"U.S. Surveillance Through Bulk Metadata Collection: Exploiting the Weakness of Fourth Amendment Jurisprudence"

-- By JuanPaoloFajardo - 10 Dec 2015

A. Introduction

On June 5, 2013, the Guardian published a confidential Foreign Intelligence Surveillance Court (“FISC”) Order, care of Edward Snowden, requiring Verizon to hand over to the National Security Agency telephony metadata generated from its users. In response, President Barack Obama released a carefully worded statement: “[N]obody is listening to your calls. That’s not what this program’s about… But by sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism.”

On the surface, the President’s words are both an appeal to the American public’s basic Fourth Amendment sensibilities and a legal maneuver to remove the NSA’s surveillance activities outside the standard of “ legitimate expectation of privacy”. However, underneath, Mr. Obama’s deliberate focus on Fourth Amendment principles steers public attention away from the more horrifying aspect of Mr. Snowden’s exposé: that the U.S. government’s most effective surveillance tool involves the wholesale collection of bulk metadata from telecommunications and technology companies (“TTC”) for purposes of engaging in population surveillance which easily evades current Fourth Amendment protections and, much worse, public scrutiny.

B. Metadata and Reasonable Expectations of Privacy

At the onset, we must understand what metadata is. It means “data about data”. It refers to “structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information source.”. Telephony metadata, for example, includes “the length and time of the calls and other similar dialing, routing, addressing, or signaling information.” Metadata essentially functions to establish second tier knowledge regarding the data or information apart from its content.

When the President contrasted “listening to your calls” from the term “metadata”, he was referring not only to the technical distinction between content and metadata, but also the legal limits of obtaining one as compared to the other within the context of the Fourth Amendment. This distinction lies at the heart of the government’s surveillance claims: the acquisition of bulk metadata from TTC’s without the need for establishing probable cause does not constitute an unreasonable search.

The bedrock of the government’s position can be traced to the Supreme Court’s rulings in U.S. v. Miller and Smith v. Maryland, both of which apply Katz v. United States’ third-party doctrine exception to the Fourth Amendment: “[w]hat a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection.” In Miller, the court ruled that bank depositors have no legitimate expectation of privacy in the transaction records maintained by banks. Similarly, in Smith, the court saw as permissible the installation of pen registers in telephone company property without a search warrant because it did “not acquire the contents of communications” and because there is no legitimate expectation of privacy in numerical information voluntarily conveyed to the telephone in the ordinary course of its business.

Based on these cases, the government’s argument is simple: The acquisition of metadata is not synonymous to the acquisition of private communications, which explicitly enjoys Fourth Amendment protections. Any extension of the Fourth Amendment to metadata must be based on the existence of legitimate expectations of privacy over such information, which the Supreme Court has already ruled otherwise due to the voluntary nature of its conveyance to third parties, namely TTCs.

This argument, however, is an obvious exploitation of the weakness of current Fourth Amendment jurisprudence in the face of present-day bulk metadata collection and the growth of technology that has allowed metadata to fuel covert intrusions into individual privacy. Current jurisprudence is fixated only on the front-end level of metadata collection and no court has ever considered the privacy implications of bulk metadata aggregation at the back-end.

B. What Happens at the Back-End?

When Smith was promulgated in 1979, the idea of metadata collection was limited in terms of subject, breadth and purpose. In fact, the constitutionality of the pen register installation was adjudicated in the context of a criminal investigation of a suspected robber and the information obtained was limited to telephone numbers. Fast-forward to 2013, Mr. Snowden’s disclosures have painted a different view of metadata collection. Now, U.S. surveillance efforts involve the broad collection of bulk telephony metadata from millions of users stored in the servers of the world’s largest technology companies, unrelated to the investigation of any specific person or any specific crime.

According to the Foreign Intelligence Surveillance Court, the volume of metadata records currently being acquired by the U.S. government does not alter the Supreme Court’s conclusion in Smith. From the front-end, yes, the volume of metadata collection doesn’t change the nature of metadata as understood by the court in Smith. However, at the back-end, what the U.S. government does with bulk metadata necessitates a change in judicial perspective.

After the U.S. government acquires bulk metadata from TTCs, it subjects this information to various Big Data processes that allows it to “search, aggregate and cross-reference large data sets” with the hope of unearthing “actionable data” for “national security and policing purposes”. Through this aggregation, bulk metadata can “reveal who we are, who we know, what we do and care about and plan to do next”. It can even “reveal things that we never intentionally communicated at all.” An example of the U.S. government’s Big Data practice is the PRISM program which allows the NSA direct access to the servers of companies such as Apple, Facebook, Google, Microsoft, Skype, Yahoo, and YouTube? .

With Big Data practices driving the back-end of the U.S. government’s bulk metadata collection, surveillance activities can now unearth information that falls outside the category of communications content, but nevertheless intrudes into reasonable zones of privacy that may require further protection of the courts. The problem is that current jurisprudence is merely concerned with whether the acquisition of metadata is permissible under the Fourth Amendment. It never considered the nature of the information metadata generates when aggregated. While it is simply a matter of time and judicial willingness before the privacy implications of bulk metadata collection is directly addressed by the courts (See Justice Sotomayor's concurring opinion in U.S. v. Jones), this gaping jurisprudential hole begs the question: How do we protect our privacy in the meantime?

Lizzie: Juan, I enjoyed reading this, though I would be keen to know what you would propose should be the direction the law develops. You might also be interested to know that the collection of metadata is not just a matter of unintentionally handing over information that might give rise to a breach of privacy, the USG uses it to kill people. They say they don't even need content - indeed I wonder whether content actually serves to interfere with intelligence algorithms. In other words, the collection of metadata is not a lesser version of what they would like to collect, it is what they actually need. Which makes SCOTUS look even more outdated, I think.


Gregg: I enjoy the essay, but wouldn't it be more at home in the Spring semester class on privacy and the Constitution?


Jianing: Hi Juan, I think you have made a really good point here. And I would like to add another point in accordance with yours, which is to make the picture more fully revealed for others who may read your piece. You have made it clear why people should worry about metadata collection when the actual content is not being overheard; but I believe there are still people in the world who don't even understand why privacy matters. It may be in their interest to watch the TED Talk delivered by Glenn Greenwald. Basically,Greenwald has made three arguments on the importance of personal privacy: First, those who claim that privacy is not important never fail to protect their own privacy while pointing their fingers at others; secondly, as far as mass surveillance is concerned, those in power are not simply looking for criminals, but whoever with the ability to pose a threat to their power, and the overall freedom of a society is measured by how it treats its dissidents, not its obedient citizens; thirdly, a private place is what human creativity needs to be activated and empirical studies have shown that human behaviour become dramatically more conformative when people know that they may be overseen at any time.

The basic thesis here is that there's a conceptual gap to be filled, so that correct judicial decisions can solve a Fourth Amendment problem being diagnosed in the first half of the essay. For reasons that those taking the other half of the course will now understand, I personally disagree with this framing. I think the problem of the Fourth Amendment's poor fit to our circumstances is insoluble, and lies not in some incorrect decisions but in the fabric of the right itself.

So what I don't actually find here is the matter that would respond to my objection: what's the constitutional basis for altering any of the doctrine—from the distinction between telephone call content and call connection data, that between data left with third parties in the course of market transactions for goods or services and that maintained by the person herself, that between circumstances of prosecution and circumstances of non-prosecutorial investigation—that is admittedly reducing the Fourth Amendment's relative scope of influence? Don't the words mean substantially what they always have meant? In which ways has what was always reasonable become unreasonable?