Appeals court judge shoots down DOJ's defense of NSA phone program

The government seems to see the world as 'one enormous antiterrorism investigation,' judge says

A U.S. appeals court judge shredded the government's defense of an extensive National Security Agency program targeting the phone records of the nation's residents.

Judge Gerard Lynch, writing for a three-judge panel in the U.S. Court of Appeals for the Second Circuit, picked apart the Department of Justice's arguments for the phone records collection program, revealed by former NSA contractor Edward Snowden in mid-2013.

The appeals court ruled that Congress didn't authorize the massive phone records collection in the Patriot Act of 2001, the antiterrorism law the past two U.S. presidents have used as a basis for the collection. A representative of the U.S. White House's National Security Council noted that President Barack Obama's administration is working with Congress to create a more limited program.

Here are some excerpts from Lynch's 97-page opinion:

Lynch, on the DOJ arguing that the phone program collects only metadata, not call content:

"A call to a single-purpose telephone number such as a 'hotline' might reveal that an individual is: a victim of domestic violence or rape; a veteran; suffering from an addiction of one type or another; contemplating suicide; or reporting a crime. Metadata can reveal civil, political, or religious affiliations; they can also reveal an individual's social status, or whether and when he or she is involved in intimate relationships."

On the extent of the collection:

"The government disputes appellants' characterization of the program as collecting 'virtually all telephony metadata' associated with calls made or received in the United States, but declines to elaborate on the scope of the program or specify how the program falls short of that description. It is unclear, however, in what way appellants' characterization of the program can be faulted. The government does not ... seriously dispute appellants' contention that all significant service providers in the United States are subject to similar orders."

On the DOJ asserting that plaintiff the ACLU can only speculate that the NSA searched its database for the group's phone records after the agency collected them:

"Appellants challenge the telephone metadata program as a whole, alleging injury from the very collection of their telephone metadata. It is not disputed that the government collected telephone metadata associated with the appellants' telephone calls. The Fourth Amendment protects against unreasonable searches and seizures. We think such collection is more appropriately challenged ... as a seizure rather than as a search."

On the DOJ arguing that targeted people should not be able to bring lawsuits because the number of court cases would be disruptive to intelligence-gathering efforts:

"The risk of massive numbers of lawsuits challenging the same orders ... occurs only in connection with the existence of orders authorizing the collection of data from millions of people. Orders targeting limited numbers of persons under investigation could be challenged only by the individuals targeted -- who, it was expected, would never learn of the orders in the first place. It is only in connection with the government's expansive use of [the Patriot Act] ... that these risks would create concern."

On the DOJ asserting that the Patriot Act's language, allowing the NSA to collect information "relevant" to an antiterrorism investigation, intended to define "relevant" broadly:

"The government takes the position that the metadata collected -- a vast amount of which does not contain directly 'relevant' information, as the government concedes  -- are nevertheless 'relevant' because they may allow the NSA, at some unknown time in the future, [to use] its ability to sift through the trove of irrelevant data it has collected up to that point, to identify information that is relevant. We agree with appellants that such an expansive concept of 'relevance' is unprecedented and unwarranted."

On the DOJ arguing the program gives the government similar investigatory powers to fight terrorism as a grand jury has to fight other crime:

"The metadata concerning every telephone call made or received in the United States ... are demanded, for an indefinite period extending into the future. The records demanded are not those of suspects under investigation, or of people or businesses that have contact with such subjects, or of people or businesses that have contact with others who are in contact with the subjects  -- they extend to every record that exists, and indeed to records that do not yet exist.

"Put another way, the government effectively argues that there is only one enormous 'antiterrorism' investigation, and that any records that might ever be of use in developing any aspect of that investigation are relevant to the overall counterterrorism effort."

On whether the program violates the Constitution's Fourth Amendment:

"Appellants' argument invokes one of the most difficult issues in Fourth Amendment jurisprudence: the extent to which modern technology alters our traditional expectations of privacy. On the one hand, the very notion of an individual's expectation of privacy ... may seem quaint in a world in which technology makes it possible for individuals and businesses (to say nothing of the government) to observe acts of individuals once regarded as protected from public view. On the other hand, rules that permit the government to obtain records and other information that consumers have shared with businesses without a warrant seem much more threatening as the extent of such information grows."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Department of JusticetelecommunicationU.S. Court of Appeals for the Second CircuitsecurityEdward SnowdenCivil lawsuitslegalU.S. National Security AgencygovernmentGerard Lynchprivacy

More about Department of JusticeDOJIDGindeedNational Security AgencyNational Security CouncilNewsNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place