On Thursday, the Privacy and Civil Liberties Oversight Board released its long-awaited report on the NSA’s phone-records program. That’s the program in which the NSA collects—and stores for five years—a record of virtually every telephone call made every single day in the country. The report is damning, and much attention will rightly focus on its central conclusion: that the program is illegal and should be ended.
The report is comprehensive, though, and its principal conclusion is buttressed by a series of other critical findings and recommendations. Here are the three other points from the report that will shape the debate about the NSA and privacy over the coming months:
1. Bulk collection of phone records is unnecessary and has not made the country safer.
Since the revelation of the NSA’s phone-records program on June 5, 2013, the government’s principal talking point has been that the program is essential to keeping the country safe. The PCLOB examined that claim in depth—reviewing “a wealth of classified materials,” requesting “follow-up information” from the intelligence agencies, and receiving “a series of classified briefings.” The board paid special attention to the “specific cases cited by the government as instances in which telephone records obtained under [the program] were useful.”
The PCLOB’s conclusion: Bulk collection has not made the country safer.
The board did not “identif[y] a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation.” And even when the phone-records program offered additional information, “in nearly all cases the benefits provided have been minimal” and could “have been obtained through traditional, targeted collection of phone records.”
Here’s the bottom line in the PCLOB’s words:
2. Bulk collection of our metadata poses a serious threat to civil liberties.
The PCLOB joined the growing consensus that telephone records—particularly when collected in bulk—are extraordinarily sensitive. In fact, it noted, “the aggregation of numerous calling records over an extended period of time can paint a clear picture of an individual’s personal relationships and patterns of behavior. This picture can be at least as revealing of those relationships and habits as the contents of individual conversations—if not more so.”
Having recognized the sensitivity of our phone records, the PCLOB went on to analyze the impact on civil liberties of allowing the government to collect that information in bulk. As we at the ACLU have argued for years, bulk collection threatens to reshape the relationship between the citizens of this country and their government. The PCLOB agreed. It noted that “[a]llowing [the government] to gather vast quantities of information about the conduct of individuals as a routine matter where those individuals are not suspected of any crimes affects the balance of power between the state and its people.”
But the PCLOB didn’t just stop there. It cataloged some of the other harms of bulk collection, such as mission creep and the possibility of abuse. In a crucial passage, the board stated, “Prudence cautions against assuming that abuse of surveillance powers is a problem that will never reoccur, and any decision to invest the government with a broad surveillance power must duly take into account the abuse that this power could enable, whether or not such abuse is evident today.”
Here’s the bottom line in the PCLOB’s words:
3. Forcing companies to store sensitive data about their customers is not the answer.
If the government ultimately embraces the push to end the NSA’s phone-records program, the question will remain whether it repackages the program in private hands. Toward that end, some officials have called for new laws forcing the telephone companies to retain their customers’ sensitive phone records for years. Others have called for some third party to hold onto all of the records, instead of the NSA.
As President Obama recognized in his speech last week, both of those solutions raise serious privacy concerns of their own. The PCLOB agreed. It, too, recognized the privacy implications of compelling companies to keep information against their will or of creating a centralized database of the nation’s call records.
The board is exactly right on this point. Companies should remain free to offer services to their customers that provide greater privacy protections. And if cybersecurity truly is as serious a threat as the government claims, we are all made less secure by centralizing all of our most sensitive information. After all, it isn’t just the NSA that wants access to all of our data, but foreign governments and criminal hackers.
Here’s how the PCLOB explained it:
In the days to come, the PCLOB’s key recommendation that the phone-records program be ended will be the primary focus. But as the debate moves forward, the critical question will be how to protect our privacy in an era of big data. The board’s incisive findings provide a necessary roadmap.