After weeks of political hand-wringing, the Patriot Act is out and the USA Freedom Act is in. But despite substantial support from both parties, the sweeping national security reform is not without critics.
Chief among them is Sen. Marco Rubio, R-Fla., who unsuccessfully lobbied to extend bulk metadata collection authorized under Section 215 of the Patriot Act.
The metadata program, which allowed National Security Agency officials to collect phone data such as call length and the phone numbers involved, started in 2006 and was kept top-secret until Edward Snowden famously exposed it and other NSA information-gathering initiatives in 2013.
The USA Freedom Act, meanwhile, forces the NSA to subpoena phone records from phone companies instead of collecting the data directly.
Rubio argued to keep the metadata program as is in a USA Today op-ed May 10.
"There is not a single documented case of abuse of this program," Rubio wrote. "Internet search providers, Internet-based email accounts, credit card companies and membership discount cards used at the grocery store all collect far more personal information on Americans than the bulk metadata program."
The metadata program has not produced a single case of abuse? That’s a strong claim. Does it withstand scrutiny?
Well, sort of. It depends on how you define "abuse."
There are two factors at play here: the actions of the NSA officials enacting the program and the legality of the program itself. First, we’ll discuss those who oversaw the program. Did they "abuse" their power?
There were certainly glitches in the program, at least. Declassified 2009 documents enumerate a list of what the NSA called "non-compliance" instances. In one case, 3,000 phone numbers were found to have been listed as approved under the "reasonable articulable suspicion" (RAS) standard without having gone through the proper regulatory channels. In another, phone numbers were automatically added to an alert list without meeting the standard.
Although PolitiFact Florida was able to find dozens of such instances, none of the documented cases appeared to demonstrate willful negligence of regulations. Most were corrected almost immediately, and the vast majority involved mishandling technology. As the Privacy and Civil Liberties Oversight Board (PCLOB) wrote in its 2014 appraisal of the metadata program: "None of these compliance issues involved significant intentional misuse of the system. Nor has the Board seen any evidence of bad faith or misconduct on the part of any government officials or agents involved with the program."
"This is one time in my life when I am going to agree with Marco Rubio," said Molly Bishop Shadel, a senior fellow at the University of Virginia’s Center for National Security Law. "You've noted compliance issues, but that's not the same thing as intentional abuse."
Stephen Vladeck, a professor of Law at American University, says he sees the non-compliance issues differently.
"If one defines ‘abuse’ to require intentional malfeasance, then it’s a lot harder to show that the phone records program was ever ‘abused,’ " he said. "But that’s certainly not how dictionaries define that term or how I have to imagine it’s commonly understood."
A quick look at Webster’s shows "abuse" to mean, "A corrupt practice or custom; improper or excessive use or treatment."
We found no evidence of corruption but did find evidence of improper treatment.
Jonathan Mayer, a cybersecurity fellow at Stanford's Center for International Security and Cooperation, noted that the secretive way the metadata collection program was set up could have allowed for some willful abuses to go unreported. Put simply, there could be some abuses we don't know about.
The second question circles around the metadata program itself. Could the bulk metadata program be seen as one big "abuse" of Section 215 of the Patriot Act?
Rubio’s writes in his op-ed that, "Despite recent court rulings, this program has not been found unconstitutional, and the courts have not ordered a halt to the program. This program has been found legal and constitutional by at least 15 federal judges serving on the FISA Court on 35 occasions." These claims are true, but don’t tell the entire story.
According to the Second District U.S. Court of Appeals, the metadata program was not permitted under Section 215 of the Patriot Act. The U.S. government tried to argue the program was permissible under the "relevance" standard of evidence collection because even seemingly immaterial phone data could have theoretically led to relevant information or become relevant in future investigations.
"We agree with appellants that such an expansive concept of ‘relevance’ is unprecedented and unwarranted," the court wrote. "The statutes to which the government points have never been interpreted to authorize anything approaching the breadth of the sweeping surveillance at issue here."
The district court said it didn’t feel the need to rule on the constitutionality of the bulk metadata program because it ruled it was not legal according to the original legislation. The court allowed the program to continue only because of the future congressional debate that could "profoundly alter the legal landscape."
Even the Privacy and Civil Liberties Oversight Board -- which found that the program was "operated in good faith" -- said there was no legal basis for the bulk collection of data. "Because the program is not statutorily authorized, it must be ended," the board wrote.
Marco Rubio said, "There is not a single documented case of abuse of this program." Rubio’s office did not respond to a request for comment.
There are plenty of documented cases of misuse of the metadata collection program. It just depends whether that misuse is what you or Rubio have in mind when you think of abuse. We found no example of intentional misuse of the program.
At the least, Rubio should have been more clear in in his op-ed to help readers understand the complexities of the metadata collection program.
Rubio’s statement is partially accurate. We rate it Half True.