The NSA’s Utah Data Center, seen here in November 2019.Photo: George Frey/AFP (Getty Images)
The National Security Agency’s program to hoover up details on billions of domestic phone calls and text messages in the U.S. was illegal, a federal appeals court ruled on Wednesday, and was probably an unconstitutional abuse of power.
Per Politico, the findings were unanimously handed down in a 9th Circuit Court of Appeals case concerning the 2013 conviction of four Somali immigrants of fundraising for terrorist organizations, which involved bulk data collected by the NSA and has taken most of the last decade to resolve. The court found that the metadata did not play a significant role in the case and upheld the convictions of Basaaly Moalin and three co-defendants. Judge Marsha Berzon wrote in the court’s ruling, however, that the NSA’s indiscriminate harvesting of phone records violated the Foreign Intelligence Surveillance Act, as well as hinted that it was unconstitutional.
The NSA’s “bulk collection” of phone records was one of the intelligence programs former CIA contractor Edward Snowden leaked to the media in 2013—showing that top U.S. intelligence officials had lied to the public that the NSA hadn’t been stockpiling data on Americans at all. For the duration of the program, the NSA obtained extensive records from telecommunication companies like Verizon, including metadata such as call location and duration, the numbers of the parties involved. The NSA also had access to text message metadata, such as the number of characters in a text. When paired with other information, the metadata could be quite revealing as to the behavior and habits of targeted individuals.
The Department of Justice argued in the case decided on Wednesday that such collection did not amount to a search because those targeted implicitly agreed to share data with providers. Berzon shot down that argument, agreeing with a 2015 ruling that the mass surveillance wasn’t actually tied to specific investigations. She also found the government withheld information about the source of the metadata from the defendants.
“Here the NSA collected Moalin’s (and millions of other Americans’) telephony metadata on an ongoing, daily basis for years,” Berzon wrote. “Moalin likely had a reasonable expectation of privacy in his telephony metadata—at the very least, it is a close question.”
George W. Bush started the program without court authorization in 2001. At first, the NSA issued the records demands, but in 2006, the Foreign Intelligence Surveillance Court began ordering companies to comply based on a legally dubious interpretation of Section 215 of the Patriot Act. The records ostensibly stayed in the hands of phone companies until the NSA had use for them, but at its height, the agency was harvesting billions of entries a day. The 2015 USA Freedom Act killed the program, but the NSA didn’t stop collecting data—it was simply required to submit specific queries rather than suck up everything by default. The Freedom Act, however, also allowed the NSA to request metadata from anyone a targeted individual had been in contact with, allowing it to collect over 534 million U.S. call and text records from just 42 targets in 2017 alone.
In 2019, it was reported that the NSA had discovered major problems with the data provided by telecom companies and had grown cold to the program’s “operational value,” largely discontinuing it.
Director of National Intelligence Dan Coats nonetheless urged Congress last year, when the Freedom Act was set to expire, to renew its Section 215 powers authorizing bulk collection. Congress extended those powers through March 2020, but it’s been too distracted by other crises to pass a revised version of the Freedom Act which would ban the practice entirely. That extension expired in March, stripping the NSA of its Section 215 playbook.
The federal government claimed the program was vital in stopping 54 terrorist attacks—which was later revealed to be a bunch of hogwash. From 2015 to 2019, the Freedom Act version of the program only started one “significant investigation.” According to TechCrunch, congressional investigations have whittled down those 54 supposed cases to just one named individual, who happens to be Moalin.
Berzon wrote in the ruling the NSA program was actually so ineffective that even if it was unconstitutional, authorities would have secured Moalin’s conviction anyways.
“Based on our careful review of the classified record, we are satisfied that any lack of notice, assuming such notice was required, did not prejudice defendants,” she wrote. “Having carefully reviewed the classified FISA applications and all related classified information, we are convinced that under established Fourth Amendment standards, the metadata collection, even if unconstitutional, did not taint the evidence introduced by the government at trial.”
According to Politico, the defendants could still call for an 11-judge en banc session to review the three judges’ opinion. They could also petition the Supreme Court to hear an appeal.
The NSA has plenty of other ways to spy on the public. Its Section 702 powers to spy on the digital communications of foreigners for intelligence purposes, which deliberately extend a dragnet on Americans sometimes only tangentially linked to those targets, don’t expire until 2023.
Wednesday’s ruling “makes plain that the NSA’s bulk collection of Americans’ phone records violated the Constitution. The decision also recognizes that when the government seeks to prosecute a person, it must give notice of the secret surveillance it used to gather its evidence,” Patrick Toomey, a senior staff attorney with the ACLU National Security Project, told TechCrunch. “This protection is a vital one given the proliferation of novel spying tools the government uses today.”