Surveillance watchdog concludes metadata program is illegal, “should end”

According to leaked copies of a forthcoming report by the Privacy and Civil Liberties Oversight Board (PCLOB), the government’s metadata collection program "lacks a viable legal foundation under Section 215, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value… As a result, the board recommends that the government end the program."

The metadata program, which compels at least Verizon (and likely other telcos as well) to routinely hand over all phone records to the National Security Agency, was first disclosed as the result of the leak by Edward Snowden in June 2013.

Three of the five members of the board (who are all lawyers) went so far as to declare the entire program illegal. However, the Board does not have the authority to do anything beyond make recommendations to Congress and to the president.

The new excerpts were published by The New York Times and The Washington Post in the early hours of Thursday morning. Both newspapers indicated that they had received complete copies of the highly anticipated 238-page report, but did not publish it in full. PCLOB itself is scheduled to release the report later on Thursday.

The group's report comes about a month after President Barack Obama’s own panel recommended, among other things, that the NSA be no longer in charge of holding its vast collection of telephone metadata. The PCLOB, unlike the president’s Review Group on Intelligence and Communications Technologies, was created by an act of Congress and draws its authority from statute.

"We report to Congress and the president, there’s no clearance process," David Medine, the board’s chairman told Ars in November 2013. "Once [the board] reaches a decision, it just releases the decision rather than going through the White House, the Office of Management and Budget, or the Office of the Director of National Intelligence review process. That’s where the independence lies: there’s no prior review of our work."

The PCLOB’s conclusions of the government’s surveillance practices and the legal theory behind them appear to go much further than the Review Group’s. Its criticisms appear to be the strongest that have come from a government-appointed agency to date. President Obama addressed some of these issues in a major speech last week.

"In a manner that is circular, unlimited in scope"

The report, according to the Times, also acknowledges for the first time that the Foreign Intelligence Surveillance Court "produced no judicial opinion detailing its legal rationale for the program until last August, even though it had been issuing orders to phone companies for the records and to the NSA for how it could handle them since May 2006."

"The Board believes that the Section 215 program has contributed only minimal value in combating terrorism beyond what the government already achieves through these and other alternative means," the report said, according to the Post. "Cessation of the program would eliminate the privacy and civil liberties concerns associated with bulk collection without unduly hampering the government’s efforts, while ensuring that any governmental requests for telephone calling records are tailored to the needs of specific investigations."

According to the Times, the report also agrees with outside analysis, concluding that there is "no instance in which the [metadata] program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack."

The Post also quoted from a section of the report that specifically rejected an argument, frequently made by President Barack Obama and members of his administration, that the metadata program would have been useful had it been available prior to the September 11, 2001 attacks, as it may have ensnared Khalid al-Mihdhar, a known terrorism suspect. Mihdhar was calling a Yemen-based safehouse, but what the NSA did not realize at the time was that he was doing so from San Diego, California.

"The failure to identify Mihdhar’s presence in the United States stemmed primarily from a lack of information sharing among federal agencies, not of a lack of surveillance capabilities," the report said, according to the Post.

The newspaper added that the report notes that in early 2000 the CIA knew Mihdhar had a visa enabling him to enter the United States but did not advise the FBI or watchlist him."... This was a failure to connect the dots, not a failure to connect enough dots."

Further, the Post observed, citing the PCLOB’s report, "the government need not have collected the entire nation’s calling records to identify the San Diego number from which Mihdhar made his calls. It asserted that the government could have used existing legal authorities to request from US phone companies the records of any calls made to or from the Yemen number."

The Post continued:

But the board found that it is impossible that all the records collected—billions daily—could be relevant to a single investigation "without redefining that word in a manner that is circular, unlimited in scope." Moreover, instead of compelling phone companies to turn over records already in their possession, the program requires them to furnish newly generated call data on a daily basis. "This is an approach lacking foundation in the statute," the report said.

"At its core, the approach boils down to the proposition that essentially all telephone records are relevant to essentially all international terrorism investigations," the report said. This approach, it said, "at minimum, is in deep tension with the statutory requirement that items obtained through a Section 215 order be sought for ‘an investigation,’ not for the purpose of enhancing the government’s counterterrorism capabilities generally."

"We don’t have the authority to make people swear an oath."

While the PCLOB was signed into law in 2007, it did not really get going until 2013. The PCLOB’s chairman, David Medine, is a former veteran of the Clinton Administration who previously served as a Federal Trade Commission staffer and has extensive experience fighting identity theft. As we reported previously in November 2013, Medine told Ars that the PCLOB has had no issues with getting information from government officials.

"We’ve had complete cooperation from the administration to date, gotten all information, whether classified or not," he said. "We do have some language in our statute (PDF) about requiring people to appear. The other side is that we do have the authority to seek subpoenas for private sector information but have not felt the need to do [so]."

However, the PCLOB does not disclose whom it speaks with in the government, and those conversations are not official sworn testimony. The conversations are not recorded or transcribed, and the PCLOB does not plan on quoting anyone by name in its future reports.

"We’ve gone out to the agencies to meet in their offices and we’ve had agencies come to our offices," Medine said. "We don’t have the authority to make people swear an oath."

But it does have the authority to request and receive classified material—putting the PCLOB in an unenviable conundrum.

"I think it’s important to recognize that we have the benefit and challenge of dealing with classified information," he added. "We can’t release classified information, but nonetheless we benefit in forming our conclusions. Ultimately, we will issue a public report so the public can learn what we will learn, but it’s likely that we will issue a classified appendix. We will also urge that declassification of some issues or documents that are important in our final report."

As is often the case with classified information, it no doubt sheds light on material that those of us in the general citizenry don’t have access to. Medine said that this expanded knowledge is helpful, but it doesn’t necessarily help the general public’s ability to trust secret government programs.

"As I’ve learned more about the operations, particularly matters that are classified, I have to evaluate what I’ve learned in that light," he said. "A lot of the press accounts have been inaccurate in their scope and operation, but one advantage that we have is that we don’t have to rely on potentially mistaken accounts."