Two weeks ago, when U.S. District Judge Richard Leon issued a preliminary injunction against the National Security Agency's mass collection of telephone records, he was skeptical of the government's claim that the program has been instrumental in preventing terrorist attacks. "The Government does not cite a single instance in which analysis of the NSA's bulk metadata collection actually stopped an imminent attack," he wrote, "or otherwise aided the Government in achieving any objective that was time-sensitive in nature." By contrast, U.S. District Judge William Pauley, who on Friday rejected a Fourth Amendment challenge to the NSA's phone record dragnet, says "the effectiveness of bulk telephony metadata collection cannot be seriously disputed." But Pauley's most powerful example is a debatable counterfactual, while the other cases he cites do not actually show that the NSA's database has been crucial in stopping attacks.
Pauley opens his opinion by arguing that if the telephone metadata program had existed in 2001 it might have helped prevent Al Qaeda's attacks on the World Trade Center and the Pentagon:
Prior to the September 11th attacks, the [NSA] intercepted seven calls made by hijacker Khalid al-Mihdhar, who was living in San Diego, California, to an al-Qaeda safe house in Yemen. The NSA intercepted those calls using overseas signals intelligence capabilities that could not capture al-Mihdhar's telephone number identifier. Without that identifier, NSA analysts concluded mistakenly that al-Mihdhar was overseas and not in the United States. Telephony metadata would have furnished the missing information and might have permitted the NSA to notify the [FBI] of the fact that al-Mihdhar was calling the Yemeni safe house from inside the United States.
The government has trotted out this hypothetical many times before, presumably because it is easier to speculate about plots that might have been thwarted by the routine collection of every American's phone records than it is to cite any that actually were. But as ProPublica's Justin Elliott pointed out last June, "U.S. intelligence agencies knew the identity of the hijacker in question, Saudi national Khalid al Mihdhar, long before 9/11 and had the ability find him, but they failed to do so." Furthermore, it is not clear why the NSA, having eavesdropped on seven calls between al-Mihdhar and the Al Qaeda safe house in Yemen, needed a database containing everyone's phone records to identify the source of those calls. The Justice Department "could have asked the FISA Court for a warrant to all phone companies to show all calls from the U.S. which went to the Yemen number," former counterterrorism official Richard Clarke told ProPublica. "Since they had one end of the calls (the Yemen number), all they had to do was ask for any call connecting to it."
The three other examples cited by Pauley likewise do not show that the comprehensive phone record database has been necessary to stop attacks, as Leon noted:
None of the three "recent episodes" cited by the Government that supposedly "illustrate the role that telephony metadata analysis can play in preventing and protecting against terrorist attack" involved any apparent urgency. In the first example, the FBI learned of a terrorist plot still "in its early stages" and investigated that plot before turning to the metadata "to ensure that all potential connections were identified." Assistant [FBI] Director [Robert] Holley does not say that the metadata revealed any new information-much less time-sensitive information that had not already come to light in the investigation up to that point. In the second example, it appears that the metadata analysis was used only after the terrorist was arrested "to establish [his] foreign ties and put them in context with his U.S. based planning efforts." And in the third, the metadata analysis "revealed a previously unknown number for [a] co-conspirator…and corroborated his connection to [the target of the investigation] as well as to other U.S.-based extremists." Again, there is no indication that these revelations were immediately useful or that they prevented an impending attack.
Pauley does not actually claim the phone record database is necessary to thwart terrorism—only that it has been useful in gathering intelligence. Could a less sweeping approach, such as specific warrants seeking information about calls to or from particular targets, have been equally effective? Pauley deems that question irrelevant:
The ACLU also argues that "[t]here are a number of ways in which the Government could perform three-hop analysis without first building its own database of every American's call records." That has no traction. At bottom, it is little more than an assertion that less intrusive means to collect and analyze telephony metadata could be employed. But the Supreme Court has "repeatedly refused to declare that only the 'least intrusive' search practicable can be reasonable under the Fourth Amendment."
In any case, as I noted on Friday, the effectiveness of the NSA's snooping is not ultimately relevant to Pauley's analysis. Since he concludes that the Fourth Amendment does not apply to phone records (or any other information held by third parties), there is no search to justify.