US privacy watchdog: NSA phone records program is illegal

Privacy board calls for an end to NSA phone records collection

The U.S. National Security Agency should abandon its collection of U.S. telephone records because the surveillance program is illegal, a government privacy oversight board said.

The NSA lacks the legal authority to collect millions of U.S. telephone records under the Patriot Act, the statute that two U.S. presidents have used to operate the program, the U.S. Privacy and Civil Liberties Oversight Board said in a report released Thursday.

In a 3-2 vote, the privacy board recommended that President Barack Obama wind down the program. The program "lacks a viable legal foundation, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value," the report said.

The Patriot Act's business records provision doesn't allow the bulk collection program because the law requires that records collected be connected to a specific investigation by the U.S. Federal Bureau of Investigation, the report said. The law also requires the collection to be relevant to an investigation, and the bulk collection "cannot be relevant to a particular investigation or any investigation," said David Medine, chairman of the privacy board.

The NSA program also fails the Patriot Act test because the law allows the FBI, not the NSA, to collect business records, Medine said.

"The program has been shoehorned into a statute not designed for it," said board member James Dempsey, vice president for public policy at the Center for Democracy and Technology.

The Obama administration disagrees with the board's analysis on the legality of the program, said Caitlin Hayden, a spokeswoman for the White House National Security Council. Two district court judges and 15 U.S. Foreign Intelligence Surveillance Court judges have found the program legal, she noted.

"As the president has said though, he believes we can and should make changes in the program that will give the American people greater confidence in it," she said in an email.

While FISC judges have approved the program over the last seven years, no judge had written a legal opinion to defend that stance until leaks from former NSA contractor Edward Snowden, Dempsey said. No judge appears to have engaged in as full a legal analysis of the program as the board has, he said.

The majority of the board also questioned the effectiveness of the program, saying it has had limited value in fighting terrorism.

The PCLOB's report follows a speech last Friday from Obama, who called for a transition away from the phone records collection program to an alternative. But the board's report goes farther than the president by saying the phone records program is not supported by the Patriot Act.

Dempsey questioned whether a new program to replace the current one would be necessary. "I do not think we should just accept bulk collection as a given and layer on additional protections," he said. "We have to go back to the fundamental question: Should we be collecting bulk data and under what legal standards?"

Board members Rachel Brand, chief counsel for regulatory litigation at the U.S. Chamber of Commerce, and Elisebeth Cook, a lawyer with the Wilmer Hale law firm, disagreed with the board majority's analysis that the program is illegal. A "reasonable" reading of the Patriot Act allows such a program, Brand said.

The program "has and will allow us to connect the dots and paint a fuller picture of our adversaries," Cook added.

The board's report gives momentum to the growing call to end the telephone records collection, said Michelle Richardson, a legislative counsel with the American Civil Liberties Union. The board's report addresses the defenses for the NSA program and "completely obliterates them," she said.

The privacy board made 12 recommendations in the report, with 10 getting unanimous approval. Among the other recommendations: Congress should appoint lawyers who can provide a counter to the government at FISC hearings, and the government should inform U.S. residents of the scope of surveillance activities.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Bureau of InvestigationtelecommunicationU.S. Foreign Intelligence Surveillance CourtU.S. National Security AgencyWilmer HaleElisebeth CookBarack ObamainternetprivacyJames DempseyU.S. White House National Security CouncilMichelle RichardsonsecurityU.S. Chamber of CommerceRachel BrandlegalCaitlin HaydengovernmentDavid MedineU.S. Privacy and Civil Liberties Oversight Board

More about FBIFederal Bureau of InvestigationIDGNational Security AgencyNational Security CouncilNSATechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts