EFF and Human Rights Watch force DEA to destroy its mass surveillance database...
In a victory for millions of people in the U.S. who have placed telephone calls to locations overseas, EFF and Human Rights Watch have confirmed that the Drug Enforcement Administration's practice of collecting those records in bulk has stopped and that the only bulk database of those records has been destroyed. From the 1990s to 2013, the DEA secretly and illegally collected billions of records of Americans' international calls to hundreds of countries around the world. In April 2015, we filed a lawsuit on behalf of our client, Human Rights Watch, challenging the constitutionality of the program and seeking to have the records purged from the government's possession. Today, HRW has agreed to voluntarily dismiss that suit after receiving assurances from the government, provided under penalty of perjury, that the bulk collection has ceased and that the only database containing the billions of Americans' call records collected by the DEA has been purged from the government's possession. Those assurances were provided after a federal judge ordered the government to respond to HRW's questions about the bulk collection program—the first instance we know of in which a plaintiff challenging a mass surveillance program was allowed to take discovery. From the outset, the government tried to prevent the judge from deciding the legality of the government's actions, insisting that the DEA's database had already been deleted and the collection had stopped. In the government's view, there was nothing for the judge to review and the case had to be dismissed. But we've seen too much surveillance double-speak from the government to take those statements at face value. We wanted them to answer our questions about the program, on our terms. Our discovery essentially sought information about where the illegally collected records had been stored in the past, where they currently were stored, and what steps the government had taken to "purge" and "quarantine" the records, as they claimed to have done. From the government's discovery responses (available here and here), we were able to determine: (1) The database DEA used to store call records collected through this bulk program was the only database within the federal government used for storage of those records. (2) The DEA's database was only searched when the government had "reasonable articulable suspicion" that a particular number was related to an ongoing criminal investigation. No wholesale copies of the bulk data were made. (3) When the program was operational, collected call records older than two years were automatically aged off the system and deleted on a continuing basis. (4) The DEA's bulk database was taken "off-line" in August 2013 and was not used for investigatory purposes after that date. (5) By January 2015, the DEA had deleted the bulk database. This included destruction of any temporary files used to standardize the records after obtaining them from phone providers. Despite all this additional information, we should be clear about two things: First, the government still retains some illegally collected records, and they've admitted as much. The records the government retains, though, are only those that were returned in response to a query of the database—a more limited sample than the bulk collection of records of billions of Americans' calls to hundreds of countries overseas. While ongoing retention is undesirable, according to the government, the DEA's records are stored in "nonsearchable PDFs" and not a part of some currently-operational call record database. It also appears that, when the program was operational, agencies were instructed to destroy reports generated from querying the database after the reports were no longer needed, presumably in order to conceal the existence of the program. While that's good for the privacy of those unwittingly swept up in the program, it's bad news for criminal defendants. If the criminal investigation came from a "tip" generated through searching the bulk database, there's a good chance evidence of that tip has already been destroyed. Second, the government still collects phone records in bulk. The NSA likely continues to collect international call record information in bulk under Section 702 of the FAA and under EO 12,333. In fact, it has been reported that the DEA has similar overseas bulk collection programs as well. Nevertheless, the end of the NSA's domestic bulk collection and now the confirmed end of the DEA's program represents a significant step forward in curtailing some of these abuses. The government is on notice: if they have a bulk collection program, and we find out about it, we're going to challenge it in the courts. Challenging programs aimed at Americans in federal courts has proven easier—for legal reasons and because of the information that is publicly available—than challenging bulk collection programs aimed at those outside the U.S. But we'll never convince judges or elected officials to respect the privacy rights of those outside the United States if we can't convince them that Americans' privacy is worth protecting, too. Challenging these programs is an important first step in that process, and we're looking forward to building on these successes to ensure that the federal government respects the privacy rights of people around the world. [+]