Court Rules NSA Bulk Data Collection Illegal

Bulk NSA data collection of phone records has been ruled illegal by a federal appeals court.

Under a program first disclosed to the public by Edward Snowden, the US spy agency has systematically collected bulk metadata on millions of Americans' calls—including the numbers called and duration (but no actual conversational content). It has argued that such collection is necessary in the event that counter-terrorism measures require analysis of the data.

The 2nd U.S. Circuit Court of Appeals in Manhattan has now said that Section 2015 of the Patriot Act did not authorize the NSA to collect Americans' calling records in bulk.

Circuit Judge Gerard Lynch wrote in the 97-page decision that "Such expansive development of government repositories of formerly private records would be an unprecedented contraction of the privacy expectations of all Americans. We would expect such a momentous decision to be preceded by substantial debate, and expressed in unmistakable language. There is no evidence of such a debate."

The appeals court did not rule on whether the surveillance violated the US Constitution, and the decision kicks it back down to Congress to address the situation legislatively. Lynch called it “prudent" to allow lawmakers to decide what’s needed to adequately support both national security and citizens’ privacy.

Meanwhile, US Attorney General Loretta Lynch said at a Senate budget hearing on Thursday that the program was a "vital tool in our national security arsenal," and that no privacy violations have occurred as a result of the program.

The Obama Administration last year pledged to change the way the program works; for one, ending the ability of the government to collect telephone records in bulk at all; rather, that function will be replaced by the ability to query phone companies for specific information relevant to national security. The queries would be for phone records that telephone companies currently already retain for 18 months for billing purposes.

Absent an emergency situation, the government would need to obtain approval from the Foreign Intelligence Surveillance Court (FISC) to submit a query for specific numbers, on an individual basis. Also, the records provided to the government in response to queries would only be within two hops of the selection term being used, instead of the three used today. And, the government’s handling of any records it acquires would be governed by minimization procedures approved by the FISC.

To offer assurance to the national security folks, the plan also called for the court-approved numbers to be able to be used to query the data over a limited period of time without returning to the FISC for approval, and the production of records would be ongoing and prospective. Phone companies would also be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.

However, implementing the plan required Congressional action to put it into law—action that was not forthcoming. With this most recent decision, Congress will be under added pressure to act.

What’s Hot on Infosecurity Magazine?