At 11:59 P.M. on Saturday night, the U.S. National Security Agency supposedly yanked the cord on its bulk telephone records collection, thereby ending an expansive surveillance program that the nation’s intelligence community put in place in the wake of the September 11, 2001 terror attacks.
“There will be no analytic access to the collected metadata after this time,” the Office of the Director of National Intelligence (ODNI) said in a statement.
The public learned of the agency’s spying program after Edward Snowden—ex-NSA contractor and whistleblower extraordinaire—leaked information about it to news outlets in 2013. That revelation provoked an uproar among privacy advocates, and Congress eventually reacted by replacing parts of the U.S.A. Patriot Act, which authorized the privacy-invasive program, with a seemingly-less-intrusive piece of legislation, the U.S.A. Freedom Act, over the summer.
It would be wrong to conclude, however, that this moment signaled the demise of the agency’s surveillance powers. Rather, the NSA has transitioned to a new system. The reformed scheme addresses the most controversial aspects of the collection program, but questions remain about its implementation. Here’s everything you need to know about the change.
What happened at midnight on Saturday?
When the clock struck midnight, a 6-month-long “orderly transition” period for the NSA expired. After the Freedom Act became law in early June, the agency was granted a 180-day grace period to get its affairs in order before putting an end to the bulk phone metadata collection program authorized by a particular portion—Section 215—of the Patriot Act. Under the new guidelines, the NSA no longer may directly collect and hold data about the domestic phone records of U.S. citizens.
Instead, telecom companies will retain and access the data on their customers. The NSA may then seek warrants from the secretive courts created by the Foreign Intelligence Surveillance Act (FISA) in order to compel these companies to hand over pertinent information on terrorism suspects and affiliates. The requests are not done in bulk, but rather require “specific selectors” such as the phone number of an individual. The NSA then has up to 180-days to query the telecom companies for more data—on socially connected persons of interest, so-called one-to-two degree “hops” on their networks—before seeking a renewed authority from a FISA court.
There are exceptions to these items though.
What kinds of exceptions?
Notably, the NSA’s bulk collection database still exists. The agency has requested permission to keep its records for the past five years intact through Feb. 29, 2016. This will ostensibly allow the agency to make sure nothing has gone awry during the transition. Access will be “limited to technical personnel and solely for the purpose of verifying that the new targeted production mechanism authorized by the USA FREEDOM Act is working as intended,” ODNI said in a statement. The database is “hands off” for analysts. Additionally, it’s worth noting that the NSA must retain these records until all lawsuits regarding the original program are resolved.
What’s inside the database?
As mentioned, the database contains metadata. It includes information on phone calls such as who, when, and how long—for instance, the identity of the sender and recipient, the duration, and the time and date. Metadata does not include the content of conversations. However, that doesn’t make it any less of a treasure trove for dot-connecting investigators.