The news headlines are all aflutter this morning about the Guardian UK’s publication of a Foreign Intelligence Surveillance Court order requiring Verizon to turn over on an ongoing basis the metadata (phone numbers, time and length of calls, location, etc. — but no subscriber information) of all calls where at least one party was in the United States.
The practical impact of such a request is that the federal government has a record of every phone call made on the Verizon network, with enough information to identify who the caller is in at least 95% of the cases. (Based on the metadata, it’s rather easy to figure out the identity of the caller.)
The court order in this case was signed by U.S. District Court Judge Roger Vinson, a Reagan appointee.
The sad reality, though, is that these programs that collect huge amounts of data aren’t new. They’ve just been largely ignored by the media — in both the Bush and Obama Administrations. We know, for instance, that the federal government began similar activities shortly after 9/11 and the program in its current form has been ongoing since 2006. The government’s ongoing efforts to keep such programs as secret as possible have thwarted attempts by the media and civil liberties groups to get to the bottom of the story.
What we see today is the result of a sad bipartisan abdication of responsibility by the United States Congress. In the wake of 9/11, they passed the PATRIOT Act, which gave the executive branch broad powers to conduct such surveillance. The PATRIOT Act passed Congress with broad bipartisan support in 2001 (Senate vote was 98-1, House vote was 357-66.), and was reauthorized in 2005, 2009, and 2011.
(As an aside, the powers in the PATRIOT Act were far broader than those requested by President Clinton in the wake of the Oklahoma City bombing. Congressional Republicans were nearly universally opposed to Clinton’s plan and never let it out of committee. Six years later, Republicans represented just two of the 67 Congressional “no” votes for the PATRIOT Act.)
Section 215 of the PATRIOT Act gives the federal government broad powers to ask for such information. Unlike a traditional warrant where the standard is probable cause that the target was involved in a crime, the government only needs to show “reasonable grounds” that the requested information was “relevant to an authorized investigation . . . to obtain foreign intelligence information. . . or to protect against international terrorism or clandestine intelligence activities.”
Once the 2006 revelations of the first iteration of this data collection program came out, Congress did take action: to make it perfectly clear that they saw the program as fully legal. In 2007 and 2008, Congress passed bills that placed the program under the supervision of the Foreign Intelligence Surveillance Act, expanded its reach to cover purely domestic calls, and gave telecom companies retroactive immunity from damages resulting from the breach of privacy. Reauthorized in 2011, these powers are now scheduled to sunset in 2017 if no Congressional action was taken.
After 9/11, a terrorism act of unprecedented boldness and effectiveness, it may have made some sense to give the executive branch the expansive powers of the PATRIOT Act to collect information to adequately respond to the Al-Qaeda threat. Nearly 12 years later, though, we have a clearer picture of the threats we face and the tools we need to respond to them. We also have gained perspective on what we may be giving up in order to secure the notion of security.
It’s time for Congress — politicians on both sides of the aisle need to work together on this one — to take back the wheel from the executive branch on these sorts of issues and craft some reasonable limits that prevent wholesale collection of data from individuals of the nature seen in this example. This is Congress’s job, and we should expect them to get it done.
And while we’re at it, let’s not also forget who else has this data in question: Verizon. Now, there’s little we can do to prevent them from collecting said information other than not use their service or talk to someone who does, but what we can do is make sure that they — and other telecom companies — have to follow strict standards about how it is used. Companies are using this information already, selling it to other companies and using it to market their own products to you. Congress should be vigilant to make sure your data is not abused and your privacy not encroached upon.