On January 17, 2014, President Obama gave a speech at the Department of Justice on his Administration’s review of certain intelligence activities. During this speech, he ordered a transition that would end the Section 215 bulk telephony metadata program as it previously existed and establish a new mechanism to preserve the capabilities we need without the government holding this bulk metadata. The President made clear that he was ordering this transition to give the public greater confidence that their privacy is appropriately protected, while maintaining the tools our intelligence and law enforcement agencies need to keep us safe. This fact sheet describes the steps the Administration has taken to implement this transition, details the President’s proposal for a new program to replace the Section 215 program, and outlines the steps the Administration will be taking in the near future to realize the President’s vision.
Ending the Section 215 Bulk Telephony Metadata Program as it Existed
On January 17, 2014, the President directed the first step in the transition of the Section 215 program; that the Department of Justice (DOJ) to seek to modify the program to ensure that:
- Absent an emergency situation, the government can query the telephony metadata collected pursuant to the program only after a judge approves the use of specific numbers for such queries based on national security concerns; and
- The results of any query are limited to metadata within two hops of the selection term being used, instead of three.
On February 5, 2014, the Foreign Intelligence Surveillance Court (FISC) approved the government’s request to modify the program.
The President’s Proposal to Replace the Section 215 Program
For the second step in the transition, the President instructed the Attorney General and the Intelligence Community (IC) to develop options for a new program that could match the capabilities and fill the gaps that the Section 215 metadata program was designed to address without the government holding the bulk telephony metadata records. The President further instructed the Attorney General and the IC to report back to him with options for alternative approaches before the program comes up for reauthorization by the FISC on March 28th.
Consistent with this directive, DOJ and the IC developed options designed to meet the criteria the President laid out in his speech — to preserve the capabilities we need without the government holding this metadata. The Administration has also consulted with Congress, the private sector, privacy and civil liberties groups, and other interested groups.
On the basis of these consultations, and after having carefully considered the available options, the President has decided on a proposal that will, with the passage of appropriate legislation, allow the government to end bulk collection of telephony metadata records under Section 215, while ensuring that the government has access to the information it needs to meet its national security requirements. Under the President’s proposal, a new program would be created with the following key attributes:
- the government will not collect these telephone records in bulk; rather, the records would remain at the telephone companies for the length of time they currently do today;
- absent an emergency situation, the government would obtain the records only pursuant to individual orders from the FISC approving the use of specific numbers for such queries, if a judge agrees based on national security concerns; (Trevor Timm: “Will DOJ’s media guidelines apply to Obama’s new NSA plan? Because ‘national security concerns’ is a giant loophole.”)
- the records provided to the government in response to queries would only be within two hops of the selection term being used, and the government’s handling of any records it acquires will be governed by minimization procedures approved by the FISC;
- the court-approved numbers could be used to query the data over a limited period of time without returning to the FISC for approval, and the production of records would be ongoing and prospective; and
- the companies would be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.
The President believes that this approach will best ensure that we have the information we need to meet our intelligence requirements while enhancing public confidence in the manner in which this information is collected and held.
Legislation will be needed to implement the President’s proposal. The Administration has been in consultation with congressional leadership and members of the Intelligence and Judiciary Committees on this important issue throughout the last year, and we look forward to continuing to work with Congress to pass a bill that achieves the goals the President has put forward. Given that this legislation will not be in place by March 28 and given the importance of maintaining the capabilities in question, the President has directed DOJ to seek from the FISC a 90-day reauthorization of the existing program, which includes the substantial modifications in effect since February.
A senior administration official indicated that the legal standard by which the court could order phone companies to turn over customer data would be a “reasonable articulable suspicion” of a phone number’s connection to terrorism or espionage. That is a lower threshold than relevance to an ongoing terror investigation, the language of Section 215 of the Patriot Act, the current authorisation the administration claims for bulk domestic phone data collection.
Although officials explaining the policy on a conference call with reporters said they wanted the government to no longer “hold” the data, they did not unveil any changes to the NSA’s so-called “corporate store” of analysed phone records. That store, according to the government’s official privacy and civil liberties watchdog, contains tens of millions of phone numbers, and analysts do not face any restrictions on searching through it.
Caitlin Hayden, a spokeswoman for the National Security Council, clarified that the FISA Court will approve a new set of minimisation procedures to provide privacy protections around the use, retention and dissemination of phone data.
“The details of where the data would be stored and accessed once it is received would be governed by those minimization procedures, just as minimisation procedures currently govern how we handle the data,” Hayden said.
Nor did the administration outline any changes to its consideration of privacy rights for non-Americans abroad, something Obama said in his January speech the NSA needed to consider.
How NSA Would Get Phone Data Under Obama Administration’s New Plan
One of the key points in the “fact sheet” that the White House published today about its plan to end the NSA’s bulk collection of phone record data is that while the NSA will no longer have possession of phone data, it will still have access to it. Under the newly proposed program, the White House document notes, the NSA would still have the ability to request data without a new court order in an emergency, and “[telecommunications] companies would be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.”
In order to be able to live up to that mandate and deliver datasets for all numbers that are two “hops” from a specified phone number in a “timely manner,” one of two things would have to happen: telecom companies would have to have the capability to perform the same sort of analytic searches that the NSA currently performs with its Mainway database onsite; or the NSA would have to be able to make its own index of telco databases that would allow it to perform such searches. And while in either scenario the data available to the NSA would be a much smaller amount than what the agency currently retains (5 years’ worth), it would still give the NSA the ability to request large swaths of phone record data.
As I mentioned in my analysis of NSA’s “three hop” rule, two degrees of separation can cover a significant number of people. For example, if the average person were to have casual contact (such as by phone) with 1,000 people, anyone in the US would be separated by two hops at most. And a hop isn’t just a degree of separation; when an NSA official said the agency looks at “two to three hops” through phone records, that means that all of the phone contacts kept by the person that’s two to three hops away are checked.
Phone companies generally don’t store it in a way that is indexed for this sort of search. They’re usually done using an entity-relationship model database like Facebook’s Open Graph, Google’s Knowledge Graph, or the Palantir data analysis platform. These databases allow a search to follow down a chain of relationships from a given starting point (which is how Facebook tracks who’s in your network of “friends of friends” and determines who sees your information).
So, let’s say that the new phone metadata plan requires the phone companies to do that tracking themselves and to provide just the search results for specific queries against that data to the NSA. That would mean that they need to keep an entity database for all the calls they see crossing their networks, identifying each number involved as a node in the network and tracking all the other nodes that each connects to at least two hops out. If telcos are required to build these databases, they will essentially become miniature NSAs unto themselves; instead of waiting for bulk data dumps, NSA will be able to send either court-authorized or emergency queries to the phone companies and get nice tidy data sets piped back to them quickly. We’ll also need to pay much closer attention to the privacy statements for our “friends and family” plans, because the telcos own this data, and they are being told they have to relationship-index it, so they’ll inevitably try to find ways to use the capability to defray the cost of running that infrastructure.
The second route is to have the NSA own the hardware that stores an index of the data at each company, while the data itself still resides at the telcos. While this might sound more intrusive, it actually could boost privacy if done correctly, since the relationship data could be created and stored without having the phone numbers in question available.
Here’s how that would work: the NSA would run an analytical engine against the data stores of each phone company, but it would store pointers to the actual data in the entity structure rather than the phone numbers themselves. That pointer could be an encrypted version of the phone number, or a value created by a “hash” of the number or other data. As a result, the NSA relationship database would be useless by itself and could only be used to find the actual phone records associated with a number when given authorization by a court order (or in an emergency, by the phone company itself).
The biggest sticking point may be what a “timely manner” means. If the NSA requires the data in a matter of hours, that would mean NSA analysts would essentially need a live connection to the telcos’ data warehouses. Otherwise, it may mean the query results get delivered the old-fashioned way: on tape.
Marcy Wheeler Analysis:
Edward Snowden Statement via ACLU:
“I believed that if the NSA’s unconstitutional mass surveillance of Americans was known, it would not survive the scrutiny of the courts, the Congress, and the people.
The very first open and adversarial court to ever judge these programs has now declared them ‘Orwellian’ and ‘likely unconstitutional.’ In the USA FREEDOM Act, Congress is considering historic, albeit incomplete reforms. And President Obama has now confirmed that these mass surveillance programs, kept secret from the public and defended out of reflex rather than reason, are in fact unnecessary and should be ended.
This is a turning point, and it marks the beginning of a new effort to reclaim our rights from the NSA and restore the public’s seat at the table of government.”
As for the substantive reform, the fact that the President is now compelled to pose as an advocate for abolishing this program – the one he and his supporters have spent 10 months hailing – is a potent vindication of Edward Snowden’s acts and the reporting he enabled. First, a federal court found the program unconstitutional. Then, one of the President’s own panels rejected the NSA’s claim that it was necessary in stopping terrorism, while another explicitly found the program illegal. And now the President himself depicts himself as trying to end it. Whatever test exists for determining whether “unauthorized” disclosures of classified information are justified, Snowden’s revelations pass the test with ease. That President Obama now proclaims the need to end a domestic spying program that would still be a secret in the absence of Snowden’s whistleblowing proves that quite compellingly.