War Stories

Mend It, Don’t End It

Congress will limit the NSA’s ability to track our phone calls, not put a stop to it.   

German Chancellor Angela Merkel (L) and U.S. President Barack Ob
German Chancellor Angela Merkel and President Barack Obama hold a joint news conference on Feb. 9, 2015 in Washington, D.C.

Photo by Alex Wong/Getty Images

The law that the National Security Agency cites to collect metadata on millions of Americans’ phone calls—the most controversial of the secret surveillance programs revealed by Edward Snowden—is set to expire June 1. Three events that have taken place this week could determine whether the law is extended, revised, or allowed to lapse.

Each of these events is likely to push Congress in conflicting directions, meaning they’re likely to make undecided legislators still more indecisive. This usually bodes a drift to some centrist compromise, which, in this case, means a modest reform in the law that neither maintains the status quo nor eliminates metadata-collection altogether.

The first and most dramatic event occurred on May 7, when a U.S. Court of Appeals ruled, in the case of ACLU v. Clapper, that bulk metadata collection is illegal. The ruling, written by Judge Gerard Lynch of the 2nd Circuit in New York, skirted the issue of whether the program violates the privacy guarantees of the Constitution’s Fourth Amendment. Rather, Lynch and his two colleagues on the court merely concluded, with persuasive logic and a cogent analysis of congressional intent, that Section 215 of the Patriot Act—which the NSA and Justice Department lawyers cite as the basis for the program—does not in fact authorize anything so vast and invasive as bulk metadata collection.

A little background is necessary. Since 1998, under a revision to the Foreign Intelligence Surveillance Act, the government has had the authority to subpoena “business records” pertaining to “a foreign power or an agent of a foreign power.” The Patriot Act, which Congress hurriedly passed in the wake of the Sept. 11, 2001 terrorist attacks, broadened these surveillance powers to include not just “a foreign power” but also terrorist groups unaffiliated with a nation-state—and to include not just “business records” but “any tangible things” that had “relevance” to an “investigation” of a terrorist plot or group.

In 2006, the NSA argued for an expansive definition of “relevance.” If intelligence analysts spotted someone plotting a terrorist act, it would be good to find his co-conspirators. One method of doing this would be to monitor his phone calls: not necessarily the content of the calls, but  the numbers dialed and the dates and durations of the calls—the “metadata.” The idea was to discover links among terrorist suspects; if the links seemed plausible, the NSA could ask the Foreign Intelligence Surveillance Court for an order to allow for the monitoring of the content as well. But what if the plot was well advanced by the time the analysts detected it? What if the telltale phone calls had already been made? It would be good, the NSA further argued, to have an archive of past calls that could be analyzed for links. By this logic, it was impossible to know what was “relevant” until it became relevant; so the NSA had to have it all on hand when the time came to make that assessment. In other words, everything was potentially relevant.

The FISA Court, which meets in secret and whose rulings are highly classified, approved this new concept of “relevance.”

In its ruling on Thursday, the federal appeals court found this concept “unprecedented and unwarranted.” Justice Department lawyers had defended the concept, likening it to the broad subpoena powers of a grand jury. But Judge Lynch dismissed the comparison, noting that a grand jury’s powers “are bounded either by the facts of the investigation or by a finite time limitation,” whereas the NSA metadata program “requires that the phone companies turn over records on an ‘ongoing daily basis’—with no foreseeable end point, no requirement of relevance to any particular set of facts, and no limitations as to subject matter or individuals covered.”

Lynch also noted that Section 215 permits the government to demand documents “relevant to an authorized investigation,” whereas the metadata program scoops up data that might be “relevant to ‘counterterrorism investigations,’ without identifying any specific investigations to which such bulk collection is relevant.”

For several reasons, then, Lynch concluded, the bulk metadata program “is not authorized by Section 215,” nor is there persuasive evidence that, in passing the Patriot Act, Congress intended any such interpretation—not least because only a small number of the legislators knew about the highly classified program.

However, Lynch added in his ruling, “if Congress chooses to authorize such a far-reaching and unprecedented program, it has every opportunity to do so, and to do so unambiguously.” And were it to do so—were Congress to pass a law explicitly allowing bulk metadata collection—then this appellate court, Lynch implied, would have no objection.

And that brings us to the impending moment of truth on Capitol Hill. Legislators tend to abhor such moments and take all feasible steps to evade them, but, in this case, they have no choice. Precisely because the Patriot Act was passed in the panic and haste of a national emergency, Congress tacked on an expiration date, allowing members to leaf through the text after the crisis had subsided and to trim the excesses or kill the bill altogether. When Congress last renewed Section 215, in 2011, it voted to reassess matters again on June 1, 2015. In the interim came the Snowden leaks, and now a federal court has ruled that the NSA has stretched the law beyond propriety.

At this point, Congress could go one of three directions. First, Senate Majority Leader Mitch McConnell has said he will offer a bill to extend Section 215, with no revisions, for another five years. However, the appellate court’s ruling puts him in a bind. If the U.S. Supreme Court lets the ruling stand, the metadata program will die, even if Section 215 lives on. In order to protect the metadata program, which is what McConnell really wants to do, he would have to amend Section 215 to allow it. Such a proposal isn’t likely to attract a majority of the House or the Senate, given Lynch’s ruling and the program’s controversial status.

Other legislators have proposed a different sort of amendment. Following a key recommendation by President Obama’s independent commission on NSA reform, the metadata would still be collected by the phone companies (they do this automatically), but it would be stored with those companies; the NSA couldn’t gain access to it without a FISA Court order.

This isn’t such a radical idea. Gen. Keith Alexander, the NSA director at the time, told the commissioners that he had no problem with the notion of storing the data elsewhere. President Obama endorsed the idea too, though he noted that changing the procedure would require an act of Congress. That act may be just a few weeks away.

The final way to deal with the problem is to let Section 215 expire, either by an express motion or by blocking any sort of vote. The phone companies would continue to collect metadata—as they always have—and, presumably, the NSA could continue to ask the FISA Court for an order granting access to the agency. But without Section 215, the court would have no authority to issue such an order, nor would the phone companies have a legal obligation to comply. The program, in effect, would be over.

Some argue that this would be no great loss. Obama’s commission concluded that metadata searches, under Section 215, had not led to the capture of a single terrorist or the halting of a single terrorist plot. (The commission found that a separate Snowden-leaked program called PRISM—in which the NSA can subpoena Internet Service Providers to help monitor foreign agents inside the United States—has played an important role in halting 53 terrorist plots. But PRISM involves searches that are more directed and specific than the bulk collection of metadata.)

This is where the week’s other two news events come in to play. In one, the French government is on the verge of passing a law greatly expanding its domestic-surveillance powers, including bulk-metadata collection and comprehensive network monitoring, without any judicial oversight whatsoever. In the other, reports confirmed that, despite German Chancellor Angela Merkel’s crowd-pleasing complaints about NSA intrusions, her government’s security agency has been cooperating with the NSA in spying on European countries. (Shades of Captain Renault, the Vichy officer in Casablanca who pronounces himself “shocked, shocked to find that gambling is going on in here,” just as the croupier delivers his winnings for the night.)

These news stories might send two messages to American lawmakers. First, the French—who have had more recent experience with terrorist attacks—have apparently concluded that they can use all the domestic surveillance they can get. Second, it seems that there’s no need to placate allies on this front; that, while the German people have loudly embraced Snowden as a hero and denounced the NSA as Stasi reincarnate, their officials pay lip service to these slogans purely for the sake of domestic politics.

None of this means that we should ignore the very real concerns of allies or emulate the French. Worldwide distrust of the NSA has, among other things, hurt business for American high-tech companies. And the French idea of liberty, compared with ours, involves more intrusiveness by the state. The French have also long played an active role in what is now called “cyber-espionage.” (They were detected hacking into U.S. Defense Department networks as far back as 1997, when few Americans had heard of the phenomenon, much less regarded it as a problem.)

Still, anyone in power knows that if the metadata-collection (or almost any other counter-terrorism program) is scrapped, and if we’re then hit with a major terrorist attack, people will scream, rightly or wrongly, “This wouldn’t have happened, if you hadn’t killed that program!” Certainly this is one reason President Obama has preserved certain intelligence programs that Sen. Obama or Professor Obama might have proposed scrapping. Some in Congress might rationalize that they could elude all blame, and point to Obama or his successor, if a terrorist strikes. Still, the vote on what to do with Section 215 will put most of them on the spot.

At the same time, maintaining the current metadata program is a bad idea, and is widely seen as such, even by people who have no problems with its dangers or shortcomings. Obama’s commission—which included three prominent lawyers, a former White House counter-terrorism chief, and a former career CIA officer—found no instances of abuse in NSA’s handling of metadata, but they unanimously warned of the “potential for abuse,” especially in light of the actual history of abuse by the U.S. intelligence agencies, especially the CIA and NSA.

Under the current system, the collection of metadata is laden with restrictions and with in-house lawyers who enforce the rules. But this won’t necessarily always be the case. If there are more terrorist strikes, or if some modern-day Richard Nixon or J. Edgar Hoover came to power, the temptation for abuse—for using NSA tools to expand the range of suspects and to hunt down political enemies—would be staggering. Metadata isn’t disappearing. So it’s a good idea, at the very least, to remove it from the building, to make it harder for those in power to obtain and exploit.