To keep America safe, does the Federal Bureau of Investigation really need almost unfettered access to Americans’ health records, DNA test results, and even private conversations overheard by digital assistants like Alexa and Siri? News broke earlier this month that the secret Foreign Intelligence Surveillance Court had admonished the FBI for illegally spying on Americans tens of thousands of times. The court’s reprimand of the FBI’s “unduly lax” treatment of foreign surveillance powers—meant for spies and terrorists—raises equally pressing concerns about its domestic surveillance authority.
When we supported Section 215 of the Patriot Act, which will expire Dec. 15 if it isn’t reauthorized, we trusted the FBI and other agencies to act responsibly in accessing the domestic records of large U.S. businesses to counter national-security threats. But the security agencies appear to have abused Section 215 nearly as often as their foreign surveillance authority. Their broad interpretation of that statute has gone well beyond Congress’s original understanding—and common sense.
This was apparent during a Sept. 18 House Judiciary Committee hearing on the Trump administration’s request for the law’s unconditional, permanent reauthorization. A Justice Department lawyer representing the agencies was asked a series of questions about what Section 215 covers. Americans’ health records? “Yes.” DNA test results? “Yes.” Digital media stored by U.S. companies? “Yes.” Answering without hesitation, the lawyer signaled that the Justice Department and other agencies understand the statute to cover virtually any information stored or processed by a business. So interpreted, Section 215 is a grave threat to the constitutional rights of Americans.
First, it’s a threat to Fourth Amendment rights. That amendment specifies that “no warrants shall issue, but upon probable cause”—that is, a demonstration that a crime might have been or may be committed. Yet Section 215 allows intelligence agencies to obtain a court warrant forcing a business to preserve and search consumers’ private information without any showing of probable cause.
The absence of such a standard has already led to widespread abuse, including the infamous call-detail-records database. It contained the telephone-call metadata, including phone numbers and the time, duration and details of calls and texts, which reveal much about the private lives of hundreds of millions of Americans. The government has never linked this program to the foiling of a terrorist plot. Even after legislation was passed in 2015 to rein in the program, the agencies were ultimately forced to suspend the call-detail-record program last year, when they realized it was collecting far more data than they could handle and was violating even their own expansive view of their authority.
The problem doesn’t end there. The security agencies’ broad interpretation of what constitutes a covered business record, a “tangible thing” held by a business, means that almost any information can be obtained merely because it is deemed “relevant” to a national-security investigation—which is entirely within the control of the relevant agency. So conversations with Alexa or Siri as well as health-care or genetic records are all fair game if the agency can articulate some link, however tenuous, to an agency-created investigation.
Second, under the agencies’ interpretation, Section 215 threatens First Amendment rights. The statute says a warrant cannot be issued if the request is based solely on the subject of the investigation exercising First Amendment rights, such as the right to speak or practice his religion. But the “solely” qualification means that agencies simply can concoct some additional reason other than speech, no matter how tenuous, and the warrant must be granted. Mere attendance at a Muslim prayer service, for example, could trigger a warrant if the agency articulates an additional, nonprotected concern, such as the presence of aliens who are in the country illegally—even if its true concern is the Muslim prayer.
With these glaring flaws in mind, how should Congress respond to the agencies’ request to reauthorize Section 215? We believe the law should be reauthorized for a limited period, but only with significant alterations.
To begin, the standard for granting a warrant under Section 215 should be refined to require a demonstration of probable cause—the usual Fourth Amendment standard—unless the agency can establish a good-faith belief that the person at issue isn’t an American citizen. Such a standard would still allow the agency to obtain a warrant for any kind of business record, even those relating to American citizens, if the agency can demonstrate a legitimate reason.
Similarly, Section 215 should be amended to require that a request for a warrant must not be based in substantial part on protected First Amendment activity. Here again, such a requirement would leave the agency free to obtain any kind of business record as long as the court is persuaded the request isn’t substantially based upon, and is therefore unlikely to infringe, the exercise of First Amendment rights.
In light of the growing evidence of overreach, our federal law-enforcement and intelligence agencies’ necessary efforts to gather information must be subjected to additional oversight. It is the only way to protect Americans’ privacy and constitutional rights while keeping us safe.