Fact-checking the NSA phone records program

Sen. Rand Paul, R-Ky., vowed to fight the bulk collection of phone records when he announced his candidacy for presidency on April 7, 2015. (AP Photo)
Sen. Rand Paul, R-Ky., vowed to fight the bulk collection of phone records when he announced his candidacy for presidency on April 7, 2015. (AP Photo)

This past week, President Barack Obama signed into law a bill that significantly scales back post-9/11 intelligence gathering. Not everyone is happy about the new law -- including some presidential candidates -- so PolitiFact dug into the debate.

The U.S.A. Freedom Act effectively ends the National Security Agency’s bulk phone records collection program, justified under the Patriot Act and made public by Edward Snowden’s revelations in 2013. It changes how phone records are kept, leaving them in the hands of the telecom companies. If the government wants to look at a suspected terrorist’s call data, it must get a court order first.

The Patriot Act’s opponents said the NSA bulk records collection was a violation of individual privacy and the Fourth Amendment, which bars warrantless search and seizure. Others, however, argue that the program was crucial to national security and was unfairly criticized.

What the government collected

Senate Majority Leader Mitch McConnell, who led the group of lawmakers pushing to keep the Patriot Act intact, said the program isn’t as invasive as people think. He took to the Senate floor on May 31 to denounce opponents as conducting "a campaign of demagoguery and disinformation," emphasizing that the government isn’t collecting the content of the calls or listening in.

"The only things in question are the number dialed, the number from which the call was made, the length of the call and the date. That’s it," he said.

But supporters of scaling back the program -- led by presidential candidate Sen. Rand Paul, R-Ky. -- see the collection of the metadata itself as a huge problem. Even without knowing the content of someone’s conversations, analysts can glean plenty of personal information from metadata.

"It is now beyond any serious dispute that a tremendous amount of personal, private information can be gleaned from who calls whom and when," said Elizabeth Goitein, co-director of the Brennan Center for Justice’s Liberty and National Security Program at New York University.

Goitein gave an example: If phone records show a person calling and hanging up on a suicide hotline three times in one evening, someone can make a conclusion about the person making the phone call even without hearing the conversation.

There are some limits on what the government can look at. The government can’t just browse the data generally; it can only examine information on phone numbers with terrorist ties, said Molly Bishop Shadel, a law professor at the University of Virginia and an expert in national security.

"The odds are that it will never look at your metadata at all -- only if you have been in contact with a phone number connected to terrorism," she said.

Have there been abuses?

Presidential candidate Sen. Marco Rubio, R-Fla., strongly supported the Patriot Act program and said the data has not been abused. Whether or not he’s right depends on your definition of "abuse."

"There is not a single documented case of abuse of this program," Rubio wrote in a May 10 USA Today op-ed.

There were certainly glitches in the program, at least. Declassified 2009 documents enumerate a list of what the NSA called "noncompliance" instances. In one case, 3,000 phone numbers were found to have been listed as approved under the "reasonable articulable suspicion" standard without having gone through the proper regulatory channels. In another, phone numbers were automatically added to an alert list without meeting the standard.

Although PolitiFact was able to find dozens of such instances, none of the documented cases appeared to demonstrate willful negligence of regulations. Of course, there could be some willful abuses we don't know about.

There’s also the question of whether the bulk metadata program can be seen as one big "abuse" of the Patriot Act. According to the Second District U.S. Court of Appeals, the metadata program was not permitted. Section 215 allows for record collection "relevant" to national security cases, but in collecting every record, the government was, according to the court, going beyond the scope of "relevant."

Because of the varying interpretations, we rated Rubio’s claim that there were no documented abuses of the program Half True.

The phone records won’t change hands

Presidential candidate Sen. Lindsey Graham, R-S.C., said the new law undercuts privacy because "the phone records will be in the hands of the phone companies with hundreds of people available to look at the records, versus 20 or 30 people in the government."

The premise of Graham’s statement is incorrect. The Freedom Act doesn’t change much for phone companies in terms of how they maintain their records, so there is no reason to believe the law would dramatically increase the number of employees with access to the data.

"Cellular service providers have always had access to cellular metadata," said Stephen Wicker, a professor of electrical and computer engineering at Cornell University. "The expiration of various provisions of the Patriot Act has simply eliminated the authority under which the government requested the data from the service providers."

Phone companies hold onto these records, in some cases for several years, for business purposes. Per FCC regulations, phone service companies can only access these records with the customer’s permission or if required by law, such as providing information to aid a criminal investigation.

Phone companies have customer service operators who can access an individual record to provide customers with information about their accounts, and they have lawyers who handle records requests for law enforcement. And an engineer might access the anonymous metadata for planning cell tower placement and optimizing coverage.

The new law eliminates the NSA bulk collection program, but it does not affect how the companies themselves maintain their records, other than some standardization measures. The law does not cause the phone records to change hands, nor does it create new databases or record-keeping systems. We rated Graham’s claim False.