Tomorrow, the Senate Judiciary Committee will conduct a hearing on reauthorization of the USA FREEDOM Act, the 2015 legislation that extended and amended expiring provisions of the 2001 USA PATRIOT Act, including Section 215. Unless Congress obtains from the intelligence community clearer, public answers about the information that can be obtained with a Section 215 order, Congress should not reauthorize this authority, which sunsets on December 15. It should adopt this stance because intelligence community officials have failed to disclose publicly whether Section 215 is being used, or can be used, to obtain information that courts have ruled is protected by the Fourth Amendment’s probable cause requirement. We believe such a use would be unconstitutional.
Section 215 of the PATRIOT Act broadened the “business records” provision of the Foreign Intelligence Surveillance Act (FISA) to enable the FBI to obtain court orders compelling the disclosure of “any tangible thing” (not just business records). To obtain such orders, the government must prove that the tangible thing sought is relevant to a foreign intelligence investigation not concerning a US citizen or permanent resident, or to an investigation to protect against international terrorism or clandestine intelligence activities.
In the eighteen years since Congress passed the PATRIOT Act, the government has not disclosed the full scope of the records it can obtain under Section 215.
In the eighteen years since Congress passed the PATRIOT Act, the government has not disclosed the full scope of the records it can obtain under Section 215, or the type of records it has obtained using this authority. To make matters worse, government officials further muddied the waters when asked whether revealing, sensitive records could be obtained under Section 215 at a House Judiciary Committee hearing on September 18.
Members of Congress have been surprised before about the scope of Section 215 orders. In June 2013, former NSA contractor Edward Snowden disclosed court orders issued under Section 215. These orders compelled communications service providers to disclose, on an ongoing basis, records in their possession of all phone calls to, from, and within the United States. The FISA Court (FISC) had determined that these “call detail records” (CDRs) were somehow “relevant” to an investigation, essentially removing the relevance standard as a meaningful check on government intelligence surveillance activity. We argued elsewhere that the CDR portion of Section 215—which has not been used for months, and when used, was used unlawfully—should be repealed.
Members of Congress risk being surprised again because government officials are being cagey and self-contradictory about the types of records they do obtain, and can obtain, with Section 215 orders. One can infer from the statute, codified at 50 USC 1861, that the government can use Section 215 to compel disclosure of library circulation records and patron lists, bookstore sales records and customer lists, firearms sales records, tax return records, education records, and medical records containing information that would identify a person. Those records are specifically mentioned. One can infer from testimony at the House Judiciary Committee that Section 215 could be used to compel disclosure of driver license records and hotel records. Finally, one can infer from the predecessor of Section 215—the business records provision Congress added to FISA in 1998—that records of common carriers (like airlines, trains, and subway systems), public accommodation facilities, physical storage facilities, and vehicle rental facilities are also covered.
What about communications records—content, subscriber information and traffic data (transactional records, such as to/from email logs), and cell site location information? Here, intelligence community officials have been less than forthcoming. The ODNI Statistical Transparency Report Regarding Use of National Security Authorities in 2018 indicates that “traditional” Section 215 orders can be used to compel disclosure of electronic communications transactions records (p. 26) such as email logs. Presumably, Section 215 can also be used to compel disclosure of subscriber information, but the FBI usually uses a national security letter issued under 18 USC 2709 to obtain subscriber information.
But, when it comes to communications content, such as what a person says in an email message or enters into a calendar or document the person stores in the cloud, the record is murky. Brad Wiegmann, the Deputy Assistant Attorney General who heads the Department of Justice National Security Division, testified on September 18, 2019 that the FBI could use a Section 215 order to obtain a driver license record or a hotel record even if the record contains content. “We would get that information,” Wiegmann testified, “But it’s not communications content, if that’s what you mean. We can’t get the substance of telephone calls or anything like that,” he added, in response to questions posed by Rep. Zoe Lofgren (D-CA).
Weigmann then contradicted himself under questioning from Rep. Sylvia Garcia (D-TX). After testifying that Section 215 could be used to obtain information from genetic testing services if the information was relevant to an investigation, he testified that video footage from a doorbell with surveillance capability built in could also be relevant to an investigation, and therefore obtained with a Section 215 order.
Why would footage recorded from a doorbell and uploaded to a server for later review be different than content a user includes in a document that she stores online?
Yet, such video footage is itself communications content. Why would footage recorded from a doorbell and uploaded to a server for later review be different than content a user includes in a document that she stores online, or uploads to an online calendar? Such communications content is protected by the Fourth Amendment’s warrant requirement pursuant to court decisions, including the Sixth Circuit’s decision in United States v. Warshak.
What about location information? Can a Section 215 order be used to obtain stored cell site location information from a provider of cellular telephone services like (CSLI) T-Mobile or Verizon? That information can be very revealing about a person’s interests and conduct. The Supreme Court ruled just last year in Carpenter v. United States that a warrant based on a finding of probable cause is required when the government seeks to access 7 days or more of stored cell site location information in a criminal investigation. It did not address the standard for compelled disclosure of CSLI in an intelligence or national security investigation.
When asked at the September 18 hearing by Rep. Lofgren whether location information could be obtained with a Section 215 order or whether probable cause was instead required, Weigmann said that how the government is applying Carpenter in the intelligence context is classified. Later, when Rep. Hank Johnson (D-GA) asked whether the government could collect location information under Section 215, Wiegmann said that he would prefer to answer the question in a closed session, implying, again, that the answer is classified. He and Susan Morgan, the NSA witness, agreed that the Department of Justice has issued no guidance to elements of the intelligence community on how to apply the Carpenter decision in the national security context.
Thus, the intelligence community is asking Congress to reauthorize an intelligence authority that may give it access under a low relevance standard to types of records that are constitutionally protected at the probable cause standard. Congress should refuse this invitation and insist on clarity and transparency about the information that can be obtained with a Section 215 order. Perhaps it will get a little of each at tomorrow’s hearing.