Disputed US phone spying programme has been shut down, congressional aide says

One component involved the bulk collection of logs of Americans' domestic phone calls.
One component involved the bulk collection of logs of Americans' domestic phone calls.PHOTO: AFP

WASHINGTON (NYTIMES) - The United States National Security Agency (NSA) has quietly shut down a system that analyses logs of Americans' domestic calls and texts, according to a senior Republican congressional aide, halting a programme that has touched off disputes about privacy and the rule of law since the Sept 11, 2001, attacks.

The agency has not used the system in months, and the Trump administration might not ask Congress to renew its legal authority, which is set to expire at the end of the year, according to the aide, Mr Luke Murry, the House minority leader's national security adviser.

In a raw assertion of executive power, President George W. Bush's administration started the programme as part of its intense pursuit for Al-Qaeda conspirators in the weeks after the 2001 terrorist attacks, and a court later secretly blessed it.

Intelligence contractor Edward Snowden disclosed the programme's existence in 2013, jolting the public and contributing to growing awareness of how both governments and private companies harvest and exploit personal data.

The way that intelligence analysts have gained access to bulk records of Americans' phone calls and texts has evolved, but the purpose has been the same: They analyse social links to hunt for associates of known terrorism suspects.

Intelligence agencies can use the technique on data obtained through other means, like collection from networks abroad, where there are fewer legal limits. But those approaches do not offer the same systematic access to domestic phone records.

Congress ended and replaced the programme disclosed by Snowden with the USA Freedom Act of 2015, which will expire in December.

 
 

Security and privacy advocates have been gearing up for a legislative battle over whether to extend or revise the programme - and with what changes, if any.

Mr Murry, who is an adviser for Representative Kevin McCarthy, a California Republican, raised doubts over the weekend about whether that debate will be necessary. His remarks came during a podcast for the national security website Lawfare.

Mr Murry brought up the pending expiration of the Freedom Act, but then disclosed that the Trump administration "hasn't actually been using it for the past six months".

"I'm actually not certain that the administration will want to start that back up," Mr Murry said.

He referred to problems that the National Security Agency disclosed last year.

"Technical irregularities" had contaminated the agency's database with message logs it had no authority to collect, so officials purged hundreds of millions of call and text records gathered from US telecommunications firms.

The agency declined to comment on Monday. Press officials with the Office of the Director of National Intelligence and the National Security Council did not respond to requests for comment.

Mr Matt Sparks, a spokesman for Mr McCarthy's office, said late on Monday that Mr Murry "was not speaking on behalf of administration policy or what Congress intends to do on this issue".

Mr Christopher Augustine, an NSA spokesman, told The New York Times in January that agency officials were "carefully evaluating all aspects" of the Freedom Act programme, and were discussing its future.

Mr Augustine made clear that the White House would make the final call about whether to ask Congress to extend the Freedom Act.

The disclosure that the programme has apparently been shut down for months "changes the entire landscape of the debate", said Mr Daniel Schuman, the policy director of Demand Progress, an advocacy group that focuses on civil liberties and government accountability.

Since "the sky hasn't fallen" without the programme, he said, the intelligence community must make the case that reviving it is necessary - if, indeed, the National Security Agency thinks it is worth the effort to keep trying to make it work.

The phone records programme had never thwarted a terrorist attack, a fact that emerged during the post-Snowden debate.

"If there is an ongoing programme, even if we all have doubts about it, that's a very different political matter than if the programme has actually stopped," Mr Schuman said. "Then the question becomes, 'Why restart it?' rather than whether to turn it off."

The National Security Agency has used the call detail records - metadata showing who called whom and when, but not the content of what was said - as a map of social networks, analysing links between people to identify associates of terrorism suspects.

Even without the programme, the agency could still collect telecommunications data from abroad, which domestic surveillance laws have left largely unregulated.

But while overseas-based collection can give some access to Americans' data, it apparently does not provide the systematic access to purely domestic phone messages.

The phone records programme traces back to the aftermath of the Sept 11 attacks when the Bush administration created the secret Stellarwind surveillance programme.

One component involved the bulk collection of logs of Americans' domestic phone calls.

Companies like AT&T and MCI - later part of Verizon - initially turned over their customers' records in response to an order by Mr Bush.

Starting in 2006, the Foreign Intelligence Surveillance Court began issuing secret orders requiring the companies to participate, based on a novel interpretation of Section 215 of the Patriot Act, which said the FBI may obtain business records "relevant" to a terrorism investigation.

In June 2013, the programme came to light after The Guardian published the first revelation from the trove of classified files provided by Snowden: a top-secret surveillance court order to Verizon to provide its customers' call records.

The disclosure, one of the most significant by Snowden, prompted sharp criticism of the government's theory about why it was legal: Essentially, everyone's phone records were relevant because the government needed to acquire the haystack so that it could hunt for needles of investigative interest.

An appeals court later rejected that theory.

While intelligence officials could not point to attacks the programme had thwarted, they defended the ability as a useful triaging tool for sifting through potential connections - and suggested that had it been in place before Sept 11, it might have helped uncover Al-Qaeda's plot.

Critics called that argument exaggerated and portrayed it as a legally dubious invasion of privacy that was ripe for abuse.

The Obama administration eventually embraced a plan to end the National Security Agency's bulk collection of domestic phone data but preserve the old programme's analytical ability, resulting in the Freedom Act of 2015.

Under that law, the bulk records remained in the hands of the phone companies, not the government.

But with a judge's permission, the agency could swiftly retrieve the phone and text logs of particular suspects as well as of all of the people who had been in contact with those suspects, even when they were customers of different phone companies.

Under the replacement system, the number of records about Americans' communications that the agency collected dropped significantly from the billions per day it had previously been sucking in.

Yet the scale of collection remained huge: The programme gathered 151 million records in 2016, despite obtaining court orders to use the system on only 42 terrorism suspects in 2016, along with a few left over from late 2015.

In 2017, it obtained orders for 40 targets and collected 534 million records.

Problems with the system emerged last year, when the National Security Agency said it had decided to delete its entire database of records gathered since the Freedom Act system became operational.

Mr Glenn Gerstell, the agency's general counsel, said in an interview at the time that because of complex technical glitches, one or more telecom providers - he declined to say which - had responded to court orders for records by sending logs to the agency that included both accurate and inaccurate data.

When the agency then fed those numbers back to the telecoms to get the communications logs of all the people who had been in contact with its targets, it ended up gathering some data of people unconnected to the targets.

The agency had no authority to collect their information, nor a practical way to go through its large database and cull those records it should not have gathered. As a result, it decided to purge them all and start over.

But it had not been clear until Mr Murry's comments in the podcast that was posted over the weekend that the problems have continued, even as a legislative battle over the Freedom Act - and the inevitable scrutiny of how the programme has functioned - has drawn near.