Section 215, the controversial law at the heart of the NSA’s massive telephone records surveillance program, is set to expire in December.
On Sept 18, the House Committee on the Judiciary held an oversight hearing to investigate how the NSA, FBI, and the rest of the intelligence community are using and interpreting 215 and other expiring national security authorities. Below are excerpts from the Joint witness statement in which reauthorization is requested. Emphasis is added to highlight their admission of NSA's inability to comply with the requirements of the law.
The Call Detail Records (“CDR”) provision permits the targeted collection of telephony metadata but not the content of any communications. Congress added this authority to FISA four years ago in the FREEDOM Act as one of several significant FISA reforms designed to enhance privacy and civil liberties. It replaced the National Security Agency’s (“NSA”) bulk telephony metadata collection program with a new legal authority whereby the bulk metadata would remain with the telecommunications service providers. As this Committee’s 2015 report described, the CDR authority provides a “narrowly-tailored mechanism for the targeted collection of telephone metadata for possible connections between foreign powers or agents of foreign powers and others as part of an authorized investigation to protect against international terrorism.”
The FREEDOM Act also permanently banned bulk collection under FISA’s business records and pen-trap provisions and under the National Security Letter statutes. As this Committee is aware, the NSA recently discontinued the CDR program for technical and operational reasons.
In 2018, the NSA identified certain technical irregularities in data it received from telecommunications service providers under the CDR provision. Because it was not feasible for NSA to resolve the issue technologically, in May of 2018, NSA began the process of deleting all CDR data that it had received since 2015. Then, after balancing the program’s intelligence value, associated costs, and compliance and data integrity concerns caused by the unique complexities of using these company-generated business
records for intelligence purposes, NSA suspended the CDR program.
NSA’s decision to suspend the CDR program does not mean that Congress should allow the CDR authority to expire. Rather, that decision shows that the Executive Branch is a responsible steward of the authority Congress afforded it, and that the numerous constraints on the Government imposed by the FREEDOM Act, including oversight by the FISC, are demanding and effective. As technology changes, our adversaries’ tradecraft and communications habits continue to evolve and adapt. In light of this dynamic environment, the Administration supports reauthorization of the CDR provision so that the Government will retain this potentially valuable tool should it prove useful in the future.