Eugene Volokh:
In his recent Wall Street Journal op-ed, my co-blogger Randy Barnett argues that massive-scale collection of communications metadata by the NSA violates the Fourth Amendment because it is an unreasonable seizure. Randy’s colleague Laura K. Donohue recently argued in the Washington Post that such collection violates the Fourth Amendment as an unreasonable search. Jennifer Granick and Chris Sprigman made a similar argument in the New York Times.
Are they right? Does obtaining all telephony metadata under Section 215 — and then querying the database — violate the Fourth Amendment?
In this post, I’ll start with current law, and I’ll explain why current law supports the conclusion that massive-scale collection of communications meta-data by the NSA does not violate the Fourth Amendment rights of its customers. I’ll then consider alternate views of the Fourth Amendment and explain the prospects and challenges of using the mosaic theory to get to a contrary result.
I’ll then turn to the argument Randy flags that obtaining this metadata may violate the rights of the communications providers instead of customers. This strikes me as a plausible argument, but not a certain one; I find the issue doctrinally murky, and I don’t have a strong view of it. But in this post I’ll offer the arguments for the sake of those interested in them.
I. Metadata Surveillance and the Fourth Amendment Rights of Customers
First, the facts. From what we can tell, the FISC has signed an order requiring communications providers to disclose the telephony metadata they have collected to the federal government. We don’t know exactly what records are actually being turned over, but the order indicates that it includes all non-content information, which might include numbers dialed, duration of calls, and the location information of cell-phones. The NSA is then querying the database, although it seems that pursuant to a FISC order they can do so only when they have reasonable suspicion that the fruits of the query will reveal information relating to terrorist plots and the like.
The conventional account of the doctrine would indicate that this does not violate the Fourth Amendment. When I say “conventional account,” I mean the account found in conventional sources of legal authority like Supreme Court opinions and circuit court decisions. Here’s how the conventional account would go:
(a) First, obtaining telephone metadata is not a “search” under Smith v. Maryland, 442 U.S. 735 (1979). Smith held that the number dialed from a telephone call is not protected because it is information provided to the phone company to place the call. The caller sends the information to the phone company, and the phone company uses it; the information is the phone company’s record of what it did, not the user’s property. Smith built on United States v. Miller, 425 U.S. 435 (1976), which held that a person does not have Fourth Amendment rights in their bank records. The bank records are the bank’s business records of how the account was used, Miller reasoned, so the customer has no privacy rights in the information.
Under the reasoning of Smith and Miller, metadata that is account information about how an account was used — but not call contents — is not protected under the Fourth Amendment. See, e.g., United States v. Fregoso, 60 F.3d 1314, 1321 (8th Cir. 1995) (stored telephone records not protected). Lower courts have applied the same principles to Internet metadata, too. See United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008) (IP addresses); United States v. Perrine, 518 F.3d 1196, 1204 (10th Cir. 2008) (“Every federal court to address this issue has held that subscriber information provided to an internet provider is not protected by the Fourth Amendment’s privacy expectation.”).
(b) Under existing doctrine, the closer call is with cell-site location — location information about where phones are located — that is part of the same Section 215 order. There is pending litigation on how the Fourth Amendment applies to cell-site information collection in several circuits, and it’s not inconceivable that the issue might get to the Supreme Court within a few years. However, the predominant view in the caselaw is that cell-site location is unprotected under Smith v. Maryland. See, e.g., United States v. Skinner, 690 F.3d 772 (6th Cir. 2012); United States v. Booker, 2013 WL 2903562, at *9 (N.D.Ga. 2013); United States v. Graham, 846 F.Supp.2d 384, 389 (D.Md.2012); United States v. Benford, 2010 WL 1266507, at *3 (N.D.Ind. 2010).
(c) One difference between the existing cases like Smith and the facts of the NSA program involves the scale of the records obtained. In the criminal cases Smith, Forrester, and Perrine, the government obtained and examined the records of a single customer — the criminal suspect. Under the current Section 215 order, however, the government is obtaining massive databases of tens of millions of customers. It is then only looking through that database when it has reasonable suspicion. So it’s a big difference in the facts. But do those facts make a constitutional difference?
I think that distinction can make a difference in the analysis on the Fourth Amendment rights of the phone companies — more on that in a minute. But I don’t see a doctrinal hook in existing caselaw for why it would make a difference in the Fourth Amendment rights of their users. If obtaining pen register information on one user is not a search, the obtaining that pen register information for 100 or 10,000 or 1,000,000 or more users is still not a search. Katz tells us that the Fourth Amendment protects “people, not places,” and it’s not clear how surveillance that is not a search when provides information about one person can become a search when it provides information about many. To be sure, it’s possible to devise theories of the Fourth Amendment that would make that relevant, but it’s hard to get there just based on the conventional sources of existing appellate cases.
(d) That brings us to the last part of the picture. If the information that is in the database is not protected by the Fourth Amendment, then querying the database does not raise any Fourth Amendment issues. See, e.g., State v. Sloane, 939 A.2d 796 (N.J. 2008).
II. The Mosaic Theory and the Rights of Customers
So that’s the conventional account. The most common arguments to the contrary invoke what I have called the mosaic theory of the Fourth Amendment. Specifically, they draw from the concurring opinions in United States v. Jones, 132 S. Ct. 945 (2012) to say that the collective acquisition and analysis of information about a person over time constitutes a search even if collecting individual discrete pieces are not searches. Here’s Chris Sprigman and Jennifer Granick making the argument:
The government has made a mockery of [Fourth Amendment] protection by relying on select Supreme Court cases, decided before the era of the public Internet and cellphones, to argue that citizens have no expectation of privacy in either phone metadata or in e-mails or other private electronic messages that it stores with third parties.
This hairsplitting is inimical to privacy and contrary to what at least five justices ruled just last year in a case called United States v. Jones. One of the most conservative justices on the Court, Samuel A. Alito Jr., wrote that where even public information about individuals is monitored over the long term, at some point, government crosses a line and must comply with the protections of the Fourth Amendment. That principle is, if anything, even more true for Americans’ sensitive nonpublic information like phone metadata and social networking activity.
Laura Donohue echoes the same point:
Americans reasonably expect that their movements, communications and decisions will not be recorded and analyzed by the government. A majority of the Supreme Court seems to agree. Last year, the court considered a case involving 28-day GPS surveillance. Justice Samuel Alito suggested that in most criminal investigations, long-term monitoring “impinges on expectations of privacy.” Justice Sonia Sotomayor recognized that following a person’s movements “reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”
This argument isn’t impossible to make, but it is certainly uphill. That’s true for three primary reasons:
1) The concurring opinions in Jones are only that — concurring opinions. They are not binding law. Most lower courts have rejected the rationale of the concurring opinions.See, e.g., State v. LeMasters, 2013 WL 3463219 (Ohio App. July 8, 2013) (“While [the appellant] spends a great amount of time in his brief quoting and referencing the concurring opinions in Jones that suggest that the Fourth Amendment should be stretched to include other privacy rights, we are bound only by the majority opinion of the court, rather than questions raised and suggestions made within the dicta of concurring opinions. “) So to succeed on this argument, first you need to argue that courts should adopt the mosaic theory and apply it in cases like the NSA surveillance. I have argued that courts should reject the mosaic theory; you can read my argument here if you’d like. But even if you disagree, I don’t think you can just cite the concurring opinions in Jones and call it a day. Instead, you need to offer an argument as to why courts should adopt those concurring opinions. As I explain in my article, that’s possible but not at all easy.