The Lockbox Lie: The NSA Searches Phone Records Without a Warrant

How you look at things.
June 17 2013 5:42 PM

The Lockbox Lie

If our phone records are protected by a “lockbox,” why can the NSA search them without a warrant?

General Keith Alexander, commander of the U.S. Cyber Command, director of the NSA and chief of the CSS, testifies before the Senate Appropriations Committee hearing on Cybersecurity: Preparing for and Responding to the Enduring Threat, on Capitol Hill in Washington June 12, 2013.
Gen. Keith Alexander, director of the NSA, testifying before the Senate Appropriations Committee on June 12, 2013

Photo by Yuri Gripas/Reuters

You can also listen to William Saletan read this piece.

William Saletan William Saletan

Will Saletan writes about politics, science, technology, and other stuff for Slate. He’s the author of Bearing Right.

For the past week and a half, U.S. officials have told us that the National Security Agency’s vast collection of phone “metadata”—which numbers have called which other numbers and when—is kept in a “lockbox.” They’ve implied that the data can’t be searched without court approval. That’s false. The records can be searched without a warrant. The “lockbox” has no lock.

On June 6, hours after the Guardian reported details of the phone surveillance program, James Clapper, the director of national intelligence, issued a statement describing oversight of the program by the Foreign Intelligence Surveillance Court. “By order of the FISC, the Government is prohibited from indiscriminately sifting through the telephony metadata acquired under the program,” said Clapper. “The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization.”

Clapper’s terms—specific facts, particular basis—created an impression that the court applied these standards as a gatekeeper, case by case. Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, added to that impression three days later. In an interview on This Week, Rogers described the court's role in the phone records program: “The court said, 'Put all of that information in a box, and hold that information. And when you want to access that information, you have to use this very specific court-ordered approval process.' ”

On June 12, NSA Director Keith Alexander gave a similar account. He told a Senate committee:

“What we create is a set of data, and we put it out here, and then only under specific times can we query that data.  … So the methodology would be, ‘Let's put into a secure environment call detail records. … We won't search that unless we have some reasonable, articulable suspicion about terrorist-related organizations.’ If we see that, we have to prove that we have that.  Then, given that, we can now look and say, ‘Who was this guy talking to in the United States and why?’”

Later in the hearing, Sen. Dianne Feinstein, (D-Calif.,) chairwoman of the Senate Intelligence Committee, read from a summary of the phone surveillance program. She said the NSA “can only look at that data after showing that there is a reasonable, articulable suspicion that a specific individual is involved in terrorism.” Feinstein asked Alexander whether her summary was accurate. He said it was.

The next day, after a closed-door briefing by the NSA, Rogers and Alexander appeared before the press to assure Americans that the database couldn’t be abused. “It's kept in a lockbox, with the only access” confined to “a fraction of a fraction of a percent” of the records, said Rogers. “It can only be used and accessed by a counterterrorism nexus.”

Two hours later, Feinstein came out of another closed-door NSA briefing with the same story. But this time, Guardian reporter Spencer Ackerman asked her the salient question:

Q:  Is a court order necessary to query the metadata database?
Feinstein:  Is a court order necessary to query—
Q: The metadata database under 215. An individual court order for each query.
Feinstein: A court order—well, I don't know what you mean by a query. A court order—
Q: To search the database.
Feinstein: To search the database, you have to have reasonable, articulable cause—
Q: Certified by a judge?
Feinstein: —to believe that that individual is connected to a terrorist group. You cannot—
Q: But does that have to be determined by a judge?
Feinstein: Could I answer? You may not like it, but I'll answer. Then you can query the numbers. The only numbers you have—there's no content. You have the name and the number called, whether it's one number or two numbers. That's all you have. Then you can get the numbers. If you want to collect content, then you get a court order.
Q: So you don't need a court order for the query itself.
Feinstein: That's my understanding.

That exchange punctured the government’s story. The official talking points, recited by Feinstein, emphasized the “reasonable, articulable cause” standard and the requirement of a court order to get a wiretap. What they glossed over was the disconnect between those two points. The NSA can search the database without proving anything to the court. To extract this confession from Feinstein, Ackerman had to ask his question six times.

If Feinstein’s answer is correct, then everything we’ve been told about the “lockbox” is a charade. Go back and reread what Clapper, Alexander, Feinstein, and Rogers told us. They said the court allows queries only after the presentation of specific facts supporting a particular basis. The NSA can query the data only at specific times under a very specific court-ordered approval process. It can look at the data only after showing a reasonable, articulable suspicion that a specific individual is involved in terrorism. It must prove that level of suspicion.

Those statements clearly imply that the court screens each data request. But it doesn’t. There’s no lock on the lockbox.

That hasn’t stopped current and former government officials from repeating the lockbox line. Yesterday Rogers used it again on Face the Nation. Dick Cheney, appearing on Fox News Sunday, backed him up. On Meet the Press, Michael Hayden, the guy who ran the NSA when it began collecting phone records, assured Rep. Bobby Scott, (D-Va.,) “The only way you can access the metadata is through a terrorist predicate.” When Scott asked, “Where is that written?” Hayden replied: “It's in the court order.” Really? Where’s the court order? When is it applied, and how?

If the court isn’t screening data requests, that leaves two possibilities. One is that nobody’s screening them. The other is that some other, unknown entity is doing it in a way that nobody has explained. Either way, the answers we’re getting are unacceptable. They betray privacy, public trust, and national security.

Clapper, Alexander, and other officials use Sept. 11 to justify the phone records program. They say we need a complete log of calls so that when we find a terrorist’s number, we can search its history and connect the dots. That’s a sensible idea. But why should the database be searchable without a warrant? Intelligence officials claim that last year, they searched it for fewer than 300 numbers. That’s less than once a day. Local prosecutors get warrants for that kind of thing all the time. Why can’t the feds?

Sept. 11 should have provoked us to think more creatively about security and privacy. We should have realized that we can collect and preserve the phone data without giving the NSA or FBI direct access to it. All we have to do is apply the traditional requirement—a search warrant—to the query process. That would be a real lockbox. It would thwart terrorism while preventing abuse.

It’s particularly rich to see Al Gore, the former vice president, complaining about the phone surveillance program. Thirteen years ago, when he was running for president, Gore promised to put Medicare and Social Security funds in a “lockbox” so Congress couldn’t spend them on other programs. Critics mocked the idea, pointing out that ”no one has yet designed a lock box that Congress couldn't pick.” In the case of the phone records database, the NSA doesn’t even have to pick the lock. It has the key.

William Saletan's latest short takes on the news, via Twitter: