In the wake of 9/11, the face of American democracy was fundamentally altered, in ways that we’ve been debating and re-thinking for two decades. We sent troops to the Middle East, brought them home, sent them back to fix the power vacuum that allowed the rise of ISIS, and now we’re withdrawing them again. We nationalized airport security by forming the TSA, made air travel suck and now we’re talking about privatizing airport security again. 

The Patriot Act (its full title is the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act”, giving it the acronym USA PATRIOT), was passed following 9/11 with overwhelming bipartisan support. At the time it made a lot of sense, because it allowed us to fight terrorism with the same methods that we were already using to fight organized crime. The Patriot Act expires in December 2019, and before that happens, we need to educate ourselves on what exactly is at stake. To do that, we have to go back to 1978, where the story of the Patriot Act really begins. 

In 1978, Congress passed the Foreign Intelligence Surveillance Act (FISA), which was designed to help the government collect intelligence on foreign actors who posed a threat to national security. FISA created something called the Foreign Intelligence Surveillance Court (properly abbreviated to FISC, but usually called the FISA Court). The Department of Homeland Security explains FISA and the FISA Court thusly:

Subchapter I of FISA established procedures for the conduct of foreign intelligence surveillance and created the Foreign Intelligence Surveillance Court (FISC). The Department of Justice must apply to the FISC to obtain a warrant authorizing electronic surveillance of foreign agents. For targets that are U.S. persons (U.S. citizens, permanent resident aliens, and U.S. corporations), FISA requires heightened requirements in some instances.

Unlike domestic criminal surveillance warrants issued under Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the “Wiretap Act“) , agents need to demonstrate probable cause to believe that the “target of the surveillance is a foreign power or agent of a foreign power,” that “a significant purpose” of the surveillance is to obtain “foreign intelligence information,” and that appropriate “minimization procedures” are in place. 50 U.S.C. § 1804.

Agents do not need to demonstrate that commission of a crime is imminent.

For purposes of FISA, agents of foreign powers include agents of foreign political organizations and groups engaged in international terrorism, as well as agents of foreign nations. 50 U.S.C. § 1801

This is important because Section 215 of the Patriot Act gave the FISA Court the responsibility to approve or deny warrants for wiretaps, business records, and collecting telephone and internet metadata (metadata means data about data — who you called and when you called them, but not the actual conversation). The FISA Court is what’s called an ex parte court, which means only one party (in this case, the government) is present, and location of the tightly sealed courtroom is a secret. No one knows which judges sit on the FISA court, because their names are protected, and they are appointed, without a confirmation process, by the Chief Justice of the Supreme Court. The FISA Court also isn’t that picky about which warrants they approve. 

For example, a 2016 report to Congress by the DOJ found that in 2015, the FISA Court approved 1,456 out of the 1,457 requests to obtain electronic evidence the government made. One request was withdrawn by the government, meaning that the FISA court denied exactly zero warrants. The FISA Court did, however, modify five requests to obtain physical business records, out of the 142 requests the government made that year, but the Court’s 2015 denial percentage was still a whopping zero percent.

The FISA Court’s secrecy, along with their extreme willingness to approve surveillance, raised some concerns. When Edward Snowden revealed the extent of the NSA’s collection practices, privacy advocates were understandably worried. 

In 2015, Congress passed the USA Freedom Act, which assuaged some privacy concerns by limiting the scope of bulk surveillance. The Washington Post reported:

“The bill bans the bulk collection of data of Americans’ telephone records and Internet metadata. It limits the government’s data collection to the “greatest extent reasonably practical”—which means the government can’t collect all data pertaining to a particular service provider or broad geographic region, such as a city or area code.”

“Instead of bulk data collection, the bill authorizes the government to collect from phone companies up to “two hops” of call records related to a suspect, if the government can prove it has “reasonable” suspicion that the suspect is linked to a terrorist organization.”

“It extends the expiration of three Patriot Act provisions—Section 215, roving wiretaps and the lone wolf surveillance authority—to December 2019.” 

So, in a mere three months, we may no longer have an NSA capable of collecting bulk data. This may seem frightening, especially since there is some evidence that terror attacks have been foiled because of bulk collection. Wired reported on a Congressional hearing in 2013:

NSA Director Alexander and FBI Deputy Director Sean Joyce said that at least 50 cases they investigated used data obtained under the two surveillance programs that Snowden exposed. Section 702 of FISA can cover real-time emails and chats, IP addresses and other data. Asked by Rep. Jim Himes (D-Connecticut), how many of these 50 episodes “would have occurred but for your ability to use 702” (or “How essential are these authorizations to stopping these attacks?”), Alexander said that he believed that in at least half of these cases, the data obtained under Section 702 of FISA was “critical.” He said that of the cases involving the use of phone records obtained under Section 215 of the Patriot Act, a little more than 10 of these cases involved some kind of “domestic nexus” – meaning they involved a U.S. citizen overseas or in the U.S. The vast majority of these cases “had a contribution from the business records requests.”

However, recent evidence has suggested that the NSA has quietly ended its bulk collection of phone data. The Trump administration hasn’t used the program for the past six months and may choose not to pursue renewal in December. In addition, the NSA recently deleted (or claimed to delete) millions of call and text records, dating back to 2015, that they had collected due to a coding error. Even the NSA can be sensitive to privacy, at least when public outcry requires it to be.

It’s time that we have a public conversation about the Patriot Act and about the balance between privacy and security. In a world with very real terror threats and very real concerns about civil liberties, December 2019 will be an important month. We may, for the first time since 9/11, be left without a key counter-terrorism ability. We may also be freer then we’ve been in two decades.