Privacy SOS

Notes on a scandal: the NSA and our burgeoning surveillance state

I'll have a lot more to say about the NSA spying scandal in the coming days, weeks and probably years, but for now I simply want to highlight what strike me as key, if under-discussed, details.

In 2012, Massachusetts Congressman Ed Markey (who is currently running for the Senate seat vacated by now Secretary of State John Kerry) published information he received from cell phone carriers showing that government agencies made over 1 million requests and demands for our call records in 2011 alone.

When that news broke, we noted that the 1.3 million figure — added up across telecoms which provided responsive data to Markey's inquiries — was unquestionably low, in terms of how many people were actually affected by those orders.

That's because when police subpoena access to my phone records, they also receive private information about people I called and messaged, expanding the dragnet considerably. Additionally, the figure doesn't account for the times when law enforcement asks telecoms for all the subscriber information connected to people within a certain geographic area at a given time, requests called "tower dumps." When we consider these factors, it is clear that the 1.3 million requests could actually have netted the personal information of many more millions of people.

Now we know that at least one company, Verizon — and probably every other telecommunications firm — has disclosed massive troves of subscriber information to the NSA since 2006. Every three months the orders are renewed after applications by the FBI to the secretive, rubber-stamp 'Foreign Intelligence Surveillance Court' (FISC). 

In response to Ed Markey's inquiry, Verizon Wireless wrote that in 2011, it

received approximately 260,000 requests for customer information from law enforcement. About half of these requests were subpoenas; generally speaking, law enforcement can only seek subscriber or call detail records (the type of information on a phone bill) through a subpoena. See 18 U.S.C. Section 2703(c)(2)(A-F). The other half were warrants and orders (generally for phone bill information, wiretaps, pen registers, traps and traces, text message information and location information) or emergency requests….

Verizon Wireless does not in the ordinary course of business track the number of law enforcement requests to which information is provided, or is not provided for any of the reasons above.

There are a number of crucial things to note, here:

1. Was a routine FISC order like that disclosed by Glenn Greenwald and the Guardian newspaper one of those "260,000 requests for customer information" the government submitted to Verizon Wireless in 2011? If so, the 260,000 number doesn't begin to account for the number of people spied on. Every single Verizon customer could count themselves among the targets.

2. The FBI goes to a rubber-stamp court (the FISC) to get authorization to suck up billions of phone records for storage at the NSA, but Markey's work and the ACLU's own inquiries have shown that local and state law enforcement nationwide are regularly obtaining detailed call, internet and location records from telecoms without any judicial oversight whatsoever — with a simple subpoena. If people are upset about the NSA's spying — and they should be — we should also be mad as hell that our local governments are allowed to obtain this information about us without probable cause warrants. (If you live in Massachusetts, take action now.)

3. The Department of Justice has largely caved to civil libertarian demands for a warrant requirement for the content of our communications, but it is ferociously lobbying behind the scenes to oppose a warrant for precisely the kind of data we now know it is sucking up from telecoms: information about who we communicate with, where we go, and when. This information is often more useful to investigators than is the content of our communications. Where you go and with whom you associate say a lot about you.

4. That said, while the military spy behemoth may know everywhere we have gone and everyone we've emailed or spoken with in the past seven years, it's not likely that the NSA simply opens up its databases to allow state and local police departments to snoop through our call records at will. That privilege is open only to people with access to the NSA's data troves. That's why state, local and even federal law enforcement subpoena the records they want. There's little doubt, however, that information collected by the NSA could be used against us.

5. A crucial fact to remember here is that the authority the government uses to get these records from telecoms like Verizon derives from Section 215 of the USA Patriot Act. For years, Senators Mark Udall and Ron Wyden have warned the public that the government is secretly interpreting its authority in a manner that would anger and stun us if we were to learn about it. As the ACLU's Michelle Richardson notes, "Since 9/11, the government has increasingly classified and concealed not just facts, but the law itself." Secret law is obviously incompatible with democracy. It is unacceptable and authoritarian.

6. The White House, in defense of its actions, has said that it is spying on everyone in order to keep us safe. But data mining doesn't work to stop terrorism. The administration also claimed that the information it collects from telecoms is anonymized, that our names aren't attached to our phone numbers. Any local prosecutor could tell you how easy it is to connect the two dots. The assertion is disingenuous in the extreme.

7. Finally, much of the media attention to this major story is focusing on call records, but there is no reason to think that the order doesn't also cover IP addresses, information about internet use, location data, and other information possessed by Verizon about its customers. If we assume that the NSA is also using these orders to collect information about us from our banks, other telecommunication companies and internet service providers, this program starts to smell a lot like STELLAR WIND, the secret code name of the NSA warrantless wiretapping program disclosed to the New York Times in 2004, which the paper revealed to the public in 2005.

© 2021 ACLU of Massachusetts.