by Geoffrey R. Stone, Edward H. Levi Distinguished Professor of Law and an ACS Faculty Advisor at the University of Chicago Law School; former Chair, ACS Board of Directors
* This post originally appeared at The Daily Beast.
President Obama announced this morning that he will propose legislation calling for significant changes in the NSA’s telephone metadata program. This is good news, indeed.
The enactment of these proposals would strike a much better balance between the interests of liberty and security. They would preserve the value of the NSA’s program in terms of protecting the national security, while at the same time providing much greater, and much needed, protection to individual privacy and civil liberties.
The proposals are based on recommendations made by the president’s five-member Review Group, of which I was a member. To understand why we came up with these suggestions, it is necessary first to understand how the program operates.
Under the telephone metadata program, which was created in 2006, telephone service companies like Sprint, Verizon and AT&T are required to turn over to the NSA, on an ongoing daily basis, huge quantities of telephone metadata involving the phone records of millions of Americans, none of whom are themselves suspected of anything.
Even though the program to-date has functioned properly, history teaches that there is always the risk of another J. Edgar Hoover or Richard Nixon.
The metadata at issue includes information about phone numbers (both called and received), but it does not include any information about the content of the calls or the identities of the participants. Once the NSA has the metadata in its system, it retains it for five years, before destroying it on a rolling basis.
Under rules governing the program, the NSA is authorized to access the telephone data whenever its own analysts find that there are facts giving rise to a reasonable, articulable suspicion (“RAS”) that a particular telephone number (usually outside the United States) is associated with a foreign terrorist organization.
In 2012, the last year for which there is complete data, the NSA “queried” 288 phone numbers, known as “seeds,” each of which was certified by NSA analysts to meet the RAS standard. When a seed phone number is queried, the NSA derives from the database a list of every telephone number that either called or was called by the seed phone number in the past five years. This is known as the “first hop.” For example, if the seed phone number was in contact with 100 different phone numbers in the past five years, the NSA would obtain a list of those 100 phone numbers.
The NSA then seeks to determine whether there is reason to believe that any of those 100 numbers are also associated with a foreign terrorist organization. If so, the query has uncovered a possible connection to a potential terrorist network that merits further investigation. Conversely, if none of the 100 numbers is believed to be associated with possible terrorist activity, there is less reason to be concerned that the potential terrorist is in contact with co-conspirators inside the United States.
In most cases, the NSA makes a second “hop.” That is, it queries the database to obtain a list of every phone number that called or was called by the 100 numbers it obtained in the first hop. Thus, if we assume that the average telephone number calls or is called by 100 phone numbers over the course of a five-year period, then the second hop will produce a list of 10,000 phone numbers (100 x 100) that are two steps away from the seed number that is reasonably believed to be associated with a foreign terrorist organization. If any of those 10,000 phone numbers is also thought to be associated with a terrorist organization, that too is potentially useful information.
In 2012, the NSA’s 288 queries resulted in a total of twelve “tips” to the FBI that called for further investigation. Although this information has sometimes proved useful, there has been no instance in which the information obtained through this program has directly prevented a planned terrorist attack. At the same time, though, it is certainly possible to imagine a situation in which the program might produce highly valuable information that would, in fact, help prevent such an attack.
Our Review Group was appointed by the president last August to advise him on these and related issues. I am pleased—indeed, delighted—to report that the proposed legislation tracks almost perfectly the Review Group’s recommendations.
As the president’s proposed legislation suggests, three specific changes in the telephone metadata program are necessary. First, the NSA will no longer itself hold the vast store of telephone metadata. This is essential, because one of the most serious concerns about this program is that, in the wrong hands, access to this information can wreak havoc on the privacy and civil liberties of Americans.
Even though the program to-date has functioned properly, history teaches that there is always the risk of another J. Edgar Hoover or Richard Nixon. It is essential to limit the potential for abuse. As the Review Group recommended, the proposed legislation would leave all the metadata in the hands of the private telephone companies, rather than allowing the government itself to collect and store it in bulk. This is a critical safeguard.
Second, when the government wants to access the metadata, the proposed legislation would require the NSA to obtain an order from the Foreign Intelligence Surveillance Court, rather than being able to access the information whenever NSA analysts decide that RAS exists. It has long been understood that when government officials who are engaged in the enterprise of ferreting out criminals are given the authority to decide for themselves when to act, their judgment is likely to be affected by their own priorities. For that reason, it is essential for a neutral and detached judge to make the decision whether any particular query is warranted.
Third, instead of requiring the metadata to be retained for five years, the president’s proposed legislation would compel the telephone companies to hold the data for only 18 months. This makes great sense both because the older data is less likely to be useful and because, by limiting the amount of data available, the risks of abuse are limited as well.
The president should be applauded for supporting these reforms. I can say that it was not at all obvious or inevitable that the White House would come to this point. During the course of the Review Group’s deliberations with the White House, serious opposition was raised to these recommendations. It is to the great credit of President Obama and to his senior advisers in the White House that we now have the opportunity to take this critical step forward.