Pages

Sunday, October 6, 2013

How a Purse Snatching Led to the Legal Justification for NSA Domestic Spying

WIRED

The original telephone metadata recorder. Photo: Courtesy of Philip Weiss Auctions
It began as an ordinary purse snatching. On an early Baltimore morning in 1976, a local street thug crouched alongside his green Monte Carlo, pretending to change a flat, biding his time. Finally, a young woman passed by walking alone to her suburban home. The assailant wrenched her handbag from her grasp, jumped into his car and tore off down the street before the young victim could glimpse his license plate.
The perp, Michael Lee Smith, was apprehended weeks later, thanks in part to the police department’s use of a machine known as a “pen register” to track the threatening phone calls the assailant had started making to his victim. The court wrangling that followed, however, would continue for three years, and eventually land on the docket of the U.S. Supreme Court. In 1979 the court upheld Smith’s conviction, and his 10-year prison term.
Almost 35 years later, the court’s decision — in a case involving the recording of a single individual’s phone records — turns out to be the basis for a legal rationale justifying governmental spying on virtually all Americans. Smith v. Maryland, as the case is titled, set the binding precedent for what we now call metadata surveillance. That, in turn, has recently been revealed to be the keystone of the National Security Agency’s bulk collection of U.S. telephone data, in which the government chronicles every phone call originating or terminating in the United States, all in the name of the war on terror.
“When they started quoting Smith in the NSA investigation and inquiry, I was flabbergasted,” says James Gitomer, who was one of Smith’s two lawyers at the Supreme Court. ”I don’t think this case should be used as the foundation to justify the NSA. It doesn’t apply.”
To understand how a purse snatching led to the NSA’s controversial program, you have to look at Smith’s behavior after he made off with his victim’s bag. Smith became obsessed with the woman he mugged, and began terrorizing her with threatening phone calls after the robbery.
The victim called the police, and told them she’d spotted the purse-snatcher’s car driving past her residence. A beat cop started patrolling the area. According to court records, that cop happened to be in the vicinity of the victim’s residence when Smith himself accidentally locked his keys in his car. He sought the assistance of the officer to help him unlock the door of the Monte Carlo.
Smith’s co-defense attorney, James Gitomer
The officer “took the license number of the vehicle, learned that it was registered to … Smith, and so notified other investigating police officers,” according to records. (.pdf)
That’s where things got interesting from a legal point of view. Using a subpoena issued by the prosecutor, and not a probable-cause warrant signed by a judge, the authorities demanded that the local phone company begin making a record of every phone call originating from Smith’s home phone.
Chesapeake and Potomac Telephone Company did so using the state of the art in telephonic surveillance at the time: a device known as a pen register.
The pen register was first described in Samuel Morse’s 1840 telegraph patent. It’s a fully automatic Morse Code receiver that used a pen to mark dots and dashes on a spool of paper tape, in theory replacing human operators at the receiving end of a telegram. In practice, the mechanical technology proved too slow to keep up with an adept telegraph operator.
But the pen register enjoyed a second life as a phone-spying device. Attached to a phone line, it would mark a single dash for each pulse from a rotary spin dial, producing an accurate record of every phone number dialed. Later models moved past paper tape to print out the actual digits with time and date stamps. By the 1970s, they could even handle Touch Tones.
The pen register was attached to Smith’s line at the phone company central office for two days, and it showed him dialing the victim’s number, providing all the evidence police needed for an arrest.
The woman identified Smith in a lineup. He was convicted of robbery and related charges.
Here is an audio transcript of the Supreme Court’s oral arguments in Smith v. Maryland held March 28, 1979. Courtesy of The Oyez Project at IIT Chicago-Kent College of Law.
In his appeals, Smith argued that the Fourth Amendment — which grants people the right “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures” — applied to the telephone numbers he dialed. The government, he argued, can’t start recording that information without a warrant issued by a judge on the same “probable cause” standard used to get a search warrant.
Stephen Sachs, Maryland’s attorney general at the time, argued the other side before the Supreme Court. Citing an earlier case involving a Georgia bootlegger undone by his bank records, Sachs insisted that Americans have no legitimate expectation of privacy in information they transmit to a business — in this case the phone company.
On June 20, 1979, the high court issued its 5-3 opinion in Smith v. Maryland, ruling against Smith.
Writing for the majority, Justice Harry Blackmun:
First, we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must ‘convey’ phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills. In fact, pen registers and similar devices are routinely used by telephone companies ‘for the purposes of checking billing operations, detecting fraud, and preventing violations of law.’
And thus, a digit-collection device attached to a lone purse snatcher’s telephone set the legal precedent used, three decades later, to justify the bulk collection of the same information on every single American.
Stephen Sachs, who won the Smith case before the Supreme Court in 1979, successfully campaigns in 1977 for Maryland attorney general. Photo: Courtesy of Stephen Sachs
Nobody is more surprised by the long-term ramifications of the case than the prosecutor who won it.
“It was a routine robbery case. The circumstances are radically different today. There wasn’t anything remotely [like] a massive surveillance of citizens’ phone calls or communications,” Sachs says. “To extend it to what we now know as massive surveillance, in my personal view, is a bridge too far. It certainly wasn’t contemplated by those involved in Smith.”
Justice Potter Stewart, writing a dissent in Smith v. Maryland, eerily anticipated today’s discussions about the revelatory nature of phone metadata:
The numbers dialed from a private telephone — although certainly more prosaic than the conversation itself – are not without ‘content.’ Most private telephone subscribers may have their own numbers listed in a publicly distributed directory, but I doubt there are any who would be happy to have broadcast to the world a list of the local or long distance numbers they have called. This is not because such a list might in some sense be incriminating, but because it easily could reveal the identities of the persons and the places called, and thus reveal the most intimate details of a person’s life.
Today, Smith provides constitutional cover for a legion of federal and state laws that enable authorities from the FBI down to the local sheriff to compel banks, hospitals, bookstores, telecommunications companies, and even utilities and internet service providers — virtually all businesses — to hand over sensitive data on individuals or corporations, without having to show probable cause that the target is a criminal, or even that a crime was committed.
But the most dramatic citation of the Smith precedent was, until the Edward Snowden leaks, a secret one.
In a 2006 update to the Patriot Act’s Section 215, Congress allowed the secret Foreign Intelligence Surveillance Court to authorize warrants for most any type of “tangible” records, including those held by banks, doctors and phone companies. And the federal authorities only need to show that the information is “relevant” to an authorized investigation.
Unbeknownst to the public, the NSA, FBI and the Foreign Intelligence Surveillance Court all interpreted the authority as allowing indiscriminate bulk collection. The secret interpretation surfaced only last June, when the Guardian newspaper published the first of the Snowden leaks: a classified opinion from the secret court requiring Verizon to provide the NSA with a complete set of U.S. telephone metadata — all phone numbers of both parties involved in all calls, the international mobile subscriber identity number for mobile callers, calling card numbers used in the call, and the time and duration of the calls.
The government confirmed the authenticity of the document, and has since said the same secret orders are issued every three months for all U.S. carriers.
To fend off criticism of the program and to show that it was legal, the Obama administration released a “White Paper” (.pdf) in August outlining the legal basis for the spying, specifically citing Smith v. Maryland. “[T]he Supreme Court held that the Government’s collection of dialed telephone numbers from a telephone company did not constitute a search of [Smith] under the Fourth Amendment,” the administration noted, “because persons making phone calls lack a reasonable expectation of privacy in the numbers they call.”
In a rare declassified opinion (.pdf) from the FISA court released August 29, Judge Claire V. Eagan addressed the key point: If it’s legal to spy on a single purse snatcher without a warrant, then it’s legal to spy on literally everyone.
“Put another way, where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence,” Eagan wrote.
Testifying last week before the Senate Intelligence Committee, Deputy Attorney General James Cole defended the administration’s reliance on an old precedent involving ancient technology. But he cited Eagan’s opinion to shore up support that the spy program was lawful:
“Some have questioned the applicability of Smith because it was issued over 30 years ago, and it did not concern a situation where the government collected and retained bulk metadata and aggregated it all in one place,” he told senators. “However, the recent opinion of the FISA court addressed that specific issue.”
Congress isn’t likely to withdraw the Patriot Act authority behind the metadata program, either, despite pending legislation in the Senate. The House already flatly rejected a proposal to do so even though the author of the Patriot Act — Rep. Jim Sensenbrenner (R-Wisconsin) — said the government is abusing the law by collecting records of all telephone calls in the United States.
Sensenbrenner said he never thought every telephone call would become relevant to a terrorism investigation. The government, he said, has advanced a “dangerous version of relevance.”
But in the wake of the Snowden disclosures, privacy advocates are uncharacteristically optimistic that Smith might be ripe for review by the Supreme Court. The American Civil Liberties Union, the Electronic Frontier Foundation and the Electronic Privacy Information Center have all filed federal lawsuits challenging the constitutionality of the bulk surveillance — though they’ll have to surmount the issue of “legal standing” first.
The Smith case is on the mind of today’s Supreme Court. When the justices ruled last year that authorities usually need a court warrant to affix GPS devices to vehicles, Justice Sonia Sotomayor offered a glimmer of hope to privacy activists. Mentioning Smith in a concurring opinion, she wrote “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.”
“This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks,” Sotomayor added. “People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the email addresses with which they correspond to their internet service providers; and the books, groceries, and medications they purchase to online retailers.”
Alexander Abdo, the ACLU attorney challenging the program, said there is a huge difference between short-term, targeted surveillance and indefinite, mass surveillance.
“One way of understanding why the two-day, targeted surveillance in Smith cannot possibly justify the perpetual, dragnet surveillance of every American, is to ask whether the result in that case would have been the same if the phone-records program were at issue,” he says. “In other words, how would the Supreme Court have decided Smith in 1979 if the government had relied upon a database of every single American’s call records to capture a single criminal? The court would have given a very different answer to that very different question.”
Howard Cardin, the Baltimore attorney who defended Smith in oral arguments before the Supreme Court, recalls it being a “simple” case.
“I don’t think anybody anticipated the far-reaching effect that it has had,” he said.
Homepage image: Josh Valcarcel/WIRED