Skip to main content

Should Lawmakers Vote to End the National Security Agency’s Bulk Collection of Phone Records?

Yes — absolutely.

Section 215 of the Patriot Act is set to expire on June 1. That provision gives the NSA permission to collect metadata from communications mediums like phone calls. Metadata, in this case, refers to the phone number making the call, the called number, the date and time of a call, and the call’s duration. It does not give the NSA permission to collect any content, such as the actual voices on each end of the call.

From an intelligence perspective, this kind of information is invaluable for finding the needle in the haystack. By drawing phone and email nodal analysis diagrams of suspects (link analysis), intelligence analysts can very quickly find key leaders of terrorist groups. The person using the phone involved in most of the calls, and connecting to the most people, is very likely a key leader in the organization.

So, I get why the NSA wants the capability. However, the Fourth Amendment in the Bill of Rights says:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Section 215 of the Patriot Act — the bulk collection of metadata — gives the NSA the authority to seize information from U.S. citizens without a warrant and without probable cause. To quote Hamlet, "Ay, there’s the rub."

This debate fundamentally comes down to our country's decision on this one issue: do we care more about liberty or security? The Snowden revelations clearly demonstrate what the country is willing to do to preserve our security. I worry about what we give up as a nation as we pursue this path. How far do we go down that rabbit hole if we commit to it? In the entire world history of governments using spy agencies to collect information on enemies and “frenemies,” without fail, when the state turns its intelligence apparatus on its own citizens, things get ugly quickly. People die. 

I am not suggesting that the U.S. is anywhere close to that extreme position, but Section 215 is a first step across the threshold of this unprecedented rabbit hole. This is how it starts. 

I am not alone in my thinking either. On May 7, the Second Circuit Court of Appeals of the United States (a three-judge panel) held that the Patriot Act's Section 215 "… cannot be legitimately interpreted to allow the bulk collection of domestic calling records." [1] Although the Second Circuit Court stops short of calling Section 215 unconstitutional, it clearly believes that the current interpretation of that section — put forth by the NSA and approved by the FISA Court in secret — does not justify the bulk collection of U.S. citizens’ meta-phone-data. The Christen Science Monitor's Passcode Influences poll agrees too:

"72 percent of Passcode's Influencers – a group of more than 90 security and privacy experts from across government, the private sector, academia, and the privacy community – are calling for Congress to break the standoff and make reforms."[2]

Full Disclosure: I am one of the Passcode Influencers polled.

We tell ourselves: it’s just metadata — what's the harm? But over time, as we keep chipping away parts of the Fourth Amendment, pretty soon we might find ourselves in an Orwellian novel and wondering how we got here.

What's on the table is a chance to reform Section 215 into something we can all be more comfortable with. What that ends up being is anybody's guess. There are many options from both sides of the political aisle, and we have just now begun to discuss it. But, Senate Majority Leader Mitch McConnell introduced legislation on May 7 that would extend Section 215 through 2020, and he invoked a rule to let it go straight to the Senate floor without the usual committee vetting process. In other words, he proposes letting Section 2015 ride without any discussion. It is this kind of behavior that invokes a visceral reaction from lefty liberals like myself worried about liberty vs. security issues. It is one thing to extend the provision, but to extend it without any discussion? That’s Orwellian.

What can you do? First, engage. This is such a complicated issue, regardless of how you think we should resolve it, that there are not many people in the country who possess the wherewithal to understand all the nuances. The security community does. When you get the chance, have an open and honest conversation about the issue. Let’s start a full-throated debate and get the ideas on the table. Second, contact your congressman. The June 1 deadline to let the Patriot Act’s Section 215 expire is rapidly approaching. If you feel strongly one way or another about this issue, now is the time to let your voice be heard.

For myself, I think the smartest thing to do is to revoke the provision and start over. This way, we can jump-start that full-throated debate I was talking about regarding how far we want our intelligence agencies to go down the rabbit hole. The Section 215 deadline is a good impetus to start. US lawmakers should absolutely let Section 215 of the Patriot Act expire on June 1.


[1] "N.S.A. Collection of Bulk Call Data Is Ruled Illegal," by CHARLIE SAVAGE and JONATHAN WEISMAN, The New York Times,
7 MAY 2015, Last Updated 17 May 2015,

[2] "Influencers: Congress should end NSA bulk data collection," by SARA SORCHER, Passcode Influencer's Poll, Last Updated 17 May 2015,


Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.

This i…

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of…

Book Review: “We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency (2012)” by Parmy Olson

Executive Summary: 

This book is a must read for all cyber security professionals. It does not cover the entire Anonymous movement, but by focusing on the evolution of the Anonymous Franchise and the rise and fall of the LulzSec hacking group, Ms. Olson captures the essence of the hacktivist culture and what motivates its supporters. If you seek to understand the Hacktivist movement, this book is a primer.


The Anonymous Franchise really hit its stride between the years of 2010 and 2011. Hacktivism began earlier than that of course (1994 was the first documented case that I could find [12]), but it did not strike fear into the hearts of CEOs, CSOs and government officials until that two year run. It was the perfect storm of technology, disenfranchised youngish people, “Internet Pranks as an Art Form,” empowerment and the hacking culture that came together into a gigantic hairball of activity and energy that caused governments from around the world to double-clutch on some of th…