Judge Richard Leon ripped into the U.S. Department of Justice and the National Security Agency in his Monday ruling that the NSA's controversial collection of U.S. telephone records may violate the U.S. Constitution.
Leon, of the U.S. District Court for the District of Columbia, ruled in favor of four plaintiffs who challenged the NSA's bulk collection of U.S. telephone records.
Here are some highlights of the 68-page ruling:
On the NSA's policy of searching for phone numbers no more than three hops from a suspect's phone number: "It is likely that the quantity of phone numbers captured in any given query would be very large .... Suppose that one of the numbers [a suspect in New York City] calls is his neighborhood Domino's Pizza shop. The Court won't hazard a guess as to how many different phone numbers might dial a given Domino's Pizza outlet in New York City in a five-year-period, but to take a page from the Government's book of understatement, it's 'substantially larger'" than a 100-number estimate the judge used in an earlier example.
On whether Congress intended to allow a district court to review the NSA's surveillance programs, in addition to the Foreign Intelligence Surveillance Court's review: "Where, as here, core individual constitutional rights are implicated by Government action, Congress should not be able to cut off a citizen's right to judicial review of that Government action simply because it intended for the conduct to remain secret by operation of the design of its statutory scheme. While Congress has great latitude to create statutory schemes like FISA, it may not hang a cloak of secrecy over the Constitution."
On the DOJ's assertion that the plaintiffs, Verizon Wireless customers, don't have standing to challenge the NSA program because the leaked FISC order covering the NSA collection program covers only Verizon landlines: "The Government obviously wants me to infer that the NSA may not have collected records from Verizon Wireless (or perhaps any other [non-Verizon] entity, such as AT&T and Sprint. Curiously, the Government makes this argument at the same time it is describing in its pleadings a bulk metadata collection program that can function only because it 'creates a historical repository that permits retrospective analysis of terrorist-related communications across multiple telecommunications networks.' Put simply, the Government wants it both ways."
"To draw an analogy, if the NSA's program operates the way the Government suggests it does, then omitting Verizon Wireless, AT&T, and Sprint from the collection would be like omitting John, Paul, and George from a historical analysis of the Beatles. A Ringo-only database doesn't make any sense, and I cannot believe the Government would create, maintain, and so ardently defend such a system."
On whether the NSA program violates the Fourth Amendment to the U.S. Constitution: "The threshold issue that I must address, then, is whether the plaintiffs have a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephone metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains all of that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets."
"I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware 'the abridgement of freedom of the people by the gradual and silent encroachments by those in power,' would be aghast."
On the DOJ's defense of the program, using the 34-year-old Supreme Court case, Smith v. Maryland: "The question in this case can more properly be styled as follows: When do present-day circumstances -- the evolutions in the Government's surveillance capabilities, citizens' phone habits, and the relationship between the NSA and telecom companies -- become so thoroughly unlike those considered by the Supreme Court thirty-four years ago that a precedent like Smith does not apply? The answer, unfortunately for the Government, is now."
"The relationship between the police and the phone company in Smith is nothing compared to the relationship that has apparently evolved for the last seven years between the Government and telecom companies .... In Smith, the Court considered a one-time, targeted request for data regarding an individual suspect in a criminal investigation, which in no way resembles the daily, all-encompassing, indiscriminate dump of phone metadata that the NSA now receives. It's one thing to say that people can expect phone companies to occasionally provide information to law enforcement; it is quite another to suggest that our citizens expect all phone companies to operate what is effectively a joint intelligence-gathering operation with the Government."
On the changed use of phones since the Smith case: "It is now safe to assume that the majority of people reading this opinion have at least one cell phone within arm's reach. In fact, some undoubtedly will be reading this opinion on their cell phones. Cell phones have also morphed into multi-purpose devices. They are now maps and music players. They are cameras. They are even lights that people hold up at rock concerts. Put simply, people in 2013 have an entirely different relationship with phones than they did thirty-four years ago."
The Smith ruling and the NSA program "have so many significant distinctions between them that I cannot possibly navigate these uncharted Fourth Amendment waters using as my North Star a case that predates the rise of cell phones."
On the effectiveness of the NSA program: "The Government does not cite a single instance in which analysis of the NSA's bulk metadata collection actually stopped an imminent attack."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.