep the people of this country safe...
One thing that I have not seen discussed is the nature of terrorist cells. Everyone has heard of "6 degrees of separation". Well, terrorist cells operate in the same fashion. That way if someone is captured, they only know limited info about another cell even though they may both have the same ends. So by tracing the pathways of calls, intel can determine the size and scope of the phone tree. If you think every cell calls OBL then you're crazy. But one person calls the HQ, get's his marching orders, calls the next person that he knows, and so on and so forth. All without knowing who that second person is down the chain. Is that so hard to believe or imagine?
So before we get too worked up about things, let's stick to basic facts and information.
Anonymous Reader
I'm not sure I understand. Lots of discussions about government are structural in precisely that sense--we worry about concentrating certain powers into the hands of certain governmental entities without sufficient oversight and regulation, because we are worried about the potential for abuse of that power. And those worries are grounded in our long history with governments, which does in fact suggest that sweeping governmental powers without oversight and regulation are frequently abused by the people who hold such powers.
Accordingly, we try to place structures in place to prevent that sort of thing from happening. Indeed, that is what much of our Constitution is about, and much of our laws as well. And in that sense we are trying to stop abuses of power before they happen, not simply address abuses of power after they happen.
So, when people in government start ignoring those structural limits, and try to concentrate power without oversight and regulation into their own hands, we reasonably get worried. And those worries need not depend on actually knowing that they have already abused those powers, because the point of those structures was to prevent abuse before it happens, not simply address it after the fact.
I'm not sure this applies here. My understanding of the program is that the telcos are turning over raw data without any names attached. In that case, I'm not convinced that this data is "information pertaining to a subscriber or customer."
Abuse, potentially, pertains to doing too little (negligence) as well as positive abuse. An executive needs to avoid both. (E.g., to what degree did negligence occur, in the long wake of WTC '93?)
Too, if the concern is genuinely and sincerely with privacy, then we should be seeing a full-bore movement by all those who are now anxiously concerned, with an IRS overhaul or gutting and replaced by a more equitable and far less evasive tax system (flat tax, value added, etc.) since the federal govt. via the IRS gathers (and not for fundamental security needs but merely for tax gathering and enforcement) copious quantities of financial and other information on citizens, info which is far more extensive and far more evasive, typically, than this NSA program.
Too, while we know of no abuses of the NSA program, we positively do know of abuses which pertain to the IRS.
So where's the outrage and the laugh-track mentality vis-a-vis the IRS's data on citizens? And the abuses which pertain to that data? Ergo, to some appreciable degree, the concern is not first and foremost with privacy, it pertains far more to BDS and similar obsessive/compulsive behaviors.
A fact: 8 1/2 years between WTC '93 and 9/11. Another fact: a report in Britain recently noted they were insufficiently prepared (cf. negligent) leading up to their 7/7.
Reality matters.
Well they aren't telling the government that I made the call, true enough (if initial reports are accurate). But how hard is it for them to find out who I am? How many publicly available data banks could give them my name?
For those of you who are supportive of the government listening to our calls (the program as described does not do this but some here advocate it) would you trust that Bill Clinton or (egads)HRC would use the data solely for the purposes of fighting international terrorists? Or do you think once they had the data they might be tempted to use it for other purposes. I mean after all might have such data mining prevented Oklahoma City, Ruby Ridge, Waco?
To be specific:
2702(a) says: " person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service . . . ."
Turning to 2510, section (12) of that statute provides, in part:
"electronic communication" means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include - (A) any wire or oral communication . . . ..
So it specifically excludes "wire or oral communication." What do those terms mean? Again, 2510 provides the answer:
Section (1): "wire communication'' means any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception . . . ."
Section (2): "oral communication" means any oral communication uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation, but such term does not include any electronic communication.
Summary: 2702 is specifically designed to exclude oral communications, and to apply only to "electronic" communications instead.
"the terms defined in section 2510 of this title have, respectively, the definitions given such terms in that section."
Phone companies are the paradigmatic electronic communications services.
I, for one, am also concerned about the IRS abusing its power.
Me too. Look, some people are saying that they're not so worried, because the government's not going to target them, because they're honest! and not a terrorist! I'm sure they'll only target the bad guys!
How do they know, a priori, who are bad guys, and who aren't? That's presuming an incredible amount of a priori competency from a government that is also responsible for the Department of Motor Vehicles, is all I'm saying.
One thing the NSA programs seem not to have lacked is oversight. Allowing for secrets during time of war this is probably the best known and most publicized secret in our history.
So, my worry is that they share it with other agencies, like the IRS, and low level employees there essentially sell the information to others. Besides all the horribles Medis pointed out for that agency, it has been shown to have corruptable employees. I will admit to some prejudice here, but I worked briefly at a couple of the IRS data sites almost 20 years ago, and was not the least bit impressed with the quality of the employees there. The one that was the most worrisome that I spent time at was in Detriot.
As an IRS footnote, I worked as a programmer for Census from the mid to late 1970s preparing for the 1980 Decennial Census. At that time, we had the only set of merged IRS files in existance, with all those W-2s, 1099s, merged in with the actual tax returns. We did it to get accurate address lists for the Census. We also merged in all the drivers license files and a bunch of other stuff that privacy advocates would have screamed about if they had known. In any case, the IRS took almost another decade to do what we had done - but Census is a data sink - raw data goes in, but never comes out, so we couldn't send it back merged to the IRS.
This is a small price to pay. Frankly, I think it would be best if the government listened to all of our phone calls, foreign and domestc.
Those who oppose having their phone calls monitored -- what are they hiding?
I can't believe I'm about to use this phrase without a touch of irony, but Smithy, I believe you really do hate freedom. And for my second similar phrase, if your wishes come true, Smithy, the terrorists really will have won.
But seriously, if you are willing to give up some of your most basic civil liberties, what's left that you love about this country? You can't really think that if you gave up these liberties to the federal gov't that further incursions into our economic and other liberties wouldn't follow. What would you not allow the gov't to do in the name of protecting us from terrorists? I'm very serious about this question.
"Immediate danger"...forever.
It is conducted against us by unknown people, therefore "everyone" is a suspect worthy of search, be it their persons at airports or their conversations in phone records.
Logically, it is only a matter of time until the same arguments offered today are used to routinely open and search all of our mail. Who could complain? Only the guilty have anything to hide. What possible difference could there be between listening to all conversations and reading all mail. (How convenient the government has a monopoly on first-class mail...)
Thanks for the pointer. I concure that the NSL has to come from the FBI, but the FBI probably can share the data with the NSA -- see 2709(d):
"Immediate danger"...forever.
Al Qaeda has given us immediate danger, forever. They have shown beyond any doubt that they won't be ignored and they won't go away. The only question is, what are we going to do about it?
9/11 was a terrible, terrible event. But it's sad to see people still wetting the bed over it.
Our country has faced far greater threats to its existence than al-Qaeda, a group that has managed to carry out two attacks inside the US over the span of two decades. We should be bringing the perpetrators to justice and destroying the organization, yes. But it's hardly a threat that necessitates changing our way of life or declaring a permanent state of emergency.
Maybe, though the IRS's abuses have been a well known and a long and protracted set of data gathering and intrusive problems, predating WTC '93 and 9/11, it's hardly a recent phenomenon. People have been willing to give up this aspect of their freedom and privacy for a lengthy period of time now - without blinking.
But regardless, I was excerpting from your post more to lead into the matters indicated - highlighting the NSA/IRS comparison since that comparison, given the purported concern with freedom and privacy issues, is almost revelatory in terms of the light it throws on BDS - than to point to or quibble with you specifically.
Still, I remain unconvinced. The comparison (IRS/NSA) is simply too striking and too telling a set of contrasts. The IRS is incredibly intrusive and typically people do not blink, in fact it's taken for granted as a fact of life and those who question it are even looked upon as if they're Branch Davidians of Ted Kyzenskys. People have essentially accustomed themselves (by the govt. and MSM) to take the IRS's intrusiveness lying down and passively; yet they're reacting like banshees vis-a-vis a surveillance program with no proven abuses and which is designed to protect against an existential threat, not merely collecting taxes.
The NSA/IRS comparison is simply far too telling and far too revealing a contrast.
I understand your point about structures. But from my understanding, select congressmen are briefed on the programs in question. My point is that if they themselves have problems with particular safeguards to information or the actual activities of the program then they need to be willing to risk their careers to get the administration to listen. To say that the briefs are inadequate is to say that they have no business providing "oversight" on any issue.
These leaks do nothing to address the problems. All it does is polarize people on possible issues that may or may not be the main issue.
Give me someone who's willing to pay the price to shine the light on an issue (i.e. Sen Coburn) and really stick their neck out and then I'd be willing to pay more attention. Otherwise, we're just dancing around the issue playing with possibilities.
Anonymous Reader
There are a lot of things that are being done about it. I, for one, am not willing to gut the Constitution and allow the executive branch unbridled authority to do what it chooses. Although I don't really like the idea too much, I am not overly troubled if the government is tracking telephone calling patterns in an attempt to identify terrorists.
However, I am very concerned if they are doing so in a manner that violates the law.
And, if that is the case, what are we going to do about it?
As these things go, it isn't even that bad a drafting job--I've seen plenty of statutes where you just can't figure out at all what the definitions mean. Here, they probably should have used the term "wire or electronic communication service", but for some reason shortened it to just "electronic communication service".
johnt,
I certainly think the dangers we currently face are relevant to how we design our legal structures. As an aside, however, I would suggest that comprehensively redesigning those structures in light of new dangers is not something the Executive Branch is empowered to do on its own. Indeed, that is primarily a job for the Legislative Branch.
But I was responding to Anonymous Reader, who was arguing, "To say what this program might/could do is a nonstarter." My point was just that the potential abuses of such powers is not a "nonstarter" because it is a historically well-motivated concern.
jeek,
Exactly. Are we going to be so terrorized by Al Qaeda that we are willing to sacrifice any amount of freedom, respect for law, and similar values in the name of protecting ourselves from the threat they pose? Or will we have the courage and self-confidence to believe that we can beat Al Qaeda without sacrificing the principles and values which have made this country great?
I don't think I am alone in being concerned about both the IRS and the NSA--and, for that matter, expansive and intrusive government in general. But more to the point, I'm not sure how this comparison helps you. In short, I think you are making a good case for people being more concerned about the IRS, not a good case for people being less concerned about the NSA.
Anonymous Reader,
I see no reason to defend the lousy job of oversight Congress has done since 9/11. But it strikes me as odd that you are counting on career politicians to have the courage to stand on principle whenever necessary, and that you intend to ignore any issue until such a profile in political courage occurs. Personally, I don't trust politicians that much, which is why I think an informed and active citizenry must remain viligent and dedicated to holding all their elected leaders accountable for their failings.
I see your point and forgive me for sounding pollyannish about politicians, I don't fully trust them either. It was just that to leak the information instead of going through the proper channels is what upsets me. But back to your point, you say that there should be structures in place to provide oversight, but who would provide the oversight? I guess ultimately we the people provide oversight by electing officials who we feel have our best interests at heart. I guess that's part of the problem. Doesn't it sadden you that we have no "hero's" in political office who would stand up for what was right? I'm thinking someone along the lines of "Mr Smith goes to Washington".
Anonymous Reader
So Smithy, I don't suppose you would mind if the FBI walked into your house (no need to knock) and had a look around, peered over your shoulder while you were on the internet, rifled through your underwear drawer, asked how many guns you owned, where you kept them and then asked to see them. Of course you have nothing to hide. You should run down to the police station and give them a set of your keys, tell them to come on in and search your house anytime they feel like it.
Hah!
Anonymous Reader,
There is no easy answer to how to keep the government from abusing its powers. Obviously, things like the First Amendment freedoms (speech, press, petition, assembly) help. So do things like FOIA. Within government itself, we can use devices like the separation and balance of powers. For example, in general, it seems to work reasonably well to divide the executive, legislative, and judicial powers, and provide for different people selected in different ways holding the different powers at the same time.
Unfortunately, though, we do seem to lack "heroes" in elected offices right now. But I think we only have ourselves to blame--we have let political partisanship dominate our elections to such a degree that loyalty to party, and not independence and moral courage, is what typically leads these days to electoral success. Of course, that is not a new story, and these things tend to be cyclical--we just happen to be in a part of the cycle where partisanship is particularly dominant.
The telco customers have a written agreement with the telco. The fact that it's in small print strikes me as a dopey argument. The agreement is binding according to its terms--that is what must be analyzed and that is what Orin neglects.
What are the words in the customer agreement? Wouldn't that be a more lawyerly way to begin this?
2. As a practical matter, the operations seems to illustrate how gov't tends to expand and seek more info regardless of need. Certainly, if you have suspects, knowing who they called (and who the people they called called) can be invaluable. I believe there is even software to analyse this, and create an interesting tree depiction of a conspiracy. But why spend the money, time, and politcal risk to gather it on 260 million people, when 259.99+ million of them will be of no interest?
3. Which in turn illustrates the tendency of gov't to drown itself in data. The problem is more often analyzing that data. In retrospect we can see that we had data before 9/11 that suggested its occurence. FBI agents were reporting suspicious people taking flight training without takeoff and landing instruction, there was the seized laptop, etc. But the info was never put together. Programs like this simply increase that problem.
9/11's economic impact was at least hundreds of billions of dollars in scope, and was executed fairly simply. It is absurd to dismiss out of hand the idea that AQ could execute equally or even more devastating attacks, and it is even more preposterous to contend that the fear of major terror attacks is irrational and we should "get over it".
Our country has faced far greater threats to its existence than al-Qaeda,
But they were different in kind - they were states. They can far more easily be deterred and punished than transnational terrorist groups.
Should Al Qaeda ever gain access to nuclear weapons, then they will be the greatest threat we've ever faced, period.
I am very concerned if they are doing so in a manner that violates the law.
If the law prohibits pattern analysis of telephone calls, the law needs to be changed.
Exactly. Are we going to be so terrorized by Al Qaeda that we are willing to sacrifice any amount of freedom, respect for law, and similar values in the name of protecting ourselves from the threat they pose? Or will we have the courage and self-confidence to believe that we can beat Al Qaeda without sacrificing the principles and values which have made this country great?
We are going to have to adapt to this threat, and screaming hysterically that every adaptation represents a sacrifice of our essential principles and values is both false and ridiculous. I fail to see that the NSA program, as it has been thus far described, does represent such a sacrifice.
One could just as well ask, "shouldn't we have the courage and self-confidence to allow the government to conduct pattern analysis on our phone calls without whining that this tramples unacceptably on our freedom?"
I don't suppose you would mind if the FBI walked into your house (no need to knock) and had a look around, peered over your shoulder while you were on the internet, rifled through your underwear drawer, asked how many guns you owned, where you kept them and then asked to see them.
The FBI doesn't need to come to your house to find out how many guns you own or what kind they are.
Yes. Good point. I don't see how you can define the current state of affairs as an "emergency" without defining the term out of existence. The idea of a "perpetual emergency" is both grammatically abhorent and smacks of the antics of a tin-pot military regime. It's also capable of extension without end. If the "war on terror" is an emergency, why not the "war on drugs" or the illegal immigration "crisis" or any one of a hundred important long-term issues that the government must actively address?
One of my biggest problems with the administration is that there has been far too much hand-waving and knee-jerking and far too little legal analysis and thoughtful policy making. "But we're at war!" is not a recognized canon of statutory interpretation.
mark allen
You are thinking of this as a contractual question: It's not. It's a question of consent under the electronic surveillance statutes, and needs to be analyzed accordingly. That's why I'm not being "slippery," and you're not being "more lawyerly" than I am.
Orin
I assume you were equally upset with all of the hostility to Bill Clinton for his very minor and insignificant wrongs in the 1990s? Or let me guess -- you thought Clinton was pure evil and should have been kicked out of office. Right?
First, I disagree with your assertion that the leftist media is the only reason people believe this administration skirts the law.
Second, how do you know who it is that leaked the most recent bit of information regarding the NSA data collection; how can you be sure that it wasn't leaked by someone sympathetic to the current administration trying to deflect attention from issues such as, say, rising gas prices or tax break extensions or other issues that have been in the news and dragging approval ratings down. If you haven't noticed, twice as many people think the president is doing a lousy job as think there is something wrong with the phone call tracking database. So, assuming that the party affiliated with the leaker did their market research, they would have concluded that this news should, if anything, boost the president's popularity.
As it relates to your Kroger comment -- people voluntarily agree to participate in those programs. I do not; every time the drug store or supermarket asks me if I want a valued customer card, I tell them to piss off. And, I use cash for as many purchases as I can so that the credit card companies can not track me. I am not paranoid, I just value my privacy. And, out of pure coincidence, I happen to be a Qwest customer!
There are lots of problems. I am not sure that this particular NSA program is one. I am sure that the routine violations of the letter of the law, or circumventions of its spirit, by the Executive Branch of government, are.
But even if everything turns out to be, well, at least not unlawful, there also are serious policy issues raised by these disclosures.
Paradoxically, we may have a situtation where:
1) In order to get a named individual's calling records for a limited time period -- either for purposes of intelligence-gathering or criminal investigation -- the government traditionally has needed at least a pen-register court order, supported at least by some official's certification under oath that the information sought is "relevant" to some legitimate investigation.
2) In order the get all such calling records for everyone in the country for an essentially open-ended period, no court order is required at all!
This seems facially preposterous.
I still wonder what authority the President has to compile and operate such a database, for example. Apparently it does come as a surprise even to knowledgeable legal observers that such a database exists. Since at best it exists between the lines of a loophole we really didn't know about until it was creatively and secretively exploited, a lot more sunlight is still needed.
If it is lawful for the telecom companies voluntarily to turn over to the government call-detail records of every phone call made in this country, there is nothing that obviously restricts the government from using this database in any way it sees fit.
Congress apparently sought to restrict creation of such a government database by forbidding telecoms to turn the data over "to any governmental entity." If that requirement is now circumvented, perhaps new language should close the loophole -- perhaps by explicitly defining what the government can and cannot do. This is properly the sort of balancing that legislatures have a responsibility to accomplish.
A couple of comments.
First you say:
(Emphasis added.)
My response to that is simple.
If this administration has the phone numbers of known terrorists, why the hell haven't the terrorists been made the object of a black-bag job under the president's plenary Art. II C-i-C authority (due process is for people with a pre-9/11, post-1776 mindset)?
Or at least, why haven't these terrorists been arrested and sent to wherever Padilla was held for 4 years?
Is Bush waiting for the next 9-11 to say, "see, we told you so . . . you can't trust anyone but us, so I'm suspending the Constitution and declaring myself President for Life"?
Or is Bush et al., maybe, just a teeney-weeney bit misleading us about what they're really doing -- because they have no earthly idea how to do anything competently?
2. Are you Stephen Colbert? I ask in all seriousness because of the potential for irony in your post.
The suggestion that we will discover heretofore unknown terrorist operatives by data-mining an enormous system of domestic calling records for general patterns typical of terrorist activity is just too ludicrous for words.
I too feel that you are losing it. You start with an agenda which colors your analyses.
If the administrations of WWII had been so blatently and aggressively partisan as this one is, we'd all be sprechening Deutch.
FDR wiretapped his political opponents -- and the press.
Well, I'd expect president Hillary to close that particular loophole by establishing a gun purchase database, which she'd justify as an anti-terrorism measure. Hell, she probably wouldn't even require an act of Congress; she'd just invoke her Art. II C-in-C authority.
That is the lamest thing I've read all week, which is saying a lot. Prof. Kerr's post today actually backs down from yesterday's. It's quite neutral, ideologically. See also Kerr's blog where he defends Hayden against the accusation that he misrepresented the 4th Amendment.
It's just so grimly hilarious that a conservative law prof gets accused of having an "agenda" because he acts like, you know, a conservative ... one of those "law and order" types.
Instead of indulging in hit-and-run ad hominem, could you favor us with an explanation of the defects you observe in Orin's analysis?
Doesn't Article II trump all this? These strictures are all well and good and very necessary for investigations of purely domestic threats, but this is gathering of intel pursuant to the use of military force against a foreign threat, where Congress' power to limit the President's power runs up against the Executive's Constitutional warfighting mandate.
(And no, this is not seizing a steel mill. Youngstown was a domestic property rights issue.)
I too feel that you are losing it. You start with an agenda which colors your analyses.
I feel compelled to stick up for Prof. Kerr, who quite clearly is among the straightest shooters in the legal blogosphere.
I also note the use of the "I too feel" phrasing, as if the commentor is merely adding himself to a list of other people who believe Prof. Kerr is losing it. I know of no such people.
Huh? How is wiretapping the press and your political opponents less blatant than anything Bush has done? Because the NYT didn't put it on the front page?
I strongly favor this idea, not so much as an actual anti-terrorism measure, but more as a troll.
As someone who believes strongly in the 2nd Amendment, I would favor such a program, as long as:
1) It was clear guns posed a significant terrorism-related danger
2) The information could only be used to fight foreign threats, and not used for domestic law enforcement purposes
But some will say well yeah, but just wait if they get away with this then random home invasions and re-education camps are just around the corner. To this I say bollocks, the American people know when to get concerned and elect different politicians and change the laws and the courts. If *real* as opposed to *theoretical* invasions of liberty began to start happening, invasions of liberty that affected people's daily lives, the politicians involved would be done away with in short order.
So for me and I suspect the vast majority of the american people I say GMAFB. Its rational to be more afraid of what the terrorists want to do to us than it is to be afraid of our own government's efforts to try and find the terrorists. If that equation should change, the people will change the government. Until then I feel much more endangered by the ACLU and those who want to protect me from the governments efforts to catch criminals and terrorists than I do by the government's efforts to catch criminals and terrorists.
Remember its not conservatives that have re-education camps. That's the province of the left.
Says the "Dog"
Do you assign importance to the rule of law, especially as it relates to the conduct of the government?
Strained constructions of the law that fail to balance the interests/liberties harmed and the extent to which the harms take place and actually effect the daily lives of those claimed to be harmed versus the potential benefits of protecting our lives and security are irrational. These are not legal decisions they are POLITICAL decisions. Political decisions are not solved by judges (or at least should not be solved by judges) but are best solved at the polls.
There is absolutely NO LIBERTY and NO FREEDOM if you are DEAD. I'd rather see the government with phone number databases tracking down terrorists than worry about this completely insignificant invasion of my *theoretical* liberty and end up being forced to observe Sharia Law lest I be killed. I'm just silly that way I guess.
Says the "Dog"
Please let's keep the partisian rhetoric to a minimum. Let's stick to the simple facts as we think we know them (since we don't know ALL the facts).
One reason I see for not going directly after the suspected terrorist is because of how these cells operate. We all know, or I would think we should all know, that these groups are not some type of easily recognizable heirarchy of organization, such as AT&T or Microsoft or something. They are pseudo-organized and operate in such a way that no one knows all the "leaders" at any level. They just know their contact and that's it. By allowing these contacts to "exist" under surveillance, the govt is able to trace the phone tree. But you can't have a tree without all the data.
So it seems that the data is kept for analysis. You never know what will be valuable intelligence. It's kind of like a needle in a haystack. But once you know exactly where to start, you can unravel the puzzle and connect the dots. But if you cut off that "dot" you never learn the full puzzle and you end up starting back at square one. Which is why it's important for police, FBI, CIA, NSA, etc to share intelligence information. It might seem inconsequential to the police that so and so's buying fertilizer, but to the FBI he's a terrorist suspect or whatever.
Medis,
You're absolutely right. I wish the media would do a better job enforcing that point of view, but it seems that they push partisianship (if it bleeds it leads, etc). But the people ultimately need to stop and make the govt, the media, everyone accountable.
Rational Actor,
You're wrong. There are procedures in place to deal with problems with secret information. If that person who knows this top secret information is afraid to put their career on the line to expose abuse because they may be labeled as a "treasonous traitor" then we've got bigger problems than the NSA collecting intelligence information. If that person utilized the appropriate channels and was told to shut up or ignored or whatever, and subsequently released that information to the public, that person would be praised as a hero and untouchable by anyone who would try to silence them. That person would be a champion of the people by "speaking truth to power" while still maintaining the moral high ground by acting within the established laws and regulations.
Our elected officials would prefer to maintain their power and prestige instead of following their oath of office.
Anonymous Reader
You're right -- I do indeed have an agenda.
It's a strong agenda, and it's an agenda I have had ever since about 1999. My agenda, to put it simply: I want to bring the joys of the Electronic Communications Privacy Act to The People. I love these statutes, and I love talking about them, writing about them, testifying about them, and I love it when everyone else is talking about them, too. So yup, that's my agenda: I want us all to learn about ECPA.
Best,
Orin Kerr
Article II doesn't trump anything. The constitution gives the executive no license to ignore law; the military is subordinate to civilian authority, not independent therefrom.
"The President shall be commander in chief of the Army and Navy of the United States" != "The President shall be military dictator of the United States". The difference between a constitutional republic and a dictatorship is the rule of law; if the law is not binding on the president then we do not have a republic.
Well, I'm glad you found the dictionary and the correct spelling, but the elucidation only makes your position less tenable.
Wiretapping your political opponents is much more brazenly, blatantly, completely obviously partisan than anything Bush has done.
Separate branches of government. The Congress cannot limit the President's Constitutional powers to fight foreign threats via legislation.
That's why Clinton didn't need a warrant for Aldrich Ames.
The Supreme Court held in Smith v. Maryland, 442 U.S. 735 (1979) that pen registers are not unreasonable searches. That case too was discussed on this board many times.
The pen register subject has been beaten to death here. So Professor Kerr is "shocked, Shocked!" to discover that the federal government uses pen registers? Gimme a break. He's losing his objectivity or worse. I'm looking forward to his discovery of the income tax.
I am utterly amazed at constitutional theories which hold that the President may do literally anything if he claims the ultimate purpose is to stop foreign threats. Why did Truman want to seize those steel mills, anyway? Remind me.
If a statute prohbits a phone company from turning over customer records to the government without a warrant, that statute is unconstitutional under Article II if the Executive says national security is at issue? Do you truly see no negative implications to this theory whatsoever?
I see lots of negative implications. For al Qaeda.
No, Orin expresses no such naive shock. The fact that you can muster only this pathetically unsupported accusation speaks volumes about your own agenda, Tom.
Aha! I see the "unlimited power" strawman has finally made its appearance. Yes, that would be amazing, but no one is advancing that theory.
The steel mill seizure was disallowed on the grounds it was a domestic issue. I suppose one could argue that applies here, but it's a pretty weak argument since as JYLD points out it's hard to find any harm being done, and its a reasonable way to track al Qaeda pursuant to killing them with our military.
As far as needing a court order to get call records, why would that be necessary when I can go on the internet and buy YOUR call records for about $89.00 and yes I can ask for YOUR records by name. The NSA is not even getting names and addresses in this data mining operation. That comes only if a disturbing pattern warrants it. If Verizon can SELL your phone records, why can't they share them with the Feds trying to protect the country from attack?
And explain again how Al Gore's "He deceived us!" and Ted Kenedy's "Iraq has become Vietnam" and John Kerry's "American troops shouldn't be terrorizing Iraqis in the middle of the night" and John Murtha's "We've lost! Our soldiers are beaten and despirited" and Dick Durbin's "American soldiers are like Nazis, Khmer Rouge and Soviets" and Howard Dean's "The idea that Bush knew about 9/11 beforehand is an interresting theory" and countless other similar comments from Democrats and their proxies in the press are not "blatently and aggressively partisan" and tell me exactly how they help to unify the country in this war?
"[N]oisy especially in a vulgar or offensive manner certainly seems to describe the above. I dare say it would not be much challenge to counter every specific "blatently and aggressively partisan" comment or act by the Administration you can cite with two or more from the opposition or press. I recommend you put those stones down lest your whole house shatter around your feet.
Mr. Holsinger, get informed or get ...
Prof. Kerr has *specifically* distinguished pen-register law from the present facts. For that matter, even if the NSA's latest hijinks were held to fall under the pen-register precedents, there is no reason to suppose that the single case of Smith v. Maryland would be held to justify the sweeping array of NSA surveillance now at issue. See this link for that argument.
It's as if you were angry that free citizens were even discussing this subject.
Maybe Bush should just pay AT&T $1.00 for the phone records. (smile).
Says the "Dog"
I think it is very very important that this not be a permanent program, because inevitably someday it will be abused (i.e., used for domestic purposes instead of directed at foreign threats). At some point we need to declare victory in this war and move on.
Whatever idiot wrote up the Rube Goldberg instruction manual for doing this, which practically reduces the President to begging, ought to be taken out and shot.
First, who says that is what is happening?
Second, even if it is, there are other approaches to traffic analysis that the same data can be used for, and they are not ludicrous at all.
The ability of TA to provide useful information about the intentions of bad guys has been proven over and over.
Notably, it works nearly as well even if you NEVER get any access to the contents of the messages as if you do.
If american phone numbers are found in al qaeda cell phones it should be relatively simple for the gov't to get a warrant to investigate the owners of those phones, which would allow them to access records of who had called them and been called. They could presumably quite easily work their way outwards, obtaining warrants when necessary to expand their search.
That is sort of the opposite of what is reportedly being done, which is starting with a database of all calls, and then trying to find suspicious patterns therein.
There may be a valid use for this second type of analysis, but it is totally unnecessary if you already have suspect phone numbers.
We should remember that, AFAIK, Prof. Kerr hasn't said a word about whether the NSA database is a good idea. He may think it's a splendid anti-terror tool. The issue is simply, have the NSA and the telcoms acted legally?
Please. There is no, and never has been any, sturm and drang concerning the IRS's intrusiveness, certainly not from the left, so most this reflects motive, decided political and partisan interests, and BDS, Bush Derangement Syndrome.
Another example. The current story, the one everyone is now so concerned about, came out more than four (4) months ago in the NYT on December 24, 2005.
But that was before they had the Hayden nomination to politicize.
I just checked. You're right. It wasn't a pen register. The feds were provided with compilations of information in billing records, with the billing records prepared in the ordinary course of business. I.e., neither the compilations nor the billing records are pen registers, and so are not subject to 18 U.S.C. 3121, or to FISA.
I repeat, there are Inspector Renault imitations in progress. "Your winnings, msieu." "What? I have to pay income tax on my winnings? The income tax is unconstitutional!"
To be clear, my post is really just covering legal issues. I don't know enough about the facts of the NSA database to say whether it is a good idea. It might be: I think this sort of pattern analsyis can be very powerful when done well. But I'm not an expert in it, so I don't really know: When I have been asked to comment on the policy question by reporters, I have declined to comment. Maybe I'm hopelessly old-fashioned, but I see the two (law and policy) as distinct. My post is only about the former.
Also, the primarily legal issue here is legal liabillity for the telephone companies, not for the government. More on that soon, I hope.
Got it in one.
Or, rather, WorldTribune.com. If the story &source can be believed, then maybe those pen-register laws *are* going to need examining: