The U.S. National Security Agency should abandon its collection of U.S. telephone records because the surveillance program is illegal, a government privacy oversight board said.
The NSA lacks the legal authority to collect millions of U.S. telephone records under the Patriot Act, the statute that two U.S. presidents have used to operate the program, the U.S. Privacy and Civil Liberties Oversight Board said in a report released Thursday.
In a 3-2 vote, the privacy board recommended that President Barack Obama wind down the program. The program "lacks a viable legal foundation, implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value," the report said.
The Patriot Act's business records provision doesn't allow the bulk collection program because the law requires that records collected be connected to a specific investigation by the U.S. Federal Bureau of Investigation, the report said. The law also requires the collection to be relevant to an investigation, and the bulk collection "cannot be relevant to a particular investigation or any investigation," said David Medine, chairman of the privacy board.
The NSA program also fails the Patriot Act test because the law allows the FBI, not the NSA, to collect business records, Medine said.
"The program has been shoehorned into a statute not designed for it," said board member James Dempsey, vice president for public policy at the Center for Democracy and Technology.
The Obama administration disagrees with the board's analysis on the legality of the program, said Caitlin Hayden, a spokeswoman for the White House National Security Council. Two district court judges and 15 U.S. Foreign Intelligence Surveillance Court judges have found the program legal, she noted.
"As the president has said though, he believes we can and should make changes in the program that will give the American people greater confidence in it," she said in an email.
While FISC judges have approved the program over the last seven years, no judge had written a legal opinion to defend that stance until leaks from former NSA contractor Edward Snowden, Dempsey said. No judge appears to have engaged in as full a legal analysis of the program as the board has, he said.
The majority of the board also questioned the effectiveness of the program, saying it has had limited value in fighting terrorism.
The PCLOB's report follows a speech last Friday from Obama, who called for a transition away from the phone records collection program to an alternative. But the board's report goes farther than the president by saying the phone records program is not supported by the Patriot Act.
Dempsey questioned whether a new program to replace the current one would be necessary. "I do not think we should just accept bulk collection as a given and layer on additional protections," he said. "We have to go back to the fundamental question: Should we be collecting bulk data and under what legal standards?"
Board members Rachel Brand, chief counsel for regulatory litigation at the U.S. Chamber of Commerce, and Elisebeth Cook, a lawyer with the Wilmer Hale law firm, disagreed with the board majority's analysis that the program is illegal. A "reasonable" reading of the Patriot Act allows such a program, Brand said.
The program "has and will allow us to connect the dots and paint a fuller picture of our adversaries," Cook added.
The board's report gives momentum to the growing call to end the telephone records collection, said Michelle Richardson, a legislative counsel with the American Civil Liberties Union. The board's report addresses the defenses for the NSA program and "completely obliterates them," she said.
The privacy board made 12 recommendations in the report, with 10 getting unanimous approval. Among the other recommendations: Congress should appoint lawyers who can provide a counter to the government at FISC hearings, and the government should inform U.S. residents of the scope of surveillance activities.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.