Dutch Ruppersberger Proposes Replacing Bulk Metadata Collections With Targeted Pen Register Searches

from the time-for-the-NSA-to-get-out-of-the-bulk-collection-business dept

One of the ranking members of the House Intelligence Committee has just handed down a rather sensible proposal that would take the "bulk" out of "bulk collection" and allow the records to remain at telcos rather than being stored by the NSA or another third party. (Hint: it's not Mike Rogers.)

The suggestion runs as follows:

The concept, which Rep. C.A. Dutch Ruppersberger (D-Md.) said he is still refining, would require court review of numbers that the phone companies are asked to search against. But it would not call for a requirement that companies hold data longer than they do now…

Details would have to be worked out, but, he said, the idea would be to send suspect numbers, which a court has deemed to meet the standard, to all phone companies. They would search daily against this list and send back to the NSA any numbers that hit up against the list.
Ruppersberger's proposal (which he says has sprung out of "serious discussions" with Rep. Rogers) retains the RAS (Reasonable Articulable Suspicion) stipulation that currently governs the NSA's searches of the stored metadata, but it does loosen other restraints -- namely, that the searches be constrained to targets of "authorized investigations" and "agents of foreign powers."

If this sounds all too familiar, there's a reason for that.
Some analysts say that what Ruppersberger appears to be proposing looks very similar to existing authority under the “pen register” provision of the Foreign Intelligence Surveillance Act. That provision enables the government to order a phone company to send back in real-time “dialing” information, such as phone numbers, if the government can show the information sought would be “relevant to an ongoing investigation to protect against international terrorism” or espionage.
This pen register concept was thoroughly bastardized by FISC judge Colleen Kollar-Kotelly in 2004 to give the agency permission to use an open-ended (but targeted) surveillance technique as a way to grab every phone record from telcos in three-month chunks (granted in perpetuity by the FISA court).

But the pen register statute hasn't been written off the books. It still exists and is, in fact, still used occasionally by the NSA, which prompts the following question: why bother introducing new legislation and new guidelines? Why not just make the NSA adhere to the existing statute (albeit one not so thoroughly distended by a previous FISA court decision)?
“So the natural way to solve this problem is not by creating a new authority, but by taking the existing authority designed for exactly this purpose, and narrowing it so it can’t be again used for bulk collection,” said Julian Sanchez, a fellow at the CATO Institute and surveillance expert.
The problem with new laws is that it adds to the number of exploitable tools the NSA can use. As noted above, this eliminates some of the limits governing the bulk records collection. While arguably better than the unlimited metadata harvesting the NSA has done for most of the last decade, the public would be better served by simply requiring the agency to follow existing pen register statutes, provided, of course, the FISA court restores the definition back to its original form.

It is good to see another legislator pushing the NSA back towards targeted surveillance, something it increasingly abandoned in the wake of the PATRIOT Act, especially one that has the misfortune of working closely with Rep. Mike Rogers.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Getting aggravated, 13 Mar 2014 @ 4:37pm

    Re: Re: Techdirt site becoming unusable

    The problem has only been in the last two days and the only site that is affected is Techdirt. I have 21 system updates available (using Centos 6.5 and Firefox 24.3.0).

    No updates to my extensions or plugins, no user scripts configured. The problem seems to be with some of the offsite scripts being run, the same two ones. It may be related to the fact of not being in the northern hemi.

    Thanks for the suggestions. I have actually avoided Chrome after one awful experience with it on another machine.

    One can only hope that the problem is fixed soon.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Show Now: Takedown
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories


Email This

This feature is only available to registered users. Register or sign in to use it.