In the debates surrounding intelligence reform, many observers have made a critical assumption. If Congress doesn’t act by mid-2015, it goes, the NSA’s controversial phone metadata program will turn into a pumpkin. In this post, I’m going to sketch why that view is so common—and why, regrettably, the clock may not strike midnight.
Why Would the Program Expire in 2015?
In 2006, the Foreign Intelligence Surveillance Court (FISC) first authorized the NSA’s domestic bulk phone metadata program. Since that initial court order, the statutory basis for the program has been the Foreign Intelligence Surveillance Act (FISA) business record authority. It’s more commonly known as Section 215 of the USA PATRIOT Act.
Here’s the catch: the business record authority has a shelf life. Congress has to affirmatively renew it from time to time. The latest expiration date is June 1, 2015.
So, the basic reasoning is understandable.
Premise 1: The phone metadata program is based on Section 215 authority.
Premise 2: If Congress doesn’t act by mid-2015, that authority will sunset.
Assumption: If the Section 215 authority goes poof, it takes the phone metadata program with it.
Conclusion: Without a prompt legislative deal, lights out for the phone metadata program.
Unfortunately, that reasoning isn’t airtight. The executive branch has at least three non-frivolous legal theories for keeping the program alive.
The Section 215 Option: An Ongoing “Investigation”
The Section 215 sunset has a key exception. It reads that the provision will expire, “except… with respect to any particular foreign intelligence investigation that began before June 1, 2015.” Some observers have suggested that the NSA’s phone metadata program should qualify. (Including in the New York Times.)
I’m skeptical. And, based on chats with several surveillance law gurus, that’s a common perception. If the exception language were about an investigation, it’d be a reach. But the language calls for a particular investigation.1
The FISC has bought some exceedingly strained legal reasoning before, so I wouldn’t rule this option out. It’s undoubtedly a legal long shot, though.
The Section 214 Option: Shifting to Pen/Trap Authority
The FISC approved its first bulk surveillance program in 2004. That program didn’t cover phone metadata, and it didn’t rely on FISA business record authority. Rather, the program covered email metadata,2 and it relied on FISA pen register / trap and trace device authority. (These days, a pen/trap is a legal term of art for prospective collection of communications metadata.)
While the email program is now defunct, the underlying legal theories are not. Section 214 of the USA PATRIOT Act established the expanded pen/trap authority that the FISC relied on. And, when Congress renewed the USA PATRIOT Act in 2006, it made Section 214 permanent.
That means the executive branch has a ready legal fallback. If Section 215 expires without congressional intervention, the NSA can renew its phone program under Section 214.
Before an ordinary court, the Section 214 option would also be a long shot. The NSA’s phone metadata program sure looks nothing like an ordinary pen/trap.
Before the FISC, though, the Section 214 option is likely a slam dunk. From 2004 to 2011, the FISC consistently approved a nearly identical metadata program under Section 214. In order to reject the Section 214 option, the FISC would have to depart from its prior views. That’s not likely.
The Article II Option: Reasserting Inherent Presidential Power
When the NSA began its domestic email and phone metadata programs, it operated both under the President’s inherent Article II power. A subsequent review by the Department of Justice Office of Legal Counsel concluded that the email program was unlawful without FISC approval. It did not, however, conclude that the phone program was unlawful.3
The Obama administration could, conceivably, resume the Bush administration position. When Section 215 expires, the Department of Justice could start serving Article II demands on telecom services. As a political matter, that would be a terrible idea—the White House is already combating perceptions of an “imperial” presidency. The telecoms would likely also disapprove, since they wouldn’t qualify for civil immunity. All of that said—as a purely legal matter, the position would be consistent.
Comparing the Options
It’s easy to see why the executive branch would prefer a Section 215 ongoing “investigation.” That approach would preserve any other programs that operate under Section 215, including the CIA’s bulk financial records program. It could even leave the door open to future programs, like bulk collection of cellphone location. Those other programs might not comfortably fit into Section 214 or Article II.4
What’s more, Section 215 provides no statutory protection to criminal defendants. Section 214, by contrast, can require notice of how evidence was obtained. And it provides a suppression remedy—a key vehicle for challenging the program’s legality.
Another perk of Section 215 is that it wouldn’t require any technical changes. In the current program, carriers forward call records to the NSA. A couple of colleagues have suggested that under a Section 214 version, the NSA might have to collect the call records itself. I don’t think that’s right—pen/trap orders to online services routinely require forwarding copies of metadata. At any rate, even if a technical change were needed, the NSA has more than sufficient capability to accomplish that collection itself.5
So, if I were an intelligence community lawyer tasked with extending the phone metadata program, here’s what I’d be thinking. First, pitch the FISC on the Section 215 ongoing “investigation” theory. If that works, great. It probably won’t. Then, use Section 214 as a backstop.
Let me be clear: I think the domestic bulk phone metadata program should end. It hasn’t produced unique intelligence value, and it has enormous privacy implications. The President’s Review Group and the Privacy and Civil Liberties Oversight Board both reached the same conclusion. Even the White House and the NSA now support structural reform.
That reform debate will continue to play out in Congress. And in the debate, critics of the NSA thought they had crucial leverage—a June 2015 make-or-break deadline for a major agency program.
There is, to be sure, still substantial leverage. The intelligence community values FISA business record authority—it allows access to communications metadata that’s beyond the reach of a national security letter. And if the executive branch were to extend the phone metadata program without Congress, on any legal theory, it would undoubtedly catch political flak.
The key point of leverage, though, was supposed to be the phone metadata program. It’s not necessarily ending.
Thanks to the fellow wonks who kicked around the ideas in the post. All views are solely my own.
1. What’s more, a subsequent part of the exception deals with particular criminal investigations—plainly not dragnet programs. Perhaps the NSA could keep the program partially in operation, only for previously approved targets. That would be an awkward outcome, and at any rate, it could sharply curtail any future intelligence value from the program.
2. Some documents suggest Internet Protocol metadata, unrelated to email, was also collected under this program. The NSA and the FISC appear to have focused mostly on email metadata, though.
3. The relevant OLC memos are, unfortunately, still classified. A summary is available in a leaked NSA Inspector General report. My best guess is that OLC concluded the law enforcement (ECPA) pen/trap prohibition in 18 U.S.C. § 3121 is stronger than the customer records disclosure prohibition in 18 U.S.C. § 2702. But that’s really just a guess.
4. Financial records, for instance, plainly aren’t the sort of communications metadata covered by a pen/trap order. And a FISA pen/trap order may not be sufficient for obtaining phone location because of a separate provision in CALEA.
5. A related issue is that by switching to pen/trap authority, the NSA would be admitting the phone metadata program was a pen/trap all along. The ECPA pen/trap provisions generally prohibit operating a pen/trap without a pen/trap order, so you might think the NSA would be admitting past illegality. The NSA has at least two possible responses, though. First, the ECPA pen/trap prohibition makes an exception for any FISA order, not just FISA pen/trap orders. That covers business record orders. Second, if the NSA shifted to direct collection from telecoms, that should sufficiently distinguish the old version of the program as not a pen/trap.