Geoffrey R. Stone's Blog, page 7

Because of my service on the President's Review Group last fall, which made recommendations to the president about NSA surveillance and related issues, the NSA invited me to speak today to the NSA staff at the NSA headquarters in Fort Meade, Maryland, about my work on the Review Group and my perceptions of the NSA. Here, in brief, is what I told them:

From the outset, I approached my responsibilities as a member of the Review Group with great skepticism about the NSA. I am a long-time civil libertarian, a member of the National Advisory Council of the ACLU, and a former Chair of the Board of the American Constitution Society. To say I was skeptical about the NSA is, in truth, an understatement.



I came away from my work on the Review Group with a view of the NSA that I found quite surprising. Not only did I find that the NSA had helped to thwart numerous terrorist plots against the United States and its allies in the years since 9/11, but I also found that it is an organization that operates with a high degree of integrity and a deep commitment to the rule of law.



Like any organization dealing with extremely complex issues, the NSA on occasion made mistakes in the implementation of its authorities, but it invariably reported those mistakes upon discovering them and worked conscientiously to correct its errors. The Review Group found no evidence that the NSA had knowingly or intentionally engaged in unlawful or unauthorized activity. To the contrary, it has put in place carefully-crafted internal proceduresto ensure that it operates within the bounds of its lawful authority.



This is not to say that the NSA should have had all of the authorities it was given. The Review Group found that many of the programs undertaken by the NSA were highly problematic and much in need of reform. But the responsibility for directing the NSA to carry out those programs rests not with the NSA, but with the Executive Branch, the Congress, and the Foreign Intelligence Surveillance Court, which authorized those programs -- sometimes without sufficient attention to the dangers they posed to privacy and civil liberties. The NSA did its job -- it implemented the authorities it was given.



It gradually became apparent to me that in the months after Edward Snowden began releasing information about the government's foreign intelligence surveillance activities, the NSA was being severely -- and unfairly -- demonized by its critics. Rather than being a rogue agency that was running amok in disregard of the Constitution and laws of the United States, the NSA was doing its job.



It pained me to realize that the hard-working, dedicated, patriotic employees of the NSA, who were often working for far less pay than they could have earned in the private sector because they were determined to help protect their nation from attack, were being castigated in the press for the serious mistakes made, not by them, but by Presidents, the Congress, and the courts.



Of course, "I was only following orders" is not always an excuse. But in no instance was the NSA implementing a program that was so clearly illegal or unconstitutional that it would have been justified in refusing to perform the functions assigned to it by Congress, the President, and the Judiciary. Although the Review Group found that many of those programs need serious re-examination and reform, none of them was so clearly unlawful that it would have been appropriate for the NSA to refuse to fulfill its responsibilities.



Moreover, to the NSA's credit, it was always willing to engage the Review Group in serious and candid discussions about the merits of its programs, their deficiencies, and the ways in which those programs could be improved. Unlike some other entities in the intelligence community and in Congress, the leaders of the NSA were not reflexively defensive, but were forthright, engaged, and open to often sharp questions about the nature and implementation of its programs.



To be clear, I am not saying that citizens should trust the NSA. They should not. Distrust is essential to effective democratic governance. The NSA should be subject to constant and rigorous review, oversight, scrutiny, and checks and balances. The work it does, however important to the safety of the nation, necessarily poses grave dangers to fundamental American values, particularly if its work is abused by persons in positions of authority. If anything, oversight of the NSA -- especially by Congress -- should be strengthened. The future of our nation depends not only on the NSA doing its job, but also on the existence of clear, definitive, and carefully enforced rules and restrictions governing its activities.



In short, I found, to my surprise, that the NSA deserves the respect and appreciation of the American people. But it should never, ever, be trusted.

This week marks the 50th anniversary of the Supreme Court's decision in New York Times v. Sullivan, perhaps the most important First Amendment case in American history. In the words of the great First Amendment scholar Alexander Meiklejohn, the decision was "an occasion for dancing in the streets." Why was Sullivan so important?



The case arose out of an action for libel brought by Montgomery, Alabama, Commissioner L.B. Sullivan, who alleged that an advertisement published in the New York Times in 1960 by a group of African-American clergymen contained several statements about him that were false. The advertisement, titled "Heed Their Rising Voices," described the civil rights movement and appealed for contributions to support the movement.



Prior to Sullivan, the Supreme Court had held that false statements of fact have no constitutional value and that individuals who make false statements can therefore be held accountable for the harm they cause without raising any First Amendment issue. The logic of this view was simple: Whatever else the First Amendment was intended to do, it surely was not intended to encourage false statements of fact, which can hardly be said to further the values of sound public discourse.



It was the peculiar realities of the moment that led the Supreme Court to reconsider this well-settled position. At the time Sullivan was decided, the South was in the throes of the civil rights movement. White southerners were deeply concerned about public opinion in the rest of the country. The more the national media covered civil rights protests in the South, the more public opinion turned against those who were seeking to preserve segregation. Strategic lawsuits for libel were brought by public officials like Sullivan against the national media for inadvertent misstatements they made in news reports about civil rights protests. The purpose of these lawsuits was to deter the national media from covering the civil rights movement.



This strategy was effective because Southern juries were inclined to grant excessive damage awards against those who embarrassed the South. In Sullivan, for example, the Alabama jury awarded Sullivan $500,000 in damages ($2.5 million in today's dollars) for what were at worst minor inaccuracies. Such awards, which were then proliferating, could cripple national newspapers and drive them away from covering the civil rights movement. In effect, the South was using civil libel laws to re-create a form of seditious libel, which traditionally had been used by governments to suppress unfriendly criticism.



But if false statements of fact have no constitutional value, why should we care if newspapers are deterred from making them? Isn't such deterrence a good thing? The central insight of New York Times v. Sullivan - the insight that led the Court to re-frame the constitutional law of libel - was, in the words of Justice William J. Brennan, who wrote the Court's opinion, that "erroneous statement is inevitable in free debate" and that such errors "must be protected if the freedoms of expression are to have the 'breathing space' that they 'need to survive.'"



As Brennan explained, in a case like Sullivan the libel issue must be considered "against the background of a profound national commitment to the principle that debate on public issues should be uninhibited, robust, and wide-open, and that it may well include vehement, caustic, and sometimes unpleasantly sharp attacks on government officials."



Brennan's point was not that false statements of fact are desirable. It was, rather, that they are inevitable, and that for the government to hold speakers liable in damages for inadvertent false statements can have a severe "chilling effect" on their willingness to engage in precisely the sort of "uninhibited, robust, and wide-open" public discourse that our democracy needs.



Put simply, if people know that they can be held liable for even inadvertent misstatements, and that the judges and juries who will rule on whether their statements were accurate may themselves be hostile to their views, they will be afraid to say anything that might conceivably be deemed inaccurate. That "chilling effect" would dampen the vitality of public discourse and ultimately undermine our democracy.



In such circumstances, the Court held that, at least when a public official sues a speaker for damages for an allegedly false statement involving his performance of his official duties, the public official must prove (a) that the statement is false and (b) that the speaker spoke the words either knowing them to be false or with "reckless disregard" for the truth.



In the decades after Sullivan, courts have had to address a series of new issues: How should Sullivan apply if the plaintiff in a libel action is not a public official, but is instead a public figure, such as a movie star? How should it apply if the plaintiff is a private figure (the average Joe on the street), but the news story involves a public issue, such as an assertion that a particular private businessman bribed a senator? How should it apply if the false statement does not defame anyone, but is merely a false statement that distorts public discourse, such as a false statement by a political candidate that exaggerates her credentials or a false statement by a political commentator about the number of people killed in Syria?



The legacy of Sullivan is at least two-fold. First, by eliminating a significant deterrent to robust public discourse, it clearly enhanced the vibrancy of our democracy. Second, by reducing the consequences of false speech, it made possible not only more accurate statements, but more inaccurate ones as well. It therefore weakened as well as strengthened the overall quality of political debate. After all, if false statements of fact have no constitutional value in their own right, and they are misleading, distracting, and difficult to correct, then they can cause citizens to have inaccurate understandings of the world around them. (Consider, for example, the Swift Boat campaign against presidential candidate John Kerry in 2004 and the continuing assertions that Barack Obama is a Muslim who was born in Kenya.)



By making our public discourse more "robust, uninhibited, and wide-open," Sullivan therefore had negative as well as positive effects. For this reason, many other nations, such as England, do not follow the Sullivan principle. On balance, though, New York Times v. Sullivan remains one of the great Supreme Court decisions in American history. Remembering it today, and appreciating its impact on American democracy, is, once again, a reason "for dancing in the streets."

A few days ago on the campus of the University of Mississippi, someone (reportedly two males) draped a Confederate flag on a statue honoring James Meredith and hung a noose around its neck. Meredith was the African-American student who courageously desegregated the University of Mississippi in 1962, weathering a storm of ugly protest, riots and threats of violence. This act was, by any measure, deeply disrespectful and hateful.



University of Mississippi Chancellor Dan Jones responded by stating of those who did this: "Their ideas have no place here, and our response will be an even greater commitment to promoting the values that are engraved on the statue -- Courage, Knowledge, Opportunity, and Perseverance."



This poses an interesting question. How should the University of Mississippi respond? What does it mean to say that these "ideas have no place here"? Assuming the individuals who did this were students, should the university expel or otherwise discipline them? Are there "ideas" that "have no place" on a university campus?



Several years ago, I crafted an official statement for my own university -- The University of Chicago -- on the institution's Principles of Free Expression. It read, in part:

Eighty years ago, a student organization at the University of Chicago invited William Z. Foster, the Communist Party's candidate for President, to lecture on campus. This triggered a storm of protest from critics both on and off campus. To those who condemned the University for allowing the event, University President Robert M. Hutchins responded that "our students . . . should have freedom to discuss any problem that presents itself." He insisted that the "cure" for ideas we oppose "lies through open discussion rather than through inhibition.". . .




Because a university is committed to free and open inquiry in all matters, it guarantees all members of its community the broadest possible latitude to speak, write, listen, challenge and learn. A university must respect and support the freedom of all students, faculty and staff "to discuss any problem that presents itself," free of interference.




This is not to say that this freedom is absolute. In narrowly-defined circumstances, a university may properly restrict expression, for example, that violates the law, is threatening, harassing, or defamatory, or invades substantial privacy or confidentiality interests. Fundamentally, however, a university must be committed to the principle that it may not restrict debate or deliberation because the ideas put forth are thought to be offensive, unwise, immoral, or wrong-headed. It is for the members of the university community to make those judgments for themselves. . . . As Robert M. Hutchins observed, without a vibrant commitment to free and open inquiry, a university ceases to be a university.

The premise of this statement is that a university should not discipline a student for expressing views that are hateful, offensive, inappropriate, or stupid. Nor should it discipline a student for expressing views that are racist, homophobic, sexist, unpatriotic, or otherwise outrageous or infuriating.



On the other hand, the freedom of expression is not absolute. A university may legitimately discipline a student for expression that is "threatening." Was the hanging of a Confederate flag and a noose on the statue of James Meredith "threatening"? Certainly, in the broadest sense of the term, it was. No doubt, some African-Americans on campus felt "threatened" by this act.



But as offensive as this act was, it does not quite fit the conventional definition of a "threat." To constitute a "threat," an individual's speech must not just put people in fear, but must (a) be directed at specific individuals and (b) be unambiguous. "If you don't give me your money, I will kill you," if stated in circumstances in which the statement would reasonably be taken seriously, is a "threat." Hanging a noose on the door of an African-American student's dorm room, in circumstances in which the message would reasonably be taken as a threat, is also be a "threat." But is it a "threat" to hang a noose around the neck of a statute of James Meredith?



The Supreme Court has dealt with a somewhat similar situation. The Court has held that burning a cross on the lawn of an African-American family that just moved into a previously all-white community is punishable as a "threat," but that burning a cross at a Ku Klux Klan rally cannot be deemed a "threat" and is, indeed, constitutionally protected speech -- even though the very existence of the rally and the cross-burning will quite predictably be seen by some people as threatening.



Another example is the Nazi march in Skokie, a predominantly Jewish suburb of Chicago, in the late 1970s. Someone who hangs a swastika on the front lawn of a Jewish family, in circumstances in which the family would reasonably understand it as a "threat," can constitutionally be punished, but the Nazis have a First Amendment right to march through downtown Skokie, carrying swastika banners, because, although their message might be deeply offensive and frightening to the Jews in Skokie, it does not constitute an unambiguous "threat" to particular individuals. There is a difference between a rallying cry, however offensive, and a threat.



For these reasons, the University of Mississippi situation is not as clear-cut as most people seem to think. Those who did this may, indeed, be despicable people, but it does not necessarily follow that the university should punish them for expressing their views, however hateful and offensive they might be. The situation is not as simple as it might first appear.



Perhaps the university, its students, its faculty and its alumni should see this as an opportunity for "open discussion" rather than "inhibition," as an occasion on which to reaffirm the deeper values of the university and, in the words of Chancellor Jones, an opportunity for the university to renew its "commitment to promoting the values that are engraved on the statue -- Courage, Knowledge, Opportunity, and Perseverance."

In his January 17 speech on the NSA, President Obama observed that, "In our rush to respond to a very real and novel set of threats" after the terrorist attacks of September 11, 2001, "the risk of government overreach -- the possibility" that we might inadvertently "lose some of our core liberties in pursuit of security -- became more pronounced." He explained that now that we are more than a decade past that event, it is time for the nation to review the programs that were adopted in the wake of those attacks and "to make some important decisions about how to protect ourselves ... while upholding the civil liberties and privacy protections that our ideals -- and our Constitution -- require."



"This effort," the president cautioned, "will not be completed overnight," but he emphasized that it is important for "the American people to know that the work has begun." To that end, he announced "a series of concrete and substantial reforms" that he intended either to adopt himself under his authority as president or, where appropriate, to call upon Congress to enact through legislation.



How good a beginning has he made? I am in a reasonably good position to weigh in on that question, because I had the privilege of serving as one of the five members of the Review Group that President Obama appointed in August to advise him on these issues. The Review included individuals with a wide-range of divergent experiences, values, and expertise. It included, for example, both a card-carrying member of the ACLU (myself) and a former Deputy and Acting Director of the CIA (Michael Morell). After months of grueling work, the Review Group produced a 300-page report ("Liberty and Security in a Changing World") that included 46 unanimous recommendations. Those recommendations -- or at least some of the most important of them -- provided the foundation for the president's address.



After offering an important and valuable framing of the challenge our nation faces in attempting to reconcile our deep commitments to both liberty and security, the president turned his attention to several specific recommendations. I will comment on three of them.



First, as the president noted, the most controversial surveillance program at present is the Section 215 telephone metadata program. Under this program, the NSA collects metadata on millions of Americans' phone calls every day from their telephone providers. Metadata refers to the specific phone numbers with which a particular phone number is in contact. It does not include any information about the identities of the callers or the contents of the conversations.



The NSA holds this vast amount of metadata in its own computers. When NSA analysts find that there is a reasonable and articulable suspicion that a particular phone number is associated with terrorism, the NSA is permitted to "query" the database to find out if that number (usually belonging to a foreign person) has been in touch -- directly or indirectly -- with any phone number in the United States that is independently believed to be connected to a possible terrorist.



In 2012, the last year for which a full year's records were available, the NSA queried the database for 288 different numbers. In 16 instances, the suspect number was found to be in touch with another suspect number in the United States. In those 16 instances, the information was then passed on to the FBI for further investigation. In the seven years since this program was created, it has not provided any link that has proved necessary to prevent a pending terrorist attack. For that reason, some critics have argued that the program should be abandoned. Our judgment was that, in a world in which "connecting the dots" and "finding needles in haystacks" are apt metaphors, abandoning the program would be like throwing out your fire alarm because you haven't have a fire in seven years.



On the other hand, the Review Group recognized that this program poses a huge danger of government abuse. The collection of vast amounts of telephone metadata can reveal all sorts of highly private information about how we lead our lives, and misguided government officials might well be tempted in the future to use that database for impermissible, illegal and unconstitutional purposes. We therefore concluded that it is essential to prevent that from happening.



To that end, we recommended that the metadata should be held, not by the government, but by private parties -- either by the telephone providers themselves or by a newly-created private entity charged with the responsibility of protecting and overseeing the database. In addition, we recommended that no one should be able to access the database without a court order. With those changes in place, we concluded that the potential benefits of the program could be preserved while reducing dramatically the potential risks to privacy and civil liberties.



In his address, President Obama accepted these recommendations. The government, he announced, will no longer hold the data and will not be able to access the data without a court order. This is a huge step forward. Critics have objected that the president did not lay out the details of how private parties would control the data, but as our Report noted, this is a complicated -- but soluble -- question. The president therefore directed that steps should be taken to resolve those issues expeditiously and to transition to the new model as soon as possible. This approach is wholly consistent with our recommendations.



Second, the Review Group recommended that an independent Privacy and Civil Liberties Advocate should be created in order to present a competing perspective when complex legal and constitutional issues arise before the Foreign Intelligence Surveillance Court. The FISC was created in the late 1970s to bring judicial oversight for the first time to foreign intelligence surveillance. Before then, it was assumed that the president had authority to authorize such surveillance without any judicial approval or review. One reason for that assumption was that ordinary federal courts do not have top secret security clearances and therefore cannot themselves have access to such information.



The FISC is a special court that has top secret clearances and that can therefore oversee foreign intelligence surveillance investigations. The Review Group concluded that, at least when complex issues arise, it is essential for the members of the FISC to hear both sides of the question. This practice lies at the very heart of our adversary system. The president accepted this recommendation and called upon Congress to enact legislation to implement it. Although the Review Group preferred a somewhat different structure for the Privacy and Civil Liberties Advocate than the one endorsed by the president, and I am sure we would be happy to argue the point, the most important fact is that he has endorsed this critical institutional change.



Third, we recommended that the FBI should no longer be permitted to issue National Security Letters without first obtaining a judicial order, in the absence of an emergency. NSLs enable the FBI to require banks, telephone companies, Internet providers, credit card companies, and the like to turn over the records of specific individuals when the FBI determines that they are relevant to a national security investigation. The FBI issues approximately 20,000 NSLs each year. The process is highly secret and remains so for decades after the fact.



Our judgment was that, in order to ensure the integrity of the program, NSLs generally should not issue without prior judicial approval. The FBI resisted this proposal vehemently. In its view, such a requirement would impair the FBI's ability to move quickly and efficiently. We rejected that contention, especially in light of the emergency exception. The FBI argued further that because prosecutors in ordinary criminal cases can issue subpoenas to obtain similar information without a court order, it made no sense to have a more burdensome procedure for national security investigations. We disagreed with that position, mainly because of the intensive secrecy surrounding the NSL process. The president sided with the FBI. Although stating that various reforms would be adopted to reduce the secrecy of NSLs -- reforms we endorse -- he declined to accept our recommendation about judicial orders.



These are all difficult questions. What is needed is not dogmatism, posturing and self-righteous declarations of outrage (on either side of the debate), but careful, rigorous reasoning and scrutiny. The president's speech marks a potentially historic turning point in our continuing effort to strike a better balance between liberty and security. But only time will tell. As the president said, this is only the beginning. We must all watch very closely.

In my last post, I concluded that the NSA's bulk telephony metadata program is a "search" within the meaning of the Fourth Amendment. But because the Fourth Amendment prohibits only unreasonable searches, the next question is whether the program is "unreasonable." This turns out to be a rather complicated question. So, bear with me as I try to work my way through it.



At the outset, it is important to recall exactly what the bulk telephony metadata program does. Under section 215 of the Foreign Intelligence Surveillance Act, as interpreted by the Foreign Intelligence Surveillance Court, the NSA is authorized to obtain from telephone service providers on a daily basis the calling records of millions of Americans. The calling records, or metadata, consist of the phone numbers called by a particular phone number and the phone numbers that have called that particular number. They do not include any information about the identities of the individuals or the contents of the calls. The NSA holds this metadata in a very large database for a period of five years, after which it is expunged.



Whenever NSA analysts have reasonable and articulable suspicion that a particular phone number is associated with a person involved in terrorist activity, they can "query" the database to determine what phone numbers the suspect phone number has been in touch with. This is the only purpose for which the NSA may access the database.



In 2012, the NSA queried a total of 288 phone numbers. Based on these queries, the NSA found 16 instances in which a suspect phone number was directly or indirectly in touch with another phone number that the NSA independently suspected of being associated with terrorist activity. In such cases, the NSA turns the information over to the FBI for further investigation.



In terms of the "connect the dots" metaphor, the purpose of the program is not so much to discover new "dots" but to determine if there are connections between two or more already suspect "dots." For example, if a phone number belonging to a terrorist suspect in Pakistan is found to have called a phone number in the United States that the government independently suspects belongs to a person involved in possible terrorist activity, alarm bells (figuratively) go off very loudly, alerting the government to the need for immediate attention.



It is important to note that the program does not allow the NSA or anyone else in the government to access the metadata for any purpose other than what I have just described. There are rigorous safeguards in place both internally through the NSA's Office of General Counsel and externally pursuant to oversight by the Department of Justice, the congressional intelligence committees, and the Foreign Intelligence Surveillance Court to ensure that no one accesses the database for any other purpose.



The question, then, is whether this "search" process is "unreasonable" within the meaning of the Fourth Amendment.



As a general rule, the Supreme Court has held that conventional "searches" -- for example, when the police rummage through a person's home, wiretap his phone calls, or read his mail -- are presumptively "unreasonable" and therefore unconstitutional unless the government first obtains a judicial warrant based on a finding that there is probable cause to believe that the search will turn up evidence of a crime.



The NSA's bulk telephony metadata program clearly cannot pass muster under that standard. It requires neither a warrant nor a finding of probable cause when it collects the call records of millions of individuals, and it requires neither a warrant nor a finding of probable cause when NSA analysts query the database to investigate the call records of specific individuals whom they suspect of terrorist activity.



That does not end the matter, however, because the Supreme Court has held that many forms of searches are "reasonable" even if they do not satisfy the warrant and/or probable cause requirements. For example, the court has held that the government can inspect all homes in a town for possible housing code violations -- without any showing of probable cause to believe that any specific home has such a violation. It has held that the government can require all persons boarding an airplane to pass through a magnetometer -- without any showing of probable cause to believe that any specific person is carrying a weapon. It has held that the police can use roadblocks in which they stop every car approaching a particular checkpoint in order to check for drunken drivers -- without any showing of probable cause to believe that any specific person is drunk. It has held that a police officer can frisk an individual he has stopped for questioning if the officer has reasonable and articulable grounds to suspect that the person is armed and presently dangerous -- without any showing of probable cause to believe that the individual has either committed a crime or possesses a weapon.



The question, then, is whether the bulk telephony metadata program is another example of a search that is "reasonable" even though it requires neither probable cause nor a warrant. In addressing this question, it is helpful to keep in mind that the metadata program, unlike most searches, has two distinct elements -- (a) the collection and storage of the metadata, and (b) the querying of the database. This complicates the analysis.



With respect to the first part of the program -- the collection and storage of the telephony metadata, it is worth noting at the outset that the government routinely collects all sorts of data about us. It collects information about such matters as taxes, employment, health, travel, families, census data, etc. One might argue that, if those types of data collection are not unconstitutional, then the same should be true of the government's collection of telephony metadata under section 215. An important difference, however, is that unlike most other data-collection activities, the section 215 program gathers the metadata precisely for the purpose of sniffing out possible wrongdoing. In that sense, it more directly implicates the concerns underlying the Fourth Amendment than most other information-gathering programs.



In my judgment, and the law here is quite unsettled, the reasonableness of any particular program of government information collection should turn on four primary factors: (1) How important is it to collect the information? (2) How private is the information collected? (3) How will the information be used? (4) How confident are we that the information will be used only for proper purposes?



How do these factors play out in the collection and storage of telephony metadata under section 215?



(1) The metadata is collected under this program for a clearly legitimate and, indeed, important purpose. Protecting the national security is surely a compelling government interest, and the President's Review Group found that the metadata program is useful, if not essential, to achieving this goal. Certainly, the government's interest in protecting the national security is more important than its interest in, say, preventing drunk driving and housing code violations.



(2) Defenders of the program maintain that it does not threaten significant privacy interests because it deals only with metadata and not with the contents of the phone calls. The collection of metadata, they argue, is analogous to the use of magnetometers at airports (as compared, say, to a requirement that all passengers must be strip-searched, which presumably would be deemed "unreasonable"). Metadata may in fact reveal less private information than the contents of the calls, but as I have explained in prior posts, and as the President's Review Group clearly found, comprehensive inquiries into an individual's telephone calling records can reveal a huge amount of highly personal information about an a individual's private life.



(3) For that reason, if the government were authorized to use the database to investigate the personal lives of ordinary Americans, the telephony metadata program would clearly be "unreasonable." But under the section 215 program, the government is authorized to access the metadata for only a very specific, very narrow, and carefully targeted purpose. It cannot legally access the metadata for any purpose other than to "connect the dots" between one suspected terrorist and another. It cannot legally access the database to learn anything about the private lives of ordinary Americans. It can legally use the database only to determine if suspected terrorist X is in contact with suspected terrorist Y. Period. Any other use of the data is forbidden. This is an essential feature of the program, and it sharply limits its potential threat to individual privacy.



(4) Despite such limitations, however, there is always the danger of abuse. When the government has access to such information, there is always a risk that it will exploit the information for a broad range of impermissible purposes. There is always the possibility that some future J. Edgar Hoover or Richard Nixon will turn this extraordinary pool of private information to ignoble ends. Moreover, even in the absence of actual abuse, individuals may fear that the government will use this information -- illegally -- to their detriment, and this in itself can affect their behavior in ways that seriously infringe on individual freedom. The safeguards in place to prevent such abuse are therefore critical to the "reasonableness" of the program. In the current system, the safeguards that now exist to prevent such abuse are quite extensive. But no system of safeguards is perfect, and in the wrong hands serious harm is always possible.



On this particular issue -- which in my view is central to the "reasonableness" of the program, the President's Review Group -- which addressed this question from the standpoint of public policy rather than constitutionality -- recommended that at least two additional safeguards are necessary. First, the metadata should be held for a period of only two rather than five years, thereby limiting the potential harm to privacy. Second, the metadata should be held, not by the government, but by a private entity -- either by the phone companies themselves or by a newly-created private agency. These additional safeguards are necessary to reduce both the risk of abuse and the fear of abuse. But with these additional safeguards in place, the collection of metadata, used solely for the purpose currently authorized, seems to me to meet the test of "reasonableness."



The second component of the section 215 program focuses on the circumstances in which the government can query the database. At present, the NSA is authorized to query the database if NSA analysts find that there are reasonable and articulable grounds to believe that a particular phone number is associated with terrorist activity.



There are two possible objections to this procedure. First, one might argue that, to meet with requirements of the Fourth Amendment, the NSA should not be able to query the database unless a judge -- rather than an NSA analyst -- makes the critical determination that there are reasonable and articulable grounds to believe that a particular phone number is connected to terrorist activity. There is no good reason to dispense with the requirement of a judicial determination, at least in the absence of an emergency. As in other searches, the decision to search should be made by a neutral and detached judge rather than by a government official engaged in the adversarial process of ferreting out the "bad guys." The absence of such a requirement, in my judgment, violates the Fourth Amendment.



Second, although reasonable people can certainly differ on this, I am inclined to think that the "reasonable and articulable suspicion" standard meets the test of "reasonableness" in this context because of the very narrow and targeted nature of the inquiry -- that is, the only information that can lawfully be disclosed as a result of a query is that a suspected terrorist has been in touch, directly or indirectly, with another suspected terrorist.



In conclusion, then, in my judgment the existing program is unconstitutional. As currently structured, it violates the Fourth Amendment's requirement of "reasonableness." On the other hand, it should be possible for the government to correct the deficiencies in the program in a manner that both preserves its legitimate value and substantially mitigates the risks to privacy that it currently poses.



There are those who maintain that this program is obviously constitutional and those who maintain that it is obviously unconstitutional. They are both wrong. There is nothing "obvious" about this. If this ever gets to the Supreme Court, it will be interesting.

In my last post (http://www.huffingtonpost.com/geoffre...), I concluded that the NSA's bulk telephony meta-data program is a "search" within the meaning of the Fourth Amendment. But because the Fourth Amendment prohibits only unreasonable searches, the next question is whether the program is "unreasonable." This turns out to be a rather complicated question. So, bear with me as I try to work my way through it.



At the outset, it is important to recall exactly what the bulk telephony meta-data program does. Under section 215 of the Foreign Intelligence Surveillance Act, as interpreted by the Foreign Intelligence Surveillance Court, the NSA is authorized to obtain from telephone service providers on a daily basis the calling records of millions of Americans. The calling records, or meta-data, consist of the phone numbers called by a particular phone number and the phone numbers that have called that particular number. They do not include any information about the identities of the individuals or the contents of the calls. The NSA holds this meta-data in a very large database for a period of five years, after which it is expunged.



Whenever NSA analysts have reasonable and articulable suspicion that a particular phone number is associated with a person involved in terrorist activity, they can "query" the database to determine what phone numbers the suspect phone number has been in touch with. This is the only purpose for which the NSA may access the database.



In 2012, the NSA queried a total of 288 phone numbers. Based on these queries, the NSA found 16 instances in which a suspect phone number was directly or indirectly in touch with another phone number that the NSA independently suspected of being associated with terrorist activity. In such cases, the NSA turns the information over to the FBI for further investigation.



In terms of the "connect the dots" metaphor, the purpose of the program is not so much to discover new "dots" but to determine if there are connections between two or more already suspect "dots." For example, if a phone number belonging to a terrorist suspect in Pakistan is found to have called a phone number in the United States that the government independently suspects belongs to a person involved in possible terrorist activity, alarm bells (figuratively) go off very loudly, alerting the government to the need for immediate attention.



It is important to note that the program does not allow the NSA or anyone else in the government to access the meta-data for any purpose other than what I have just described. There are rigorous safeguards in place both internally through the NSA's Office of General Counsel and externally pursuant to oversight by the Department of Justice, the congressional intelligence committees, and the Foreign Intelligence Surveillance Court to ensure that no one accesses the database for any other purpose.



The question, then, is whether this "search" process is "unreasonable" within the meaning of the Fourth Amendment.



As a general rule, the Supreme Court has held that conventional "searches" - for example, when the police rummage through a person's home, wiretap his phone calls, or read his mail - are presumptively "unreasonable" and therefore unconstitutional unless the government first obtains a judicial warrant based on a finding that there is probable cause to believe that the search will turn up evidence of a crime.



The NSA's bulk telephony meta-data program clearly cannot pass muster under that standard. It requires neither a warrant nor a finding of probable cause when it collects the call records of millions of individuals, and it requires neither a warrant nor a finding of probable cause when NSA analysts query the database to investigate the call records of specific individuals whom they suspect of terrorist activity.



That does not end the matter, however, because the Supreme Court has held that many forms of searches are "reasonable" even if they do not satisfy the warrant and/or probable cause requirements. For example, the Court has held that the government can inspect all homes in a town for possible housing code violations -- without any showing of probable cause to believe that any specific home has such a violation. It has held that the government can require all persons boarding an airplane to pass through a magnetometer -- without any showing of probable cause to believe that any specific person is carrying a weapon. It has held that the police can use roadblocks in which they stop every car approaching a particular checkpoint in order to check for drunken drivers -- without any showing of probable cause to believe that any specific person is drunk. It has held that a police officer can frisk an individual he has stopped for questioning if the officer has reasonable and articulable grounds to suspect that the person is armed and presently dangerous -- without any showing of probable cause to believe that the individual has either committed a crime or possesses a weapon.



The question, then, is whether the bulk telephony meta-data program is another example of a search that is "reasonable" even though it requires neither probable cause nor a warrant. In addressing this question, it is helpful to keep in mind that the meta-data program, unlike most searches, has two distinct elements - (a) the collection and storage of the meta-data, and (b) the querying of the database. This complicates the analysis.



With respect to the first part of the program - the collection and storage of the telephony meta-data, it is worth noting at the outset that the government routinely collects all sorts of data about us. It collects information about such matters as taxes, employment, health, travel, families, census data, etc. One might argue that, if those types of data collection are not unconstitutional, then the same should be true of the government's collection of telephony meta-data under section 215. An important difference, however, is that unlike most other data-collection activities, the section 215 program gathers the meta-data precisely for the purpose of sniffing out possible wrongdoing. In that sense, it more directly implicates the concerns underlying the Fourth Amendment than most other information-gathering programs.



In my judgment, and the law here is quite unsettled, the reasonableness of any particular program of government information collection should turn on four primary factors: (1) How important is it to collect the information? (2) How private is the information collected? (3) How will the information be used? (4) How confident are we that the information will be used only for proper purposes?



How do these factors play out in the collection and storage of telephony meta-data under section 215?



(1) The meta-data is collected under this program for a clearly legitimate and, indeed, important purpose. Protecting the national security is surely a compelling government interest, and the President's Review Group found that the meta-data program is useful, if not essential, to achieving this goal. Certainly, the government's interest in protecting the national security is more important than its interest in, say, preventing drunk driving and housing code violations.



(2) Defenders of the program maintain that it does not threaten significant privacy interests because it deals only with meta-data and not with the contents of the phone calls. The collection of meta-data, they argue, is analogous to the use of magnetometers at airports (as compared, say, to a requirement that all passengers must be strip searched, which presumably would be deemed "unreasonable"). Meta-data may in fact reveal less private information than the contents of the calls, but as I have explained in prior posts, and as the President's Review Group clearly found, comprehensive inquiries into an individual's telephone calling records can reveal a huge amount of highly personal information about an a individual's private life.



(3) For that reason, if the government were authorized to use the database to investigate the personal lives of ordinary Americans, the telephony meta-data program would clearly be "unreasonable." But under the section 215 program, the government is authorized to access the meta-data for only a very specific, very narrow, and carefully targeted purpose. It cannot legally access the meta-data for any purpose other than to "connect the dots" between one suspected terrorist and another. It cannot legally access the database to learn anything about the private lives of ordinary Americans. It can legally use the database only to determine if suspected terrorist X is in contact with suspected terrorist Y. Period. Any other use of the data is forbidden. This is an essential feature of the program, and it sharply limits its potential threat to individual privacy.



(4) Despite such limitations, however, there is always the danger of abuse. When the government has access to such information, there is always a risk that it will exploit the information for a broad range of impermissible purposes. There is always the possibility that some future J. Edgar Hoover or Richard Nixon will turn this extraordinary pool of private information to ignoble ends. Moreover, even in the absence of actual abuse, individuals may fear that the government will use this information - illegally - to their detriment, and this in itself can affect their behavior in ways that seriously infringe on individual freedom. The safeguards in place to prevent such abuse are therefore critical to the "reasonableness" of the program. In the current system, the safeguards that now exist to prevent such abuse are quite extensive. But no system of safeguards is perfect, and in the wrong hands serious harm is always possible.



On this particular issue - which in my view is central to the "reasonableness" of the program, the President's Review Group - which addressed this question from the standpoint of public policy rather than constitutionality - recommended that at least two additional safeguards are necessary. First, the meta-data should be held for a period of only two rather than five years, thereby limiting the potential harm to privacy. Second, the meta-date should be held, not by the government, but by a private entity - either by the phone companies themselves or by a newly-created private agency. These additional safeguards are necessary to reduce both the risk of abuse and the fear of abuse. But with these additional safeguards in place, the collection of meta-data, used solely for the purpose currently authorized, seems to me to meet the test of "reasonableness."



The second component of the section 215 program focuses on the circumstances in which the government can query the database. At present, the NSA is authorized to query the database if NSA analysts find that there are reasonable and articulable grounds to believe that a particular phone number is associated with terrorist activity.



There are two possible objections to this procedure. First, one might argue that, to meet with requirements of the Fourth Amendment, the NSA should not be able to query the database unless a judge - rather than an NSA analyst -- makes the critical determination that there are reasonable and articulable grounds to believe that a particular phone number is connected to terrorist activity. There is no good reason to dispense with the requirement of a judicial determination, at least in the absence of an emergency. As in other searches, the decision to search should be made by a neutral and detached judge rather than by a government official engaged in the adversarial process of ferreting out the "bad guys." The absence of such a requirement, in my judgment, violates the Fourth Amendment.



Second, although reasonable people can certainly differ on this, I am inclined to think that the "reasonable and articulable suspicion" standard meets the test of "reasonableness" in this context because of the very narrow and targeted nature of the inquiry - that is, the only information that can lawfully be disclosed as a result of a query is that a suspected terrorist has been in touch, directly or indirectly, with another suspected terrorist.



In conclusion, then, in my judgment the existing program, is unconstitutional. As currently structured, it violates the Fourth Amendment's requirement of "reasonableness." On the other hand, it should be possible for the government to correct the deficiencies in the program in a manner that both preserves its legitimate value and substantially mitigates the risks to privacy that it currently poses.



There are those who maintain that this program is obviously constitutional and those who maintain that it is obviously unconstitutional. They are both wrong. There is nothing "obvious" about this. If this ever gets to the Supreme Court, it will be interesting.

In my last post, I described the evolution of Fourth Amendment doctrine to set the stage for analysis of the constitutionality of the NSA's bulk telephony meta-data program. As we saw, in thinking about the Fourth Amendment the initial question turns on the meaning of the word "search."



To briefly review, a "search" historically was understood to be a physical intrusion into a physical space. The paradigm was a search of someone's home or briefcase. In the 1960s, the Supreme Court decided that, in light of modern methods of invading privacy, that definition was too narrow. It therefore re-defined a "search" for Fourth Amendment purposes as an effort by the government to obtain information about an individual that violates society's "reasonable expectations of privacy." Under this new definition, wiretapping, which had been held not to be a "search" under the traditional definition, was for the first time brought within the scope of the Fourth Amendment.



But that gave rise to a new question: How should "reasonable expectations of privacy" be defined? As a baseline, the Court assumed that methods of obtaining information that were known to the Framers and were not thought by the Framers to be "searches" should not be deemed "searches" under the new definition. Rather, the Court's primary concern was with new methods of invading privacy that, if left outside the scope of the Fourth Amendment, could dramatically shrink the degree of privacy that individuals had historically enjoyed.



For example, if X and Y are sitting on a park bench having a conversation and an undercover police officer sits down on the bench next to them in order to overhear their conversation, this was not traditionally thought to be a "search" within the meaning of the Fourth Amendment. This was so because there was no invasion of any physical space owned or controlled by X and Y, and because X and Y knowingly chose to have their conversation in a public place in front of a stranger. By having their conversation in such circumstances, they indicated an indifference to the privacy of the conversation and therefore had no reasonable expectation that their conversation was not being overheard. Not surprisingly, the Framers did not consider this a "search." Now suppose that, instead of having an undercover officer sit on the bench, the police use a parabolic microphone to overhear the conversation from a rooftop half-a-mile away. What do you think?



With this background, we can return to the Supreme Court's 1979 decision in Smith v. Maryland, which I discussed in my last post. In Smith, the police, without probable cause or a warrant, but suspecting Smith of a crime, went to Smith's telephone company and installed a device called a "pen register," which enabled the police to obtain a list of the phone numbers Smith dialed in the next few days. That information turned out to be useful to the government in convicting Smith of a crime.



The Supreme Court held that the use of the pen register was not a "search" within the meaning of the Fourth Amendment because (a) it did not invade any physical space owned or controlled by Smith, and (b) it did not violate Smith's reasonable expectations of privacy because he had knowingly and voluntarily exposed his calling information to his telephone company.



As I explained in my last post, the federal judge who held the bulk telephony meta-data program constitutional -- Judge William Pauley -- reasoned that, in collecting the calling data of tens of millions of Americans from their telephone companies and storing that data for a period of five years, the government was doing essentially the same thing it had done in Smith, only on a larger scale. In Judge Pauley's view, Smith therefore resolved the issue.



The federal judge who held the program unconstitutional -- Judge Richard Leon -- argued that the massive scale on which the modern program operates distinguishes it from the rudimentary practice at issue in Smith. In his view, Smith does not resolve the issue. As it turns out, Judge Leon could draw significant support from a majority of the Justices of the Supreme Court for this conclusion.



In its 2012 decision in United States v. Jones, which involved the use of GPS to track an individual driving his car on the public streets, five Justices questioned the relevance of Smith in a world of advanced technology. For example, Justice Sonia Sotomayor observed in her separate opinion in Jones:

it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties... This approach is ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks... I would not assume that all information voluntarily disclosed to [others] for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.

Similarly, Justice Samuel Alito, in another separate opinion joined by Justices Ginsburg, Breyer, and Kagan, declared that "we must assur[e] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted." Noting that modern technology can seriously undermine our traditional expectations of privacy, Justice Alito argued that the Fourth Amendment must take account of such changes.



Thus, a majority of the Justices in the Jones case clearly indicated an interest in considering how the principle recognized in Smith should apply in a very different technological society from the one that existed in the 1970s. For this reason, Judge Leon was on solid ground in concluding that Smith did not necessarily control the constitutionality of the bulk telephony meta-data program.



Let me now say a word about what the Fourth Amendment should mean in this context. At the outset, I should note that I thought that Miller (the bank records case I discussed in my last post) and Smith were wrong when they were decided. Although it makes sense to say that a person has no reasonable expectation of privacy in what he knowingly and voluntarily exposes to the public, that principle should never have been applied to the facts of Miller and Smith.



It is one thing to say that a person who knowingly has a conversation in front of a stranger on a public bench has no reasonable expectation of privacy in the conversation; it is another thing entirely to say that a person has no reasonable expectation of privacy in information he discloses to his bank or telephone company in order to live reasonably in our modern world.



I therefore agree with the dissenting Justices in those cases who argued that, although the underlying principle was right, it should not have been applied to bank records or telephone calling records. As Justice Thurgood Marshall observed in his dissenting opinion in Smith, whether an individual's privacy expectations are "reasonable" should depend "on the risks he should be forced to assume in a free and open society." The plain and simple fact is that when we engage in financial transactions or make phone calls, our knowledge that our bank or telephone company has access to that information hardly suggests an indifference on our part to the privacy of the information.



But even taking Smith as a given, Judge Leon was right that the use of the pen register in Smith was a far cry from the NSA's bulk telephony meta-data program in terms of the scale of its invasion of individual privacy. This comes back to the impact of technology. The use of a pen register is time-consuming, fact specific, and costly. As a practical matter, the government can use it in only a handful of situations. The knowledge that the government can use a pen register without probable cause and a warrant therefore has almost no effect on the average person's expectations of privacy or behavior. We do not hesitate to make phone calls because of the infinitesimal risk that the government might be using a pen register to track our calls.



Modern technology has changed this completely. Today, the government can collect and store data on all of our telephone calls, whether we've done anything wrong or not. Justice Alito made the point nicely in his opinion in Jones. In discussing police surveillance of an individual's movements in his car, Justice Alito distinguished sharply between a police officer physically following an individual's car, on the one hand, and the use of GPS to track the movements of millions of individuals, on the other. The former, Justice Alito maintained, does not violate reasonable expectations of privacy; the latter does.



The critical distinction, Justice Alito reasoned, was that, for practical reasons, the police cannot physically "monitor and catalogue every single movement of an individual's car for a very long period." The traditional form of surveillance -- following the person -- is realistic only in extraordinary circumstances. The cost and inefficiency of that means of surveillance is itself a critical safeguard of individual privacy. The advent of GPS, however, has changed the situation dramatically, and individuals, he concluded, do have a reasonable expectation of privacy that the police will not use this new technology without restraint to track their every move.



A goal of the Fourth Amendment, Justice Alito emphasized, is to ensure that new forms of technology do not constantly shrink our traditionally expectations of privacy. Without that principle, the evolution of a "Big Brother" government could do serious damage to the liberty, privacy and dignitary interests of the individual that are essential to a free society.



As Judge Leon insisted, this same principle is implicated in the difference between the crude and inefficient use of a pen register, which was upheld by the Court in Smith, and the NSA's mass collection and storage of telephone calling data at issue today.



But even this takes us only so far. If the bulk telephony meta-data program constitutes a "search," we must still decide if it is an "unreasonable" search, for that is what the Fourth Amendment forbids. That will be the subject of my next post.

In my last three posts, I described the NSA's bulk telephony meta-data program, examined its pros and cons, and explained the recommendations of the President's Review Group.



In this post, I consider the constitutionality of the bulk telephony meta-data program, as it currently exists. This issue has garnered considerable attention in recent weeks, as two federal judges have reached diametrically opposed conclusions on the question. It turns out to be tricky. Get ready for a quick trip through the intricacies of the Fourth Amendment.



The Fourth Amendment provides: "The right of the people to be secure in their papers, houses, persons, and effects, against unreasonable searches and seizures, shall not be violated." The Supreme Court has held that, except in unusual circumstances, a search of a person's home, office, car, briefcase, pocket, mail, suitcase, etc. is presumptively "unreasonable" and therefore unconstitutional unless the government first obtains a warrant from a judge based on a finding that the government has probable cause to believe that a crime has been committed and that the search will discover evidence relating to that crime.



The central question posed by the bulk telephony meta-data program is this: Is the government's collection of an individual's telephone call records from the individual's telephone service provider a "search" of that individual within the meaning of the Fourth Amendment? If not, then the Fourth Amendment is irrelevant. That is, the government has many ways of learning information about an individual; only those ways of learning information that constitute a "search" are governed by the Fourth Amendment. What, then, is a "search"?



In 1928, in Olmstead v. United States, the Supreme Court considered whether wiretapping constitutes a "search" within the meaning of the Fourth Amendment. Over the strong dissents of Justices Louis Brandeis and Oliver Wendell Holmes, the Court said "no."



A "search," the Court held, at least in the understanding of those who wrote the Fourth Amendment, is a physical intrusion into a physical space owned or controlled by the person searched. That, they ruled, is what the Fourth Amendment means by a "search." Because wiretapping is undertaken by tapping into a telephone company's phone line outside the targeted individual's home, it does not invade any physical space owned or controlled by the individual, and is there not a "search" of that individual within the meaning of the the Fourth Amendment.



If that is the definition of a "search," then it is easy to see why the bulk telephony meta-data program is not a "search." This is so because the government obtains this information, not by entering into any physical space owned or controlled by the individual, but by obtaining the calling data from the individual's telephone company. In so doing, it does not invade any physical space that is owned or controlled by the individual.



But it gets more complicated...



In 1967, the Supreme Court overruled Olmstead. In Katz v. United States, the Court declared that the Fourth Amendment "protects people, not places." It therefore held that, even without a physical intrusion into an individual's physical space, the government can engage in a "search" if its actions violate society's "reasonable expectations of privacy." This was a bold expansion of the potential reach of the Fourth Amendment.



Applying this new understanding of the meaning of a "search," the Court held that wiretapping is, indeed, a "search" within the meaning of the Fourth Amendment. This is so, the Court explained, because individuals have a reasonable expectation that the government will not invade their privacy by intercepting their phone calls. The Court therefore ruled that the government cannot constitutionally wiretap a telephone call without first obtaining a warrant based on a judicial finding of probable cause.



In effect, the Court in Katz adapted the meaning of the word "search" to take into account the impact of new forms of technology through which the government could invade individual privacy in ways that were undreamed of when the Fourth Amendment was adopted.



But Katz created a problem: How do we know what expectations of privacy are "reasonable"? Suppose, for example, a police officer follows a "suspicious" individual who is walking down the street. Is that a "search" within the meaning of the Fourth Amendment? Does the individual has a reasonable expectation of privacy that he won't be followed by a police officer when he walks in a public place?



In a series of decisions in the 1970s, the Supreme Court held that an individual has no "reasonable expectation of privacy" in information that he knowingly and voluntarily discloses to others. Thus, there is no "search" when the police officer observes the individual in public.



Applying that principle, the Court held in United States v. Miller (1976) that an individual has no reasonable expectation of privacy in his bank records, because he knowingly and voluntarily discloses his financial transactions to his bank, and in Smith v. Maryland (1979), the Court held that an individual has no reasonable expectation of privacy in his telephone company's records of his phone calls, because he knowingly and voluntarily discloses his calling data to his phone company.



Thus, when the government compels a telephone company to turn over an individual's calling records, this does not constitute a "search" of the individual, because the individual has no "reasonable expectation of privacy" in those records. It was the decisions in Miller and Smith that made possible the NSA's bulk telephony meta-data program. Get it?



The central disagreement between the two federal judges who just ruled on the constitutionality of the meta-data program turned in large part on the continuing validity and proper application of Miller and Smith. The question, in short, is whether the doctrine recognized in those decisions still makes sense in light of the vast changes in technology over the past 35 years?



One judge reasoned that the doctrine recognized by the Supreme Court in Miller and Smith remains the controlling law today, and that as a mere lower court judge he has no authority to disregard those precedents. He reasoned that if an individual had no reasonable expectation of privacy in his phone records in the 1970s, then he has no reasonable expectation of privacy in his phone records today. Period. End of case. If the Supreme Court wants to change the law, that's none of his business.



The other judge argued that the doctrine recognized by the Supreme Court in Miller and Smith must be reexamined in light of the dramatic changes in modern technology. The ability of the government to sweep up millions of phone records every day, this judge reasoned, poses a much greater threat to individual privacy than anything that was possible in the 1970s.



Although conceding that a lower court judge has no authority to overrule or disregard Supreme Court precedents, this judge concluded that the Supreme Court had never considered the precise question posed by the NSA's bulk telephony meta-data program, and that he therefore had to address that question as a matter of first principles -- while giving appropriate respect, of course, to the doctrine enunciated in Miller and Smith.



It is that issue -- how should a lower court judge apply a Supreme Court precedent in the face of changed circumstances? -- that was at the core of the disagreement between the two judges. This is always a vexing question. There is no simple "right" or "wrong" answer. On this issue, both judges had reasonable explanations for their competing conclusions on the question of precedent.



But that still leaves us with the more fundamental question: What should the Fourth Amendment mean in this context? In my next post, I will offer some thoughts on that question.

In my last post, I explored the pros and cons of the NSA's bulk telephony meta-data program. As I reported, after considering all the competing interests and perspectives, the Review Group concluded that, in light of the availability of other means by which the government could achieve its legitimate objectives, there was "no sufficient justification to allow the government itself to collect and store bulk telephony meta-data." The Review Group therefore recommended that the meta-data program, as currently constituted, "should be terminated as soon as reasonably practicable."



At the same time, though, the Review Group found that access to telephony meta-data can be useful to the government in its effort to identify terrorists operating inside the United States. The challenge was to figure out how best to preserve the legitimate value of the program while at the same time reducing its risks to personal privacy and individual freedom.



To strike a better balance, the Review Group recommends several important changes in the program as it currently exists.



First, and perhaps most important, the Review Group recommends that the government should not be permitted to store the telephony meta-data. The Review Group reasoned that taking the meta-data out of the hands of government would substantially reduce the potential for government abuse. The Review Group therefore recommends that the telephony meta-data should be held by private entities. That is, the meta-data should be held either by the various telephone service providers themselves or, upon a showing that that solution would make effective use of the meta-data impossible, by a private organization created specifically for that purpose. This approach would both prevent the government from having direct access to the database and ensure that an independent set of eyes could monitor the government's access to the information.



Second, the Review Group recommends an important change in the way the government can access the database. Under the current program, NSA analysts themselves determine whether there is a sufficient justification for the government to query the database. The Review Group recommends that that should no longer be possible. Rather, the government should be required to obtain a judicial order before it is allowed to query the database. This requirement would place yet another set of eyes on the government's access to the meta-data and, more important, require a neutral and detached federal judge, rather than an NSA analyst, to decide in each instance whether the government has reasonable grounds to believe that a particular telephone number is in fact associated with terrorist activity.



Third, the Review Group recommends that the telephony meta-data should be held by the private entities for no longer than two years. This recommendation sharply restricts the size and scale of the database, which is currently held by the government for a period of five years.



Fourth, the Review Group recommends that any judicial order authorizing the government to query the database must, like a subpoena, be "reasonable in focus, scope, and breadth," thus ensuring that the scope of the government's access to the database must in each instance be "reasonable," as determined in advance by a federal judge.



Fifth, the Review Group recommends that "legislation should be enacted requiring that detailed information" about the section 215 telephony meta-data program "should be made available on a regular basis to Congress and the American people to the greatest extent possible, consistent with the need to protect classified information." Indeed, "there should be a strong presumption of transparency to enable the American people and their elected representatives independently to assess the merits of the program for themselves."



Sixth, and more generally, the Review Group recommends that "the decision to keep secret from the American people programs of the magnitude of the section 215 bulk telephony meta-data program should be made only after careful deliberation at high levels of government and only with due consideration of and respect for the strong presumption of transparency that is central to democratic governance." "A program of this magnitude," the Review Group recommends, "should be kept secret from the American people only if (a) the program serves a compelling governmental interest and (b) the efficacy of the program would be substantially impaired if our enemies were to know of its existence."



Our conclusion was that, with these recommendations in place, the government can legitimately make use of the telephony meta-data in its critically important effort to keep our nation safe, while at the same time respecting America's core commitment to the values of privacy, individual freedom, and democratic self-governance.



Predictably, some people charge that the Review Group's recommendations strip the Intelligence Community of the capacity to protect our nation, whereas others charge that our recommendations do not adequately protect our freedoms. For the most part, though, our recommendations seem to have been welcomed as important and reasonable measures designed to recalibrate the balance between security and liberty.



I am particularly concerned about those who resist these recommendations from the national security perspective, because they are the ones who seek most ardently to preserve the status quo. Their concern is that, if adopted, these recommendations will make it more difficult for the Intelligence Community to prevent terrorist attacks.



In our judgment -- and it is important to emphasize that the Review Group includes two members who are deeply steeped in the operations of the Intelligence Community -- Richard Clarke, a former member of the National Security Council, and Michael Morell, a former Deputy and Acting Director of the CIA -- these reforms leave ample room for the government to keep us safe.



Moreover, it is important to emphasize that trade-offs are both necessary and proper in this, and every, realm of life. Although we must protect the national security, there are many things we do not do even though they might help achieve that goal. We do not search homes without probable cause; we do not torture individuals to get information; we do not prevent the press from publishing government secrets, to cite just three of many possible examples.



And, of course, every day the government -- including the Intelligence Community -- makes trade-offs in terms of resources. There are many things we do not do, even though they might make us marginally safer, because they cost more than we are prepared to pay. If we can make trade-offs for reasons of money, we can surely make trade-offs for reasons of privacy and freedom.



In the current situation, a new balance is warranted for at least three reasons. First, now that we have had experience with the meta-data program, we can more accurately assess its costs and benefits than when it was first adopted. With that additional information, we can now make a better -- and more informed -- assessment of how to balance the competing interests. Such continuing re-assessment is essential to good government.



Second, when the meta-data program was first created it was adopted in secret. There was therefore no meaningful input from those who are especially concerned with protecting privacy and individual freedom. With that perspective now added to the analysis, it is possible to strike a better balance with a fuller understanding of the competing interests. (Indeed, the absence of the privacy/civil liberties perspective in the decision making process is the subject of other important recommendations of the Review Group.)



Third, the plain and simple fact is that public trust in the Intelligence Community in general, and the NSA in particular, has suffered as a result of recent disclosures. As we emphasize in our Report, this is unfortunate, because in implementing the authorities and responsibilities given to it by the Executive, the Congress, and the courts, the NSA has in fact acted responsibly. The real question, in our judgment, is not about the actions or integrity of the NSA, but about the scope of the authorities it has been granted. In terms of understanding the current debate, this is an important distinction.



But be that as it may, there is now a serious issue of public trust. For the Intelligence Community to operate effectively in the long run, it must have the confidence of the American people. If the Intelligence Community digs in its heels and reflexively fights these reforms, it will do itself serious harm.



More than anything else at the moment, the Intelligence Community needs to win back the trust of the American people. It can do that, not by being defensive, but by acknowledging that periodic review, reexamination and recalibration are healthy and constructive in a self-governing society, and by bending over backwards to embrace reforms that will help restore the public's trust.



In my next post, I will discuss the constitutionality of the section 215 bulk telephony meta-data program as it currently exists. This is a "hot" issue of late, because two different federal courts have reached sharply divergent conclusions on this question.

In my last post ( The NSA's Telephone Meta-data Program: Part I ) I explained the nature and operation of the NSA's bulk telephony meta-data program. In this post, I will examine the government's arguments for the meta-data program and the Review Group's analysis of those arguments.



In defending the bulk telephony meta-data program, the government offers essentially four arguments. First, it argues that the program is an important tool in the effort to keep our nation safe. Because the program enables the government to discover when a suspected terrorist is in contact with other possible terrorists inside the United States, it can provide critical data in the effort to "connect the dots." Indeed, the government argues, had the program been available in 2001, it might have enabled the government to prevent the terrorist attacks of September 11.



Second, the government argues that the collection and storage of bulk telephony metadata does not seriously intrude on individual privacy because individuals have voluntarily exposed their calling data to a third party -- that is, to their telephone service providers. As a general rule, the government argues, individuals have no reasonable expectation of privacy in information they voluntary expose to strangers.



Third, the government argues that the collection and storage of bulk telephony meta-data does not seriously intrude on individual privacy because the nature of the information at issue -- mere calling data -- does not itself reveal anything particularly private. It would be a different case, the government argues, if it was collecting and storing the content of telephone calls, which would be much more invasive of individual privacy.



Fourth, the government argues that it has in place rigorous oversight and review procedures to ensure that the database is not used for any improper purpose. Those restrictions prohibit any use of the data for any purpose other than to identify possible terrorist activity.



Taking these four considerations into account, the government concludes that the bulk telephony meta-data program furthers a compelling national interest without appreciably impairing individual privacy. It is therefore a reasonable program that should be retained as a matter of sound public policy.



In evaluating the section 215 bulk telephony meta-data program, the Review Group carefully evaluated and weighed each of these four considerations.



With respect to the government's first argument -- that the program plays an important role in keeping our nation safe, the Review Group concluded that, in fact, the meta-data program has "made only a modest contribution to the nation's security." Indeed, "section 215 has generated relevant information in only a small number of cases, and there has been no instance in which NSA could say with confidence that the outcome would have been different without the section 215 telephony meta-data program."



Moreover, the reason for keeping the program secret in the first place was to prevent potential terrorists from knowing of its existence. But "now that the existence of the program has been disclosed publicly," the Review Group added, "we suspect that it is likely to be less useful" than it was before. Thus, although recognizing that the meta-data program still has value, the Review Group concluded that it is not critical to protecting the national security.



With respect to the government's second argument -- that people don't really care about the privacy of this information or they wouldn't voluntarily expose it to their phone company, the Review Group concluded that this argument proved too much. "In modern society," we wrote, "individuals, for practical reasons, have to use banks, credit cards, e-mail, telephones, the Internet, medical services, and the like. Their decision to reveal otherwise private information to such third parties does not reflect a lack of concern for the privacy of the information, but a necessary accommodation to the realities of modern life. What they want -- and reasonably expect -- is both the ability to use such services and the right to maintain their privacy when they do so. As a matter of sound public policy in a free society, there is no reason why that should not be possible.



With respect to the government's third argument -- that the collection of bulk telephony meta-data does not seriously threaten individual privacy because it involves only transactional information, the Review Group agreed that the intrusion on privacy would be greater if the government collected the content of every telephone call than if it collects only the meta-data. At the same time, however, the Review Group noted that "the record of every telephone call an individual makes or receives over the course of several years can reveal an enormous amount about that individual's private life."



Quoting an opinion on a related issue by Supreme Court Justice Sonia Sotomayor, the Review Group pointed out that "telephone calling data can reveal 'a wealth of detail' about an individual's 'familial, political, professional, religious, and sexual associations.' It can reveal calls 'to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour-motel, the union meeting, the mosque, synagogue or church, the gay bar, and on and on.'"



Moreover, "knowing that the government has ready access to one's phone call records can seriously chill 'associational and expressive freedoms,' and knowing that the government is one flick of a switch away from such information can profoundly 'alter the relationship between citizen and government in a way that is inimical to society.' That knowledge can significantly undermine public trust, which is exceedingly important to the well-being of a free and open society." We therefore concluded that the limitation of the program only to telephone meta-data did not eliminate potentially serious concerns about individual privacy.



Finally, with respect to the government's fourth argument -- that the government's rigorous oversight of the program would prevent misuse of the data, the Review Group agreed that rigorous oversight was in place, but noted that "no system is perfect" and that there "is always a risk that the rules, however reasonable in theory, will not be followed in practice." Indeed, the Review Group observed that, despite careful safeguards, there had in the past been serious issues of unintentional noncompliance in the use of telephony meta-data program, issues that had had to be addressed -- quite sharply -- by the Foreign Intelligence Surveillance Court.



The Review Group pointed out that there are many different kinds of abuse. For example, an analyst with access to the information might decide "to query an innocent individual for any number of possible reasons, ranging from personal animosity to blackmail to political opposition." Even worse, "we cannot discount the risk, in light of the lessons of our own history, that at some point in the future, high-level government officials will decide" that this database "is there for the plucking." Americans, the Review Group observed, "must never make the mistake of wholly 'trusting' our public officials."



To underscore this point, the Review Group invoked the Report of the Church Committee, which noted more than 35 years ago, after reviewing the serious surveillance abuses of the 1960s and 1970s, that the "massive centralization of . . . information creates a temptation to use it for improper purposes, threatens to chill the exercise of First Amendment rights, and is inimical to the privacy of citizens."



In weighing all these considerations, the Review Group concluded that, even though the bulk telephony meta-data program might "make it easier for the government to protect the nation from terrorism," that in itself does not mean that it should be permitted. Noting that "every limitation on the government's ability to monitor our conduct makes it more difficult for the government to prevent bad things from happening," the Review Group emphasized that the ultimate "question is not whether granting the government authority makes us incrementally safer, but whether the additional safety is worth the sacrifice in terms of individual privacy, personal liberty, and public trust."



On that question, the Review Group concluded that, particularly in light of the availability of other means by which the government could achieve its objectives, "there is no sufficient justification for allowing the government to collect and store bulk telephony meta-data. We recommend that this program should be terminated as soon as reasonably practicable."



In my next post, I will spell out the "other means" by which the government can achieve its objectives, and I will also address the constitutionality of the telephony meta-data program, an issue that has come to fore in recent days as a result of two sharply conflicting judicial decisions on the issue.