On June 2nd Congress enacted the USA Freedom Act, and the president signed it into law.  The purpose of the Act was to scale back the National Security Agency’s bulk domestic metadata collection program, known as the “Section 215 Program,” and subject it to stricter privacy controls.  As a result, the Act will reduce industry’s burden to assist the Section 215 Program.

Summary of the Section 215 Program

The Section 215 Program, named after Section 215 of the PATRIOT Act, was launched in 2006 pursuant to the war on terror.  Under the Program the NSA collected the metadata (e.g. telephone numbers and dates and times of calls but not subscriber identities or voice content) of most U.S. wireline telephone calls on a daily basis and held each daily collection in storage for five years.  The data storehouse was maintained to investigate the calling patterns of any U.S. subscriber engaged in a suspicious pattern of calls with a known foreign-based terrorist.

AT&T and Verizon participated in the Program.  It is unclear how many other carriers were involved.

The Foreign Intelligence Surveillance Act Court (FISA Court) reviewed the Program each 90 days, and upon finding the Program remained in compliance with Section 215 of the PATRIOT Act, renewed the Program for an additional 90-day period.  The NSA also provided classified briefings on the Program to the judiciary and intelligence committees of the U.S. House of Representatives and Senate.

If a senior NSA official made a determination that a certain pattern of calls from a point outside the U.S. to a point inside the U.S. met the legal standard of “reasonably articulable suspicion,” the official could have his staff access the stored call data and analyze the suspicious calls.  If the analysis uncovered evidence of terrorism the NSA would refer the matter to the FBI.  The FBI, in turn, could learn the identity of the U.S.-based suspect and investigate the supposed terrorist activity.

Between 2006 and 2013 the NSA exercised its reasonably articulable suspicion authority 300 times.

Summary of the USA Freedom Act

The primary purpose of the USA Freedom Act was to stop the NSA from collecting U.S. metadata in bulk.  Specifically, the Act limited the NSA to collecting only metadata related to particular terrorist suspects from their wireline carriers on a case-by-case basis upon service of a FISC-approved order.

In addition the Act created a new role in the Section 215 process for experts called “privacy advocates,” who may advise the FISA court on privacy law aspects of terrorist cases.  The Act also let industry publicize generalized metrics on the FISA Court orders they receive.

Impact on the Telecommunications Industry

The USA Freedom Act will reduce burdens on the telecommunications industry to assist Section 215 Program investigations.

To begin with, AT&T, Verizon, and any other wireline participant in the Section 215 Program will no longer need to transmit metadata to the government on a routine basis.

Next, terrorists in foreign countries have presumably stopped calling U.S.-based associates on their landline phones, now that they know a suspicious pattern foreign-to-domestic landline calls may trigger NSA monitoring of the U.S. party to the calls.  Instead terrorists have probably relied more heavily on wireless communications, email, social networks, and VoIP services that do not store metadata.

Even if foreign terrorists do engage in suspicious patterns of wireline calls to U.S. associates the communications will probably not lead to many instances of NSA monitoring, considering the NSA exercised its monitoring authority only 300 times between 2006 and 2013.

In the rare event that the NSA wants to monitor a U.S. party the agency will need case-specific FISC approval, and that approval may be more difficult to obtain, depending on the influence of the new privacy advocates.

If a wireline carrier ever receives a Section 215 FISA Court order to disclose a subscriber’s metadata, the carrier must review the order to confirm it is valid.  Validation is important to protect subscriber privacy.  However the major wireline carriers already have in-house expertise to perform this function.  Other carriers can handle the task by retaining a trusted third party provider of law enforcement assistance services. These trusted third parties specialize in both NSA-related investigations and regular criminal cases.