The FBI May Have Your Phone Records, Ctd

Andrew Sullivan —  Jun 7 2013 @ 12:27pm

Stephen Walt responds to my initial post on the NSA-Verizon story:

The United States is still going to be a major world power long after the contemporary jihadi movement is a discredited episode in modern history, even if the country repealed the Patriot Act and stopped all this secret domestic surveillance tomorrow. Second, after acknowledging the potential for abuse in this government surveillance program, Sullivan warns that the “consequences of its absence” could be “terrible.” This claim depends on the belief that jihadism really does pose some sort of horrific threat to American society. This belief is unwarranted, however, provided that dedicated and suicidal jihadists never gain access to nuclear weapons. Conventional terrorism — even of the sort suffered on 9/11 — is not a serious threat to the U.S. economy, the American way of life, or even the personal security of the overwhelming majority of Americans, because al Qaeda and its cousins are neither powerful nor skillful enough to do as much damage as they might like. And this would be the case even if the NSA weren’t secretly collecting a lot of data about domestic phone traffic.

Indeed, as political scientist John Mueller and civil engineer Mark Stewart have shown, post-9/11 terrorist plots have been mostly lame and inept, and Americans are at far greater risk from car accidents, bathtub mishaps, and a host of other undramatic dangers than they are from “jihadi terrorism.”

Meanwhile, Benjamin Wittes zeroes in on the key phrase justifying the court order that granted the NSA access to all Verizon’s domestic phone records:

To acquire such an order, the government does not have to do much—just as it doesn’t have to do much in a criminal investigation: It merely has to offer, in pertinent part, “a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation . . . to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities.”

I’m trying to imagine what conceivable of facts would render all telephony metadata generated in the United States “relevant” to an investigation, presumably of the bombing. This would include, of course, all telephony metadata that, as matters turned out, postdates the killing of one bomber and the capture of the other—though there’s no way the government could have known that when the application was submitted. And it would also include all telephony metadata that postdates the government’s conclusion that the Tsarnaev brothers were apparently not agents of any foreign terrorist group. But even if this were not the case, how is it possible that all calls to, say, Dominos Pizza in Peoria, Illinois or all calls over a three month period between two small businesses in Juno, Alaska would be “relevant” to an investigation of events in Boston—even if we assume that the FBI did not know whom it was investigating in the Boston area and did not know whom that unknown person was communicating with?

Orin Kerr’s answer:

If the [court] order is what it appears to be, then the order points to a problem in [the US legal code] Section 1861 that has not been appreciated. Section 1861 says that the “things” that are collected must be relevant to a national security investigation or threat assessment, but it says nothing about the scope of the things obtained. When dealing with a physical object, we naturally treat relevance on an object-by-object basis. Sets of records are different. If Verizon has a database containing records of billions of phone calls made by millions of customers, is that database a single thing, millions of things, or billions of things? Is relevance measured by each record, each customer, or the relevance of the entire database as a whole? If the entire massive database has a single record that is relevant, does that make the entire database relevant, too? The statute doesn’t directly answer that, it seems to me. But certainly it’s surprising — and troubling — if the Section 1861 relevance standard is being interpreted at the database-by-database level.