Related:

2 May 2017, NYT: Reined-In N.S.A. Still Collected 151 Million Phone Records in '16

8 May 2015, NYT: N.S.A. Collection of Bulk Call Data Is Ruled Illegal

6 June 2013, NYT: U.S. Is Secretly Collecting Records of Verizon Calls

5 June 2013, Guardian: NSA collecting phone records of millions of Americans daily


https://www.nytimes.com/2019/03/04/us/politics/nsa-phone-records-program-shut-down.html

March 4, 2019

Disputed N.S.A. Phone Program Is Shut Down, Aide Says

By Charlie Savage

WASHINGTON -- The National Security Agency has quietly shut down a system that analyzes logs of Americans' domestic calls and texts, according to a senior Republican congressional aide, halting a program that has touched off disputes about privacy and the rule of law since the Sept. 11 attacks.

The agency has not used the system in months, and the Trump administration might not ask Congress to renew its legal authority, which is set to expire at the end of the year, according to the aide, Luke Murry, the House minority leader's national security adviser.

In a raw assertion of executive power, President George W. Bush's administration started the program as part of its intense pursuit for Qaeda conspirators in the weeks after the 2001 terrorist attacks, and a court later secretly blessed it. The intelligence contractor Edward J. Snowden disclosed the program's existence in 2013, jolting the public and contributing to growing awareness of how both governments and private companies harvest and exploit personal data.

The way that intelligence analysts have gained access to bulk records of Americans' phone calls and texts has evolved, but the purpose has been the same: They analyze social links to hunt for associates of known terrorism suspects.

Intelligence agencies can use the technique on data obtained through other means, like collection from networks abroad, where there are fewer legal limits. But those approaches do not offer the same systematic access to domestic phone records.

Congress ended and replaced the program disclosed by Mr. Snowden with the U.S.A. Freedom Act of 2015, which will expire in December. Security and privacy advocates have been gearing up for a legislative battle over whether to extend or revise the program -- and with what changes, if any.

Mr. Murry, who is an adviser for Representative Kevin McCarthy of California, raised doubts over the weekend about whether that debate will be necessary. His remarks came during a podcast [1] for the national security website Lawfare.

Mr. Murry brought up the pending expiration of the Freedom Act, but then disclosed that the Trump administration "hasn't actually been using it for the past six months."

"I'm actually not certain that the administration will want to start that back up," Mr. Murry said.

He referred to problems that the National Security Agency disclosed last year. "Technical irregularities" had contaminated the agency's database with message logs it had no authority to collect, so officials purged hundreds of millions of call and text records [2] gathered from American telecommunications firms.

The agency declined to comment on Monday. Press officials with the Office of the Director of National Intelligence and the National Security Council did not respond to requests for comment.

Matt Sparks, a spokesman for Mr. McCarthy's office, said late Monday that Mr. Murry "was not speaking on behalf of administration policy or what Congress intends to do on this issue."

Christopher Augustine, an N.S.A. spokesman, told The New York Times in January that agency officials were "carefully evaluating all aspects" of the Freedom Act program, and were discussing its future.

Mr. Augustine made clear that the White House would make the final call about whether to ask Congress to extend the Freedom Act.

The disclosure that the program has apparently been shut down for months "changes the entire landscape of the debate," said Daniel Schuman, the policy director of Demand Progress, an advocacy group that focuses on civil liberties and government accountability.

Since "the sky hasn't fallen" without the program, he said, the intelligence community must make the case that reviving it is necessary -- if, indeed, the National Security Agency thinks it is worth the effort to keep trying to make it work.

The phone records program had never thwarted a terrorist attack, a fact that emerged during the post-Snowden debate.

"If there is an ongoing program, even if we all have doubts about it, that's a very different political matter than if the program has actually stopped," Mr. Schuman said. "Then the question becomes, 'Why restart it?' rather than whether to turn it off."

The National Security Agency has used the call-detail records -- metadata showing who called whom and when, but not the content of what was said -- as a map of social networks, analyzing links between people to identify associates of terrorism suspects.

Even without the program, the agency could still collect telecommunications data from abroad, which domestic surveillance laws have left largely unregulated. But while overseas-based collection can give some access to Americans' data, it apparently does not provide the systematic access to purely domestic phone messages.

The phone records program traces back to the aftermath of the Sept. 11 attacks when the Bush administration created the secret Stellarwind surveillance program. One component involved the bulk collection of logs of Americans' domestic phone calls.

Companies like AT&T and MCI -- later part of Verizon -- initially turned over their customers' records in response to an order by Mr. Bush. Starting in 2006, the Foreign Intelligence Surveillance Court began issuing secret orders requiring the companies to participate, based on a novel interpretation of Section 215 of the Patriot Act, which said the F.B.I. may obtain business records "relevant" to a terrorism investigation.

In June 2013, the program came to light after The Guardian published [3] the first revelation from the trove of classified files provided by Mr. Snowden: a top-secret surveillance court order to Verizon [4] to provide its customers' call records.

The disclosure, one of the most significant by Mr. Snowden, prompted sharp criticism of the government's theory about why it was legal: Essentially, everyone's phone records were relevant because the government needed to acquire the haystack so that it could hunt for needles of investigative interest. An appeals court later rejected [5] that theory.

While intelligence officials could not point to attacks the program had thwarted, they defended the ability as a useful triaging tool for sifting through potential connections -- and suggested that had it been in place before Sept. 11, it might have helped uncover Al Qaeda's plot. Critics called that argument exaggerated and portrayed it as a legally dubious invasion of privacy that was ripe for abuse.

The Obama administration eventually embraced a plan to end the National Security Agency's bulk collection of domestic phone data but preserve the old program's analytical ability, resulting in the Freedom Act of 2015. [6]

Under that law, the bulk records remained in the hands of the phone companies, not the government. But with a judge's permission, the agency could swiftly retrieve the phone and text logs of particular suspects as well as of all of the people who had been in contact with those suspects, even when they were customers of different phone companies.

Under the replacement system, the number of records about Americans' communications that the agency collected dropped significantly from the billions per day it had previously been sucking in.

Yet the scale of collection remained huge: The program gathered 151 million records in 2016, [7] despite obtaining court orders to use the system on only 42 terrorism suspects in 2016, along with a few left over from late 2015. In 2017, it obtained orders for 40 targets and collected 534 million records. [8]

Problems with the system emerged last year, when the National Security Agency said it had decided to delete its entire database of records gathered since the Freedom Act system became operational. Glenn S. Gerstell, the agency's general counsel, said in an interview at the time that because of complex technical glitches, one or more telecom providers -- he declined to say which -- had responded to court orders for records by sending logs to the agency that included both accurate and inaccurate data.

When the agency then fed those numbers back to the telecoms to get the communications logs of all of the people who had been in contact with its targets, it ended up gathering some data of people unconnected to the targets. The agency had no authority to collect their information, nor a practical way to go through its large database and cull those records it should not have gathered. As a result, it decided to purge them all and start over.

But it had not been clear until Mr. Murry's comments in the podcast that was posted over the weekend that the problems have continued, even as a legislative battle over the Freedom Act -- and the inevitable scrutiny of how the program has functioned -- has drawn near.

[1] https://www.lawfareblog.com/lawfare-podcast-luke-murry-and-daniel-silverberg-national-security-congress

[2] https://www.nytimes.com/2018/06/29/us/politics/nsa-call-records-purged.html

[3] https://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order

[4] https://www.nytimes.com/2013/06/06/us/us-secretly-collecting-logs-of-business-calls.html

[5] https://www.nytimes.com/2015/05/08/us/nsa-phone-records-collection-ruled-illegal-by-appeals-court.html

[6] https://www.nytimes.com/2015/06/03/us/politics/senate-surveillance-bill-passes-hurdle-but-showdown-looms.html

[7] https://www.nytimes.com/2017/05/02/us/politics/nsa-phone-records.html

[8] https://www.nytimes.com/2018/05/04/us/politics/nsa-surveillance-2017-annual-report.html