The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Schrodinger’s Catnip: A Review of the NSA Phone Surveillance Program (Guest Blog)

Share:

By Mark Rasch and friends

The NSA programs to retrieve and analyze telephone metadata and internet communications and files (the former we will call the telephony program, the latter codenamed PRISM) are at one and the same time narrow and potentially reasonably designed programs aimed at obtaining potentially useful information within the scope of the authority granted by Congress. They are, at one and the same time perfectly legal and grossly unconstitutional. It’s not that we are of two opinions about these programs. It is that the character of these programs are such that they have both characteristics at the same time. Like Schrödinger’s cat, they are both alive and dead at the same time – and a further examination destroys the experiment. Let’s look at the telephony program first.

Telephone companies, in addition to providing services, collect a host of information about the customer including their name, address, billing and payment information (including payment method, payment history, etc.). When the telephone service is used, the phone company collects records of when, where and how it was used – calls made (or attempted), received, telephone numbers, duration of calls, time of day of calls, location of the phones from which the calls were made, and other information you might find on your telephone bill. In addition, the phone company may collect certain technical information – for example, if you use a cell phone, the location of the cell from which the call was made, and the signal strength to that cell tower or others. From this signal strength, the phone company can tell reasonably precisely where the caller is physically located (whether they are using the phone or not) even if the phone does not have GPS. In fact, that is one of the ways that the Enhanced 911 service can locate callers. The phone company creates these records for its own business purposes. It used to collect this primarily for billing, but with unlimited landline calling, that need has diminished. However, the phone companies still collect this data to do network engineering, load balancing and other purposes. They have data retention and destruction policies which may keep the data for as short as a few days, or as long as several years, depending on the data. Similar “metadata” or non-content information is collected about other uses of the telephone networks, including SMS message headers and routing information. Continuing with the Schrödinger analogy, the law says that this is private and personal information, which the consumer does not own and for which the consumer has no expectation of privacy. Is that clear?

Federal law calls this telephone metadata “Consumer Proprietary Network Information” or CPNI. 47 U.S.C. 222 (c)(1) provides that:

Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.

Surprisingly, the exceptions to this prohibition do not include a specific “law enforcement” or “authorized intelligence activity” exception. Thus, if the disclosure of consumer CPNI to the NSA under the telephony program is “required by law” then the phone company can do it. If not, it can’t.

But wait, there’s more. At the same time that the law says that consumer’s telephone metadata is private, it also says that consumers have no expectation of privacy in that data. In a landmark 1979 decision, the United States Supreme Court held that the government could use a simple subpoena (rather than a search warrant) to obtain the telephone billing records of a consumer. See, these aren’t the consumer’s records. They are the phone company’s records. The Court noted, “we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must "convey" phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills.” The court went on, “even if petitioner did harbor some subjective expectation that the phone numbers he dialed would remain private, this expectation is not "one that society is prepared to recognize as `reasonable.'”

By trusting the phone company with the records of the call, consumers “assume the risk” that the third party will disclose it. The Court explained, “petitioner voluntarily conveyed to it information that it had facilities for recording and that it was free to record. In these circumstances, petitioner assumed the risk that the information would be divulged to police.” This dichotomy is not surprising. The Supreme Court held that, as a matter of Constitutional law, any time you trust a third party, you run the risk that the information will be divulged. Prosecutors and litigants subpoena third party information all the time –your phone bills, your medical records, credit card receipts, bank records, surveillance camera data, and records from your mechanic – just about anything. These are not your records, so you can’t complain. At the same time, Congress was concerned with phone company’s use of CPNI for marketing purposes without consumer consent, so they imposed statutory restrictions on the disclosure or use of CPNI unless “required by law.”

Enter the NSA

There is little doubt that telephony metadata can be useful in foreign intelligence and terrorism cases. Hell, it can be useful in any criminal investigation, or for that matter, a civil or administrative case. But if the CIA obtains the phone records of, say Abu Nazir (for Homeland fans), and spots a phone number he has called, they, through the NSA, want to be able to find out information about that phone call, and who that person called. The NSA wants this data for precisely the same reason that it is legally protected – phone metadata reveals patterns which can show relationships between people, and help determine who is associated with whom and for what purpose. Metadata and link analysis can help distinguish between a call to mom, a call to a colleague, and a call to a terrorist cell. Context can reveal content – or at least create a strong inference of content. So, in appropriate cases involving terrorism, national security or intelligence involving non-US persons, the NSA should have this data. And indeed, they always have. None of that is new.

If the NSA captured a phone number, say 867-5309, they could demand the records relating to that call from the phone company through an order issued by a special super-secret court called FISC. The order could say “give the NSA all the records of phone usage of 867-5309 as well as the records of the numbers that they called.” Problem is, that is unwieldy, time consuming, requires a new court order with each query, and in many ways overproduces records. Remember, not only are these terrorism and national security investigations, but the target is a non-US person, usually (but not always) located outside the United States.

The Fourth Amendment

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Read that carefully. You would think that it requires a warrant to search, right? Wrong. Actually, Courts interpret the comma after the word “violated” as a semi-colon (who says grammar doesn’t matter?) “The people” which includes but is not limited to U.S. citizens, have a right to be secure against unreasonable searches and seizures (more on the “and” in a minute). Also, warrants have to be issued by neutral magistrates and must specify what is to be seized. So no warrant is needed if the search is “reasonable.” In fact, the vast majority of “searches and seizures” in America are conducted without a warrant. People are searched at airports and borders. No warrant. They are patted down on the streets and in their cars. No warrant. Cops look into their car windows, follow them around, and capture video of them without a warrant. Police airplanes, helicopters (and soon drones) capture images of people in their back yards or porches. No warrant. Dogs can sniff for drugs, bombs or contraband. No warrant. And people give consent to search without a warrant all the time. When the police searched the boat for the fugitive Boston bomber, they needed no warrant because of exigent circumstances (and perhaps because the boat’s owner consented). Warrantless searches can be “reasonable” and can pass constitutional muster. That’s one reason Congress created the FISC.

For law enforcement purposes (to catch criminals) the government can get a grand jury subpoena, a search warrant, a “trap and trace” order, a “pen register” order, a Title III wiretap order, or other orders if they can show (depending on the information sought) probable cause or some relevance to the criminal investigation. But for intelligence gathering purposes, the NSA can’t really show “probable cause” to believe that there’s a crime, because often there is not. It’s intelligence gathering. So the Foreign Intelligence Surveillance Act (FISA) created a special secret court to allow the intelligence community to do what the law enforcement community could already do – get information under a court order, but instead of showing that a crime was committed, they had to show that the information related to foreign intelligence.

After September 11, 2001, Congress added terrorism as well. When Congress amended FISA, it allowed the FISA court (FISC) to authorize orders for the production of “books records or other documents.” Section 215 of the USA PATRIOT Act allowed the FBI to apply for an order to produce materials that assist in an investigation undertaken to protect against international terrorism or clandestine intelligence activities. The act specifically gives an example to clarify what it means by "tangible things": it includes "books, records, papers, documents, and other items." Telephone metadata fits within this description, including the NSA Telephony Program (As we know it)

So the NSA has the authority to seek and obtain (through the FBI and FISC) telephone metadata. It also has a legitimate need to do so. But that’s not exactly what they did here. Instead of getting the records they needed, the NSA decided that it would get all the records of all calls made or received (non-content information) about everyone, at least from Verizon, and most likely from all providers. The demand was updated daily, so every call record was dumped by the phone companies onto a massive database operated by the NSA.

Now this is bad. And good. The good part is that, by collecting metadata from all of the phone companies, the NSA could “normalize” and cross-reference the data. A single authorized search of the database could find records from Verizon, AT&T, Sprint, T-Mobile, and possibly Orange, British Telecom, who knows? Rather than having to have the FISC issue an order to Verizon for a phone record, and then after that is examined, another order to AT&T, by having the data all in one place, “pingable” by the NSA, a singly query can find all of the records related to that query.

So if the FISC authorizes a search for Abu Nazir’s phone records, this process allows the NSA to actually get them. Also, the NSA doesn’t have to provide a court order (which itself would reveal classified information about who they were looking at) to some functionary at Verizon or AT&T (even if that functionary had a security clearance). And Verizon’s database would not have a record of what FISC authorized searches the NSA conducted – information which itself is highly classified.

Just because the NSA had all of the records does not mean that it looked at them all. In fact, the NSA and FBI established a protocol, which was apparently approved by the FISC that restricted how and when they could ping this massive database. So the mere physical transfer of the metadata database from the phone companies to the NSA doesn’t impinge privacy unless and until the NSA makes a query, and these queries are all authorized by the FISC and are lawful. So what’s the big deal? It’s all good, man.

General Warrant

Not so fast Mr. Schrödinger. There are two huge legal problems with this program. Undoubtedly, the USA PATRIOT Act authorizes the FISC to order production of “tangible things” and these records are “tangible things.” But the law does not authorize what are called “general warrants.” A general warrant is a warrant that either fails to specify the items to be searched for or seized, fails to do so with particularity, or is so broad or vague as to permit the person seizing the items almost unfettered discretion in what to take. A warrant which permitted seizure of “all evidence of crimes” or “all evidence of gang activity” would be an unconstitutional general warrant.

It’s important to note that the warrant is “legal” in the sense that it was for information relevant to a crime (or, say terrorism), that the obtaining of the warrant was authorized by law, that a court issued the warrant, and that the proper procedures were followed. But the warrant is unconstitutional and so is the search and seizure. This is particularly true where the warrant seeks information that relates to First Amendment protected activities like what books we are reading, and with whom we are associating. So when Texas authorized the search and seizure of records relating to “communist activities”(the ism before terrorism) and cops got a warrant to take such books and records, the Supreme Court had no problem finding that the warrant was an unconstitutional “general warrant.

Even though the FISC warrant to Verizon specified exactly what was to be seized (“everything”) it was undoubtedly a general warrant. Remember, the Fourth Amendment prohibits unreasonable “searches” and “seizures.” A warrant authorizing seizure of all records of millions of people who did nothing wrong, particularly when it is designed to figure out their associations is about as general as you can get. And that is assuming that the searches, or pinging to the database, which happen later, are reasonable.

What’s more, by taking custody of all of these records, the NSA abrogates the document retention and destruction policies of all of the phone companies. We can assume that the NSA keeps these records indefinitely. So long after Verizon decides it doesn’t need to know what cell tower you pinged on July 4, 2005 at 6:15.22 PM EST, the NSA will retain this record. That’s a problem for the NSA because now, instead of subpoenaing Verizon for these records (especially in a criminal case where the defendant has a constitutional right to the records if relevant to a defense), the NSA (or FBI who obtained the records for the NSA) can expect to get a subpoena for the records. While the NSA and FBI would undoubtedly claim that the program is classified, clearly my own phone records are not classified. A federal law called the Classified Information Procedures Act provides a mechanism to obtain unclassified versions of classified data. So if you were charged with a crime by the FBI, and the same FBI had records (in this database) that indicated that you did not commit the crime, they would have to search the database and produce the records. And when Verizon tells you that the records are gone, well… it aint true anymore.

But wait, there’s more.

Even if the “seizure” is a general warrant, the government would argue that it is “reasonable” because it is necessary to effectuate the NSA’s function of protecting national security, and its impact on privacy is minimal because the database isn’t “pinged” without court approval. The “collection” of data about tens of millions of Americans doesn’t affect their privacy especially when the Supreme Court said that they have no privacy rights in this data, and it doesn’t even belong to them. (Even though the Director of National Intelligence testified in March that the NSA did not “collect” any data on millions of Americans). Besides, the NSA would argue, there is no other way for the government to do this.

What does the NSA do with the records? Here’s where there is an unknown. At present, we do not know what the NSA does with the telephone metadata database. Do they simply query it – e.g., give me all the records of calls made by Abu Nazir; or do they preform data mining, link analysis, and pattern analysis on the database in order to identify potential Abu Nazir’s? If the latter, then the NSA is clearly searching records of millions of Americans. If the former, it is still troubling for a few reasons.

Six Degrees of Separation

First, the NSA’s authority revolves around non-US persons. While there may be “inadvertent” collection on U.S. persons, the target of the surveillance must be a non-US person for the program to be legal. According to the leaked documents, the NSA took a very liberal interpretation of what this means. First, they determined that as long as there was a 51% chance that the target was a non-US person, the NSA was entitled to obtain records. Second, they may – and we stress "may" – have interpreted their authority as providing that, if the target of the investigation was foreign (again 51% chance) then they could obtain records related to calls between two US persons wholly in the US. Finally, they apparently deployed a “two degrees of separation” test. If Abu Nazir (51% foreign) called John Smith’s telephone number, the NSA could look at who Smith (100% US) called within the US (first degree of separation). If Smith called Jones, the NSA could then look at Jones’ call records (second degree of separation.) At this point, even if the pinging of the database is authorized by the FISC, we are a long way from Abu Nazir. Toto, I’m afraid we are in Kansas.

Writs of Assistance

OK, but what’s the big deal? The seizure of the database is authorized by FISC, under a statute approved by Congress, with Congressional knowledge and oversight (maybe), and under strict control by the NSA, the FBI and DOJ. Every search of the database is approved by the super-secret court, right? Not so fast, Kemo Sabe. It is highly unlikely that the FISC approves every database search. More likely is that the FBI and NSA have established protocols and procedures designed to ensure that the searches are within their jurisdiction, are designed to find information about terrorism and foreign intelligence, that the targets are (51%) foreign, and that there is a minimization procedure. These protocols –rather than the individual searches themselves – are what are approved by the FISC. The NSA then most likely reports back to the FISC (through the DOJ) about whether there was an “inadvertent disclosure” of information not related to these objectives. So the court most likely does not approve every search.

And that’s another problem. You see, each “search” of the database is – well – a search. That search must be supported by probable cause (in a criminal case to believe that there’s a crime, in a FISA case, espionage, foreign intelligence or terrorism) and must be approved by a court. Each search. Not the process. We have been down this road before. In fact, this is precisely what lead to the American Revolution in general and the Fourth Amendment in particular.

When the British Parliament issued the Navigation Acts imposing tariffs on goods imported into America, many colonists refused to pay them (as Boston lawyer James Otis noted, “taxation without representation is tyranny”) So Parliament authorized King George II to issue what are called “writs of assistance.” This writ, issued by a Court, authorized the executive branch (a customhouse officer with the assistance of the sheriff) to search colonists houses for unlawfully smuggled items. These writs did not specify what the sheriff could search for or seize, or where he could look. Like the NSA program, the court approved what could be done, the executive had discretion in how to do it. When George II was succeeded by George III (the writs expiring with the death of the King) Parliament reauthorized them under the hated Townsend Acts. James Otis urged resistance, and it was the use of these unspecific writs authorizing searches that galvanized public opinion (and that of John Adams in particular) to urge revolution. It is why the Fourth Amendment demanded that a search warrant specify based on probable cause, the specific place to be searched and item to be seized. It’s also why writs of assistance are prohibited in the constitution.

The NSA FISC approved searches would be like a judge in Los Angeles issuing a search warrant to the LAPD which said, “you may search any house as long as you smell marijuana in that house.” While the search may be reasonable, and indeed, if the LAPD had applied for a warrant to search a house after they smelled marijuana a court probably would have issued the warrant, the broad blanket approval of these searches would be more akin to a writ of assistance.   

So the NSA digital telephony program, while legal in the sense that it was approved by both Congress and the Foreign Intelligence Surveillance Court, has some serious Constitutional problems.

Telephone Company Liability?

The phone companies could be on the hook for participating in the program, even though they have both immunity and had no choice but to participate. In fact, they could not legally have even disclosed the program. In the FISA amendments, Congress expressly gave the phone companies immunity for making “good faith” disclosures of information pursuant to Section 215.

So why would the phone company be in trouble? The problem is the “good faith” part. In 2012 the Supreme Court looked at the question of when someone (cops in that case) should have immunity for a good faith search pursuant to an unconstitutional warrant. The cops got a warrant for all records of “gang related activity” and all guns in a particular house. The court agreed that the warrant was overbroad, unconstitutional, and should not have been issued. The question was whether the cops, who executed the warrant, should have immunity from civil liability because they acted in “good faith.”

The Supreme Court noted that the fact that they got a warrant at all was one indication that they acted in good faith, but that, “the fact that a neutral magistrate has issued a warrant authorizing the allegedly unconstitutional search or seizure does not end the inquiry into objective reasonableness. Rather, we have recognized an exception allowing suit when “it is obvious that no reasonably competent officer would have concluded that a warrant should issue.” In other words, the cops are generally permitted to rely on the fact that a court issued a search warrant, unless the warrant itself (or the means by which it is procured) is so obviously unconstitutional, overbroad, general or otherwise prohibited that you cannot, in good faith rely on it. While the court found that the cops had immunity because the warrant was not so overbroad to lead to the inevitable conclusion that it was unconstitutional, it is hard to make that same argument where the FISA warrant essentially asked for every record of the phone company. Hard to imagine a broader warrant.

Justice Kagan pointed out that it’s not illegal to be a member of a gang, and that a warrant that authorized seizure of evidence of gang membership per se called for associational records which were protected. Much like the phone logs here. Justices Sotomayor and Ginsburg went further noting, The fundamental purpose of the Fourth Amendment’s warrant clause is “to protect against all general searches.” Go-Bart Importing Co. v. United States, 282 U. S. 344, 357 (1931)

The Fourth Amendment was adopted specifically in response to the Crown’s practice of using general warrants and writs of assistance to search “suspected places” for evidence of smuggling, libel, or other crimes. Boyd v. United States, 116 U. S. 616–626 (1886). Early patriots railed against these practices as “the worst instrument of arbitrary power” and John Adams later claimed that “the child Independence was born” from colonists’opposition to their use. Id., at 625 (internal quotation marks omitted).

To prevent the issue of general warrants on “loose, vague or doubtful bases of fact,” Go-Bart Importing Co., 282 U. S., at 357, the Framers established the inviolable principle that should resolve this case: “no Warrants shall issue, but upon probable cause . . . and particularly describing the . . . things to be seized.” U. S. Const., Amdt. 4. That is, the police must articulate an adequate reason to search for specific items related to specific crimes. They found that the search by the police without probable cause was unreasonable even though there was both judicial and executive oversight, and that therefore there should be no immunity because the actions were not in “good faith.” The phone companies run that risk here.




Mark Rasch, is the former head of the United States Department of Justice Computer Crime Unit, where he helped develop the department’s guidelines for computer crimes related to investigations, forensics and evidence gathering. Mr. Rasch is currently a principal with Rasch Technology and Cyberlaw and specializes in computer security and privacy.

Rasch Cyberlaw (301) 547-6925 www.raschcyber.com


Comments

Posted by Leading Edge Boomer
on Saturday, June 15, 2013 at 05:27 PM

A great contribution.  I wish every talking head would read this before making asses of themselves by coming down emphatically, according to their previous worldviews, on one side or another about this complex issue.

Leave a comment

Commenting is not available in this section entry.