Law & the Courts

Rand Paul’s NSA Metadata Concerns Are Misplaced

On Tuesday night, Fox News’s Megyn Kelly conducted an incisive interview with Senator Rand Paul (R., Ky.) about his opposition to the National Security Agency’s metadata-collection program under Section 215 of the PATRIOT Act (the business-records provision). The abbreviated version of the interview as aired is on the Kelly File website, here; the full interview (which runs about 13 minutes and also features Kelly Paul, the senator’s wife) has been posted on Fox News’s blog, here.

I have been making the argument that, while there is a serious question about whether the metadata program violates the statutory limitations spelled out in Section 215, Senator Paul’s claim that it flouts the Constitution is frivolous. It was on this point that Ms. Kelly pressed him Tuesday night. I will address two of the senator’s constitutional claims: the “general warrant” objection and the notion that the Fourth Amendment protects private confidentiality arrangements. I will then add some closing thoughts on other misleading and misguided elements of Paul’s argument.

General Warrant

The senator contends that a court order directing a telecommunications company to turn over the records of usage by its customers is a “general warrant,” an evil the Fourth Amendment was designed to prevent. He evidently does not understand the concept he is invoking.

A general warrant is a government grant of authority to search and seize unspecified persons or places without limitation. To prohibit it, the Fourth Amendment requires that a search warrant describe with particularity “the place to be searched, and the persons or things to be seized.”

Senator Paul’s claim that the metadata program flouts the Constitution is frivolous.

There are two fatal flaws in Paul’s general-warrant claim.

One: The Fourth Amendment requires the government to obtain a judicial search warrant only if it wishes to search or seize categories of very personal property that are spelled out explicitly in the amendment — namely, one’s “person, house, papers and effects.” Business records that are the property of a third party (namely, a telecom) do not constitute the customer’s person, house, papers, or effects. You do not have a constitutional privacy interest in property that belongs to a third party. (You may have a statutory privacy interest . . . but I’ll come to that in due course.)

Consequently, to obtain a customer’s phone records, the government is not required to secure a search warrant. Indeed, in ordinary law enforcement, the government commonly compels the production of copious quantities of business records (very much including telephone records) by mere subpoena.

Note that this means the PATRIOT Act, which requires the government to go to court first and highly regulates what the government may do with the phone records it collects, provides more privacy protection than Americans get in everyday law enforcement. Prosecutors, for example, do not need court permission to issue subpoenas, and they may make unlimited use of phone records they gather, including scrutinizing the information that identifies the customers. By contrast, as Rich Lowry observed in his column a couple of days ago, the metadata program under the PATRIOT Act does not collect personal identifying information.

Two: Senator Paul confuses a demand for a large amount of information with a lack of specificity. The fact that Section 215 orders require the telecoms to produce lots of data does not mean the orders do not particularize what data is sought.

Again, because we are not dealing with matters that trigger Fourth Amendment protection (one’s person, house, papers, and effects) there is no requirement for a Section 215 order to comply with the Fourth Amendment’s specificity mandate. Yet it is quite specific nevertheless. The order does not tell the telecom, “Provide all your records, of any kind”; it directs the telecom to provide for all subscriber numbers (but not names, addresses, or other identifying information) records showing what numbers (not names) were called, plus the date, time, and duration of the calls. Yes, it is a lot of information, but the orders are particular about what may and may not be collected. Clearly, they are not “general warrants.”

Note that under Paul’s analysis, a prosecutor or FBI agent would not be able to subpoena, say, the ledgers kept by drug traffickers. After all, those ledgers might contain records pertaining to hundreds or thousands of drug transactions involving dealers and customers whose names are not specified in the subpoena and whose private activities the government would be able to pry into. Of course, this would be untenable: We all know that we do not have a property right in another person’s belongings, and if his papers and effects happen to detail activity in which we’ve been involved, we do not have a constitutional right to shield that information from government agents conducting legitimate investigations.

Private Confidentiality Arrangements

Senator Paul acknowledges that the Supreme Court, in Smith v. Maryland (1979), held that the Fourth Amendment is not implicated by a service provider’s records of the customer’s telephone usage. (Again, we’re talking here about subscriber numbers, numbers called, date, time, and duration — not the content of conversations.) From a constitutional standpoint, that should be the end of the matter. Yet Paul makes some futile efforts to distinguish Smith.

He claims, for example, that Smith is an old case (not from “modern times”), and that it involved the records of a single person who was suspected of crimes, not — as in the metadata program — the records of millions of people who are not criminal suspects. These assertions are at once irrelevant and odd.

First, the Smith Court’s rationale was that third-party business records do not trigger Fourth Amendment privacy protections. The question was not whether the customer at issue was a criminal; it was whether he had a cognizable privacy interest — his status as a suspect was beside the point. Second, what is Paul relying on to show that the 36-year-old Smith ruling is obsolete? Why, it’s the 226-year-old Fourth Amendment. Even if Smith really were ancient history (and it’s not), the justices were relying on an understanding of technology and privacy that was over two centuries more modern than that of the Framers.

Another claim that Paul posits warrants a bit more discussion because it has some surface appeal. The senator observes that a service provider has a contractual duty of confidentiality to the customer: It could be sued if, for example, it sold or gave away the customer’s calling data to another private party without permission. From this premise, Paul reasons that (a) this confidentiality duty is breached when the telecom gives this same information to the government pursuant to a court order, and (b) this purported breach somehow rises to the level of a constitutional violation.

The suggestion has populist appeal: The senator is tapping into the outrage we’d all feel if a phone company gave out information regarding our personal calling habits to just anyone. But legally, his contention, as applied to lawful investigative demands by the government, is specious.

There are some private confidential relationships our law protects by shielding communications from even judicial proceedings — e.g., privileges against disclosure for married couples, and for persons in a priest-penitent, doctor-patient, or attorney-client relationship. Other than these longstanding exceptions, however, the rule is that private confidentiality arrangements must yield to lawful investigative demands.

If you and I agree to share a secret, but you get subpoenaed to a grand jury, neither of us has an enforceable legal privilege that would allow you to refuse to disclose the secret. Even journalists, whose critical function in a democracy is recognized by the First Amendment’s nod to freedom of the press, are nevertheless required to disclose communications with their confidential sources if compelled by grand jury or trial subpoena. (That is why, to take a prominent example, reporter Judy Miller spent many weeks in jail upon refusing to honor a subpoena seeking information about her conversations with a source, then-government official Scooter Libby. The press has lobbied for a “shield law” precisely because the Constitution does not immunize reporters from investigative demands for information.)

Telecoms do and should have contractual and even statutory obligations to keep customer information confidential — not to mention having a competitive business interest in doing so. But those obligations have always been trumped by lawful investigative demands for information.

When, as we’ve seen, the information at issue is not itself protected by the Fourth Amendment, it is silly to argue, as Paul does, that a confidentiality agreement between the service provider and the company changes the Fourth Amendment analysis. The Supreme Court’s “expectation of privacy” jurisprudence involves one’s expectation of privacy from government intrusion. No one has a reasonable expectation of privacy that the government will not seek a corporation’s business records in an investigation. A confidentiality arrangement gives the customer an expectation that the corporation will refrain from irresponsible disclosures to private parties, but not from disclosures based on lawful demands made by government agencies pursuant to court process or federal statutes.

Finally: Honesty, Capability, and Regularity

Three last points.

One: Senator Paul repeatedly and disingenuously blends together his claim that the metadata program violates the Constitution with the fact that the federal appeals court for the Second Circuit recently ruled that the program is “illegal.” Transparently, he is implying that the court concurred in his legal analysis — an effort to give his Fourth Amendment claims the patina of judicial heft. But as the senator well knows, the Second Circuit did not hold that the metadata program violates the Constitution; it concluded that the program transgressed the limitations of a statute — Section 215.

That is a debatable conclusion. The Second Circuit makes a strong case, but the Foreign Intelligence Surveillance Court (which Congress created to specialize in intelligence issues) clearly disagrees, having issued Section 215 metadata orders over two dozen times. The statutory issue is a complicated one (I’ve addressed it here), but it is statutory. Senator Paul should stop suggesting that the courts have found merit in his constitutional claims.

Two: Senator Paul and like-minded critics of government counterterrorism authorities misleadingly conflate government capabilities with government action. Paul, for example, told Megyn Kelly that an academic study of metadata showed that, by scrutinizing it, researchers could figure out personal information like what religion a person belonged to and what medicines the person took. As Ms. Kelly pointed out, the government’s program does not permit metadata to be scrutinized that way; access to the information and the manner in which it may be searched are tightly controlled by statute and court-ordered minimization rules.

Now, to be sure, the government has the capability to abuse the metadata program just as it can abuse any other government program or power. Senator Paul’s argument is akin to saying that because the enormous power of our armed forces could enable a rogue executive branch to take over American cities and impose martial law, we should disband the armed forces.

As I have frequently argued (and made a theme of Faithless Execution), it is a mistake to repeal government powers just because they can conceivably be abused. The powers exist because they may be needed to protect the country in a crisis. The objective should be to get rid of government officials who abuse their power, not to get rid of the power. Rogues will be rogues no matter what the rules are. When we repeal or hyper-regulate national-security authorities, we are simply making it harder for the law-abiding officials to do the job of protecting us; the rogues are largely unaffected.

In any event, when critics like Senator Paul inveigh against counterterrorism measures, it is a good idea to ask: “Is he talking about what they could do if they were of a mind to be abusive, or is he talking about what they are doing?” It is easy to spin imaginary worst-case scenarios, but we should be focused on what actually happens in the real world, especially in a program that features court supervision and congressional oversight.

Three: Finally, Senator Paul is entirely right that we need legal privacy protections that evolve with modern technology and societal views of what should be private. As a self-proclaimed constitutionalist, however, he should understand how the Framers thought this evolution should occur. In the Fourth Amendment, they gave us a core of protection from government intrusion on specific, intimate privacy interests — our physical persons, our homes, and our private papers and effects. But that core of protection is only the bare minimum of what we now call our “privacy” rights; it was never meant to be the totality of those rights.

We were always meant to have additional privacy protections beyond the Fourth Amendment. But those protections are supposed to be enacted by Congress, which can weigh competing concerns and strike the right balance between liberty and security. They are not supposed to be judicially manufactured by pretending that the Fourth Amendment is “organic” and that it says things it plainly does not say.

Section 215 of the PATRIOT Act attempts to strike the right balance. Even though the Supreme Court has said phone data are not protected by the Fourth Amendment, and therefore that investigators could scrub it for all kinds of personal information without violating the Constitution, Section 215 sharply limits the government. Investigators may only collect metadata, not scrutinize it, and they are prohibited from collecting personal identifying information. If they want to scrutinize the data, they must have just cause (e.g., known terrorist phone numbers calling various other numbers) and they must follow strict court-imposed rules for conducting their search — rules that are designed to minimize the chance that innocent people’s records will be analyzed. And they must destroy data periodically to minimize the amount of time the records of innocent people are retained.

Now, it is entirely possible that people will conclude these protections are insufficient to justify the collection of data on tens of millions of Americans, only a statistically negligible number of whom will have any connection to terrorism. As I’ve contended before, proponents have not done a good job of convincing people that the program materially advances our security. I happen to believe the program is important and that its privacy intrusions are trivial (and mostly theoretical). But if my side cannot persuade the public, then the program will be repealed or reformed in a way that ratchets up privacy protections. That is the way a problem left to the wisdom of legislators in a free society is supposed to be resolved.

As any real constitutionalist should recognize, that is the way the Framers designed it.

Andrew C. McCarthy is a policy fellow at the National Review Institute. His latest book is Faithless Execution: Building the Political Case for Obama’s Impeachment



The Latest