Though the National Security Agency’s bulk phone metadata collection program has been shuttered, a new battle over what to do with the data already collected is brewing in Congress, where Republicans are pushing for a bill to preserve the data — a fight that recently played out in the Foreign Intelligence Surveillance Court (FISC).
According to FISC court documents released late last week, the court’s new congressionally-mandated privacy advocate recently argued the NSA should delete all records but those relevant to ongoing lawsuits challenging the agency’s previous bulk collection model — a solution the NSA deemed “unworkable.”
Under the U.S.A. Freedom Act, the signals intelligence agency shut down its database collecting virtually all Americans’ landline and an unknown number of wireless records at the end of November, now replaced by a narrower framework in which the government must go to phone companies themselves to obtain data on specific targets approved via FISC court orders.
What the Freedom Act didn’t specifically address is what the NSA must do with the five years’ worth of data collected under the previous program it currently possesses, and instead left it to the FISC’s judgment.
In August the government asked the FISC for permission to continue accessing metadata collected under the old program after the new program launched at the end of November, explaining it planned to compare search results returned from telecommunications providers with those returned from the previous program’s database to ensure it’s working properly.
The signals intelligence agency added ongoing lawsuits against previous bulk collection methods prevent it from destroying records courts have ordered preserved as possible relevant evidence in those suits, one of which is still being pursued by the Electronic Frontier Foundation.
The court weighed the government’s request, for the first time, with the help of an amicus “friend-of-the-court” privacy advocate — another provision set down in the Freedom Act. Foreign Intelligence Surveillance Court Judge Michael Mosman elected Washington, D.C.-based lawyer Preston Burton to weigh in on the government’s request.
Preston, a partner at Poe & Burton PLLC with experience as a defense attorney and federal prosecutor, took issue with several elements of the government’s request, including the lack of details on what steps the agency will take to minimize data not relevant to investigations or lawsuits, and why it can’t keep data only relevant to those suits, deleting the rest.
“Why has the government been unable to reach some stipulation with the plaintiffs to preserve only the evidence necessary for plaintiffs to meet their standing burden?” Preston wrote in a brief to the court.
“Consider whether it is appropriate for the government to retain billions of irrelevant call detail records involving millions of people based on … the government’s stubborn procedural challenges … a situation that the government has fostered by declining to identify the particular telecommunications provider in question and/or stipulate that the plaintiff is a customer of a relevant provided.”
Preston, like the attorneys in the EFF case before him, expressed doubt the agency doesn’t have the technical ability to differentiate records potentially relevant to the case from others, and is instead electing to cite national security as the reason it’s unable to disclose the names of telecommunications providers from which the agency collected bulk records.
“[Suggesting] that the government disclose national security information concerning the identity of providers, information subject to a pending state secrets assertion, is inappropriate,” the Justice Department wrote in response. “Finally, the suggestion that preservation of bulk call detail records can be limited solely to the plaintiffs in multiple pending putative class actions is entirely unworkable.”
Preston goes on to point out, again, like others before him, at least some of those providers — including AT&T and Verizon — have already been publicly revealed as a result of whistleblower leaks, and suggests the DOJ is citing “state secrets” as a means of preserving the maximum number of records.
“The government also states, without more, that limiting the records it holds to those belonging to plaintiffs is ‘entirely unworkable,'” Preston wrote. “It would perhaps be expensive and time-consuming to segregate the data or otherwise pare the archive but that is a choice the government may be required to make in deciding whether to continue to burrow in on its standing and procedural challenges.”
The court gave the NSA until Feb. 29 to continue accessing its previous database — a date that could be extended permanently if the bill supported by Republican Sens. Tom Cotton, Marco Rubio, Joni Ernst and Majority Leader Mitch McConnell gains momentum in the wake of Islamic State-inspired attacks in Paris and San Bernardino, California.
“Time is wasting right now trying to restore some of the capabilities that some of our intelligence professionals had and to make sure that we don’t have this same kind of gap in the future,” Cotton told Politico over the weekend. “We should do it now to try and stop the attack.”
Regardless of what Congress decides, the NSA will be keeping a significant amount of data collected under the old program based on its own internal procedures described to the court.
“Information obtained or derived from call detail records which has been previously disseminated in accordance with approved minimization procedures will not be recalled or destroyed,” the government explained to the court. “Also, select query results generated by pre-November 29, 2015, queries of the bulk records that formed the basis of a dissemination in accordance with approved minimization procedures will not be destroyed.”
Those minimization procedures include data previously disseminated to its own analysts, other agencies and data on individuals gleaned from the NSA’s contact chaining, meaning everyone within two “hops,” or two points of contact, away from a person of interest.