Thursday, May 11, 2006

The (Il)legality of the NSA Phone-Records-Interception Program

Marty Lederman

My first reaction on reading the groundbreaking story in USA Today about the NSA's secret phone-records-interception program was that Qwest stock is going to go through the roof. Don't take that as a tip -- I'm woefully unreliable on such matters. But there are at least some customers who know a law-abiding, customer-protective company when they see it. (If you haven't yet read the USA Today story, do youself the favor of at least reading the section toward the end, on the hardball tactics applied to Qwest, and its very admirable resistance.)

My second reaction was to wonder about the legality of the program. It didn't strike me as violative of the Fourth Amendment, at least so long as the Supreme Court's unfortuante "pen register" precedent remains good law. But at first glance, it sure does appear to run up against several statutory restrictions that Congress and the President have enacted in order to protect the privacy of our phone calls and phone records, not least of which is FISA itself, which, for purposes of that statute, defines the "contents" of a communication quite broadly, to include "any information concerning the identity of the parties to such communication or the existence, substance, purport, or meaning of that communication." 50 USC 1801(n).

Also, as the USA Today story noted, 47 USC 222(a) & (c)(1) provide that "Every telecommunications carrier has a duty to protect the confidentiality of proprietary information of, and relating to, other telecommunication carriers, equipment manufacturers, and customers, including telecommunication carriers reselling telecommunications services provided by a telecommunications carrier" and that "Except as required by law or with the approval of the customer, a telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service shall only use, disclose, or permit access to individually identifiable customer proprietary network information in its provision of (A) the telecommunications service from which such information is derived, or (B) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories."

Fortunately for me, my friend Orin Kerr, who knows much more than I about the intricacies of these and other telecommunications statutes, has posted a preliminary review of the legal issues, which he has given me permission to cross-post here. The upshot is as I suspected: No serious constitutional issue (other than, of course, the gross violation of the separation of powers), but several very serious statutory questions. No wonder Qwest balked -- and no wonder NSA was fearful of asking the FISA Court for legal cover.

[UPDATE: To be clear, I have not yet studied these issues closely and therefore do not have a clear sense of which statutes, if any, would apply to the NSA program. This helpful post by Kate Martin suggests that the most serious legal impediment is 18 USC 2702. That argument appears to have some force; but I don't yet know whether the 47 USC 222 objection is more serious -- Kate does not discuss that provision.]

Here's Orin's extremely helpful preliminary take:

Thoughts on the Legality of the Latest NSA Surveillance Program

The USA Today has an important scoop today on a previously secret NSA surveillance program. Assuming the program was described accurately in the USA Today story, is this program legal? Here is a very preliminary run down of the issues. It’s not as complete as I would like, and it’s not something I have thought about as much as I would like before posting. But my grades are due very soon, and unfortunately I can’t spend as much time on this as I would normally like to spend. I hope this post is at least a helpful start.

The legality of the program touches on at least five laws: the Fourth Amendment, the Pen Register statute, the Stored Communications Act, FISA, and the Communications Act.

1) The Fourth Amendment issues are straightforward. It sounds like the program involves only non-content surveillance, which means that it presumably doesn’t implicate the Fourth Amendment under Smith v. Maryland.

2) The legality of the program under FISA is somewhat similar to the legality of the NSA program we learned about a few months ago. The key question is, did the monitoring constitute “electronic surveillance” under FISA, and if so, does the Authorization to Use Military Force allow it? Note that FISA’s definition of “electronic surveillance” goes beyond accessing only content information and extends to some non-content information. If the program did involve “electronic surveillance” under FISA, then we’re right back to the same question that has been raised about the legality of the known NSA domestic surveillance program. If that’s right, your views of the legality of the new NSA program will pretty much coincide with your views of the legality of the NSA program disclosed a few months ago.

3) The next question is, did the monitoring violate the Pen Register statute, and in particular the prohibition of 18 U.S.C. 3121? To boil down a complex area of law into a sentence, federal surveillance law calls any means of surveilling non-content telephone or Internet information a “pen register” or “trap and trace device.” Section 3121 then bans using such a device unless the government has a court order (either through the criminal investigative authorities or national security law authorities) or an exception to the statute applies. The exceptions in the statute don’t seem applicable here: They mostly involve monitoring to provide better service for the telephone company.

The USA Today story suggests that Qwest wanted the government to obtain a court order for the monitoring, and that the government refused because they concluded that the FISA court might not grant the order. The court order they are referring to is probably the FISA pen register order. Under 50 U.S.C. 1842, the Attorney General or his designate needs to approve the request for such an order, and must certify “that the information likely to be obtained . . . is relevant to an ongoing investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.” The order would then need to be renewed every 90 days under 50 U.S.C. 1842(f).

The legal threshold for a FISA pen register order is low: relevance to an ongoing investigation is a pretty easy standard to satisfy. At the same time, obtaining an order for this kind of monitoring would raise an issue that I have wondered about but I don’t think I know how to answer: Does FISA’s pen/trap authority in 50 U.S.C. 1842 permit the government to conduct massive-scale monitoring, or must monitoring be limited to a specific set of persons or accounts? When the USA Today story says that the government didn’t think the order would be granted by the FISA court, I gather they are saying that the FISA court judges didn’t think the FISA pen/trap authority permitted such massive scale monitoring. That sounds like a sensible conclusion: I would guess that the FISA judges wouldn’t interpret the FSIA pen/trap authority as permitting such massive scale monitoring (in that it trumps the need for any individual orders, which would be odd).

4) The next possible statute is the Stored Communications Act (SCA), and in particular the prohibition on disclosing records relating to wire communications to a government entity found in 18 U.S.C. 2702(a)(3). It’s not clear to me that the SCA applies: the SCA was designed to deal with one-time disclosure of stored communications and records, not real-time collection and repeated disclosure. At the same time, the statute doesn’t have an explicit exception for real time collection, so it’s at least plausible that it does apply. If it applies, disclosure is permitted only if an exception to the statute covers this. I don’t think that any of the exceptions apply, though: the emergency exception of 18 U.S.C. 2702(c)(4) seens to be the closest, but this doesn’t sound like there was an “immediate danger” here. This was an ongoing program, not a program responding to a sudden emergency.

5) A fifth possible statute, and one mentioned in the USA Today story, is the Communications Act of 1934, 47 U.S.C. 222. I have generally thought that the statutes discussed above trump this statute, but the USA Today story mentions it. In any event, I don’t know much about this one, as it’s a telecom statute and I don’t normally play in that sandbox. So I’ll punt on this one for now.

To summarize, my very preliminary sense is that there are no Fourth Amendment issues here but a number of statutory problems under statutes such as FISA and the pen register statute. Of course, all of the statutory questions are subject to the possible argument that Article II trumps those statutes. As I have mentioned before, I don’t see the support for the strong Article II argument in existing caselaw, but there is a good chance that the Administration’s legal argument in support of the new law will rely on it.


On the issue of the fine, don't get your hopes up:

The Stored Communications Act has a defense available. See Sec. 2707, which refers to 2511(3) which refers to 1125(2). In sum, if the companies had a good faith belief that they received "a certification in writing by . . . the Attorney General of the United States that no warrant or court order is required by law, that all statutory requirements have been met, and that the specified assistance is required. . . ." it looks like they are off the hook.

On the issue of whether the acts violate the fourth amendment:

I think this is still a live issue because the reasoning in Smith v. Maryland is based on the idea that phone users do not have a legitimate, reasonable expectation of privacy in who they call. However, the fact that laws like the stored communications act, FISA, and other privacy laws now exist give people a reasonable expectation of privacy in that information. When what is protected by the Fourth amendment depends upon what is reasonable to believe is private, a statute might be able to affect what is reasonable, thus changing the contours of fourth amendment protection. Although, I don't think there are five votes for this and the constitution is often only as good as five votes.

It doesn't really seem to matter that the existance of laws requiring the government to get a warrant may create an expectation of privacy in regards to who they call. Once you grant that there is a law which prevents exactly this sort of behavior, i.e., people's reasonable expectation of privacy was extended to cover this sort of case, the argument is over and you can conclude the president acted illegally regardless of the effect on the 4th ammendment.

Of course this argument might have some force if the executive tried to claim that this congressional statute was unconstitutional insofar as it constrained the executive. Even if the law is declared unconstitutional it could still create a reasonable expectation of privacy (people didn't know it was unconstitutional) and thus make the president's actions illegal. Additionally the same argument could apply even if you believe that ridiculous claim about the AUMF.

It's a neat little argument but the idea that congress can't restrict the executive's power to intercept phone calls or that the AUMF authorized this is so absurd in the first place that this last ditch 4th ammendment argument isn't even worth more than academic consideration.

I think it is still a topical issue, because the reasoning of Smith v. Maryland is based on the idea that phone users do not have a legitimate expectation of privacy reasonable in what they call. However, the fact that laws like the Communications Act registration, FISA, and privacy laws, there are now giving people a reasonable expectation of privacy in the information. When that is protected by the Fourth Amendment depends on what is reasonable to believe that it is private, a law may be able to influence what is reasonable, to change the contours of Fourth Amendment protection. Well, I do not think that there are five votes, and the constitution is often as good as five votes.

I think it is still a topical issue, because the reasoning of Smith v. Maryland is based on the idea that phone users do not have a legitimate expectation of privacy reasonable in what they call. However, the fact that laws like the Communications Act registration, FISA, and privacy laws, there are now giving people a reasonable expectation of privacy in the information. When that is protected by the Fourth Amendment depends on what is reasonable to believe that it is private, a law may be able to influence what is reasonable, to change the contours of Fourth Amendment protection. Well, I do not think that there are five votes, and the constitution is often as good as five votes.WOW GoldWOW Items GoldBuy WOW ItemsCheap WOW ItemsTera Goldbuy tera goldTera GoldBuy WOW Gold

When the media channels gamer is unseen this library method one should begin the player and after that choose the cheap windows 7 key archives alternative in the Windows 7 menus. This actually also allows you shed information right into a independent drive and also move along with other devices.

Inside Microsoft windows Seven it is just a attribute that one can gain access to the last considered plus reached objects. However this does not appear at times as well as what exactly you ought to complete in this buy windows 7 key case is always to develop improvements.

I agree with you. This post is truly inspiring. I like your post and everything you share with us

Tips Gadis Lagi
Crystal X Paket Hamil Ekonomis
Herbal Paket Kanker
Kanker Serviks
Gejala Kanker

Thank you so much for the time spent to explain it to me. I see the notes now at the bottom and how they affect which models are the old vs. new.
Jual crystal x Asli Nasa
Crystal X Asli Nasa
Crystal X Nasa
Harga Crystal X
Manfaat Crystal X
Crystal X Murah

This is a nice post in an interesting line of content.Thanks for sharing this article, great way of bring this topic to discussion.
cara mengobati keputihan
penyebab bau tak sedap
ciri-ciri distributor asli PT. Natural Nusantara
Reseller Crystal X

I am truly inspired by this online journal! Extremely clear clarification of issues is given and it is open to every living soul. I have perused your post, truly you have given this extraordinary informative data about it.
Crystal X Nasa
Crystal X Asli Nasa
Efek Samping Crystal X
Ciri-ciri Crystal X Asli

I too will be switching to Tecksavvy for Internet and Phone. Why should I pay Rogers $85+ per month for slow, unreliable, barely, rarely working service with a 60GB/mo cap and $2/GB overages (which they use many tricks to ensure occur no matter what you do) and a landline with no features when I can pay Teksavvy $46 for a reliable connection with 300GB/mo (nights are free and unlimited), and a landline with a free feature?
jual skateboard
jual skateboard murah
jual papan skateboard
jual papan skateboard murah

Manfaat Crystal X how to
Mengatasi Keputihan and
Cara mengatasi keputihan


Post a Comment

Older Posts
Newer Posts