Unnamed Phone Company Challenges NSA's Bulk Records Collection; FISC Says It's Perfectly Legal

from the of-course-they-would dept

Late on Friday, the FISA Court unclassified a few documents, including a ruling on an until now secret attempt by a telco to challenge the latest FISC order demanding that the telco hand over metadata on all phone records under Section 215 of the Patriot Act. The telco's name is redacted, but it relied entirely on Judge Richard Leon's ruling from December, which found the bulk collection of phone records unconstitutional. Basically, the telco appears to have received the renewed Section 215 bulk collection order from FISC in January, and then challenged it on the basis of Judge Leon's ruling. The FISC shoots down that challenge, rejecting Judge Leon's reasoning, and insisting that bulk collection of phone records is perfectly legal and constitutional.
Turning now to the merits of the Fourth Amendment issue, this Court finds Judge Leon's analysis in Klayman to be unpersuasive and concludes that it provides no basis for vacating or modifying the Secondary Order issued [REDACTED] January 3, 2014....
FISC, of course, immediately highlights the infamous Smith v. Maryland case that all defenders of bulk collection point to (and which Judge Leon said did not apply here, given the very different circumstances). But, FISC still argues it applies claiming that the differences are "indistinguishable."
The information [REDACTED] produces to NSA as part of the telephony metadata program is indistinguishable in nature from the information at issue in Smith and its progeny. It includes dialed and incoming telephone numbers and other numbers pertaining to the placing or routing of calls, as well as the date, time and duration of the calls.
That seems disingenuous at best. You need to be willfully distorting the facts to argue that Smith and the bulk data collection programs are "indistinguishable" from one another. Smith involved information on a single person. The bulk collection covers everyone. In fact, Judge Leon himself went through a rather detailed explanation of what "distinguishes" the Smith case from the bulk collection, including the fact that while people may expect phone companies to occasionally provide information to law enforcement on suspects, they do not reasonably expect the telcos to do that on everything from every person.

FISC Judge Rosemary Collyer admits that Judge Leon explained why the two situations are wholly different, but simply disagrees on every distinguishing factor.
This Court respectfully disagrees with Judge Leon's reasons for deviating from Smith. To begin with, Judge Leon focused largely on what happens (and what could happen) to the telephony metadata after it has been acquired by NSA -- e.g., how long the metadata could be retained and how the Government could analyze it using sophisticated technology. Smith and the Supreme Court's other decisions applying the third-party disclosure principle make clear that this focus is misplaced in assessing whether the production of telephony metadata constitutes a search under the Fourth Amendment.

Smith reaffirmed that the third-party disclosure principle -- i.e., the rule that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties" ... applies regardless of the disclosing person's assumptions or expectations with respect to what will be done with the information following its disclosure.
From there, Judge Collyer goes on to restate the rather expansive view that, under the third party doctrine, basically you have absolutely no 4th Amendment rights whatsoever to anything held by a third party. There's also this fun tidbit, in which the ruling dismisses the "everyone's content" vs. "just one target's content"
The aggregated scope of the collection and the overall size of NSA's database are immaterial in assessing whether any person's reasonable expectation of privacy has been violated such that a search under the Fourth Amendment has occurred. To the extent that the quantity of the metadata collected by NSA is relevant, it is relevant only on a user-by-user basis. The pertinent question is whether a particular user has a reasonable expectation of privacy in the telephony metadata associated with her or her own calls. For purposes of determining whether a search under the Fourth Amendment has occurred, it is irrelevant that other users' information is also being collected and that the aggregate amount acquired is very large.
Basically, even though there is a very big distinguishing factor between collecting one targeted person's info and everyone's info, the FISA Court insists that this factor can be ignored, because you have to look at it in terms of each person's individual situation. That seems like a highly questionable analysis, and a very dangerous "cheat" to hide from the biggest factor that makes the 215 bulk collection orders so different from the situation in Smith.

Even more troubling, is that the FISC seems to argue that phone metadata probably isn't that revealing anyway -- which is clearly bogus. It points to the case that Smith mainly relied upon, the Miller case involving bank records, and argues that phone metadata and bank records are basically the same:
It is far from clear to this Court that even years' worth of non-content call detail records would reveal more of the details about a telephone user's personal life than several months' worth of the same person's bank records. Indeed, bank records are likely to provide the Government directly with detailed information about a customer's personal life -- e.g., the names of the persons with whom the customer has had financial dealings, the sources of his income, the amounts of money he has spent and on what forms of goods and services, the charities and political organizations that he supports -- that the call detail records simply do not, by themselves, provide.
I find it equally questionable that bank record information isn't considered private, but even if we grant that premise, the rest of the argument makes little sense. In fact, much of the above information may not actually be supplied by bank records, and a person can often use cash to leave no such record. While both records may be quite revealing (beyond what I think the 4th Amendment should allow), given the choice, I'd argue that my phone records are a hell of a lot more revealing and private than my bank records.

FISC also rejects the idea that the Supreme Court's decision in the Jones case (arguing that GPS tracking may go too far) changes the analysis here. Judge Collyer points out that the rulings that Judge Leon relies on were concurring opinions, but not, technically part of the majority ruling (he basically lumped together Justice Alito and Justice Sotomayor's rulings, despite each taking slightly different approaches).

In the end, the FISC rejects the attempt by the unnamed telco, and basically says that Judge Leon's ruling is wrong. Kudos to the nameless telco for actually challenging the Section 215 order. Hopefully we'll find out soon which telco actually made a move to protect its users' privacy.

Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    That One Guy (profile), Apr 25th, 2014 @ 3:43pm

    Prove it

    It's been said before, and it bears repeating, that if they're going to claim that metadata isn't that revealing, the simplest way for them to back up that statement is to provide their metadata, all of it, and let people dig through it at will, like they believe the NSA should be able to.

    After all, if it's really that harmless, then they have nothing to fear, and if it's not a violation of privacy either, then they have no reasonable grounds not to provide the data.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 25th, 2014 @ 4:27pm

      Re: Prove it

      look at it differently, If the metadata is so harmless and reveals nothing of importance, why do they want it?

      what is not said is more often (and in this case) more revealing, than what is actually said.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    That One Guy (profile), Apr 25th, 2014 @ 3:44pm

    Also, typo

    'So this interesting'

    I imagine that's supposed to be 'So this is interesting'.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    x, Apr 25th, 2014 @ 4:38pm

    can a 3rd party give a privacy guarantee creating a reasonable expectation?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Apr 25th, 2014 @ 4:51pm

      Re: can a 3rd party give a privacy guarantee creating a reasonable expectation?

      Now that could make for an interesting legal challenge...

      Say a company had, as part of their TOS, a clause stating that all the information they stored related to you would be treated as though it was still owned by you, and in your possession. They had to get your permission any time they wanted to use it, they couldn't hand it over to anyone without your explicit consent, on a case-by-case basis, for all intents and purposes it was still your information.

      Then say the NSA or another agency tried their usual 'Gimme everything' fishing expeditions, would the company be justified in refusing, baring the presentation of a valid, targeted warrant, on the grounds that their TOS states that it's not the company's data, but yours?

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        JM Hanes (profile), Apr 25th, 2014 @ 5:55pm

        Re: Re: can a 3rd party give a privacy guarantee creating a reasonable expectation?

        That would certainly seem to create an expectation of privacy -- if everything else in almost every TOS you'd actually care about weren't specifically focused on getting you to relinquish ownership of any and everything else you might conceivably expect to retain.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 25th, 2014 @ 4:42pm

    The information [REDACTED] produces to NSA as part of the telephony metadata program is indistinguishable in nature from the information at issue in Smith and its progeny.


    Does anyone else realize how dangerous an idea this is?

    They're basically suggesting that the only qualifying factor in this scenario is the type of information at issue. Not when, how, or why it is obtained, or in what quanities.

    Any information that is ever obtainable without a warrant in any way, shape, or form, is obtainable without a warrant in every possible scenario???

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Apr 25th, 2014 @ 4:53pm

      Re:

      'The ends justify the means', 'It doesn't matter how you get the data, only what data you get', yeah, assuming that is indeed what they mean, that's a very worrisome argument there, though sadly fairly expected, coming as it were from the NSA's pet judges.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 25th, 2014 @ 4:58pm

    Mass invasion of a city by militarized forces is irrelevant because it is relevant only on a soldier-by-soldier basis.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ben (profile), Apr 25th, 2014 @ 5:00pm

    Reasonable Expectation of Privacy

    "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties"
    So, if a phone company simply added "by using our phone system you have a reasonable expectation that we will keep any information you provide us private" to your contract, this weaseling around the 4th Amendment might be stopped?

    One could hope.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Apr 25th, 2014 @ 5:20pm

      Re: Reasonable Expectation of Privacy

      If nothing else it could provide some interesting reading, as the FISA 'court' wriggled about a bit before declaring that even if a company guarantees you a 'reasonable expectation of privacy' for your data, it doesn't actually mean you have a 'reasonable expectation of privacy' with regards to your data, should a government agency want to go browsing for whatever reason.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      avideogameplayer, Apr 25th, 2014 @ 5:24pm

      Re: Reasonable Expectation of Privacy

      Even if they did, it wouldn't take the Feds long to drop a house of bricks on any company that would try and protect its users...

      Even now the companies don't give a shit (Verizon) either way, cause they get cushy regulatory laws to screw they're paying customers and they get money from the Feds in the form of hard drive space, as it were...

      So either way, we're screwed...

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    JM Hanes (profile), Apr 25th, 2014 @ 6:09pm

    Revelations

    "I'd argue that my phone records are a hell of a lot more revealing and private than my bank records."

    Is that point even arguable any more? There's enough research in circulation now to make that proposition look more like an established fact. Is there a judicial equivalent to Ivory Tower oblivion?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 25th, 2014 @ 6:39pm

    I give up on the FISC court. Their circular logic is illogical and unconstitutional. There's a huge difference between targeted pen/traces and bulk unconstitutional spying of all Americans.

    Also, I don't "voluntarily" hand over any information to the phone companies. That's a "mandatory" requirement if I want to live in the 21st century and have a cell phone.

    Next up, bank information doesn't reveal nearly as much personal information as a cell phone. Credit cards don't have GPS chips implanted in them, yet, nor do they have a radio transceivers that track your every movement 24/7.

    It's simply a flawed, unconstitutional ruling.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Apr 25th, 2014 @ 7:02pm

      Re:

      Please, try not to ever refer to them as the 'FISA court', they make all legitimate, open, and unbiased courts look worse simply by existing(or better, depending on your point of view. 'Sure the local court may be corrupt, but at least it's not the FISA court!').

      "FISA 'court'" works okay though I'd say, given the second half of the name is really only true technically.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous, Apr 26th, 2014 @ 5:32pm

      Re:

      According to a letter published in "2600" magazine, Wal-Mart has facial recognition technology, and whenever a purchase is made by credit card or check, they match the name and other info to the face. This data can then be purchased by the government.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous, Apr 26th, 2014 @ 5:35pm

        Re: Re:

        That same letter says that they also have RFID chips implanted in certain articles of clothing and can track your movements around the store (although with cameras everywhere and facial recognition technology that seems like overkill).

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 25th, 2014 @ 6:57pm

    So if the NSA let certain third-party contractors handle their data, they have no expectation of privacy in that data and cannot complain if they leaked it, right?

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Namel3ss (profile), Apr 25th, 2014 @ 7:44pm

    Armed revolution. It's beginning to look like nothing less will be sufficient to deal with the abject corruption of our government today.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Apr 25th, 2014 @ 8:51pm

      Re:

      This is what I keep coming back to.

      But when it comes right down to it, revolutions take leaders, and we're lacking. There needs to be a polarizing figure to head a revolt.

      I barely know anyone who pays attention, let alone anyone willing to fight.

      So what's to be done?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 25th, 2014 @ 9:29pm

        Re: Re:

        Actually, in this day and age, there doesn't really have to be a leader, just a group of people with like cause.

        Look at "groups" such as Anonymous - they accomplish a lot in nameless, leaderless fashion, and frankly, it scares the fuck out of governments around the world.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Apr 26th, 2014 @ 2:03am

        Re: Re:

        There needs to be a polarizing figure to head a revolt.

        Be very careful in what you wish for, see the history of people like Hitler, Stalin, Mao, Pole Pot etc. They were all polarising leaders.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous, Apr 26th, 2014 @ 5:38pm

        Re: Re:

        I nominate Miles Matheson!

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 25th, 2014 @ 8:52pm

    Given the Snowden releases, there is slowly becoming a grass roots ground swell over all this. Earlier today, the revelation that the government is actually starting to have to appeal magistrate denials of bulk sweeping mass privacy invading collections.

    They never had a problem up till the public started saying this isn't right and a violation of the Constitution. This isn't blowing over like the government had hoped it would. Instead it is going the other way. As it continues, more and more pressure will be brought to bear against the government to discontinue all this mass spying. At this point it isn't if it will continue but when will the pressure become enough to force the government to obey the will of the people.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 25th, 2014 @ 11:33pm

    they do not reasonably expect the telcos to do that on everything from every person. ..........24/7

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Rekrul, Apr 26th, 2014 @ 1:37am

    If metadata isn't that revealing, why are the intelligence agencies working so hard to keep collecting it?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 26th, 2014 @ 1:48am

    the judges are going to reject this sort of claim because doing otherwise would make so many of the previous cases decisions (basically all of them) sound bad

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Christopher, Apr 26th, 2014 @ 2:32am

    Well, that's a peculiar reading. The fourth amendment reads,

    "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

    Now, to me, the word particular would, in fact, seem to prohibit bulk searches. My understanding is that that's why the NYPD can't get a warrant to search, say, "all of Manhattan."

    It seems to me that you might similarly expect that a warrant seeking "details of all the people you do business with" might be similarly un-particular enough to be a violation of the fourth amendment.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous but Wise, Apr 26th, 2014 @ 5:59am

    Maybe not a third party

    How about all the people who own stock in the Telco? Surely for them, the Telco cannot be considered a third party anymore, since they are part-owners of the Telco.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Apr 26th, 2014 @ 7:23am

    Expectation of privacy argument would fly only, if there was an option to block telcos from collecting info. Which can be done with simple software. This option is deliberately blocked for end users, thus, voids an argument. Then, we end up with only scenario available to evil elements: fake judge with fake order.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Quiet Lurcker, Apr 26th, 2014 @ 9:11am

      Re:

      I could very easily see that following on to its logical conclusion, thusly:

      Having examined the relevant statutes and common law; and the Constitution of the United States, [redacted] does not recognize the legitimacy of the purported court from which this purported order issues: the existence of the court is plainly unconstitutional; its orders are disallowed in that the application for the warrant did not follow the rules of civil procedure (and I would include the statute here - can't be bothered to look it up); and the warrant itself is unconstitutionally vague and imprecise.

      For the above reasons, [redacted] refuses on Fourth Amendment grounds to produce any information which would be responsive to the named order.

      On behalf of respondent, [redacted]
      signed, Irma Schuyster
      Dewey Billim and Howe, attorneys at law.

      And file a formal complaint with the local attorney general, and a real court against Uncle S.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    David, Apr 26th, 2014 @ 8:57pm

    The "Third-Party" claim is a Red Herring

    They are basically claiming that requesting data on a "Third Party" doesn't require as much 4th issues. However, from the TelCo perspective - it's THEIR data, they are a 1st Party to a request for information that is protected by the 4th, and the fact that it contains information relating to other people is not relevant. Since Citizen's United essentially agreed a corporation is a "person", their papers/effects should be equally protected by the 4th and the "3rd Party" suggestion has no legal or constitutional bearing.

    Under this guideline, nearly any business data could be requested from any company, if some claim could be made that the actual information sought was about a customer/vendor.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Just Another Anonymous Troll, Apr 28th, 2014 @ 7:19am

    Government declares government's surveillance legal.
    Where exactly is my 'oversight'? Is it where you guys sent the Fourth Amendment too?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anymouse, May 6th, 2014 @ 6:30am

    Since these judges believe that you have no expectation of privacy for ANY information given to a third party, perhaps the telcos should just post the judges' information online to give them a little taste of just how intrusive such a ruling truly is.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.