Opinion: What Congress gets wrong about NSA surveillance practices

As Congress battles over surveillance reform, it's important to remember that the Patriot Act's controversial Section 215, which justified National Security Agency collection of phone records, is also an essential investigative tool for the US intelligence community.

Surveillance

The heated debate in Congress about whether to reauthorize Section 215 of the Patriot Act has focused mainly on the National Security Agency's bulk collection of telephone records ever since details of that program were leaked to the press. 

As a member of the Privacy and Civil Liberties Oversight Board, an independent federal oversight agency, I extensively reviewed that program, including still-classified information about how it works. I believe it is critical that whatever Congress decides, this debate should be based on solid facts rather than rhetoric. Many important facts and considerations have, unfortunately, not received sufficient attention.

First, the question before Congress is not whether to reauthorize or prohibit the bulk telephone records program that has garnered so much attention. It is whether to reauthorize Section 215 itself. This authority was enacted after 9/11 to remedy the problem that officers conducting foreign intelligence investigations of international terrorism and espionage did not have a basic investigative tool available even in ordinary criminal investigations. The telephone records program conducted by the NSA is only one application of that authority. If Congress allows Section 215 to expire, it will not just eliminate that program; it will do away entirely with an essential investigative tool.

Because the telephone records program is so widely misunderstood, it is important to remember that it concerns only telephone “metadata” – that is, which phone number called which number at what time and for how long. It does not involve listening to or recording any call. It does not collect cell site information that could pinpoint the location from which a cellphone call was made. And it has nothing to do with e-mail or other Internet communications. It consists of telephone numbers with no names attached. Once this data is collected, it is stored in a database that may be searched only by a handful of trained employees, and even they may search it only after a judge has determined that there is evidence connecting a specific phone number to terrorism. 

The debate about this program is important, and reasonable people differ on whether its benefits outweigh its privacy impacts. But if the goal is to do away with this program, legislation is unnecessary. The president could unilaterally end the program today without any action by Congress. This would be simpler and have fewer unintended consequences than passing legislation that permanently removes this investigative tool from the toolbox and tinkers with a number of other important counterterrorism tools.

While it has been argued that the USA Freedom Act would both preserve the program’s core and mitigate privacy concerns by moving the storage of data from the government to the telephone companies, there are real questions about whether it would either preserve the program or protect privacy. Under the bill, for the government to access telephone records, it would have to obtain and serve separate court orders for every telephone company, which would be slower and less efficient than asking the court’s permission to search one database. And even if the government obtained multiple court orders in time, the data might not be available, because the pending bills do not require the telephone companies to keep it. The only existing retention requirement is a telecommunications regulation that covers a limited subset of records.

To ensure that data held by the companies would be available to the government in response to a court order, Congress would have to require the companies to retain it for a specific period of time. But this would raise a host of additional policy concerns. Data held by the companies is not subject to the many protections afforded by the current program, in which the government stores the metadata in a special database that may only be searched by a small number of trained employees, for very limited purposes, and only with judicial permission. The current program is also subject to multiple levels of executive, judicial, and congressional oversight. Applying these restrictions and oversight mechanisms to the private sector would require imposing a complex and onerous regulatory structure.

A recent court of appeals decision finding that the telephone metadata program went beyond what the statute authorized does not relieve Congress of its obligation to grapple with these serious policy questions. It represents the opinion of one court that Section 215 as enacted did not authorize the bulk program. Many other judges have reached the opposite conclusion. Of course, Congress – not the courts – writes statutes and has the power to authorize the program, ratify the program through a clean reauthorization of the statute, or prohibit the program, as it sees fit.

This debate is among the most important questions facing Congress, and the legislative clock is ticking. However Congress deals with these questions, I hope its decisions will be based on a clear understanding of all the facts.

The Hon. Rachel L. Brand is a member of the US Privacy and Civil Liberties Oversight Board. The views expressed above are her own and do not represent the views of the board or any other board member. Previously, Ms. Brand served as assistant attorney general for legal policy and as an associate counsel to President George W. Bush. She was a law clerk to Justice Anthony Kennedy of the US Supreme Court.