In early June, a bomb exploded at the National Security Agency. The incendiary charge was not the kind of primitive device that ripped flesh and bone at the Boston Marathon. It was a sort of “smart bomb,” which destroyed the agency’s secrecy, credibility, and a couple highly classified security programs, while leaving the brick, glass, and people intact. The agency felt the impact of the explosion as surely as if it had been TNT.
The Guardian’s Glenn Greenwald published the first of a series of exposes on the NSA’s operations within the United States. The first paragraph was an improvised explosive device calculated to shake the foundations of America’s most secret security organization.
The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret court order issued in April.
The cascade of shrapnel and debris that flew in all directions spared no one within range. President Obama tried to contain and deflect the blast, but it was too late. One cannot unexplode a bomb. The tone was set for the revelations that trickled out over the next few weeks.
Later, we learned that the secret documents published by the Guardian came from Edward Snowden, a former employee of Booz Allen Hamilton, which is a major contractor for NSA. Depending on whom you ask, Snowden is either a hero or a traitor. His actions are either the highest form of courageous truth-telling, or a dangerous gift to terrorists, which will cost lives.
What is lost in the din of competing accusations is careful, dispassionate analysis. Even authors I typically trust have become tin-foil-hat conspiracy theorists. This piece will attempt to analyze the actions of the NSA to determine if the Constitution was violated. I will look carefully at Fourth Amendment jurisprudence and apply the law to the facts as we know them. As much as possible, I will use the Guardian stories as my base set of facts. After all, they contain the juiciest bits. They are supposed to justify Snowden’s betrayal of his duty of confidentiality, and raise the ire of Americans against their government. It is a good place to start. Other aspects of the story, like the political fallout and the legal issues surrounding the disclosure and publication of classified information, though important and interesting, are outside the scope of this analysis.
The Guardian story of 5 June focused on the wholesale gathering of telephone information from Verizon. It referred on an order signed by a Foreign Intelligence Surveillance Court judge (the Order), in which Verizon was ordered to:
. . . produce to the National Security Agency (NSA) upon service of this Order, and continue production on an ongoing daily basis thereafter for the duration of this Order, unless otherwise ordered by the Court, an electronic copy of the following tangible things: all call detail records or “telephony metadata” created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls. 
The Order provided some detail about what sort of information is included in “telephony metadata”:
Telephony metadata includes comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile Subscriber Identity (IMSI) number, International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier, telephone calling card numbers, and time and duration of call. Telephony metadata
does not include the substantive content of any communication, as defined by 18 U.S.C. § 2510(8), or the name, address, or financial information of a subscriber or customer.
The story suggests that more is being gathered than just phone billing information, saying “[a] 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.”
Glenn Greenwald wasted no time getting another shocking story to the public. The next day, the Guardian published details of an NSA program called “PRISM,” through which the NSA “has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants.”  The PRISM program allegedly gave NSA access to “search history, the content of emails, file transfers and live chats.”  The powerpoint presentation about PRISM obtained by the Guardian said the program was operated with the consent of internet companies, but those companies denied knowledge of the program when asked. 
The story on PRISM notes that it is lawful to obtain such data from persons “who live outside the US, or those Americans whose communications include people outside the US.”  The bar for determining who is a non-United States person, though, was lowered to include those “reasonably believed” to be outside the U.S. 
There was a break between the June 6 story and the next wrecking ball leveled at NSA by Greenwald and team. On 9 June, the Guardian published a story about a “data mining tool” used by NSA “that details and even maps by country the voluminous amount of information it collects from computer and telephone networks.” 
The tool, called “Boundless Informant,” appears to be directed at tracking and organizing the data obtained by NSA through other means, rather than obtaining new data. The story implies that the Director of National Intelligence, James Clapper, lied to Congress. 
On 20 June, the Guardian published another story, along with two new classified documents, which spell out the rules NSA must follow when collecting foreign intelligence information. These documents allow NSA to “[r]etain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity.” 
The story minimizes the limiting principles in the documents, and emphasizes the retention of some data:
A separate section of the same document notes that as soon as any intercepted communications are determined to have been between someone under US criminal indictment and their attorney, surveillance must stop. However, the material collected can be retained, if it is useful, though in a segregated database… 
These are the allegations. With these basic facts, we can apply the principles of the Fourth Amendment to the U.S. Constitution, and see if any of the alleged actions are constitutionally deficient.
The Phone Metadata
The Fourth Amendment says:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. 
The first thing to notice about the text is that it does not prohibit all searches and seizures, only “unreasonable” ones. Additionally, it does not prohibit search and seizures of all things, and in all places, but of “persons, houses, papers, and effects.” The Amendment does not say when a warrant is required, but only describes the circumstances under which a warrant shall issue: “upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Finally, the Amendment’s text does not apply to everyone everywhere, but is specifically directed at “the people.”
Each of these textual points will be important in analyzing the NSA allegations under the Fourth Amendment. The courts have provided some guidance for the application of the Amendment to law enforcement and national security.
The current standard for where the Fourth Amendment applies was set by the U.S. Supreme Court case Katz v. United States.  The rule from Katz was best articulated by Justice Harlan in his concurring opinion.
… a person has a constitutionally protected reasonable expectation of privacy; (b) that electronic as well as physical intrusion into a place that is in this sense private may constitute a violation of the Fourth Amendment; and (c) that the invasion of a constitutionally protected area by federal authorities is, as the Court has long held, presumptively unreasonable in the absence of a search warrant. 
The “reasonable expectation of privacy” test determines where the Fourth Amendment applies. The Court sought to distinguish public spaces and activities, where no one should expect their affairs to be private, and truly private spaces into which the government may only intrude with a properly issued warrant.
The Katz test was applied to telephone call data in Smith v. Maryland.  In Smith, the police asked the telephone company, without a warrant, to place a pen register on the defendant’s line to record all numbers dialed from his phone.  The Court rejected Smith’s claims of a reasonable expectation of privacy. To explain why this expectation of privacy could not be reasonable, the Court walked through the public nature of such information.
All telephone users realize that they must “convey” phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills. In fact, pen registers and similar devices are routinely used by telephone companies for the purposes of checking billing operations, detecting fraud, and preventing violations of law. 
The Fourth Amendment does not apply to such telephone dialing and switching data, and no warrant is required to obtain it. The Order leaked by Snowden limited the metadata it required Verizon to produce to the same sort of data permitted in Smith. 
Even though the collecting of metadata without a warrant does not violate the Fourth Amendment, it may violate federal law. After the Court decision in Smith, Congress reacted by passing a law severely restricting the use of pen registers without a court order.  The statute provides specific directions for obtaining an order to use such devices for collecting phone metadata:
Except as provided in this section, no person may install or use a pen register or a trap and trace device without first obtaining a court order under section 3123 of this title or under the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.). 
NSA’s collection of phone metadata is covered by 50 U.S.C. § 1861, titled “Access to certain business records for foreign intelligence and international terrorism investigations.”  That section of the U.S. Code provides that “[a]n investigation conducted under this section shall… be conducted under guidelines approved by the Attorney General under Executive Order 12333 (or a successor order); and … not be conducted of a United States person solely upon the basis of activities protected by the first amendment to the Constitution of the United States.” 
The statute also requires minimization procedures to limit the dissemination of nonpublic information concerning U.S. persons,  and protection of the identity of U.S. persons in communications that are not foreign intelligence. 
The classified Order publicized by the Guardian was precisely the type of order the statute requires to obtain the metadata requested from Verizon. The Order states that the application received by the court “satisfies the requirements of 50 U.S.C. § 1861,”  ensuring the safeguards provided by federal law, above and beyond the requirements of the Fourth Amendment, were observed.
By leaking the Order, Mr, Snowden provided proof that the federal government followed the law in obtaining telephone metadata.
Cell Phone Location Data
Greenwald’s first NSA story in the Guardian rang a warning alarm about the possibility of the NSA collecting cell phone location data, which goes a step beyond the simple metadata permitted by the Smith decision.
The document also specifies that such “metadata” is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order. 
The internet has been abuzz about the collection of cell phone location data without a warrant.  To determine if a warrant is required, first we must see if the Fourth Amendment applies. As with all other Fourth Amendment issues, the first question to ask is whether there is a reasonable expectation of privacy in the allegedly protected material.
The key to understanding the application of the Fourth Amendment to cell phone location data lies in the “third party doctrine.” The Supreme Court has held that when a person shares otherwise private information with a third party, that person assumes the risk “that the information will be conveyed by that person to the Government.” 
The third party doctrine was established in a series of “secret agent” cases decided from the 1950s through the 1970s.  In United States v. White, the Court was concerned, not with a defendant’s actual expectation of privacy, but with constitutionally justifiable expectations of privacy. 
Inescapably, one contemplating illegal activities must realize and risk that his companions may be reporting to the police. If he sufficiently doubts their trustworthiness, the association will very probably end or never materialize. But if he has no doubts, or allays them, or risks what doubt he has, the risk is his. 
Based on the Court’s rationale, a person cannot have a reasonably expectation of privacy in information he exposes to a third party– which he has made public by his own actions. Among legal scholars, the third party doctrine is highly controversial. Professor Orin S. Kerr, in his defense of the doctrine, tried to clarify its place in Fourth Amendment jurisprudence. 
Although the third-party doctrine has been framed in terms of the “reasonable expectation of privacy” test, it is better understood as a consent doctrine. Disclosure to third parties eliminates protection because it implies consent. When understood as a subset of consent law rather than an application of the reasonable expectation of privacy test, the third-party doctrine fits naturally within the rest of Fourth Amendment law. 
The application of the third party doctrine to cell phone location data is described in detail by Gary Brown, a U.S. magistrate judge for the Eastern District of New York.  In his 31 page memorandum, Judge Brown walked step-by-step through the Supreme Court cases defining reasonable expectation of privacy.  After his analysis of the cases, Judge Brown concluded:
Cell phone customers similarly convey geolocation data to their telephone carriers, and cannot possibly labor under the belief that their location is somehow kept secret from telecommunication carriers and other third parties. Under existing law, then, a user does not have a reasonable expectation of privacy as to geolocation data. 
The Sixth Circuit looked at the issue of Fourth Amendment protection of cell phone location data in United States v. Skinner.  The analysis turns on what a cell phone user, through the signal emanating from his phone, exposes to third parties.
In any event, we determine whether a defendant’s reasonable expectation of privacy has been violated by looking at what the defendant is disclosing to the public, and not what information is known to the police. 
As with metadata, cell phone location data may receive greater protection under federal law than it receives under the Fourth Amendment. Judge Brown’s memorandum takes a close look at the application of the Electronic Communications Privacy Act (ECPA) to cell phone location data. 
The ECPA establishes a warrant requirement for disclosures of electronic communications to the government:
A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued . . . by a court of competent jurisdiction. 
This statutory warrant requirement does not apply to smart phone tracking information. The phrase “electronic communication” expressly does not include “any communication from a tracking device (as defined in section 3117 of this title).”  Section 3117 defines a “tracking device” as “an electronic or mechanical device which permits the tracking of the movement of a person or object.” 
Cell phone location data is exempted from the statutory warrant requirement precisely because it permits tracking of the location of a cell phone user.
If the allegation of the NSA obtaining cell phone location data is true, it is neither a violation of the Fourth Amendment, nor a violation of federal law.
PRISM and Internet Data
The Guardian story about PRISM, the NSA program used to access the servers of various participating internet providers, is carefully worded to play on the fears of Americans about the vulnerability of their private internet communications. The story refers to the collection of “search history, the content of emails, file transfers and live chats.”  The collection of this data from Americans without a warrant is indefensible under the Katz rule and the third party doctrine. PRISM does not look at mere metadata, it looks at the content of private communication.
The data collected by PRISM, though, is limited. The Guardian published the statement of a “senior administration official,” who said the Foreign Intelligence Surveillance Act (FISA) “does not allow the targeting of any US citizen or of any person located within the United States.” 
The pertinent concept in the Fourth Amendment that addresses the data collected by PRISM lies in the Amendment’s application to “the people.” It relates to whom the Amendment applies: the people of the United States.
In United States v. Verdugo-Urquidez,  the Supreme Court interpreted “the people” to sharpen the focus of the Fourth Amendment. The Court noted that the Fourth Amendment is not the only place in the Constitution where the framers referred to “the people.” The language in the Fourth Amendment should be consistent with its use in the First, Second, Ninth, and Tenth Amendments:
While this textual exegesis is by no means conclusive, it suggests that “the people” protected by the Fourth Amendment, and by the First and Second Amendments, and to whom rights and powers are reserved in the Ninth and Tenth Amendments, refers to a class of persons who are part of a national community or who have otherwise developed sufficient connection with this country to be considered part of that community. 
The Verdugo-Urquidez rule does not limit the application of the Fourth Amendment only to U.S. citizens– a foreign resident in the United States with a “sufficient connection with this country to be considered” among “the people” of the United States would also receive Fourth Amendment protection. It would not extend to foreign persons living outside the U.S.
The language of the Guardian story hints at uses of PRISM beyond the collection of data from people not covered by the Fourth Amendment, but Greenwald is careful to avoid saying such collection is actually happening. “It also opens the possibility of communications made entirely within the US being collected without warrants,”  he wrote, but “[t]he law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.”  This hedge language foreshadows the Guardian story released on June 20. 
The June 20 piece included two top secret documents (Exhibit A and Exhibit B) governing the collection and use of data by NSA.  Greenwald focuses on the retention of material inadvertently obtained from U.S. persons.  A fair reading of the documents, however, reveals them to be carefully crafted restrictions on the government’s power to collect and use data.
Exhibit A sets out the steps NSA must follow to ensure the person being surveilled is not a United States person.  The document, as Greenwald says, allows NSA to search its databases for information about Americans, but the purpose of this search is to restrict, not to expand, the scope of NSA surveillance.  The inadvertent collection of data from Americans is what the document expressly tries to avoid:
Furthermore, in order to prevent the inadvertent targeting of a United States person, NSA maintains records of telephone numbers and electronic accounts/addresses/identifiers that NSA has reason to believe are being used by United States persons. 
The document goes beyond merely preventing the targeting of Americans at the front end. It also requires a post-targeting analysis to curtail any gathering of data protected by the Fourth Amendment:
Such analysis is designed to detect those occasions when a person who when targeted was reasonably believed to be located outside the United States has since entered the United States, and will enable NSA to take steps to prevent the intentional acquisition of any communication as to which the sender and all intended recipients are known at the time of acquisition to be located in the United States, or the intentional targeting of a person who is inside the United States. 
If an analyst discovers that a target is a U.S. person, Exhibit A sets out the steps that must be followed:
1) Terminate the acquisition without delay and determine whether to seek a Court order under another section of the Act. . .
2) Report the incident to through the Deputy Assistant Attorney General in the National Security Division with responsibility for intelligence operations and oversight, to the ODNI Office of General Counsel, and to the ODNI Civil Liberties Protection Officer within five business days 
Exhibit B similarly restricts the dissemination of communications obtained from Americans that is noncriminal and not foreign intelligence information.  The document directs NSA analysts to:
. . . determine whether it is a domestic or foreign communication to, from, or about a target and is reasonably believed to contain foreign intelligence information or evidence of a crime. Only such communications may be processed. All other communications may be retained or disseminated only in accordance with Sections 5, 6, and 8 of these procedures. 
The sections mentioned in the above paragraph order the destruction of inappropriately gathered communications, unless the NSA director determines the information is legally permissible to retain, in accordance with federal law.  Other sections restrict the retention of foreign communication concerning Americans.  Though such communications would not be protected by the Fourth Amendment, since they are communications by someone other than “the people” as expressed in the text of the Amendment, the document provides additional, extra-constitutional protections against NSA’s use of such communications. 
This is all entirely consistent with the Fourth Amendment and the Supreme Court decision in Verdugo-Urquidez. Again, the leaked documents provide proof that NSA is scrupulously following the law, and holding itself accountable.
Since the publication of NSA’s classified documents, hysteria has been rampant. Americans are concerned that the government is tapping their phones and reading their email. They should be. Privacy is important in modern life. Everyone should be concerned when privacy issues are raised. Security is also important. There should be no tension between liberalism and national security. The virtues of a liberal society depend on security. An insecure society is not free. As legitimate as the concerns may be, it is still important to address the issue carefully and rationally.
The leaks by Snowden have forced us to look at the balance between security and privacy. The discussion has not been framed properly in the popular media. The balance, if it can be called that, has already been struck by the principles enshrined in the Fourth Amendment. The Constitution establishes the parameters of our right to privacy, and the decisions of the courts interpreting the Constitution have clarified and focused the right. The actions taken by the government aimed at securing the country against violent attack may abut the lines drawn around our rights, but they may not cross the lines.
The Snowden leaks establish that the NSA knows and understands the limits of security and the borders of privacy rights. The stolen classified documents detail the measures taken to avoid violating the Fourth Amendment and federal law. If the law should change, and the zone of privacy expanded by new federal laws or court decisions, the American public can expect NSA and other federal agencies to respect the changes and curtail their activities accordingly. Arguments for changing existing law are always welcome. Such arguments are a normal part of the national discourse. When analyzing the legality of NSA’s surveillance, as supported by the Snowden leaks, a fair accounting of existing law must be made.
Based on a reasonable, good faith reading of the law, the actions of the NSA are legal. I suspect the outrage over the allegations by Greenwald, based on Snowden’s leaks, reflects the dramatic language of the writing rather than the actual substance of the leaked documents. In fact, I suspect few of the outraged public have actually read the documents. Framing is everything. The exact same information, framed differently, would have produced less hysteria and more rational discussion. The headline “NSA secretly collects data without violating the Fourth Amendment” would have been just as true as Greenwald’s gut-punching headlines. But a story about the government obeying the law doesn’t sell newspapers.
There was one gem of truth in the Guardian stories that didn’t come from classified documents. Judith Emmel, a spokesperson for NSA, expressed dismay at the tone and quality of the discussion sparked by the publication of Snowden’s stolen documents.
“The continued publication of these allegations about highly classified issues, and other information taken out of context, makes it impossible to conduct a reasonable discussion on the merits of these programs.” 
As a person who seeks out reasonable discussion, and has tried to do so on this topic, I wholeheartedly agree.
 “NSA collecting phone records of millions of Verizon customers daily,” Glenn Greenwald, June 5, 2013, The Guardian, http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
 United States Foreign Intelligence Surveillance Court Order BR-13-80 (Order), 1-2.
Id at 2.
Greenwald, supra n. 1.
 “NSA Prism program taps in to user data of Apple, Google and others,” Glenn Greenwald, Ewen MacAskill, The Guardian, June 6 ,2013,
 “Boundless Informant: the NSA’s secret tool to track global surveillance data,” Glenn
Greenwald, Ewen MacAskill, The Guardian, June 9, 2013,
 “The top secret rules that allow NSA to use US data without a warrant,” Glenn Greenwald, James Ball, The Guardian, June 20, 2013,
 U.S. Constitution, Amend. IV.
 Katz v. United States, 389 U.S. 347 (1967),
 Id. at 361.
 Smith v. Maryland 442 U.S. 735 (1979),
 Id. at 737.
 Id. at 742 (internal quotation and citation omitted).
 The Order at 2 (“Telephony metadata includes comprehensive communications routing
information, including but not limited to session identifying information (e.g., originating
andterminating telephone number, International Mobile Subscriber Identity (IMSI) number,
International Mobile station Equipment Identity (IMEI) number, etc.), trunk identifier,
telephone calling card numbers, and time and duration of call.”).
 18 U.S.C. § 3121-3127.
 18 U.S.C. § 3121(a).
 50 U.S.C. § 1861.
 50 U.S.C. § 1861(a)(2)(A)(B).
 50 U.S.C. § 1861(g)(2)(A).
 50 U.S.C. § 1861(g)(2)(B).
 The Order at 1.
 Greenwald, supra, n. 1
 “Cell phone users ‘have no legitimate expectation of privacy’ – judge,” RT, May 17, 2013,
 United States v. Miller, 425 U.S. 435 , 443 (1976),
 On Lee v. United States, 343 U.S. 747 (1952); Lopez v. United States, 373 U.S. 427 (1963); Hoffa v. United States, 385 U.S. 293 (1966); United States v. White, 401 U.S. 745 (1971).
 White, 401 U.S. at 751-52.
 Id. at 752.
 “The Case for the ThirdParty Doctrine,” Orin S. Kerr, 107 Mich. L. Rev. 561 (2009).
 Id. at 565.
 In Re Smartphone Geolocation Data, Gary R. Brown, U.S. Magistrate Judge, No. 13MJ242 (E.D.N.Y. 2013)
 Id. at 1824
 Id. at 24.
 690 F.3d 772 (6th Cir. 2012),
 Id. at 779.
 Brown at 27.
 18 U.S.C. § 2703(a). See Brown at 27.
 18 U.S.C. § 2510(12)(C). See Brown at 27.
 18 U.S.C. § 3117(b). See Brown at 28.
 Greenwald, supra n. 6.
 Id. at 265.
Greenwald, supra n. 6.
 Greenwald, supra n. 13.
 Exhibit A, Procedures Used by the National Security Agency for Targeting Non-United States Persons,
 Id. at 2.
 Id. at 3.
 Id. at 6.
 Id at 89.
 Exhibit B, Minimization Procedures Used by the National Security Agency,
 Id. at 3.
 Id. at 5.
 Id. at 6.
 Greenwald, supra at n. 11.