As usual, our readers are making excellent points in what has become a spirited debate over my earlier post about the news that broke today regarding the government’s years-long collection of millions of phone records.
Let me address one recurring theme. Readers seem to be using me to argue with the Supreme Court. As I note in the post, in its 1979 Smith v. Maryland ruling, the Court held that people do not have an expectation of privacy – which is to say, a privacy interest constitutionally protected by the Fourth Amendment – in the records of their calling activity maintained by their telephone service provider. I used the example of a person who realizes he has been overcharged for a call he did not make – he calls the phone company to remove the charge precisely because he knows the phone company records his calling activity. In response, reader Daryll, quite reasonably, counters:
That is simply wrong. My expectations of privacy do not end simply because the business I contract to work with keeps a record of it so that they can bill me accurately or otherwise provide competent service. My expectation in privacy is that the phone company or cell phone company will not share my private information with anyone but me. If this is the standard by which privacy is eliminated, I would have no expectation of privacy in my bank records, credit card transactions (actually all purchases/sales/orders in which a receipt is generated), medical records including prescriptions and email records.
The problem is: I was not talking about my subjective expectations about privacy, nor, obviously, about Daryll’s. I was talking about the Supreme Court’s conclusion about what privacy interest is reasonable such that it should have Fourth Amendment protection. As we vigorously contend in many of our debates here at NRO, the Supreme Court gets lots of stuff wrong – they are, the old saw goes, right because they’re final, not final because they’re right. For better or worse (and many of our readers think it’s worse), the Court has decided the question central to what we’re discussing. And in so doing, the justices expressly considered and rejected Daryll’s analogy to bank and similar records. This is from Justice Blackmun’s Smith v. Maryland opinion:
[Petitioner’s] claim that he had a “legitimate expectation of privacy” regarding the numbers he dialed on his phone … must be rejected. First, we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must “convey” phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills. In fact, pen registers and similar devices are routinely used by telephone companies “for the purposes of checking billing operations, detecting fraud, and preventing violations of law.” [Citation omitted….] Telephone users, in sum, typically know that they must convey numerical information to the phone company; that the phone company has facilities for recording this information; and that the phone company does in fact record this information for a variety of legitimate business purposes. Although subjective expectations cannot be scientifically gauged, it is too much to believe that telephone subscribers, under these circumstances, harbor any general expectation that the numbers they dial will remain secret….
[E]ven if petitioner did harbor some subjective expectation that the phone numbers he dialed would remain private, this expectation is not “one that society is prepared to recognize as ‘reasonable.’” [Citation omitted.] This Court consistently has held that a person has no legitimate expectation of privacy in information he … voluntarily turns over to third parties. [Several citations omitted.] In [United States v.] Miller, for example, the Court held that a bank depositor has no “legitimate ‘expectation of privacy’” in financial information “voluntarily conveyed to . . . banks and exposed to their employees in the ordinary course of business.” … The Court explained: “The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the Government. . . . This Court has held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.”
That is, Justice Blackmun summed up, “Because the depositor ‘assumed the risk’ of disclosure, the Court held that it would be unreasonable for him to expect his financial records to remain private.”
Now, the fact that the Supreme Court has decided the Fourth Amendment does not protect phone and business records does not end the matter. The Court’s role is to establish the constitutional floor, but Congress has the power to enact protections that go beyond the Constitution’s. It has done so in this area of the law – requiring the government, for example, to go to a court to for an order to set up pen registers (the device at issue in Smith v. Maryland), to go to the FISA Court for permission to get certain business records, etc. Because the records are not shielded by the Constitution, Congress has not required the executive branch to prove that it has a legitimate law-enforcement or national-security reason; but it has required the executive to make representations that the records are sought for a legitimate reason and it has exercised oversight to discourage the executive from abusing its power.
The lines have been drawn this way not only because the information at issue is not constitutionally protected but also because being able to access it and do metadata analyses helps the government identify national security threats and stop attacks from happening. In short, Congress concludes that (a) if you make it too hard to get the records, you increase the chance of attacks, and (b) since the Constitution does not protect the records, we should err on the side of not making them too hard to get.
The lines can certainly be drawn differently from how they are drawn now. Congress could make it more difficult for the government to get this information – or even outright prohibit metadata storage and analysis on the theory that they turn innocent people into suspects or that the government is not trustworthy enough to use the data only for competent, good faith counterterrorism. But drawing the lines differently will increase the risk of attack.
As we’ve seen time and again, the threat – indeed, the reality – of government abuse of power is something we need to be very concerned about. But righteous anger over the Obama administration’s malfeasance does not alter the facts that terrorists are trying to commit mass-murder attacks against Americans and that the government’s access to the kind of information we are discussing has helped prevent a reprise of 9/11.