On May 7, just shy of two years after Edward Snowden revealed that the National Security Agency was collecting and searching virtually all of our phone records, the US Court of Appeals for the Second Circuit declared that the once-secret program has been illegal from its inception. The court found that Section 215 of the USA Patriot Act does not in fact authorize the dragnet program, in which the NSA collects and maintains records on virtually every American: whom we call, when we call them, and how long we talk. The decision came as Congress considers whether to amend or renew Section 215 before its sunset on June 1. Both of the current options for reform—to narrow Section 215 under the proposed USA Freedom Act, or to let it expire altogether—would end the agency’s wide-ranging collection of phone records. But neither is sufficient to address the many grave problems that Snowden revealed.
Section 215 authorizes a court to order the disclosure of business records only when they are “relevant to…an authorized investigation [of] international terrorism.” That provision would plainly allow the government to get the phone records of a suspected terrorist or his associates. But the NSA has argued that it should get much more: Everyone’s phone records are “relevant,” it contends, because at some point it might be useful to search them to identify terrorist ties. The court of appeals unanimously rejected the NSA’s reading as “unprecedented and unwarranted.”
The USA Freedom Act would end the phone-data collection program and foreclose the use of other statutes for similar “bulk collection.” It would also improve the process by which the Foreign Intelligence Surveillance Court reviews surveillance requests, by mandating that experienced lawyers appear before the FISC to defend privacy when the government seeks new spying powers. At present, the court meets in secret, with only government lawyers. Perhaps as a result, every FISC judge to review the NSA’s phone-data program approved it—but when it was subjected to adversarial testing, the appeals court unanimously declared it illegal.
The USA Freedom Act has been endorsed by Silicon Valley corporations, human-rights groups, and a broad spectrum of legislators, like Senators Ron Wyden, Pat Leahy, and Mike Lee, and Representatives Jim Sensenbrenner and John Conyers. But don’t mistake this for a new realization by our representatives that privacy matters. The real reason the bill has such wide support, including from the executive branch, is that its reforms are quite modest—and absent reform of some kind, Section 215 may simply expire. The NSA currently collects all our phone records, but because of changes by President Obama last year, it can search them only after it has shown a judge that it has reasonable suspicion that a particular number is linked to terrorism. Under the new law, it would still be able to do that—but phone companies, not the NSA, would store the data. The bill, which would mark the first time Congress has reined in intelligence gathering since 9/11, deserves our support. But this is hardly radical reform.
The USA Freedom Act would leave unchanged most of the NSA’s spying authority. The agency has, for example, recorded the contents of every single phone call for a year in some nations; vacuumed up massive amounts of Internet data on wholly innocent people; and collected the contents of phone calls, e-mails, and Internet activity of millions of others. Because these programs target foreigners overseas, they don’t generate the same level of concern here. But they compromise our rights too, for they routinely intercept communications between US citizens and foreign persons. An e-mail from Poughkeepsie to Peoria may be routed through France without our knowing it, and thus be subject to NSA interception. The Internet knows no borders. So without further reform, our online communications will remain vulnerable.
The most fundamental problem that Snowden revealed was the very obscurity of the NSA’s authority and programs. The agency acts in secret, on the basis of secret interpretations of laws approved by secret courts. As a result, “We the People” are unable to assess whether it’s acting in our interests. The USA Freedom Act nods to this issue by requiring the declassification and summary of surveillance-court orders, where possible, and some reporting on the volume of surveillance requests. But Congress has inexplicably abandoned a requirement that the government tell us how many Americans it collects information on each year—perhaps the most important fact of all. (Imagine the reaction if the NSA, when it began its program in 2006, had to report that it was collecting data on 300 million Americans.) If we remain unaware of the scope of the government’s spying on us, we are unlikely to be able to control it.
Technology has enabled dragnet surveillance on a global scale, and the NSA has been quick to exploit it. If we are to preserve our privacy in the digital age, we must insist on new legal constraints—and the transparency necessary to know whether the reforms we impose are working. Otherwise, the digital tracks of our lives will become ever more transparent to a government that increasingly seeks to keep us in the dark.