In light of Smith, the Privacy Board did not conclude that the metadata program is unconstitutional. It merely noted that the program raises substantial concerns about privacy and freedom of association, and that given the very different circumstances, those concerns are not readily resolved by a simple citation to Smith. The Supreme Court has frequently adapted Fourth Amendment doctrine to ensure that advances in technology do not eviscerate the privacy that the amendment was designed to protect. It has done so in cases involving wiretapping of telephone calls, the installation of a GPS to monitor travel, and the use of a beeper and a thermal imaging device to determine what was happening inside a house. It may well do so when and if the NSA metadata program reaches the Court. Two federal courts have already reached opposite conclusions about the program’s constitutionality, and both cases are being appealed.
But we ought not wait for the Supreme Court. The profound effects of the program on Americans’ privacy and freedom of association, the Privacy Board insisted, should cause Congress and the president to reassess the program today. Any such assessment necessitates a balancing of the program’s costs to our fundamental freedoms against the security benefits it provides. If the program is essential to maintain our way of life, the sacrifices might well be reasonable. Privacy is not an absolute right; the Fourth Amendment bars only “unreasonable” searches and seizures. The Court has always recognized that interests in privacy can be overcome by the government’s interest in law enforcement—usually at the point that the government obtains probable cause that one has committed a crime.
So what can we say about the effectiveness of the NSA metadata program? On this question, the Privacy Board’s report is devastating. The board had access to classified information, and held classified briefings with NSA and other security officials. It pointedly asked for evidence of the program’s utility. In its report, the board painstakingly analyzes each of the various “success stories” that the government has touted. Its conclusion could not be more stark:
We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation. Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.
Reviewing seven years of the NSA amassing comprehensive records on every American’s every phone call, the board identified only one case in which the program actually identified an unknown terrorist suspect. And that case involved not an act or even an attempted act of terrorism, but merely a young man who was trying to send money to Al-Shabaab, an organization in Somalia. If that’s all the NSA can show for a program that requires all of us to turn over to the government the records of our every phone call, is it really worth it?
Apparently President Obama thinks it is. His speech, sandwiched between the reports of the expert panel and the Privacy Board, was, by comparison, deeply disappointing. He conceded that there is something disturbing about the extent of information about our private lives available in the digital age, and specifically acknowledged that “given the unique power of the state, it is not enough for leaders to say: Trust us, we won’t abuse the data we collect. For history has too many examples when that trust has been breached.”
But he proposed only minimal reforms, and left the bulk metadata program in place. He said that the NSA should be required to go to a FISC judge before searching the database, and that the database should be held by a private entity. But he left unspecified what that private entity would be, and many doubt he’ll be able to come up with one. The phone companies have already said they don’t want to be the repositories. And the bigger issue is not who holds the data, but the very fact that the government is engaged in the dragnet collection of data on all of us, rather than conducting the more traditional targeted searches that the Constitution has long required.
In his speech on intelligence gathering, Obama said nothing at all about many of the NSA’s most disturbing practices, including the vacuuming up of cell phone location data, e-mail address books, personal information collected by apps on mobile phones, and vast streams of data running between the overseas communications hubs of Google and Yahoo. He extended a symbolic olive branch to foreigners, saying they would benefit from some of the statutory privacy protections that Americans enjoy. But he did not advocate any change to the 2008 law that authorizes the NSA to listen in on foreigners’ phone calls and read foreigners’ e-mails based on nothing more than the suspicion that they are foreign nationals living outside our borders.
Obama’s speech did not satisfy many. It was roundly condemned in the United States and even more so abroad for not going nearly far enough to rein in the NSA. For real reform, we may need to look to Congress. The good news is that there is genuine bipartisan concern. Congress is considering a multitude of reform bills, but the leading and best one, cosponsored by Senator Patrick Leahy and Representative Jim Sensenbrenner, would, among other things, eliminate the bulk collection of metadata, instead requiring the government to show some specific connection between any records sought and a target of a particular investigation.
More broadly, all three branches of government—and the American public—need to take up the challenge of how to preserve privacy in the information age. George Orwell’s 1984, Ray Bradbury’s Fahrenheit 451, and Philip K. Dick’s The Minority Report all vividly portrayed worlds without privacy. They are not worlds in which any of us would want to live. The threat is no longer a matter of science fiction. It’s here. And as both reports eloquently attest, unless we adapt our laws to address the ever-advancing technology that increasingly consumes us, it will consume our privacy, too.