The White House has rolled out the bare sketch of its proposal to fix the dragnet. The sketch says,
- the government will not collect these telephone records in bulk; rather, the records would remain at the telephone companies for the length of time they currently do today;
- absent an emergency situation, the government would obtain the records only pursuant to individual orders from the FISC approving the use of specific numbers for such queries, if a judge agrees based on national security concerns;
- the records provided to the government in response to queries would only be within two hops of the selection term being used, and the government’s handling of any records it acquires will be governed by minimization procedures approved by the FISC;
- the court-approved numbers could be used to query the data over a limited period of time without returning to the FISC for approval, and the production of records would be ongoing and prospective; and
- the companies would be compelled by court order to provide technical assistance to ensure that the records can be queried and that results are transmitted to the government in a usable format and in a timely manner.
The most important question asked in a conference call on this is what the standard for querying would be. Congress would decide that, but it Reasonable Articulable Suspicion would be the starting point.
That sketch doesn’t really answer a lot of questions about the program, including:
- Will this program be used for “national security concerns” beyond counterterrorism? Never once did the conference call say it was limited to CT, and several comments suggested it could be used more broadly.
- What kind of protections will the data (the overwhelming number of which would be innocent people) get once it lands at NSA (see the minimization procedures noted above)? Will it resemble the corporate store of forever datamining that currently exists?
- Who will do the data integrity that currently requires access to the raw data, which has a dramatic influence on how much data would be responsive to a 2-hop query? The required “technical assistance” might include some of it (it definitely includes formatting the data such that NSA can legally accept it, which has caused a problem with cell data). But does Verizon or NSA or Booz go through the raw data and pull out the high volume numbers?
- For how long will these orders be granted? (It sounds like the White House will use this to entice congressional support.)
- Will the NSA have access to location data (I’m guessing the answer is no but would like assurances)?
All that said, this is an improvement over the status quo and over RuppRoge in several ways, not least that it applies only to phone data, and that they’re using the same vocabulary we’ve just spent 10 months agreeing on common definitions for.
Update: One observation. One thing both this reform and RuppRoge include is the ability to dictate what the government gets from providers. That’s a testament to how poorly suited the Section 215 program has always been, because it could only ask for existing business records, and most telecoms (the likely exception is AT&T) could and almost certainly did simply provide their SS7 telecom records, which would include everything, including cell location data that apparently became problematic, probably since 2010, when Congress learned NSA was actually going to start using that data. Those problems likely grew more intense after the Jones decision made it clear SCOTUS had problems with the government tracking location persistently without a warrant.
In other words, these “reforms” seem to arise as much from the fact that the outrage against this dragnet provides the government with an opportunity to build a system more appropriate to the task at hand rather than what they could jerry-rig together in secret.