Category: Privacy (Electronic Surveillance)


Kerr’s Legal Analysis of the NSA’s Phone Records Program

I was planning to do some analysis of the legality of the NSA’s phone records program, but Orin Kerr has already accomplished it. His posts are terrific and are essential reading:

* Thoughts on the Legality of the Latest NSA Surveillance Program

* More Thoughts on the Legality of the NSA Call Records Program

In the latter post, Kerr analyzes whether the telephone companies violated the Stored Communications Act, 18 U.S.C. 2702. Section 2702(a)(3) prohibits phone companies from knowingly divulging customer records to any governmental entity. Kerr notes that the most relevant possible exception to this restriction is 18 U.S.C. 2702(c)(4), as amended by the Patriot Act renewal of 2006, which allows disclosure to “a governmental entity, if the provider, in good faith, believes that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay of information relating to the emergency.” Kerr notes:

The language that passed as part of the Patriot Act in 2001 allowed disclosure only when “the provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of the information.” This was the language in place from October 2001 until March 2006. Did the phone companies have such a belief under the 2001-06 language? I gather they had a reasonable belief of danger, but I don’t know of a reason to think that they had a reasonable belief of “immediate” danger. If this was a program ongoing for several years, then it’s hard to say that there was a continuing reasonable belief of immediate danger over that entire time.

Kerr also explains that the Patriot Act renewal earlier this year made a few tweaks to this exception:

The change expanded the exception to allow disclosure when there is a good faith belief instead of a reasonable belief, and when there was a danger instead of an “immediate” danger. I wouldn’t be surprised if the telephone companies were pushing the change in part out of concern for civil liability for their participation in the NSA call records program.”

Much more at Kerr’s posts.

UPDATE: Marty Lederman also has some excellent analysis that’s definitely worth reading.


The NSA’s Phone Call Database

phone1a.jpgUSA Today reports:

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren’t suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

“It’s the largest database ever assembled in the world,” said one person, who, like the others who agreed to talk about the NSA’s activities, declined to be identified by name or affiliation. The agency’s goal is “to create a database of every call ever made” within the nation’s borders, this person added.

For the customers of these companies, it means that the government has detailed records of calls they made — across town or across the country — to family members, co-workers, business contacts and others.

The three telecommunications companies are working under contract with the NSA, which launched the program in 2001 shortly after the Sept. 11 terrorist attacks, the sources said.

More information is contained in this companion article at USA Today.


UPDATE: Orin Kerr offers up a thoughtful analysis of the legality of this program here.


Electronic Surveillance Statistics for 2005

wiretap2.jpgThe Department of Justice (DOJ) has released its annual report on the number of Foreign Intelligence Surveillance Act (FISA) orders, Wiretap Act orders, and National Security Letters issued in 2005.

For FISA surveillance orders, 2072 applications were made to the FISA court; none were denied. Over the past few years, the number of orders has been steadily increasing:

2005 — 2072 applications approved

2004 — 1758 applications approved

2003 — 1724 applications approved

2002 — 1228 applications approved

2001 — 934 applications approved

2000 — 1012 applications approved

1999 — 880 applications approved

In all, only 4 applications have ever been denied. More statistics are on EPIC’s FISA statistics page.

One wonders what the statisics would have been had the Bush Administration properly gone to the FISA court instead of engaging in secret wiretapping by the NSA.

In 2005, according to the Administrative Office of the United States Courts, there were 1773 wiretap orders issued by courts under the Wiretap Act. In 2004, there were 1710 wiretap orders issued.

For the first time, statistics were released on the use of National Security Letters. According to the DOJ report:

Read More


Get High (and Identified) With a Little Help From Your Friends

colorado-student3a.jpgIt’s time to modernize the lyrics to some old Beatles songs. The University of Colorado police are using a website to post surveillance photos of students and other individuals it wants to identify for smoking pot on Farrand Field. Apparently, there’s a tradition at the University of Colorado for students to spoke pot on Farrand Field on April 20th of each year. According to the Rocky Mountain News:

University of Colorado police have posted pictures of 150 people on a website smoking pot on the “420” day celebration last week and are offering a $50 reward for anyone who can identify them.

Police spokesman Lt. Tim McGraw said they received more than 50 calls within the first hours of posting the pictures online Thursday afternoon. He said police were in the process of confirming the tips today.

According to the website:

The University is offering a reward for the identification of any of the individuals pictured below. After reviewing the photos (click on a photo for a larger image), you may claim the reward by following the directions below:

1. Contact the UCPD Operations section at (303) 492-8168

2. Provide the photo number and as much information as you have about the individual.

3. Provide your name and contact information.

4. If the identity is verified to be correct, you will be paid a $50 reward for every person identified.

5. The reward will be paid to the first caller who identifies a person below, multiple rewards will not be paid for individuals listed below.

Is this just good police work? After all, if a person is caught on camera doing a wrongful act, the police can certainly go around and ask people to identify that person. What’s wrong with doing it via a website? One problem is that the website disseminates permanent images of people smoking pot on the Internet. It forever memorializes a person’s youthful infractions to the world. Is such a police investigation tactic problematic or just efficient?

Read More



cctv1a.jpgThere’s a new British import to America, and sadly, it isn’t a rock band. It’s CCTV. In many of Britain’s cities, there is an elaborate network of thousands of surveillance cameras monitored through closed circuit television (CCTV). According to estimates, there are about 4 million surveillance cameras in Britain and a citizen is caught on surveillance camera about 300 times per day.

The AP reports that NYC is starting to install hundreds of surveillance cameras in an effort to mimic Britain’s CCTV. According to the AP:

[The] program [will] place 500 cameras throughout the city at a cost of $9 million. Hundreds of additional cameras could follow if the city receives $81.5 million in federal grants it has requested to safeguard Lower Manhattan and parts of midtown with a surveillance “ring of steel” modeled after security measures in London’s financial district.

Officials of the New York Police Department — which considers itself at the forefront of counterterrorism since the Sept. 11, 2001, attacks — claim the money would be well-spent, especially since the revelations that al-Qaida members once cased the New York Stock Exchange and other financial institutions. . . .

The city already has about 1,000 cameras in the subways, with 2,100 scheduled to be in place by 2008. An additional 3,100 cameras monitor city housing projects.

New York’s approach isn’t unique. Chicago spent roughly $5 million on a 2,000-camera system. Homeland Security officials in Washington plan to spend $9.8 million for surveillance cameras and sensors on a rail line near the Capitol. And Philadelphia has increasingly relied on video surveillance.

The problem with such surveillance measures is that they are implemented without considering all of the issues. How will people be monitored? What procedures will be put in place to ensure that minorities will not be unfairly singled out? How long will the surveillance video be kept? How will it be analyzed? Who will get to see the video? How will the video be protected against leaks to the media? How will we prvent abuses by government officials? What procedures will be established to ensure that the surveillance is being done properly and not to deter lawful political protest? How do we prevent mission creep — the data being used for all sorts of different purposes down the road?

Read More


Every breath you take, every call you make, I’ll be watching you.

Has your cell phone been out of your sight for more than five minutes? Someone may be tracking you on it, right now. A chilling investigation from the Guardian (via Don’t Let’s Start) shows how easy cell-phone stalking has become:

For the past week I’ve been tracking my girlfriend through her mobile phone. I can see exactly where she is, at any time of day or night, within 150 yards, as long as her phone is on. It has been very interesting to find out about her day. Now I’m going to tell you how I did it. . . . First I had to get hold of her phone. . . . I only needed it for five minutes.

And as the article notes, existing methods of tracking are just the tip of the iceberg. Scary!


Annoy someone online (anonymously); go to jail

From Declan McCullagh (link via my annoying — but not anonymous — friend Steve Evans):

Last Thursday, President Bush signed into law a prohibition on posting annoying Web messages or sending annoying e-mail messages without disclosing your true identity. In other words, it’s OK to flame someone on a mailing list or in a blog as long as you do it under your real name. . . . Criminal penalties include stiff fines and two years in prison.

As McCullough notes, there are a number of problematic issues that arise from this. Many legitimate websites include anonymous or pseudonymous writers.

Will this law mean the end for Juan Non-Volokh, Bitch Ph.D., Plainsman, and legions of other psuedonymous and anonymous bloggers? I certainly hope not. Perhaps a big enough backlash from angry bloggers will have positive results.

UPDATE: Dan S. weighs in with a comment. The change in law affects only the intent analysis. Dan’s comment seems to indicate (correct me if I’m wrong) that the statute will still affect only those who send a “communication which is obscene, lewd, lascivious, filthy, or indecent.” (However, assuming you’re engaged in such activity, the “intent to annoy” will be enough to satisfy the intent requirement of the statute).

So it looks like you’re safe — unless you’re sexually harrassing someone via the Internet.

UPDATE 2: New thoughts from bloggers on the further-developing story: Dan Solove argues that the statute does indeed cover more than just sexual harrassment; I suggest that the provision in question may still be limited to cases of obscenity and harrassment; and Kip Esquire goes even further and questions whether the statute covers blogs at all, or whether it’s merely meant to cover internet telephony.

UPDATE 3: Further evidence that this is _not_ the end of the world as we know it: Orin Kerr notes that the First Amendment limits application of the statute; Ann Bartow argues that e-mail and blogs are not “telecommunications devices” under the statute.


Orin Kerr on the USA Patriot Act Compromise

My colleague Orin Kerr has gone through the nearly 100 pages of statutory text of the new USA Patriot Act renewal compromise bill. He offers his tentative conclusions here. The bill makes changes in Section 215 Orders, National Security Letters, and Sneak and Peek Warrants. Basically the changes are more recordkeeping and more judicial review — both laudable improvements. There are, however, many other problems in the USA Patriot Act as well as in the underlying electronic surveillance laws that still remain. Check out Kerr’s analysis, which is insightful and intelligent as usual. You could, of course, read the almost 100 pages of statutory code yourself, but I’m sure you’ve got a life. Thank goodness there are folks like Kerr to do it for us. That’s why we keep him around.

Related Posts:

1. Solove, National Security Letters

2. Solove, More on National Security Letters

3. Solove, The USA Patriot Act: A Fraction of the Problem


Hi-Tech Rat Race: Law Enforcement Surveillance and New Technology

surveillance2.jpgBrian Bergstein writes in an AP article about the issue of law enforcement surveillance and technology:

With each new advance in communications, the government wants the same level of snooping power that authorities have exercised over phone conversations for a century. Technologists recoil, accusing the government of micromanaging — and potentially limiting — innovation.

Today, this tug of war is playing out over the Federal Communications Commission’s demands that a phone-wiretapping law be extended to voice-over-Internet services and broadband networks.

Opponents are trying to block the ruling on various grounds: that it goes beyond the original scope of the law, that it will force network owners to make complicated changes at their own expense, or that it will have questionable value in improving security.

No matter who wins the battle over this law — the Communications Assistance for Law Enforcement Act, known as CALEA — this probably won’t be the last time authorities raise hackles by seeking a bird’s eye view over the freewheeling information flow created by new technology.

Read More


National Security Letters

confidential3.jpgDid you know that the FBI can issue a letter to an Internet Service Provider or a financial institution demanding that they turn over data on a customer? The letter doesn’t require probable cause. No judge must authorize the letter. The FBI simply issues the letter and gets the information. There’s a gag order, too, preventing the institution receiving the letter from mentioning this fact.

A recent lengthy Washington Post article examines National Security Letters (NSLs) in depth:

The FBI now issues more than 30,000 national security letters a year, according to government sources, a hundredfold increase over historic norms. The letters — one of which can be used to sweep up the records of many people — are extending the bureau’s reach as never before into the telephone calls, correspondence and financial lives of ordinary Americans.

Issued by FBI field supervisors, national security letters do not need the imprimatur of a prosecutor, grand jury or judge. They receive no review after the fact by the Justice Department or Congress. The executive branch maintains only statistics, which are incomplete and confined to classified reports. The Bush administration defeated legislation and a lawsuit to require a public accounting, and has offered no example in which the use of a national security letter helped disrupt a terrorist plot.

Read More