Latest FISA Court Declassification Shows an Adversarial System with No Willing Adversaries

Telecom companies had ability to challenge mass metadata collections but never did


Phone companies have a well-noted history of caring about customer concerns
Source: Rowan & Martin's Laugh-In

Yesterday another Foreign Intelligence Surveillance Court (FISC) opinion was declassified (pdf), discussing the guidelines specifically for the collection of telephone metadata. This particular opinion was much more recent than previously declassified documents, dated August 29, and even makes notes of Edward Snowden's leaks.

The latest opinion by Judge Claire V. Eagan probably doesn't have any huge bombshells for those who have been following data privacy for years so much as it confirms already held theories. The opinion quickly disposes of any Fourth Amendment claims protecting metadata by invoking the Supreme Court case Smith v. Maryland. That case from 1979 ruled that phone users had no expectation of privacy of the phone numbers that they dialed because they voluntarily provided them to the phone company in order to make calls. Eagan went on to explain that this individual lack or protection didn't change when phone numbers were gathered in bulk. No matter how many numbers were selected for this phone metadata gathering, it could not be considered a Fourth Amendment violation under this Supreme Court decision (presuming that only this metadata was gathered, not call content information).

This doesn't mean that other laws couldn't restrain the federal government's metadata collection, so the bulk of Eagon's opinion is about exploring the rules set forth by the PATRIOT Act. That exploration revealed one important tidbit of information: While there is a system for phone companies to challenge bulk metadata collection requests from the federal government, not a single telecom company has ever done so. David Kravets takes note at Wired:

"To this date, no holder of records who has received an Order to produce bulk telephony metadata has challenged the legality of such an Order," reads the ruling. "Indeed, no recipient of any Section 215 Order has challenged the legality of such an Order, despite the explicit statutory mechanism for doing so."

The FISC orders cited Section 215 of the Patriot Act to require phone companies like Verizon and AT&T to hand over the phone numbers of both parties involved in all calls, the international mobile subscriber identity (IMSI) number for mobile callers, calling card numbers used in the call, and the time and duration of the calls.

To be sure, any challenge to the surveillance program would have been done before the court in secret, and it's unlikely one would have been successful.

That carriers willfully provided the metadata without blinking a legal eye, however, is cause for alarm, as the telcos appear to be the only ones so far with legal standing to make a challenge to the bulk collection orders. The Electronic Frontier Foundation, American Civil Liberties and others have brought challenges, but the legal fight on whether they have the right to sue remains undecided.

Toward the end of her opinion, Eagon notes that because she doesn't see either constitutional or statutory violations in the National Security Agency's massive phone metadata operations, any issues with the existing system need to be handled politically:

"In the wake of these disclosures, whether and to what extent the government seeks to continue the program discussed in this Memorandum Opinion is a matter for the political branches of government to decide."

Today Sen. Mark Udall (D-Colo.) and Sen. Ron Wyden (D-Ore.) put out a joint statement making note of the very loose standard of "relevance" referenced in the ruling and called for reform:

"The document also points to the Supreme Court's 1979 decision in Smith v. Maryland as the basis for this broad interpretation of the government's surveillance powers.  But the Smith decision was based on the limited technology of the rotary phone era. In an age of personal cell phones and mobile IP addresses, it is unrealistic to say that collecting Americans' phone records in bulk does not infringe on their privacy.

"As Judge Eagan clearly states, resolving the questions about the appropriate limits of the government's surveillance authority is not one that is properly suited to the courts, but 'is a matter for the political branches of government to decide.'

"We agree.  We have argued for years that the government's domestic surveillance authorities need to be narrowed, and we will continue this fight in the weeks and months to come. These revelations about the low standard that the FISA Court has set for protecting Americans' liberties underscore why Congress must return to its proper role of defending our constitutional rights." 

NEXT: Illinois Cops To Be Issued With Video-Equipped Tasers

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Is the word “foreign” in the FISA acronym supposed to be a joke or something?

  2. “Eagon”????

    Who ya’ Gunna call!

    1. Ohh, and the obligatory “One RingyDingy”

  3. “phone users had no expectation of privacy of the phone numbers that they dialed because they voluntarily provided them to the phone company in order to make calls”

    Actually, I used to have an expectation of privacy. Silly me, but I imagine that a lot of people thought their phone records were only used for billing purposes, not saved for later scrutiny by the the phone company and third parties.

  4. case from 1979 ruled that phone users had no expectation of privacy of the phone numbers that they dialed because they voluntarily provided them to the phone company in order to make calls

    47 USC ? 222 – Privacy of customer information:

    (c) Confidentiality of customer proprietary network information
    (1) Privacy requirements for telecommunications carriers

    Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.

    I know there’s that weasel “except” at the beginning but there most certainly is a privacy expectation in federal law.

    1. And here’s the FCC Enforcement Bureau’s list of actions. Sure are a lot for something that phone users had no expectation of privacy.

    2. “Except as required by law” is a pretty big exception though and that’s where the PATRIOT Act slides right in.

      1. I’m not saying it prohibits the Patriot Act under that section, just that Judge Eagan and other supporters are wrong to say there is absolutely no privacy expectation based on a 1979 case while ignoring that such an expectation was codified in 1996.

        1. She differentiates between constitutional expectations of privacy vs. expectations enshrined by statute. The constitutional ruling declares no Fourth Amendment expectation of privacy. But that doesn’t stop the federal government from enshrining some … and subsequently removing them.

          1. I’m not sure why a statute creating privacy rights wouldn’t also create an expectation of privacy. And why that expectation wouldn’t affect the Constitutional question, at least after it had been in place for awhile.

Please to post comments

Comments are closed.