The opinion, signed by Judge Colleen Kollar-Kotelly, is thought to date back to July 2004 and is heavily redacted. Nevertheless, it can be seen that the NSA application asked for a much broader type of collection than other pen register / trap and trace applications, and that the application was granted.
What’s also interesting to note is that the section that defines what metadata in this case actually is is practically blacked out completely, so we actually can’t tell for sure what the NSA would consider to be “metadata”, and what they would categorize as “content.” Only a short sentence that hasn’t been redacted shows that the email address of the sender and the recipient aren’t considered to be "content”.
"The raw volume of the proposed collection is enormous,” wrote Kollar-Kotelly, but the estimated size of the collection is again redacted. “In absolute terms, the proposed surveillance ‘will result in the collection of meta data pertaining to [redacted] electronic communications, including meta data pertainin to communication of United States persons located within the United States who are not the subject of any FBI investigation’.”
The opinion goes on to describe the necessity and the benefits of such bulk collection and subsequent analysis both for the NSA and the FBI, and the methods used for analyzing the meta data.
The judge also noted that “there is no reasonable expectation of privacy under the Fourth Amendment in the meta data to be collected,” and reiterated a previous ruling that said that “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties,” since he “assumes the risks” that the third party would reveal that information to the government. At the time, the ruling applied to data regarding phone calls, but the judge said that the same conclusion applies to email meta data.
In short, the judge decided that because the metadata collection was not asked for ordinary law enforcement purposes, but for national interest in thwarting terrorist attacks, it would be allowed, but that special restrictions on accessing, retention and dissemination of such information will have to be set up in order to prevent misuse and infringement on First Amendment right of innocent persons.
The meta data collection program was first implemented in 2001, after the 9/11 attacks, by US president George W. Bush. It took three years and threats from senior officials saying they would resign for the administration to seek authorization for it from the FISC. The program was stopped in 2011 because of “operational and resource reasons”.
“On the logic of these opinions, almost every digital footprint we leave behind can be vacuumed up by the government - who we talk to, what we read, where we go online," commented ACLU National Security Project attorney Patrick Toomey. ”Like previous releases, these materials show the danger of a government that sidesteps public debate and instead grounds its surveillance powers in the secret opinions of a secret court."
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.