Outside the Beltway

Appeals Court Rules N.S.A. Data Mining Illegal

A Federal Appeals Court has ruled that the N.S.A.'s data mining program is illegal, but its ruling may not have a very big impact.

Doug Mataconis · Thursday, May 7, 2015 · 5 comments

The Second Circuit Court of Appeals in New York has ruled that the National Security Agency’s data mining program, which first came to widespread public attention due to the disclosure of information from former N.S.A. contractor Edward Snowden, is illegal:

WASHINGTON — A federal appeals court in New York on Thursday ruled that the once-secret National Security Agency program that is systematically collecting Americans’ phone records in bulk is illegal. The decision comes as a fight in Congress is intensifying over whether to end and replace the program, or to extend it without changes.

In a 97-page ruling, a three-judge panel for the United States Court of Appeals for the Second Circuit held that a provision of the USA Patriot Actknown as Section 215 cannot be legitimately interpreted to allow the systematic bulk collection of domestic calling records.

The ruling was certain to increase the tension that has been building in Congress as the provision of the act that has been cited to justify the bulk data collection program nears expiration. It will expire in June unless lawmakers pass a bill to extend it.

Thursday’s ruling did not come with any injunction ordering the program to cease, and it is not clear that anything else will happen in the judicial system before Congress has to make a decision about the expiring law.

(…)

Alexander Abdo, who argued the case for the American Civil Liberties Union, praised the ruling.

“This decision is a victory for the rule of law that should spur Congress into action,” he said. “Modern technology has created tremendous opportunity, but it has also enabled surveillance on a scale inconsistent with free society. Today’s decision is an opportunity to redouble the defense of the constitutional principles that have made our nation what it is today.”

The appeals court sent the matter back to a Federal District Court judge to decide what to do next. The government could also appeal the ruling to the full appeals court, or to the Supreme Court. Parallel cases are pending before two other appeals courts that have not yet ruled.

The bulk phone records program traces back to October 2001. After the Sept. 11 attacks, President George W. Bush secretly authorized the N.S.A. to begin a group of surveillance and data-collection programs, without obeying statutory limits, for the purpose of detecting and disrupting terrorist attacks.

Over time, the legal basis for each component of that program, known as Stellarwind, evolved. In 2006, the administration persuaded a Federal District Court judge serving on the FISA Court, Malcolm J. Howard, to issue the first of many court orders blessing the phone records component, based on the idea that Section 215 could be interpreted as authorizing it.

Many other judges serving on the FISA court have subsequently renewed the program at roughly 90-day intervals. It came to light in June 2013 as part of the leaks by the intelligence contractor Edward J. Snowden, setting off a debate both about individual privacy rights and about whether the FISA court’s secret legal interpretation was founded.

Multiple lawsuits were filed in different districts challenging the program as both illegal under Section 215 and as unconstitutional. Different district court judges reached opposing conclusions about its legality.

Thursday’s ruling, in a case brought by the American Civil Liberties Union, is the first time an appeals court has weighed in. The ruling was only a partial victory for the A.C.L.U. because the court did not reach its separate argument that bulk collection of records about Americans – regardless of the claimed legal basis – is unconstitutional. It is not clear what other bulk data collection programs the government may have, although there have been some glimpses of others.

Ian Millhiser analyzes the opinion:

The Second Circuit’s opinion hones in on the word “relevant” to explain why this law does not authorize the NSA’s enormous database. In this case, the court notes, “the parties have not undertaken to debate whether the records required by the orders in question are relevant to any particular inquiry.” Rather, [t]he records demanded are all‐encompassing; the government does not even suggest that all of the records sought, or even necessarily any of them, are relevant to any specific defined inquiry.” This, the court explains, is not allowed:

[T]he government takes the position that the metadata collected – a vast amount of which does not contain directly ‘relevant’ information, as the government concedes – are nevertheless ‘relevant’ because they may allow the NSA, at some unknown time in the future, utilizing its ability to sift through the trove of irrelevant data it has collected up to that point, to identify information that is relevant. We agree with appellants that such an expansive concept of ‘relevance’ is unprecedented and unwarranted.

Later in its opinion, the court explains just how unusual it is for the government to seek such a sweeping authorization to gather data from a court. “Search warrants and document subpoenas typically seek the records of a particular individual or corporation under investigation, and cover particular time periods when the events under investigation occurred,” the Second Circuit explains. Yet, “[t]he orders at issue here contain no such limits.” Instead,

[t]he metadata concerning every telephone call made or received in the United States using the services of the recipient service provider are demanded, for an indefinite period extending into the future.  The records demanded are not those of suspects under investigation, or of people or businesses that have contact with such subjects, or of people or businesses that have contact with others who are in contact with the subjects – they extend to every record that exists, and indeed to records that do not yet exist, as they impose a continuing obligation on the recipient of the subpoena to provide such records on an ongoing basis as they are created.  The government can point to no grand jury subpoena that is remotely comparable to the real‐time data collection undertaken under this program.

This case was an appeal of a ruling by a Federal District Court Judge in New York City in December 2013 that rejected the argument that the program was unconstitutional. That ruling came just a short time after another Federal District Court Judge in the District of Columbia ruled that the program was unconstitutional in a separate lawsuit. That case is currently under appeal with the Court of Appeals for the District of Columbia, which could very rule differently from the Second Circuit. If that happens, of course, it becomes likely that the Supreme Court would accept either of both of these cases for appeal during the term set to begin in October. This would be the Justices second opportunity to rule on the data mining program, the first having been a case filed by the Electronic Privacy Information Center which the Court declined to accept. That case, however, was unusual in that it was filed as a direct appeal to the Supreme Court rather than having gone through the lower courts as is normally the case. This time, if there ends up being a Circuit split on this issue then the Justices will almost be obligated to accept the appeal.

While this is a ruling that will justifiably be hailed by privacy advocates, it’s unclear what impact it will actually have. As noted, the Court declined to rule on the question of whether or not the program would be unconstitutional if it were authorized by a specific federal law. Additionally, the Court declined to issue a injunction against the program, primarily because it noted that the provision of the PATRIOT Act that the government acts under when operating the program is set to expire. This is an understandable decision by the Court, since it’s unclear just how much longer the program that it was ruling on will actually still be in effect. Additionally, Congress is currently considering legislation that would substantially change the program, and may well remove those elements that led the Court to declare it illegal:

WASHINGTON — After more than a decade of wrenching national debate over the intrusiveness of government intelligence agencies, a bipartisan wave of support has gathered to sharply limit the federal government’s sweeps of phone and Internet records.

On Thursday, a bill that would overhaul thePatriot Act and curtail the so-called metadata surveillance exposed by Edward J. Snowden was overwhelmingly passed by the House Judiciary Committee and was heading to almost certain passage in that chamber this month.

An identical bill in the Senate — introduced with the support of five Republicans — is gaining support over the objection of Senator Mitch McConnell, Republican of Kentucky, who is facing the prospect of his first policy defeat since ascending this year to majority leader.

The push for reform is the strongest demonstration yet of a decade-long shift from a singular focus on national security at the expense of civil liberties to a new balance in the post-Snowden era.

Under the bipartisan bills in the House and Senate, the Patriot Act would be changed to prohibit bulk collection, and sweeps that had operated under the guise of so-called National Security Letters issued by the F.B.I. would end. The data would instead be stored by the phone companies themselves, and could be accessed by intelligence agencies only after approval of the secret Foreign Intelligence Surveillance Act court.

The legislation would also create a panel of experts to advise the FISA court on privacy, civil liberties, and technology matters, while requiring the declassification of all significant FISA court opinions.

The act, which expires June 1, is up for its first reauthorization since the revelations about bulk data collection. That impending deadline, coupled with an increase of support among members of both parties, pressure from technology companies and a push from the White House have combined to make changes to the provisions more likely.

The overhaul bill passed the Judiciary Committee 25 to 2, uniting the likes of politicians who rarely agree, like Representatives Trey Gowdy, Republican of South Carolina, and Jerrold Nadler, Democrat of New York. An identical measure, by Senators Patrick Leahy, Democrat of Vermont, and Mike Lee, Republican of Utah, was unveiled Tuesday, a week after Mr. McConnell proposed a blanket five-year extension of the Patriot Act passed after the Sept. 11, 2001, attacks.

“I don’t think he’s listening to America,” Representative Jason Chaffetz, Republican of Utah and a senior member of the House Judiciary Committee, said of Mr. McConnell. “The seminal question is how much liberty are we going to give up for security? People are on the brink. They’re scared out of their wits.”

But Mr. McConnell holds powerful levers as the Senate leader that could halt the momentum or eventually alter the legislation.

For the moment, Mr. McConnell and Senator Richard Burr, Republican of North Carolina and Intelligence Committee chairman, seem to be increasingly isolated.

The Snowden disclosures, along with data breaches at Sony Pictures, Target and the insurance giant Anthem, have unsettled voters and empowered those in Congress arguing for greater civil liberties protection — who a few years ago “could have met in a couple of phone booths,” said Senator Ron Wyden, Democrat of Oregon.

That has proponents of the metadata collection straining to gain support. “I think people are reacting to a program they don’t know,” Mr. Burr said. Asked about turning back the momentum against him, he conceded, “I’ve got a big task.”

Mr. Snowden’s disclosures prompted a public backlash that ultimately convinced President Obama to back an end to that part of the program. But since the president declared an end to “bulk metadata program as it currently exists” in January 2014, little has changed, Intelligence Committee members said.

To a large degree, the changes to the metadata program that the proposed legislation would put in place would address nearly all of the aspects of the current program that the Court finds troublesome here. Instead of being held by the government, metadata would be held by telecommunications companies and could only be accessed by government agencies upon application to a FISA Court. While this does raise some obvious concerns about how long these companies would be required to keep the metadata, it certainly seems like a reasonable solution to concerns raised by the current program, which essentially allows the government to scoop up all metadata on a whim, hold it for however it wishes, and use it in any way it wants, Additionally, the proposed changes to the FISA Court, which include the addition of advisers on privacy issues and other matters and a program that would require disclosure of FISA opinions in a manner that doesn’t harm national security, would be a long overdue reform to a process that, while necessary, has been clouded in far too much secrecy than should be permitted in a society based on the rule of law. This isn’t to say that there might not be other legal objections to the program that would be authorized under the proposed legislation, of course, but those challenges will have to be brought in the future. As far as the issues raised in this and other cases related to Section 215, though, the bill would go a long way toward fixing a flawed system.

So, the Court’s decision today is a positive one for those of us who have long been troubled by the N.S.A.’s domestic activities. It’s unclear that it’s going to have any long-term impact, though.

Here’s the opinion:

ACLU v. Clapper by Doug Mataconis