The Privacy and Civil Liberties Oversight Board, of which I am a member, recently issued a comprehensive public report on the government's use of the now-defunct call detail records (CDR) program under the USA FREEDOM Act. The report includes never before released facts about the program and its compliance and data integrity challenges that ultimately led the National Security Agency (NSA), wisely, to suspend the program in early 2019. As Congress considers whether to reauthorize this program, I urge members of Congress to review the Board's report and reach the same conclusion I did: the program should not be restarted and should not be reauthorized. The privacy and civil liberties impacts of such a large-scale data collection program are simply too large, especially when compared to its minimal national security value. And proposals to reauthorize the program with different data miss the mark. The time has come to allow this collection authority to sunset.
The CDR program was enacted in 2015 and permitted NSA to obtain an order from the Foreign Intelligence Surveillance Court requiring phone companies to send NSA call information out to two "hops" from a suspected number. NSA would get landline and wireless call detail records (who called whom, when, and for how long; and related information) of people who were in contact with the targeted number (the "first hop"), along with call detail records of people who appeared in the first hop records (the "second hop"). According to the Office of the Director of National Intelligence's 2018 Statistical Transparency Report, NSA received more than a billion CDRs from 2016 through 2018. In 2018 alone, NSA collected records including more than 19 million unique phone numbers.
During this time, the program cost about $100 million but resulted in only 15 intelligence reports - a number that by NSA's own assessment is low for a program of this scale and cost. From these 15 reports, only two reports gave the FBI unique information that it would not have had access to through other legal authorities.
Further, the program was plagued with repeated data integrity and compliance problems. NSA, to its credit, worked diligently to diagnose and remediate these, including deleting data that NSA had received due to providers' errors. Still, there is no indication that the conditions that led to the compliance errors are likely to change; nor can I see what NSA could do to avoid further problems should the program be restarted.
Emerging technologies are dramatically raising the stakes as policymakers decide which intelligence capabilities to authorize. Terrorists and other bad actors leave information trails that can identify them and expose their plans. At the same time, we all leave a copious trail of "data exhaust" that can reveal intimate details of our lives. While the privacy implications of each individual piece of data may not seem terribly revealing, the collection as a whole can disclose a great deal, especially where corporate "big data" technologies can reveal the intricacies of our private lives in ways our grandparents never imagined.
The risks and benefits of any data collection authority can be difficult to predict. It might not have been obvious in advance that court orders for two hops of CDRs from a few "seed numbers" would encompass the records of many millions of Americans. And it was surely not obvious that this process would be error-prone and would provide little intelligence value.
Fortunately, we can learn from experience. Robust statistical reports on the uses of intelligence authorities are part of the answer, to ensure that Congress and the public understand the privacy impact of programs. Agencies have made important strides on statistical transparency. At the same time, we need independent, rigorous, and comprehensive oversight, so decisionmakers have the facts and analysis they need to make well-informed decisions. That's what the Board's report aims to provide.
Some have suggested that the problem with the CDR program was not that it was too broad, but that it was too narrow-that the statute could be amended to provide multi-hop authority for other ways in which terrorists may communicate other than by telephone, such as emails and encrypted messaging. But this would only raise further difficulties and questions about the privacy and civil liberties impact of such a program. The CDR program was tailored to telephony, a technology with a century-long history. Even in this highly regulated sector, American companies encountered significant data integrity issues. There is no reason to think the compliance or data quality issues encountered in the CDR program would have been less severe for other types of communications media. Working with a tech sector where developing new capabilities without fully weighing downstream impacts is a common business practice would not be conducive to stability and data accuracy - let alone compliance.
The CDR program was started in good faith, with the hope that it would yield valuable intelligence to protect the public, without too much impact on privacy and civil liberties. Those hopes were not realized. With the benefit of hindsight, we know that the program yielded little useful intelligence, impacted the privacy of millions of Americans, and struggled with data quality problems. What might have been defensible in principle turned out to be a poor bargain in operation.
NSA was right to shutter the call data records program. It's time for Congress to close the book on it.
Ed Felten is a member of the Privacy and Civil Liberties Oversight Board (PCLOB), an independent executive branch agency that works to ensure that efforts by the executive branch to protect the nation from terrorism appropriately safeguard privacy and civil liberties. The views expressed in this article are his own and do not represent those of the PCLOB or the other board members.