Intelligence Agencies Justify Collecting Your Personal Data By Applying the Six Degrees of Kevin Bacon
Mass collection of Americans’ phone records could be just the tip of the bulk collection iceberg. If current practices are codified, and intelligence agencies have their way, a huge range of sensitive information would be subject to bulk collection by the National Security Agency (NSA) and other elements of the intelligence community.
In addition to NSA’s bulk collection of telephony metadata, a program we’ve analyzed previously, intelligence agencies collect in bulk other types of sensitive information as well. Starting in 2001, the NSA collected Internet metadata in bulk, including data about Americans’ communications. This program only ended in 2011 when the NSA was unable to demonstrate the value of the program when pressed by members of the Senate Intelligence Committee. The government also engaged in a two-year pilot program to test its ability to collect Americans’ location data in bulk. A recent New York Times report also revealed that the CIA engages in bulk collection of financial transfers.
Section 215 of the PATRIOT Act gives the government the authority to obtain any tangible item that is relevant to an investigation to protect against international terrorism or clandestine intelligence activities. This relevance standard appears in other statutes that authorize the collection of information for anti-terrorism and intelligence purposes. The intelligence officials contend that a dataset containing records of everyone (or almost everyone) in the nation is relevant, and can be obtained under Section 215 and other intelligence authorities, if having records in bulk allows intelligence officials to map connections among people and entities. Essentially, the government sees value in the counterterrorism version of Six Degrees of Kevin Bacon.
This interpretation could justify the collection of a wide range of sensitive materials in bulk, beyond phone records. Intelligence officials have already used this logic to engage in bulk collection of financial and Internet data. It could apply just as well to credit card data, location information, tax records, purchase records, travel logs, and firearm purchases among other data sets.
The government has acknowledged this on several occasions. During a September 26 hearing before the Senate Intelligence Committee, Deputy Attorney General James Cole stated intelligence officials have “the authority to collect other bulk records if they can show that it is necessary in order to find something relevant to a foreign intelligence investigation” of particular types. Cole is effectively saying that whenever an intelligence official can satisfy him or herself that a data set would help map connections among people and/or entities, it can obtain the records comprising that data set in bulk, even if the records pertain primarily to Americans. If the records are sought under Section 215 of the PATRIOT Act, a FISA court order would be required to authorize the bulk collection. If the records are sought with a national security letter, there is no court authorization at all. In a dialogue with Representative Farenthold during a July 17 House Judiciary hearing, Cole maintained the government could engage in bulk collection of tax returns, school records, hotel records, credit card records, Google searches, cell phone GPS data, and email records so long as they were relevant, a requirement intelligence officials say is satisfied whenever such collection would show connections among people and/or entities.
While the prospects for broad bulk collection of private information are worrisome in our current legal state, the changes advocated by Senator Feinstein’s FISA Improvements Act (S.1361) would make the situation far worse. This legislation would explicitly authorize the bulk collection of “wire communication or electronic communication records” so long as the government continues to use the querying standard it currently employs. Further, it imposes no restrictions on bulk collection of other forms of records, which will likely be read as an endorsement of the government’s bulk collection activities, but without any search limitations for non-communications data. That is, while the bill is touted as legislation to impose privacy protections for the on-going bulk telephony metadata collection program, it also authorizes that program, authorizes bulk collection of Internet metadata under Section 215 (which was abandoned in 2011), and will be interpreted to authorize bulk collection of other information without even the minimal privacy safeguards it provides for bulk collection of phone and Internet records.
Legislation is likely the only mechanism that would stop intelligence agencies from engaging in even more pervasive bulk collection of Americans’ data than already occurs. The USA FREEDOM Act, S. 1599 and H.R. 3361, is designed to head off bulk collection. Senator Feinstein’s legislation would give the government’s bulk collection activities the Congressional stamp of approval. With this authority codified, the floodgates could open, leading to mass collection of the wide range of sensitive materials previously discussed. In order to protect Americans’ private information and the most intimate details of their lives, Congress should reject this bill.