Critics say federal court got it wrong in defense of NSA activity

The federal surveillance court overseeing the National Security Agency (NSA) has needlessly sacrificed Americans' privacy in giving the U.S. spy agency carte blanche access to phone records, critics say.

The Federal Intelligence Surveillance Court (FISC) on Tuesday releasedÃ'Â a 29-page opinion that explained the court's reasoning for approving the NSA's collection of billions of phone records as part of its counterterrorism activities.

The secretive court released the opinion in response to media reports of NSA data collection of phone records and Internet activity, based on documents supplied by former NSA contractor Edward Snowden.

The court found that the NSA's massive gathering of "all call detail records" from phone companies was justified, because the agency was searching for known and unknown terrorists who may be in the U.S.

Not knowing who the suspects are in advance made it impossible for the NSA to conduct targeted searches, and still do its job of preventing terrorist attacks, it said.

The conditions surrounding NSA's work also justified the government showing only a "reasonable grounds to believe" records are needed in an investigation, said the opinion, signed by Judge Claire V. Eagan.

The standard is a much lower burden than what is needed when police seek phone records of potential suspects in crimes that have already been committed.

On Wednesday, critics challenged the court's opinion as a poor interpretation of the Foreign Intelligence Surveillance Act, which established judicial and congressional oversight over the NSA surveillance activities.

Alan Butler, appellate advocacy counsel for the Electronic Privacy Information Center, said the court's assertion that bulk data collection was "necessary" in the search for possible terrorists is the wrong legal standard. Instead, FISA made relevancy to an authorized investigation the standard for determining which data to gather.

"There is no doubt that hundreds of millions of wholly domestic telephone records collected by the NSA each year are irrelevant to any terrorism investigation," Butler said. "The FISC's interpretation of the term 'relevance' in the statute is unprecedented, and legal experts have already indicated that its analysis is weak."

EPIC is one of several civil rights groups suing the NSA for violating privacy protections granted in the U.S. Constitution.

The American Civil Liberties Union, which is also suing the NSA, said the agency could narrow its search from the start, since it typically begins an investigation with a phone number.

Using a pen register, the agency could find all the numbers called from that telephone line and continue tracing lines that appear suspicious. That approach would protect the privacy of millions of innocent Americans.

[Also see: Google plan to thwart government surveillance with encryption raises stakes]

"There's no reason [the NSA] can't target that surveillance at the outset to figure out the entire network of people who are calling each other," said Alex Abdo, staff attorney for the ACLU.

The ACLU is scheduled to argue its NSA suit before a federal court judge in New York on Nov. 1.

In general, critics of the FISC opinion said the government could use the court's rationale to collect any information on Americans, from financial transactions to all Internet activity.

"The way big data works there is no such thing as irrelevant data in this case," said Peter Ludlow, a professor at Northwestern University who has written extensively about government surveillance. "Absolutely anything could be relevant to predicting an increased likelihood of criminal activity by someone."

Documents allegedly stolen by Snowden showed that U.S. tech companies, such as Google, Facebook and Microsoft, have collaborated with the NSA. The revelations brought dire warnings by experts that the industry would suffer heavy financial damage, particularly overseas.

So far, there has been no fallout, reports Reuters. Google, Microsoft and Amazon told the news agency they have seen no impact on their businesses. Amazon was not listed in the Snowden documents, but was seen as a likely victim of the exposure of NSA activity.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security AgencyapplicationsFISA courtnsasoftwareinteldata protectionData Protection | Data PrivacyACLUEpic

More about Amazon Web ServicesClaireElectronic Privacy Information CenterFacebookGoogleMicrosoftNational Security AgencyNSAReuters Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts