IU privacy expert: Report confirms NSA bulk collection is neither effective nor legal

Jan. 23, 2014

EDITOR'S NOTE: Fred H. Cate is available for media interviews -- including television appearances via satellite -- this afternoon from Bloomington.


BLOOMINGTON, Ind. -- A federal privacy board's finding that the bulk collection of telephonic metadata is illegal is the boldest call yet for the dismantling of the National Security Agency's overzealous spy program and shows the lack of oversight of the NSA’s activities by the secret federal court charged with doing so, according to Indiana University privacy and cybersecurity expert Fred H. Cate.

The report by the Privacy and Civil Liberties Oversight Board, released today, concluded the bulk collection of American data "lacks a viable legal foundation under Section 215" of the USA PATRIOT Act. That section permits the Foreign Intelligence Surveillance Court to authorize the FBI to collect only records that are "relevant to an authorized investigation." The telephone metadata orders, however, compelled Verizon and other telecommunications companies to hand over data indiscriminately about all of their customers’ communications.

"The Privacy and Civil Liberties Oversight Board not only concluded that this violates the requirements of Section 215 but provided five independent grounds for that conclusion," Cate said.

Those included the fact there was no authorized FBI investigation in the first place and, even if there were, any assertion that data about all calls was "relevant" to it would require "redefining that word in a manner that is circular, unlimited in scope and out of step with precedent."

"This is consistent with a decision last month by Judge Richard Leon of the U.S. District Court of Washington and with the report released in December by President Obama’s own surveillance review group," Cate said. "It is also the position we argued on behalf of professors of privacy and surveillance law in an amicus brief filed with the U.S. Supreme Court in August in a case brought by the Electronic Privacy Information Center."

The report also makes clear that the bulk collection of telephone metadata is not nearly as useful in fighting terrorists as national security officials have claimed. It notes that the members of the privacy board "have not identified a single instance involving a threat to the United States in which the program made a concrete difference" or led to the "discovery of a previously unknown terrorist plot or the disruption of a terrorist attack."

"More surprisingly still," Cate said, "the board could identify only one instance in seven years in which the surveillance program 'arguably contributed' to identifying a terrorist, a surprisingly meager accomplishment for a program that involved collecting data on more a billion telephone calls a day."

Perhaps the most jaw-dropping feature of the report is that it reveals that the Foreign Intelligence Surveillance Court, despite its critical role in implementing Section 215, had failed to provide a written opinion explaining its legal reasoning for granting the metadata orders until August 2013.

"It is astonishing that the court had been approving bulk metadata collection orders since 2006 without ever providing a written explanation of its interpretation of the law," Cate said. "Given the timing, we must assume that the only reason the court provided a written analysis when it did was because of the disclosures by Edward Snowden and the subsequent public and political outcry. Were it not for these disclosures, the court would in all likelihood still be rubber-stamping orders in favor of the government.

"The Foreign Intelligence Surveillance Court plays a pivotal role in overseeing surveillance," Cate said. "That role is especially significant given the highly classified nature of most of those activities. The discovery that the court had not bothered to explain its extraordinary interpretation of Section 215 is profoundly troubling."

Finally, the report is the most recent reminder of how out of touch the Obama administration is on surveillance issues.

"In last week’s speech, billed as a major policy address on surveillance, the president ignored the vast majority of his own review committee’s recommendations, especially those on the structure, activities and mission of the NSA," Cate said.

"He ignored entirely the fundamental issue provoked by Snowden’s disclosures of not just numerous surveillance programs, but a culture and approach of vacuuming up all available data, often in overlapping programs, without a clear mission or legal authorization or clear understanding of the competing interests," Cate said. "He didn’t even mention the emerging legal debate over the legality of bulk data collection or the dispute between two federal courts that reached opposite conclusions on that question in the past month.

"Today’s report highlights how removed the president is from the critical underlying issues of whether this approach to surveillance is appropriate, legal or effective. The report answers all three questions 'no.' Now we have to see whether the president and Congress are willing to listen. If recent history is any indication, that is highly unlikely."

Cate is the C. Ben Dutton Professor of Law at the IU Maurer School of Law and directs the university’s Center for Applied Cybersecurity Research, which is designated by the National Security Agency as a National Center of Excellence in both Information Assurance Research and Information Assurance Education. He is a member of the inaugural U.S. Department of Homeland Security Data Privacy and Integrity Committee Cybersecurity Subcommittee and one of the founding editors of the Oxford University Press journal International Data Privacy Law. He can be reached at 812-855-1161 or fcate@indiana.edu