Congressman Sensenbrenner Is Wrong on Patriot Act Records

Congressman Jim Sensenbrenner is a sensible guy. Nevertheless, the op-ed he has penned in the UK’s Guardian newspaper, in reaction to revelations that the Defense Department’s National Security Agency has been collecting telephone usage “metadata” on millions of Americans, is rife with error.

Metadata, we have come to learn, is not the content of telephone conversations (i.e., what is said by the interlocutors) but dry record information about the calls that service providers maintain (basically, time and duration of the call, as well as the subscriber phone numbers involved). This is an important distinction because, while the content of our communications is considered private and is protected by the Fourth Amendment and exacting federal statutes, telephone usage records are not private. Indeed, by nature, they are not the phone user’s records at all, they are owned and kept by third-party service providers. As a result, they do not have constitutional protection and have always been rather freely available to criminal investigators and prosecutors.

The Patriot Act, enacted shortly after the 9/11 attacks, was largely an effort to give national security agents the same sort of investigative powers law-enforcement agents had been exercising for decades. It is under Patriot’s business records provision – Section 215, which is codified in the U.S. Code in Section 1861 of Title 50 – that the metadata collection has occurred.

That is to say, the metadata collection is not new. It started in the Bush administration. Yet, Rep. Sensenbrenner shrieks that “the Obama administration is collecting records of every call made to, from or within the US, as well as records of many digital communications.” In making this claim, he conflates the NSA revelations with other, genuine Obama administration scandals: Sensenbrenner’s description of the massive metadata collection comes only after recounting “the Obama administration’s policing of the press and the IRS’s targeting of conservative groups,” and he heaps the whole mess together under the rubric of “‘Big Brother is watching.’”

This is very foolish. The Obama administration’s abuses of power – not only in the IRS witch-hunts against the president’s political opponents and the spying on the press, but the Benghazi derelictions, the Fast & Furious debacle, new revelations of State Department obstruction of investigations of its personnel, etc. – are authentic scandals involving serious, authoritarian overreach, stonewalling, and probably criminal offenses. They are also unilateral executive branch malfeasance.

By contrast, the NSA’s national security activities (the metadata collection and the “PRISM” program involving eavesdropping targeted at non-Americans) involve longstanding, bipartisan efforts, legitimately pursued under federal laws that prescribe multiple layers of judicial and congressional oversight. By lumping the NSA in with the true Obama scandals, and by falsely portraying it as solely an Obama administration activity, Republicans risk losing the public’s interest in the real abuses of power. Once the facts of the NSA controversy are better understood, people may well conclude that if Republicans politicized the NSA issue just to stick it to the president, maybe they are politicizing everything else, too. The long-overdue opportunity to hold this most corrupt administration accountable will, yet again, be lost.

Rep. Sensenbrenner goes on (a) to argue that the NSA’s metadata collection is a violation of the Patriot Act, and (b) to claim special authority to make that pronouncement because, he says, “I authored the Patriot Act.” He is flatly wrong on the first assertion and his claim of authorship is overblown. Lots of people in Congress authored the Patriot Act. Moreover, while I would not claim authorship, I participated in a bipartisan group of former government officials who worked closely with lawmakers in the effort to reauthorize the most significant Patriot Act provisions when they were scheduled to sunset a few years back. I am intimately familiar with the negotiations over the relevant business records section Sensenbrenner addresses, and his description of what it says and why it says it is simply inaccurate.

A little background is in order. The main idea behind the Patriot Act, other than removing barriers to intelligence sharing across government agencies, was to put national security agents (mainly, the FBI’s national security division) on a par with criminal investigators (e.g., the FBI’s criminal division and federal prosecutors) when it came to investigative techniques that the latter had been using for decades.

There was an imperative in this debate that many of my friends on the national security right seem suddenly to have amnesia about: National security is the responsibility of the executive branch, and we vigorously argued that it needed to stay that way – particularly in wartime. The framers did not intend the federal courts to have any role in our national defense.

Of course, progressives, who view counterterrorism primarily as a law-enforcement matter, were determined to use the Patriot Act as an opportunity to institutionalize a counterterrorism paradigm that gave politically unaccountable judges a veto over the executive branch’s wartime actions in America’s defense – notwithstanding that, under our Constitution, the president, in conjunction with Congress, is the political official accountable to the American people for national security. Consequently, a major dynamic of the Patriot Act debate involved progressives fighting for unprecedented judicial participation in national security measures and we on the national security right resisting this advance.

That is part of the necessary framework for understanding the current debate over the business records section. But there is one more salient matter. Again, as noted above, usage records for services, like telephone service, to which a customer subscribes do not belong to the subscriber. They are the property of the service provider. As a result, they have never had any Fourth Amendment protection, and they have precious little statutory protection. Again, we on the national security right wanted this legal reality, long ingrained in routine law-enforcement, to be reflected in national security investigations.

When I was a federal prosecutor, if I wanted phone records for an investigation, I wrote a subpoena and had an agent serve it on the relevant phone company. I did not have to go to court. I did not have to make any showing to a judge that the records were relevant, much less that I had probable cause to believe the customer whose records I wanted was suspected of committing a crime.

If I wanted to install a pen-register – a device placed on a telephone line to record usage, time, and duration of calls, numbers dialed and dialing in, etc. – I would submit an application and short-form order for a judge to sign. Importantly, because (as I explain here) the Supreme Court has held that usage information – again, as opposed to the content of calls – is not protected by the Fourth Amendment, I did not have to prove anything to get the judge to sign the order. I simply had to comply with the federal statute that calls for a prosecutor to represent in good faith that the information sought was relevant to an investigation. If I did that, the judge had to sign the order – the judge did not get to grill me about whether I really needed the pen register. As the executive branch official, that was my call, not the court’s.

It has long been the law that grand juries do not have to suspect a crime in order to conduct an investigation; they can investigate, if they wish, just to satisfy themselves that no crime has been committed. As a practical matter, that never happens. Grand juries, agents, and prosecutors are too busy with real crime to conduct witch-hunts. But the principle involved is important: Under our Constitution, the investigation of crime – the police power – is an executive branch authority.

The federal courts have no business directing investigations, and it is not the role of a judge to tell a prosecutor or an FBI agent what information may be sought. If a category of information is not protected by federal law, the executive branch may compel its production. Period. There is no burden of proof. It is not like the situation when a prosecutor wants to tap your phone or search your house. The law considers your conversations and your personal effects private, and thus law-enforcement may not invade them without getting a judicial eavesdropping or search warrant based on probable cause to suspect crime. Third-party business records do not implicate such concerns or protections.

With that background, the point of the Patriot Act’s business records provision was to put national security agents in a position analogous to that of criminal investigators. As described above, there is virtually no judicial oversight, and no systematic congressional oversight of any kind, regarding the power of law-enforcement officials to compel business records. So what we on the national security right wanted was the exact same power for national security agents.

The reasoning was straightforward: protecting the nation – especially after the mass-murder of nearly 3000 Americans on 9/11 – was a higher executive branch responsibility than, say, prosecuting a drug ring or a mafia gambling operation. If the executive branch did not need to prove anything to a judge to compel business records in connection with run-of-the-mill crime, it made no sense to impose a higher burden in connection with a more important responsibility.

Progressives and libertarians would not agree. They were not happy about the latitude federal law gives criminal investigators, and the Patriot Act debate was their chance to fight back, to sow into national security law the seeds of more judicial oversight. Accomplishing that objective would enable them, later on, to relitigate the battles they’d lost over the years regarding broad investigative authority in the arena of law-enforcement. (Note, for example, that Sen. Rand Paul has proposed legislation that would not only slash the NSA program but cripple law enforcement by imposing unprecedented burdens on the compulsion of third-party phone records. I write about that here.)

This tangle resulted in a compromise: To get business records under the Patriot Act, the FBI would not have to prove anything to the court; as with a pen-register, however, the executive branch would have to make solemn representations that the information was sought for a legitimate purpose – viz., that there were reasonable grounds to believe the records sought were relevant to a national security investigation (i.e., either to obtain foreign intelligence or protect against terrorism or foreign spying).

Nevertheless, Rep. Sensenbrenner writes:

To obtain a business records order like the one the administration obtained, the Patriot Act requires the government to prove to a special federal court, known as a [Foreign Intelligence Surveillance Act (FISA)] court, that it is complying with specific guidelines set by the attorney general and that the information sought is relevant to an authorized investigation. Intentionally targeting US citizens is prohibited.

This is wrong in every particular. The government is not required to prove anything to the FISA court. This was the crux of the debate. If the government had to prove anything to the FISA court, that would mean the FISA court, rather than the executive branch, would have the final say on who could be investigated and what records could be scrutinized.

The government – as the statute says in language that was argued over endlessly – must provide the court with “a statement of facts showing there are reasonable grounds to believe that [the records sought] are relevant to an authorized investigation.” But the statute does not empower the court to second-guess that statement of facts. If the bill had granted this kind of judicial intrusion into executive responsibilities, the national security right would not have supported it, and it would never have been enacted. Instead, the statute provides that if the government makes the stipulated representations, the court must sign the order.

Furthermore, the government need not “prove” to the FISA court “that it is complying with specific guidelines set by the attorney general,” as Sensenbrenner asserts. Instead, guidelines from the attorney general regarding the retention and dissemination of the information sought must be set forth in the application. The executive branch must follow them, and there is no reason to believe agents are not doing so. But there is no requirement to prove to the FISA court that the government is complying. Again, it is a solemn representation, not a proof requirement.

Finally, it is simply not the case, as Sensenbrenner claims, that “intentionally targeting US citizens is prohibited.” The statute provides that information about American citizens may not be targeted if the purpose of the investigation is solely “to obtain foreign intelligence” – and that’s common sense. But, as noted above, the statute also pertains to investigations “to protect against international terrorism or clandestine intelligence activities.” There is no prohibition against targeting American citizens on these scores – which also make sense because, as we know historically, some American citizens have been deeply involved in international terrorism and in helping foreign spy services work against the United States.

Indeed, the statute expressly assumes American citizens will be implicated in investigations. It states: “An investigation … shall … not be conducted of a United States person solely upon the basis of activities protected by the first amendment to the Constitution of the United States” (emphasis added). That is, the government may not target an American merely for political dissent (as, for example, the Obama administration has done in the IRS scandal). But if, say, an investigation involves international terrorism and there is reason, wholly apart from political dissent, to believe an American’s phone records would be relevant, there is no prohibition against seeking an American’s phone records.

I believe Congressman Sensenbrenner is confusing what he may consider to be – and what may in fact be – an overzealous but entirely legal use of the Patriot Act with a violation of the Patriot Act. To compare, again, the awesome powers of criminal investigators: when I was a prosecutor, I could have compelled the production of phone records of countless innocent people. If I did not have a good reason for doing so, it would have been an abuse of my power. But it would not have been a violation of laws that, quite intentionally, allow the executive branch to compel non-privileged records with virtually no oversight. It would mean we’d need a new, more responsible prosecutor, not new laws.

To the contrary, the Patriot Act provides a comprehensive regimen of internal Justice Department monitoring, judicial oversight, and congressional oversight. It is not true, as Rep. Sensenbrenner contends, that collecting records is the equivalent of spying. Under the procedures in place, the government may retain the records it collects, but it may not scrutinize the data therein unless it goes to the FISA court and demonstrates reasonable suspicion, based on specific facts, of terrorist activities.

So yes, the government is permitted to retain phone records for national security purposes with a fairly minimal burden – although a higher one than the government must meet in investigating ordinary and comparatively trivial crime. But it cannot “spy” without satisfying a court that there are grounds to do so – something it never has to do with business records gathered in criminal investigations.

And, unlike the case in routine criminal investigations, there may very well be a valid reason to collect millions of phone records for national security purposes. It may well be that only by accessing the universe of phone traffic are analysts capable of discerning the complex communication patterns of terrorists who are trained in counterintelligence. That has yet to be established, and it may well be that trying to establish it publicly would educate our enemies in how to avoid detection.

Consequently, we may be at a crossroads. At a time when trust in government is understandably low, we are being asked to trust that government is not using the records it retains to spy on us; that both parties and every branch of government are involved in the process to ensure that such spying does not happen; and that government has a legitimate, life-saving national security purpose for the massive data collection that has taken place over many years.

Whether that trust is warranted is a serious question, and it deserves serious consideration. The inquiry is not advanced by overheated, inaccurate allegations of lawlessness.