Dutch Ruppersberger Proposes Replacing Bulk Metadata Collections With Targeted Pen Register Searches
from the time-for-the-NSA-to-get-out-of-the-bulk-collection-business dept
One of the ranking members of the House Intelligence Committee has just handed down a rather sensible proposal that would take the "bulk" out of "bulk collection" and allow the records to remain at telcos rather than being stored by the NSA or another third party. (Hint: it's not Mike Rogers.)
The suggestion runs as follows:
The concept, which Rep. C.A. Dutch Ruppersberger (D-Md.) said he is still refining, would require court review of numbers that the phone companies are asked to search against. But it would not call for a requirement that companies hold data longer than they do now…Ruppersberger's proposal (which he says has sprung out of "serious discussions" with Rep. Rogers) retains the RAS (Reasonable Articulable Suspicion) stipulation that currently governs the NSA's searches of the stored metadata, but it does loosen other restraints -- namely, that the searches be constrained to targets of "authorized investigations" and "agents of foreign powers."
Details would have to be worked out, but, he said, the idea would be to send suspect numbers, which a court has deemed to meet the standard, to all phone companies. They would search daily against this list and send back to the NSA any numbers that hit up against the list.
If this sounds all too familiar, there's a reason for that.
Some analysts say that what Ruppersberger appears to be proposing looks very similar to existing authority under the “pen register” provision of the Foreign Intelligence Surveillance Act. That provision enables the government to order a phone company to send back in real-time “dialing” information, such as phone numbers, if the government can show the information sought would be “relevant to an ongoing investigation to protect against international terrorism” or espionage.This pen register concept was thoroughly bastardized by FISC judge Colleen Kollar-Kotelly in 2004 to give the agency permission to use an open-ended (but targeted) surveillance technique as a way to grab every phone record from telcos in three-month chunks (granted in perpetuity by the FISA court).
But the pen register statute hasn't been written off the books. It still exists and is, in fact, still used occasionally by the NSA, which prompts the following question: why bother introducing new legislation and new guidelines? Why not just make the NSA adhere to the existing statute (albeit one not so thoroughly distended by a previous FISA court decision)?
“So the natural way to solve this problem is not by creating a new authority, but by taking the existing authority designed for exactly this purpose, and narrowing it so it can’t be again used for bulk collection,” said Julian Sanchez, a fellow at the CATO Institute and surveillance expert.The problem with new laws is that it adds to the number of exploitable tools the NSA can use. As noted above, this eliminates some of the limits governing the bulk records collection. While arguably better than the unlimited metadata harvesting the NSA has done for most of the last decade, the public would be better served by simply requiring the agency to follow existing pen register statutes, provided, of course, the FISA court restores the definition back to its original form.
It is good to see another legislator pushing the NSA back towards targeted surveillance, something it increasingly abandoned in the wake of the PATRIOT Act, especially one that has the misfortune of working closely with Rep. Mike Rogers.