When a law has a name like “Patriot” or “Freedom,” it’s a sign that you should read the fine print. Somewhere down there, in the terraced subclauses of some forgettable subsection, is a word with a special meaning, a word that offers shelter and concealment to whatever it is that the law actually does. Consider the word “relevant.” You and I use the word to distinguish what matters (the relevant) from what does not (the irrelevant). But to the National Security Agency, there was no irrelevant. Pointing to one appearance of the word in a 2006 update of the USA Patriot Act, the agency argued it could demand records of any one of our phone calls, on the very slight chance of some distant connection to terrorism. A secret court agreed, ordering phone companies to serve up our records on an “ongoing daily basis’’ — 24 hours a day, hundreds of billions of calls in all. No one knew about it until Edward Snowden revealed the existence of the program in 2013. Earlier this month, President Obama signed the USA Freedom Act, which is supposed to close this loophole. Will it? That depends on a fresh pile of fine print.
Congress created the ‘relevant’ loophole soon after it learned of an even larger loophole: the free-for-all surveillance program put in place after the Sept. 11 attacks. At first, N.S.A. dragnet surveillance was so secret that it didn’t really have a name. It was simply known as ‘‘the Program’’ or ‘‘the President’s Surveillance Program’’ and later as ‘‘the Terrorist Surveillance Program’’ or by the cover term ‘‘Stellarwind.’’ As reported by the journalist Shane Harris in his book ‘‘The Watchers,’’ the N.S.A.’s data scientists came to call it ‘‘the Big-Ass Graph’’ for its tendency to generate ‘‘hairballs,’’ knotted webs of associations that rarely added up to anything. The graph began with phone ‘‘metadata’’ from Verizon and other U.S. carriers — whom their customers called, where they called from and for how long they talked. It also included Internet metadata, compelled from Silicon Valley firms, as well as data from hotels, car-rental companies, airlines and banks. In thousands of cases, it went beyond metadata to obtain the wiretapped content of phone calls or emails.