Analysis: US government has workarounds to surveillance gap

NSA call-logging ceases temporarily - but certain provisions are still available


For the first time since the aftermath of the terrorist attacks of September 11th, 2001, Americans will again be free to place phone calls to friends, lovers, business associates, political groups, doctors and pizza restaurants without having logs of those contacts vacuumed up in bulk by the National Security Agency.

And for the first time in nearly 14 years, if government agents identify new phone numbers that they suspect are linked to terrorism, they will have to subpoena phone companies for associated calling records and wait for the response to see if anyone in the United States has been in contact with that number. The NSA can no longer simply query its database for the information.

This unusual situation may last only a few days, until Congress can reach an accommodation over three counterterrorism laws that expired at 12:01am on Monday.

Nonetheless, the fact that Congress allowed the laws to lapse – the most important of them is the purported legal basis for the bulk records collection programme – is an extraordinary moment in the story of the tensions between post-9/11 policies and privacy rights.

It has led to heated warnings in the political realm about exposing the country to heightened risk of attack.

A few hours before the Senate convened on Sunday, John O Brennan, the CIA director, warned on the CBS programme Face the Nation that if lawmakers let those laws lapse, the FBI would “not have the ability then to track these various elements that we are looking at who are trying to carry out attacks here in the homeland”.

Multiple workarounds

But interviews with law enforcement and intelligence officials about what they will do in the interim suggest there are multiple workarounds to the gap.

One of the expired laws permitted wiretap orders of “lone wolf” terrorism suspects who are not part of a foreign group, a provision that has apparently never been used.

A second law permitted “roving” wiretap orders which follow suspects who change phones, a provision that apparently has only been used rarely.

A third permitted court orders requiring businesses to turn over records that are relevant to a national security investigation, the provision known as Section 215 of the Patriot Act. In addition to the bulk phone records programme, the FBI used Section 215 about 160 times last year to obtain particular business records, such as suspects’ internet activity logs.

All three of the expired laws contained a so-called grandfather clause that permits their authority to continue indefinitely for any investigation that had begun before June 1st.

Law enforcement officials have made it clear that the FBI has long-running, open-ended “enterprise” investigations into groups that pose a threat to public safety, such as al-Qaeda.

A senior intelligence official recently told the New York Times that the administration was open to invoking the grandfather clause to get the records if a need arose during any lapse.

In addition, several officials said, in most terrorism-related cases the FBI could instead use a grand jury subpoena to get the records it wanted by invoking rules for investigations into standard crimes.

Still, legal specialists said, there is one hypothetical gap: a counterintelligence investigation scrutinising a newly arrived foreign diplomat for whom there is no evidence of any criminal wrongdoing.

Neither invoking the grandfather clause nor using a grand jury subpoena would be likely to work in that case. But the debate has focused on terrorist attacks, not espionage.

In theory, the Obama administration could also invoke the grandfather clause to ask the US Foreign Intelligence Surveillance Court to reauthorise the bulk phone records programme as well. However, the administration has vowed not to do that.

A federal appeals court recently rejected the theory that Section 215 could be used to authorise the bulk calling logs programme, a theory the surveillance court had embraced.

Seeking to avoid a confrontation, the government is trying to avoid asking the surveillance court to say anything more about the programme until Congress enacts new legislation.

National-security letters

But the apparent loss of the programme for now does not mean the government has no way to analyse telephone records linked to a new suspect. The FBI can still issue subpoenas called national-security letters to phone companies to obtain the records.

There would be investigative drawbacks. It would probably take longer than querying the NSA bulk calling logs database. And some phone companies do not keep their customers’ call records for more than 18 months, while the security agency keeps them for five years.

Any need for such workarounds may be brief. Last month, the House passed the USA Freedom Act. It would extend the three expired laws.

After six months, the bill would ban the bulk collection of phone records, and create a new system in which the government could still systematically gain access to such logs to hunt for links to terrorists. But the bulk records would stay in the hands of phone companies.

The legislative impasse grew out of efforts by supporters to keep the exiting programme without changes, including Senator Mitch McConnell of Kentucky, the Republican majority leader.

Proponents of the existing programme have argued that ending it would lead to terrorist attacks. Still, the programme cannot claim to have thwarted an attack in nearly 14 years of existence.

Surveillance court

The Bush administration started the programme in October 2001, and persuaded the foreign intelligence surveillance court to start blessing it as legal under Section 215 in 2006.

Since it came to light in 2013, via leaks by former intelligence contractor Edward Snowden, two independent panels studied classified files and concluded that it had not been abused, but also that it had provided scant concrete benefits.

The programme’s greatest achievement was leading the FBI to scrutinise a man in San Diego who turned out to have donated several thousand dollars to al-Shabab, the Islamist group in Somalia. The man was not accused of plotting any attack.

Still, privacy groups say that even if there is no evidence that analysts abused the programme, merely to have the government collect the records damages US citizens’ privacy.

Officials say that even if the programme has never thwarted an attack, it has helped flesh out investigations and it might yet prove critical.

Those sentiments converged into the changes that would be made by the USA Freedom Act. But for the next few days, at least, things will be a little bit different in post-9/11 United States.

New York Times

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection


Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.