Is the NSA's Big Data Program Authorized? Key Quotes from a Major Court Ruling
Daniel Solove
Professor, GW Law School + CEO, TeachPrivacy + Organizer, Privacy+Security Forum
The U.S. Court of Appeals for the 2nd Circuit just issued a 97-page ruling limiting the NSA's power to sweep up data about people's phone calls. The case is ACLU v. Clapper, and the court held that the USA Patriot Act Section 215 doesn't authorize the kind of sweeping collection of phone call metadata that the NSA has been engaging in. The court's holding is limited to statutory interpretation -- the scope of data collection authorized by Section 215. The court doesn't base its holding on the Fourth Amendment, though it does note the uncertain status of current Fourth Amendment law.
The bottom line is that the NSA has been gathering a lot more data than it has been authorized to gather.
For some background, I wrote about the NSA metadata gathering in the following posts:
- Why Metadata Matters: The NSA and the Future of Privacy -- discussing why metadata shouldn't be distinguished from other forms of personal data
- NSA Metadata Surveillance and the Fourth Amendment -- discussing why courts should hold that the Fourth Amendment restricts the NSA's broad metadata collection program
- The NSA’s Santa Surveillance Program -- humorous post about NSA data gathering
Here are some key quotes from the opinion in ACLU .v Clapper:
1. “We hold that the text of section 215 cannot bear the weight the government asks us to assign to it, and that it does not authorize the telephone metadata program.”
2. “We conclude that to allow the government to collect phone records only because they may become relevant to a possible authorized investigation in the future fails even the permissive 'relevance' test. Just as 'the grand jury’s subpoena power is not unlimited, § 215’s power cannot be interpreted in a way that defies any meaningful limit. Put another way, we agree with appellants that the government’s argument is ‘irreconcilable with the statute’s plain text.’ Such a monumental shift in our approach to combating terrorism requires a clearer signal from Congress than a recycling of oft‐used language long held in similar contexts to mean something far narrower.”
3. “The telephone metadata program requires that the phone companies turn over records on an ‘ongoing daily basis’ – with no foreseeable end point, no requirement of relevance to any particular set of facts, and no limitations as to subject matter or individuals covered.”
4. “Appellants argue that the telephone metadata program provides an archetypal example of the kind of technologically advanced surveillance techniques that, they contend, require a revision of the third‐party records doctrine. Metadata today, as applied to individual telephone subscribers, particularly with relation to mobile phone services and when collected on an ongoing basis with respect to all of an individual’s calls (and not merely, as in traditional criminal investigations, for a limited period connected to the investigation of a particular crime), permit something akin to the 24‐hour surveillance that worried some of the Court in Jones. Moreover, the bulk collection of data as to essentially the entire population of the United States, something inconceivable before the advent of high‐speed computers, permits the development of a government database with a potential for invasions of privacy unimaginable in the past. Thus, appellants argue, the program cannot simply be sustained on the reasoning that permits the government to obtain, for a limited period of time as applied to persons suspected of wrongdoing, a simple record of the phone numbers contained in their service providers’ billing records. Because we conclude that the challenged program was not authorized by the statute on which the government bases its claim of legal authority, we need not and do not reach these weighty constitutional issues. The seriousness of the constitutional concerns, however, has some bearing on what we hold today, and on the consequences of that holding.”
* * * *
Daniel J. Solove is the John Marshall Harlan Research Professor of Law at George Washington University Law School, the founder of TeachPrivacy, a privacy/data security training company, and a Senior Policy Advisor at Hogan Lovells. Along with Paul Schwartz, Solove is a Reporter on the American Law Institute’s Principles of Data Privacy. He is the author of 10 books including Understanding Privacy and more than 50 articles.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum – Oct. 21-23 in Washington, DC, an event aims to bridge the silos between privacy and security.
90+ Speakers at the Privacy + Security Forum
The views here are the personal views of Professor Solove and not those of any organization with which he is affiliated.
Professor Solove's Privacy + Security Training
Professor Solove's Social Media
Please join one or more of Professor Solove's LinkedIn groups:
Privacy and Data Security
HIPAA Privacy & Security
Education Privacy and Data Security
Twitter: Follow Professor Solove on Twitter @DanielSolove.
Newsletter: Click below to sign up for Professor Solove's newsletter. It is free and is only sent out occasionally, so it will not clog your inbox.
