Section 215, the controversial law at the heart of the NSA’s massive telephone records surveillance program, is set to expire in December. Last week the House Committee on the Judiciary held an oversight hearing to investigate how the NSA, FBI, and the rest of the intelligence community are using and interpreting 215 and other expiring national security authorities.
Congress last looked at these laws in 2015 when it passed the USA FREEDOM Act, which sought to end bulk surveillance and to bring much-needed transparency to intelligence agency activities. However, NSA itself has revealed that it has been unable to stay within the limits USA FREEDOM put on Section 215’s “Call Detail Records” (CDR) authority. In response to these revelations, we’ve been calling for an end to the Call Details Records program, as well as additional transparency into the government’s use of Section 215. If last week’s hearing made anything clear, it’s this: there is no good reason for Congress to renew the CDR authority.
The Call Detail Records Program Needs to End
Chairman Nadler began the hearing by asking Susan Morgan of the NSA if she could point to any specific instance where the CDR program helped to avert any kind of an attack on American soil. Morgan pushed back on the question, telling Chairman Nadler that the value of an intelligence program should not be measured on whether or not it stopped a terrorist attack, and that as an intelligence professional, she wants to make sure the NSA has every tool in the tool box available.
However, the NSA previously reported it had deleted all the information it received from the 215 program since 2015. Morgan confirmed that part of the reason the NSA chose to mass delete all the records was because not all the information was accurate or allowed under the law.
In other words, the NSA wants Congress to renew its authority to run a program that violates privacy protections and collects inaccurate information without providing any way to measure if the program was at all useful. The agency’s best argument for why it wants to renew the legal authorization to use the CDR provision is because it might be useful one day.
Rep. Steve Cohen asked the panel if they could reassure his “liberal friends” that there have been meaningful reforms to the program. The witnesses cited some of the reforms from USA FREEDOM, passed in 2015, as evidence of post-Snowden reforms and safeguards.
However, their answer did not meaningfully address recent incidents where the NSA discovered that it had improperly collected information. Documents obtained by the ACLU include an assessment by the NSA itself that the overcollection had a “significant impact on civil liberties and privacy,” which is putting it mildly.
Fortunately, the committee did not appear to be convinced by this line of reasoning. As Rep. Sylvia Garcia told Morgan, “If I have a broken hammer in my toolbox, I don’t need to keep it.”
We agree. No surveillance authority should exist purely because it might someday come in handy, particularly one that has already been used for illegal mass surveillance.
Other Transparency Issues
In addition to the CDR program, Section 215 also allows the government to collect “business records” or other “tangible things” related to a specific order. Despite the innocuous name, the business records provision allows intelligence agencies to collect a vast range of documents. But we don’t have a sense of just what kinds of sensitive information are collected, and on what scale.
Rep. Pramila Japayal pressed the witnesses on whether Section 215 allows the collection of sensitive information such as medical records, driver’s license photographs, or tax records. Reading from the current law, Brad Wiegmann, Deputy Assistant Attorney General, responded that while the statute does contemplate getting these records, it also recognizes the sensitive nature of those records and requires the requests to be elevated for senior review.
In other words, the DOJ, FBI and NSA confirmed that under the right circumstances, they believe that the current authority in Section 215 allows the government to collect sensitive records on a showing that they are “relevant” to a national security investigation. Plus, as more and more of our home devices collect information on our daily lives, all the witnesses said they could easily envision circumstances where they would want footage from Amazon’s Ring, which EFF has already argued is a privacy nightmare.
In addition, Rep. Hank Johnson and Rep. Andy Biggs pressed the witnesses on whether the government collects geolocation information under Section 215, and if there has been guidance on the impact of the Supreme Court’s landmark Carpenter decision on these activities. Wiegmann acknowledged that while there may be some Fourth Amendment issues, the committee would need to have a classified session to fully answer that question.
Additionally, when asked about information sharing with other federal agencies, none of the witnesses were able to deny that information collected under Section 215 could be used for immigration enforcement purposes.
Both of these revelations are concerning. Carpenter brought on a sea change in privacy law and it should be highly concerning to the public and to overseers in Congress that the intelligence community does not appear to be seriously consider its effect on national security surveillance.
As it considers whether or not to renew any of the authorities in Section 215, Congress must also considering what meaningful privacy and civil liberties safeguards to include. Relying on the NSA to delete millions of inaccurate records collected over many years is simply insufficient.
Secret Laws in Secret Court
In 2015, in the wake of Edward Snowden’s revelations about the NSA mass spying on Americans, Congress passed USA FREEDOM to modify and reform the existing statute. One of the provisions of that bill specifically requires government officials to “conduct a declassification review of each decision, order, or opinion issued” by the FISC “that includes a significant construction or interpretation of any provision of law.”
Both the text of the bill and statements from members of Congress who authored and supported it make clear that the law places new, affirmative obligations on the government to go back, review decades of secret orders and opinions, and make the significant ones public.
However, the DOJ has argued in litigation with EFF that this language is not retroactive and therefore only requires the government to declassify significant opinions issued after June 2015.
It also remains unclear how the government determines which opinions are significant or novel enough to be published, as well as how many opinions remain completely secret.
Allowing the Foreign Intelligence Surveillance Court (FISC) to interpret the impact of that decision on Section 215 programs in secret means that the public won’t know if their civil liberties are being violated.
Releasing all significant FISC opinions, starting from 1978, will not only comply with what Congress required under USA FREEDOM in 2015, it will also help us better understand exactly what the FISC has secretly decided about our civil liberties. Adding a new provision that requires the FISC to detail to Congress how it determines which opinions are significant and how many opinions remain entirely secret would provide additional and clearly needed transparency to the process of administering secret law.
Despite repeated requests from the members of the panel to describe some way of measuring how effective these surveillance laws are, none of the witnesses could provide a framework. Congress must be able to determine whether any of the programs have real value and if the agencies are respecting the foundational rights to privacy and civil liberties that protect Americans from government overreach.
Back in March, EFF, along with the ACLU, New America's Open Technology Institute, EPIC and others, sent a letter to the U.S. House Committee on the Judiciary, detailing what additional measures are needed to protect individuals’ rights from abuses under the Patriot Act and other surveillance authorities. Hearing members of the Intelligence Community speak before the Judiciary Committee reconfirmed just how essential it is that these new protections and reforms be enacted.
We look forward to working with the US House Committee on the Judiciary to end the authority for the Call Details Records program once and for all and to ensure that there are real transparency mechanisms in the law to protect civil liberties.