Privacy and Civil Liberties Board Considers Three Ways for Congress to Address Controversial Surveillance Program

WASHINGTON, June 1, 2019 – Congress needs a plan for how to proceed when certain provisions of the USA FREEDOM Act, including the controversial call detail records program, expires in December, said speakers at a public forum held by members of the Privacy and Civil Liberties Oversight Board on Friday.

According to Caroline Lynch, former chief counsel of the House Judiciary Subcommittee on Crime, Terrorism, Homeland Security and Investigations, Congress has three options for moving forward. First, they could simply allow Section 215 (the provision involving call detail records) to expire, effectually repealing call detail authority.

However, this would also remove all legislative changes made to the Foreign Intelligence Surveillance Act since 2001, including the specific selection term requirement. Other important provisions that would expire include the roving wiretaps provision and the “lone wolf” amendment.

The second option would be for Congress to revisit the statute and repeal just the section dealing with call detail records, preserving selection term requirements and the relevancy standard. The challenge with this approach is that it would allow for amendments on a variety of other topics. That could be divisive and controversial, especially just before an election year.

Lynch recommended the third option: Straight re-authorization. This would keep the controversial call detail record program on the books. Although likely to be met with opposition, Lynch advised this as the “most politically expedient option.”

The board was established by the Implementing Recommendation of the 9/11 Commission Act of 2007. Although the measure calls for a five-member board, there are three current members: Chairman Adam Klein; Edward Felten a professor at Princeton; and attorney Jane Nitze. The board is responsible to make recommendations to Congress.

Some panelists disagreed with a straight re-authorization

Susan Landau, a cyber security and policy professor at Tufts University, took a different approach. She said it was important to evaluate the efficacy of the call detail program before even considering its impact on privacy. The technical advances and societal changes since 2001 make the program much less helpful today, she said.

One reason for this is that the main terrorist threat has shifted from Al Qaeda to ISIS. Whereas Al Qaeda had tight central control of terrorist attacks, providing training and direction, most ISIS-related attacks within the United States are not specifically coordinated by ISIS operators, making the call records much less relevant.

Additionally, there have been changes in communication modality, with messages increasingly being encrypted. This also makes call detail records less helpful. Landau supported removal that provision.

But George Mason University National Security Institute Executive Director Jamil Jaffer disagreed with this interpretation. Both Al Qaeda and ISIS still present a “huge” terrorist threat, he said. The fact that communication methods have changed highlights the need to “broaden our authorities,” he argued, recommending that Congress reauthorize the act and increase its scope.

Although the call record program has generated both public and congressional suspicion, Jaffer argued that the actual number of queries made is “fairly small,” thus causing minimal impact on the American people.

In all of the years that the USA FREEDOM Act has been in place, there has not been an instance of intentional abuse or misuse of the program, he said, and any mistakes that were made were quickly self-caught, self-reported, and self-corrected.

But the fact that there have been no intentional abuses does not mean that the program always works smoothly. Last year, technical difficulties led to the NSA collecting information that it was not authorized to hold. In response to this, the agency deleted all of their stored call detail records.

Some urge the call detail records program to ‘quietly die’

According to Cato Institute Senior Fellow Julian Sanchez, this unauthorized collection of information was one reason that the program should be allowed to “quietly die.” In addition, retaining large quantities of data for no purpose presents an inherent security risk.

One of the main questions discussed on Friday was why 19 million unique records were collected from just over 40 initial targets.

Lynch explained that the discrepancy between these figures is indicative of how individuals use telecommunication technologies today. The NSA is allowed to collect records for individuals up to two times removed from targets, creating exponential growth in the total number of records. Without this “two hops” rule, the effectiveness of the program would be “greatly diminished,” according to Jonathan Mayer, a professor of computer science and public affairs at Princeton University.

Jaffer suggested that the relatively low number of initial targets demonstrated the inability of the intelligence community to identify and investigate potential threats under the current laws, which he said should be “maintained and expanded.” He also assured board members that the large number of records collected should not be a cause for concern, as the records contain only metadata, which he termed “the most privacy protected” method of data collection.

However, Mayer cited his own 2016 study on the privacy properties of telephone metadata to refute this claim. The study collected telephone records of several individuals and utilized machine learning algorithms and manual analysis to match identities to phone numbers as well as making “remarkably precise inferences” about many aspects of the subjects’ lives.

Mayer also discussed a potential issue with the current call detail records program, explaining that certain numbers disproportionately communicate with other individuals. These numbers are unlikely to produce helpful information, but could potentially contain a large volume of sensitive records. Mayer highlighted the importance of finding a way to avoid collecting data from this type of number.

Former General Counsel for the House Intelligence Committee Michael Bahar pointed out that in the past five years, the potential dangers of misusing personal data have become more readily apparent, and that technology has advanced to the point where “disparate pieces of information can be readily put together to form whole pictures of individuals.”

He said that the value of call detail records to intelligence agencies is going down even as the potential risks of collecting this information increase. The publicity surrounding the USA FREEDOM Act means that terrorists likely know to communicate through several degrees of separation or through encrypted applications.

(Photo of the Privacy and Civil Liberties Oversight Board meeting by Emily McPhie.)