Site icon Sophos News

NSA won’t collect phone location data, promises US government

US intelligence agencies won’t harvest US residents’ geolocation data in future investigations, revealed the US government this month. In fact, it hasn’t done so since last summer.

The last 18 months have seen significant changes to the US’s collection of phone location data. Since 1994, law enforcement agencies in the US had been able to access court records thanks to an amendment to the 1996 Stored Communications Act. Under this legislation, a judge could give prosecutors access if they could justify that call records were relevant and material to an ongoing investigation.

That all changed in a lawsuit brought by Tim Carpenter, who was convicted in 2011 after federal prosecutors trawled location cell phone data, tying his phone to the time and location of several robberies. Carpenter sued in appeals court, claiming that the trawling violated his Fourth Amendment rights. He lost on appeal, but then the case went to the Supreme Court, which ruled in his favour in a 5-4 vote.

That decision stopped the warrantless collection of phone location data by police and federal law enforcement, but what about for the intelligence community?

In 2001, section 215 of the USA PATRIOT Act amended Title V, Section 501 of the Foreign Intelligence Surveillance Act (FISA), allowing intelligence agencies to collect metadata on calls (known as call detail records, or CDRs) which it stores in repositories and secure networks. The NSA can query the metadata when it has reasonable suspicion that the call could be associated with foreign terrorist organizations.

Section 215 is on the Congressional agenda right now because it is set to expire under the 2015 US Freedom Act, which was created to preserve the CDR program in a constrained form. Unless Congress renews Section 215 it will cease to exist on 15 December 2019.

The NSA’s track record on CDRs has been patchy. In 2018, it flushed the CDRs that it had collected since the inception of the 2015 program, admitting that “technical irregularities” meant it had collected the details of calls that it didn’t have the rights to access. Then, this year it asked the White House for permission to terminate the program because it wasn’t worth the effort.

In March this year, Senator Ron Wyden wrote to the Director of National Intelligence Daniel Coats asking him about the intelligence community’s intentions following the Supreme Court ruling. Coats reportedly replied that he still hadn’t provided guidance to intelligence agencies on the subject. Wyden wrote again on 30 July 2019, pressing the point:

If Congress is to reauthorize Section 215 before it expires in December, it needs to know how this law is being interpreted now, as well as how it could be interpreted in the future.

Coats has since resigned. Last week, the Office of the Director of National Intelligence wrote back, explaining that it hadn’t reached a position on the status of criminal investigations under Title V.

In the letter, Benjamin T Fallon, assistant director of national intelligence for Legislative Affairs, explained that neither the DOJ or the intelligence community had reached a legal conclusion about Title V phone metadata searches following the Carpenter case, and that the issue was such a constitutional and statutory hot potato that they hadn’t done so since the Supreme Court ruling. Currently, they use Titles I and III of FISA to get access to phone metadata, the letter said.

Things seemed clearer when counterterrorism investigations were involved. The letter added that CDRs don’t legally include phone location data (otherwise known as cell site location information):

Finally, with respect to an application under Title V for the production on an ongoing basis of call detail records relating to an authorized counterterrorism investigation, the statute expressly provides that the term “call detail record” does not include “cell site location or global positioning system information…

Thus the government may not obtain CSLI or GPS-based location information in the case of such applications under Title V of FISA.

Since its request to terminate the CDR program, the NSA has asked that it maintain its right to reintroduce it. The latest word from the Democrats is reportedly that they will drop authorisation for the NSA’s metadata collection program altogether, taking it off the table as of next month.

Exit mobile version