On September 2, 2020, a three-judge panel of the United States Court of Appeals for the Ninth Circuit held that the government’s previously operational bulk telephony metadata collection program, authorized following the terrorist attacks of September 11, 2001, violated the requirements of the Foreign Intelligence Surveillance Act (“FISA”) and likely violated the Fourth Amendment’s protections against unlawful search and seizure.
The existence of the bulk collection program was previously revealed to the public in 2013 by former NSA contractor Edward Snowden, who provided journalists from the Washington Post and The Guardian with evidence that major telecommunications companies had facilitated pervasive, in-depth surveillance by the government. The program, among other elements, allowed officials at the NSA to engage in warrantless and widespread surveillance of Americans’ live communications and stored information, including email, video and voice chat, videos, photos, VOIP, file transfers, and social networking details.
The case before the Ninth Circuit concerned four men convicted in 2013 on charges of sending $10,900 to Somalia, purportedly to support a foreign terrorist organization. In a 59-page opinion, Circuit Court Judge Marsha S. Berzon held that while prior government surveillance programs had allowed “a pen register [to be] used for a few days at most,” the bulk metadata program had allowed “the NSA [to] collect [the defendants’] (and millions of other Americans’) telephony metadata on an ongoing, daily basis for years.” Judge Berzon also recognized the unique and pervasive power of bulk telephony metadata, noting that the program “paint[ed] a picture that can be startlingly detailed” including “identify[ing] the strength of relationships and the structure of organizations”—despite no probable cause for monitoring or investigation.
Ultimately, the Ninth Circuit panel confirmed the lower court’s decision, finding that the four defendants’ convictions were supported on other grounds. The Ninth Circuit’s decision regarding the bulk metadata collection program may also be appealed to a full en banc panel of the Ninth Circuit, or to the Supreme Court. Moreover, it is unlikely that the court’s decision will have any immediate effect on data collection programs; the metadata program at issue was discontinued in 2015 after passage of the USA FREEDOM Act, and a replacement program lapsed in 2019, as reported by the New York Times. A similar bulk metadata collection program focused primarily on foreign communications, commonly known as PRISM, remains operational.
Nevertheless, the Ninth Circuit’s decision to explicitly invalidate the prior bulk collection program is further evidence of an increasingly lower judicial tolerance for government surveillance of Americans’ digital communications. For example, in 2018, the Supreme Court of the United States held in Carpenter v. United States that warrantless access to cellphone CSLI records (thereby allowing the police to track the physical location history of a user) violates the Fourth Amendment. An increasing number of lower courts have also challenged the ongoing viability of the “third-party doctrine,” a legal theory that effectively validates government access to any information provided by a user to a private corporation (such as an internet service provider). In 2012, Associate Justice Sonia Sotomayor explicitly commented that the third-party doctrine was “ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”
As the world continues to be ravaged by the COVID-19 pandemic, more and more Americans are relying on the internet to work, play, shop, and communicate with loved ones on a daily basis. Many of these cultural shifts are likely to continue in a post-COVID world, heightening the need for greater legal protection and new judicial doctrines to strengthen and ensure digital privacy rights. Ben Franklin famously said that “[t]hose who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.” As the law continues to play catch-up on these critical issues of the day, it remains to see whether online users in the United States will receive liberty, safety, or something else entirely.