In American Civil Liberties Union v. Clapper, 13 Civ. 3994 (WHP) (S.D.N.Y. Dec. 27. 2013), the U.S. District Court for the Southern District of New York found constitutional the ongoing program of the National Security Agency and FBI to obtain telephony metadata in bulk from telephone carriers and Internet service providers. In so doing, the court ruled opposite to the U.S. District Court for the D.C. Circuit in Klayman v. Obama, Civ. No. 13-0851(RJL) (D.C. Dec. 16, 2013).
In last month’s column, I criticized the Klayman court for its fundamental misunderstanding of a user’s privacy rights in the telephony metadata pertaining to his or her telephone calls. The Clapper court, by contrast, understood that those privacy concerns did not rise to constitutional rights, but led to political questions to be settled by Congress and the president. In this month’s article, we’ll look at Clapper.
The facts in Clapper, unsurprisingly, are the same as in Klayman. The Foreign Intelligence Surveillance Act and the Patriot Act allow the government to obtain telephony metadata as “business records” and “tangible things,” respectively, based upon a showing that there were “reasonable grounds” to believe that metadata sought would be “relevant to an authorized investigation … to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.”
Under the Bulk Telephony Metadata Program, the government obtained from telecommunications providers, on a daily basis, electronic copies of telephony metadata. The purpose of the program was to track the phones of known terrorists, to see which phones they contacted and which contacted them, so as to identify, at least potentially, terrorist contacts and networks.
The data was provided pursuant to orders issued by the FISA court (FISC), which is composed of Article III judges, and operates in secret under 50 U.S.C. § 1803(c). Over the last 40 years or so, Congress created the FISC and has amended the laws governing it several times, both before and after Sept. 11.
The court noted that “bulk telephony metadata collection under FISA is subject to extensive oversight by all three branches of government.” The executive must seek judicial approval from the FISC to perform a collection, and twice a year must provide reports to the House of Representatives and Senate intelligence and judiciary committees.
Those reports must include a review of all orders and significant opinions issued by the FISC. Since the program was initiated, the government has self-reported and addressed numerous compliance and implantation issues. FISC opinions noted how the government addressed concerns raised by the FISC. Throughout this history, running to the present, Congress has continued to reauthorize the sections allowing for bulk telephony metadata collection.
The court also detailed how the NSA searched data only under order of the FISC, and how search order protocols restricted searching to likely pertinent data. Orders direct that the database of collected metadata be queried only “with a telephone number, or ‘identifier’ or ‘seed,’ that is associated with a foreign terrorist organization,” and that that identifier be selected by “a high-ranking NSA official or one of 20 specially authorized officials” who has determined that there is “reasonable articulable suspicion” that the “identifier is associated with an international terrorist organization that is the subject of an FBI investigation.”
The query will yield telephone numbers “in contact with the seed, as well as the dates, times and durations of those calls, but not the identities” of the call participants. The resultant dataset is the first “hop.” The second hop is composed of “telephony metadata for the set of telephone numbers in direct contact with any first ‘hop’ telephone number,” and the third hop collects telephony metadata “for the set of telephone numbers in direct contact with any second ‘hop’ telephone number.” The NSA uses the results to locate terrorist networks. It provides to the FBI only the data it believes has any value in counterterrorism analysis, which is a “very small percentage of the total data collected.”
The court detailed how all three branches of government have worked to ensure that the program did not overstep its boundaries. The FISC judges provided substantial oversight, with 15 different FISC judges having found the metadata collection program lawful a total of 35 times since May 2006. Congress amended FISA and related laws several times.
The government took steps to minimize unneeded searches of the data, notwithstanding that the subscribers had no Fourth Amendment right of privacy in that data.
Finally, citing to three instances in 2009 in which the data collected by the program helped thwart planned terrorist attacks, the court noted that these efforts resulted in an effective program.
The court was acutely aware of what it referred to as the “natural tension between protecting the nation and preserving civil liberty.” On the one hand, had the program been in place before Sept. 11, “because it collects everything,” it would have flagged a key call and thus that tragedy could have been avoided. On the other hand, such a program, “if unchecked, imperils the civil liberties of every citizen,” as the metadata, if “plumbed,” can “reveal a rich profile of every individual as well as a comprehensive record of people’s associations with one another.”
The court pointedly rejected the ACLU’s position that the program intrudes into an area protected by the Fourth Amendment because the data collected can reveal that “rich profile.” The court noted that analysis itself requires “legal justification” additional to that needed to gather the data, that even with that justification, analysis of the data was confined to the three hops and still “subject to rigorous minimization procedures” to protect privacy. Finally, it made the obvious point that, even with all of that analysis, the government still will not know who any of the users are unless and until it obtains, under separate legal process, subscriber information.
Moreover, and in contrast with the Klayman court, the Clapper court noted that the potential dangers of the program did not create for the telephone users a Fourth Amendment right of privacy that otherwise did not exist.
Pointing to Smith v. Maryland, 442 U.S. 735 (1979), which held that users had no “legitimate expectation of privacy” regarding the telephone numbers they dialed because they knowingly gave that information to telephone companies when they dialed a number, and numerous other cases with the same holding regarding other business records that contain information that individuals involved in the business transactions would consider private, such as bank records or records given to an accountant, the Clapper court found that the case law overwhelmingly rejected the ACLU’s position.
Addressing Klayman specifically, the court noted that while “people may ‘have an entirely different relationship with telephones than they did’” when Smith was decided, that change “did nothing to change what telephony metadata is or a person’s right to privacy in it.”
The court rejected not just Klayman’s holding but also its reasoning that because Smith and all of the cases following it came from “simpler” times, Smith had to be jettisoned. It noted that while Justice Sonia Sotomayor’s concurring opinion in United States v. Jones, 132 S. Ct. 945 (2012), upon which the ACLU and Klayman relied, rejected Smith, the opinion of the court in Jones rested on far different grounds and did not overrule Smith, while Sotomayor’s concurrence was one of two concurring opinions “grappling with how the Fourth Amendment applies to technological advances.” Citing to Agostini v. Felton, 521 U.S. 203 (1997), the court observed that the lower courts should follow precedent and not guess at whether and how the Supreme Court will overturn it.
The court recognized that the ACLU’s concerns were “far from trivial,” as there was, “understandably, a deep-seated uneasiness and apprehension that” the program could “be used to intrude upon cherished privacy of law-abiding citizens.” These considerations, however, did not rise to a constitutional concern, in this instance and for the reasons discussed. Instead, they should be, and are being, addressed by the other branches of government.
Striking a Balance
Clapper evinces a far better understanding than does Klayman regarding not simply the Fourth Amendment but how to apply, and respect, Supreme Court precedent, the balance that must always be made when protecting both lives and civil liberties, and the roles that all three branches of government must play in striking that balance. The challenge for all three branches has always been to apply traditional principles to new and unforeseen circumstances. The rush by plaintiffs in Klayman and Clapper to have the courts decide the issue is neither constitutionally sound nor wise.
Leonard Deutchman is vice president and general counsel of LDiscovery LLC, a firm with offices in New York City, Fort Washington, Pa., McLean, Va., Chicago, Atlanta, San Francisco and London that specializes in electronic digital discovery and digital forensics.