Unnamed Phone Company Challenges NSA's Bulk Records Collection; FISC Says It's Perfectly Legal

from the of-course-they-would dept

Late on Friday, the FISA Court unclassified a few documents, including a ruling on an until now secret attempt by a telco to challenge the latest FISC order demanding that the telco hand over metadata on all phone records under Section 215 of the Patriot Act. The telco’s name is redacted, but it relied entirely on Judge Richard Leon’s ruling from December, which found the bulk collection of phone records unconstitutional. Basically, the telco appears to have received the renewed Section 215 bulk collection order from FISC in January, and then challenged it on the basis of Judge Leon’s ruling. The FISC shoots down that challenge, rejecting Judge Leon’s reasoning, and insisting that bulk collection of phone records is perfectly legal and constitutional.

Turning now to the merits of the Fourth Amendment issue, this Court finds Judge Leon’s analysis in Klayman to be unpersuasive and concludes that it provides no basis for vacating or modifying the Secondary Order issued [REDACTED] January 3, 2014….

FISC, of course, immediately highlights the infamous Smith v. Maryland case that all defenders of bulk collection point to (and which Judge Leon said did not apply here, given the very different circumstances). But, FISC still argues it applies claiming that the differences are “indistinguishable.”

The information [REDACTED] produces to NSA as part of the telephony metadata program is indistinguishable in nature from the information at issue in Smith and its progeny. It includes dialed and incoming telephone numbers and other numbers pertaining to the placing or routing of calls, as well as the date, time and duration of the calls.

That seems disingenuous at best. You need to be willfully distorting the facts to argue that Smith and the bulk data collection programs are “indistinguishable” from one another. Smith involved information on a single person. The bulk collection covers everyone. In fact, Judge Leon himself went through a rather detailed explanation of what “distinguishes” the Smith case from the bulk collection, including the fact that while people may expect phone companies to occasionally provide information to law enforcement on suspects, they do not reasonably expect the telcos to do that on everything from every person.

FISC Judge Rosemary Collyer admits that Judge Leon explained why the two situations are wholly different, but simply disagrees on every distinguishing factor.

This Court respectfully disagrees with Judge Leon’s reasons for deviating from Smith. To begin with, Judge Leon focused largely on what happens (and what could happen) to the telephony metadata after it has been acquired by NSA — e.g., how long the metadata could be retained and how the Government could analyze it using sophisticated technology. Smith and the Supreme Court’s other decisions applying the third-party disclosure principle make clear that this focus is misplaced in assessing whether the production of telephony metadata constitutes a search under the Fourth Amendment.

Smith reaffirmed that the third-party disclosure principle — i.e., the rule that “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties” … applies regardless of the disclosing person’s assumptions or expectations with respect to what will be done with the information following its disclosure.

From there, Judge Collyer goes on to restate the rather expansive view that, under the third party doctrine, basically you have absolutely no 4th Amendment rights whatsoever to anything held by a third party. There’s also this fun tidbit, in which the ruling dismisses the “everyone’s content” vs. “just one target’s content”

The aggregated scope of the collection and the overall size of NSA’s database are immaterial in assessing whether any person’s reasonable expectation of privacy has been violated such that a search under the Fourth Amendment has occurred. To the extent that the quantity of the metadata collected by NSA is relevant, it is relevant only on a user-by-user basis. The pertinent question is whether a particular user has a reasonable expectation of privacy in the telephony metadata associated with her or her own calls. For purposes of determining whether a search under the Fourth Amendment has occurred, it is irrelevant that other users’ information is also being collected and that the aggregate amount acquired is very large.

Basically, even though there is a very big distinguishing factor between collecting one targeted person’s info and everyone’s info, the FISA Court insists that this factor can be ignored, because you have to look at it in terms of each person’s individual situation. That seems like a highly questionable analysis, and a very dangerous “cheat” to hide from the biggest factor that makes the 215 bulk collection orders so different from the situation in Smith.

Even more troubling, is that the FISC seems to argue that phone metadata probably isn’t that revealing anyway — which is clearly bogus. It points to the case that Smith mainly relied upon, the Miller case involving bank records, and argues that phone metadata and bank records are basically the same:

It is far from clear to this Court that even years’ worth of non-content call detail records would reveal more of the details about a telephone user’s personal life than several months’ worth of the same person’s bank records. Indeed, bank records are likely to provide the Government directly with detailed information about a customer’s personal life — e.g., the names of the persons with whom the customer has had financial dealings, the sources of his income, the amounts of money he has spent and on what forms of goods and services, the charities and political organizations that he supports — that the call detail records simply do not, by themselves, provide.

I find it equally questionable that bank record information isn’t considered private, but even if we grant that premise, the rest of the argument makes little sense. In fact, much of the above information may not actually be supplied by bank records, and a person can often use cash to leave no such record. While both records may be quite revealing (beyond what I think the 4th Amendment should allow), given the choice, I’d argue that my phone records are a hell of a lot more revealing and private than my bank records.

FISC also rejects the idea that the Supreme Court’s decision in the Jones case (arguing that GPS tracking may go too far) changes the analysis here. Judge Collyer points out that the rulings that Judge Leon relies on were concurring opinions, but not, technically part of the majority ruling (he basically lumped together Justice Alito and Justice Sotomayor’s rulings, despite each taking slightly different approaches).

In the end, the FISC rejects the attempt by the unnamed telco, and basically says that Judge Leon’s ruling is wrong. Kudos to the nameless telco for actually challenging the Section 215 order. Hopefully we’ll find out soon which telco actually made a move to protect its users’ privacy.

Filed Under: , , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Unnamed Phone Company Challenges NSA's Bulk Records Collection; FISC Says It's Perfectly Legal”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Prove it

It’s been said before, and it bears repeating, that if they’re going to claim that metadata isn’t that revealing, the simplest way for them to back up that statement is to provide their metadata, all of it, and let people dig through it at will, like they believe the NSA should be able to.

After all, if it’s really that harmless, then they have nothing to fear, and if it’s not a violation of privacy either, then they have no reasonable grounds not to provide the data.

That One Guy (profile) says:

Re: can a 3rd party give a privacy guarantee creating a reasonable expectation?

Now that could make for an interesting legal challenge…

Say a company had, as part of their TOS, a clause stating that all the information they stored related to you would be treated as though it was still owned by you, and in your possession. They had to get your permission any time they wanted to use it, they couldn’t hand it over to anyone without your explicit consent, on a case-by-case basis, for all intents and purposes it was still your information.

Then say the NSA or another agency tried their usual ‘Gimme everything’ fishing expeditions, would the company be justified in refusing, baring the presentation of a valid, targeted warrant, on the grounds that their TOS states that it’s not the company’s data, but yours?

JM Hanes (profile) says:

Re: Re: can a 3rd party give a privacy guarantee creating a reasonable expectation?

That would certainly seem to create an expectation of privacy — if everything else in almost every TOS you’d actually care about weren’t specifically focused on getting you to relinquish ownership of any and everything else you might conceivably expect to retain.

Anonymous Coward says:

The information [REDACTED] produces to NSA as part of the telephony metadata program is indistinguishable in nature from the information at issue in Smith and its progeny.

Does anyone else realize how dangerous an idea this is?

They’re basically suggesting that the only qualifying factor in this scenario is the type of information at issue. Not when, how, or why it is obtained, or in what quanities.

Any information that is ever obtainable without a warrant in any way, shape, or form, is obtainable without a warrant in every possible scenario???

Ben (profile) says:

Reasonable Expectation of Privacy

“a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties”

So, if a phone company simply added “by using our phone system you have a reasonable expectation that we will keep any information you provide us private” to your contract, this weaseling around the 4th Amendment might be stopped?

One could hope.

That One Guy (profile) says:

Re: Reasonable Expectation of Privacy

If nothing else it could provide some interesting reading, as the FISA ‘court’ wriggled about a bit before declaring that even if a company guarantees you a ‘reasonable expectation of privacy’ for your data, it doesn’t actually mean you have a ‘reasonable expectation of privacy’ with regards to your data, should a government agency want to go browsing for whatever reason.

avideogameplayer says:

Re: Reasonable Expectation of Privacy

Even if they did, it wouldn’t take the Feds long to drop a house of bricks on any company that would try and protect its users…

Even now the companies don’t give a shit (Verizon) either way, cause they get cushy regulatory laws to screw they’re paying customers and they get money from the Feds in the form of hard drive space, as it were…

So either way, we’re screwed…

Anonymous Coward says:

I give up on the FISC court. Their circular logic is illogical and unconstitutional. There’s a huge difference between targeted pen/traces and bulk unconstitutional spying of all Americans.

Also, I don’t “voluntarily” hand over any information to the phone companies. That’s a “mandatory” requirement if I want to live in the 21st century and have a cell phone.

Next up, bank information doesn’t reveal nearly as much personal information as a cell phone. Credit cards don’t have GPS chips implanted in them, yet, nor do they have a radio transceivers that track your every movement 24/7.

It’s simply a flawed, unconstitutional ruling.

That One Guy (profile) says:

Re: Re:

Please, try not to ever refer to them as the ‘FISA court’, they make all legitimate, open, and unbiased courts look worse simply by existing(or better, depending on your point of view. ‘Sure the local court may be corrupt, but at least it’s not the FISA court!’).

“FISA ‘court'” works okay though I’d say, given the second half of the name is really only true technically.

Anonymous Coward says:

Given the Snowden releases, there is slowly becoming a grass roots ground swell over all this. Earlier today, the revelation that the government is actually starting to have to appeal magistrate denials of bulk sweeping mass privacy invading collections.

They never had a problem up till the public started saying this isn’t right and a violation of the Constitution. This isn’t blowing over like the government had hoped it would. Instead it is going the other way. As it continues, more and more pressure will be brought to bear against the government to discontinue all this mass spying. At this point it isn’t if it will continue but when will the pressure become enough to force the government to obey the will of the people.

Christopher (profile) says:

Well, that’s a peculiar reading. The fourth amendment reads,

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Now, to me, the word particular would, in fact, seem to prohibit bulk searches. My understanding is that that’s why the NYPD can’t get a warrant to search, say, “all of Manhattan.”

It seems to me that you might similarly expect that a warrant seeking “details of all the people you do business with” might be similarly un-particular enough to be a violation of the fourth amendment.

Anonymous Coward says:

Expectation of privacy argument would fly only, if there was an option to block telcos from collecting info. Which can be done with simple software. This option is deliberately blocked for end users, thus, voids an argument. Then, we end up with only scenario available to evil elements: fake judge with fake order.

Quiet Lurcker says:

Re: Re:

I could very easily see that following on to its logical conclusion, thusly:

Having examined the relevant statutes and common law; and the Constitution of the United States, [redacted] does not recognize the legitimacy of the purported court from which this purported order issues: the existence of the court is plainly unconstitutional; its orders are disallowed in that the application for the warrant did not follow the rules of civil procedure (and I would include the statute here – can’t be bothered to look it up); and the warrant itself is unconstitutionally vague and imprecise.

For the above reasons, [redacted] refuses on Fourth Amendment grounds to produce any information which would be responsive to the named order.

On behalf of respondent, [redacted]
signed, Irma Schuyster
Dewey Billim and Howe, attorneys at law.

And file a formal complaint with the local attorney general, and a real court against Uncle S.

David says:

The "Third-Party" claim is a Red Herring

They are basically claiming that requesting data on a “Third Party” doesn’t require as much 4th issues. However, from the TelCo perspective – it’s THEIR data, they are a 1st Party to a request for information that is protected by the 4th, and the fact that it contains information relating to other people is not relevant. Since Citizen’s United essentially agreed a corporation is a “person”, their papers/effects should be equally protected by the 4th and the “3rd Party” suggestion has no legal or constitutional bearing.

Under this guideline, nearly any business data could be requested from any company, if some claim could be made that the actual information sought was about a customer/vendor.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »