A federal judge today dismissed an ACLU lawsuit to shut down the NSA’s phone metadata collection program:
Handing down an unusually sweeping ruling, Judge William Pauley III ruled that the NSA’s phone record database was fully lawful under section 215 of the Patriot Act. Beyond that, the judge ruled, “the question of whether that program should be conducted is for the other two coordinate branches of Government to decide. Judge Pauley opens the opinion with thoughts on the attacks of 9/11, which he describes as “a bold jujitsu.” The opening paragraphs detail the case of 9/11 hijacker Khalid al-Mihdhar, who the NSA mistakenly believed was living in Yemen at the time of the attacks because of insufficient data collection. (This anecdote, based on General Alexander’s congressional testimony, has been widely disputed.) The metadata collection program grew up in response to those intelligence failures, collecting more and more data so as to suss out the missed connections. Calling the program, “a wide net that could find and islolate gossamer contacts,” Pauley concludes, “this blunt tool only works because it collects everything.”
David Kravets fears that efforts to reform the program might end up making things worse:
Right now, the phone companies store phone metadata for varying times. Verizon and U.S Cellular store it for about a year; Sprint for 18 months. At the other end of the spectrum, T-Mobile maintains it for seven to 10 years, and AT&T for five, according to a congressional inquiry. While Obama’s review group’s recommendation was short on details, everybody familiar with the plan agrees it would require telcos to store metadata for some minimum amount of time, presumably for longer than many of them already do. That means the authorities would have access to this data for far longer than they otherwise might.
Meanwhile, although the NSA has maintained that metadata is anonymous, researchers have found that it can easily be used to identify people:
Armed with very sparse metadata, Jonathan Mayer and Patrick Mutchler found it easy—trivially so—to figure out the identity of a caller. Mayer and Mutchler are running an experiment which works with volunteers who agree to use an Android app, MetaPhone, that allows the researchers access to their metadata. Now, using that data, Mayer and Mutchler say that it was hardly any trouble at all to figure out who the phone numbers belonged to, and they did it in just a few hours.
The Dish 