DOJ Misleads Court About Medical And Financial Records In Appeals Over NSA Surveillance

from the because-that's-what-the-DOJ-does dept

Earlier this week, the Ninth Circuit heard oral arguments in a challenge to the NSA's phone metadata program. While watching, I noticed some quite misleading legal claims by the government's counsel. I then reviewed last month's oral arguments in the D.C. Circuit, and I spotted a similar assertion.

In both cases, the government attorney waved away constitutional concerns about medical and financial records. Congress, he suggested, has already stepped in to protect those files.

With respect to ordinary law enforcement investigations, that's only slightly true. And with respect to national security investigations, that's really not right.

Medical Records

During Smith, the Ninth Circuit case, there was an extended line of questioning about various sorts of business records. Judge Hawkins kicked it off:

Suppose the National Security Agency wanted access to all utility records. Nationwide. Would that rationale apply?

Subsequent discussion touched on hotel and financial records. Then Judge McKeown asked:

What about medical records?

The Department of Justice attorney responded:

Well medical records, Judge McKeown I'm so glad you asked that because this is really an important point, medical records would be subject to HIPAA, among other protections.

A similar question in Klayman, the D.C. Circuit case, drew a similar response.

HIPAA, in your example Judge Brown, would govern the restrictions, would impose restrictions on the proper use of medical information.

Later in the Smith argument, counsel reemphasized the importance of HIPAA, including:

But I think the significance of HIPAA can't be discounted.

By way of background, the Health Insurance Portability and Accountability Act is the primary federal law that addresses health records. Under HIPAA, the Department of Health and Human Services is empowered to promulgate detailed privacy rules.

Here's the catch: the HIPAA privacy rules have special exceptions for law enforcement and national security investigations.

The law enforcement provision is very broad. It covers all the usual police procedures, including subpoenas. Those don't require a judge's advance permission, and they also require much less basis than probable cause.

The national security exception is, of course, even more pertinent to the Smith and Klayman cases. And it's even broader.

A covered entity may disclose protected health information to authorized federal officials for the conduct of lawful intelligence, counter-intelligence, and other national security activities authorized by the National Security Act (50 U.S.C. 401, et seq.) and implementing authority (e.g., Executive Order 12333).

In non-legalese: HIPAA just doesn't apply to the NSA.1 And yet, in two separate NSA appeals, the government has emphasized HIPAA.2

Financial Records

In the Smith argument, government counsel twice noted that Congress has enacted privacy protections for financial records.

Following Miller, Congress enacted the financial privacy protections by statute.

In response to Miller, that Congress enacted a bank records protection of privacy . . .

Similarly, in Klayman:

For example, following the Miller case, Congress passed a statute governing the secrecy of bank records.

As background, United States v. Miller held that routine financial records are not protected by the Fourth Amendment. Two years later, Congress passed the Right to Financial Privacy Act… which largely codified Miller. Law enforcement agencies can still access financial records with just a subpoena.3

What's more, RFPA includes a special set of national security procedures. Federal grand jury subpoenas and warrants aren't covered by RFPA, so long as the investigating agency self-certifies “there may result a danger to the national security of the United States.”

RFPA also includes a National Security Letter provision. In counter-intelligence and counter-terrorism investigations, the FBI (and, by proxy, the NSA) doesn't even need a grand jury subpoena. It can demand financial records with a mere self-certification.

So, once again: in a national security appeal, why emphasize privacy protections that don't extend to national security investigations?

Section 215 of the USA PATRIOT Act

The precise statutory provision at issue in Smith and Klayman is Section 215 of the USA PATRIOT Act. It allows FBI (and NSA) access to any business records when conducting a counter-intelligence or counter-terrorism investigation.4 A FISA judge's approval is required, though the standard for issuance is very low.

Section 215 covers medical records. A part of the statute, in fact, expressly addresses them.

Section 215 also covers financial records. In a 2010 opinion, the FISA Court held as much. And, in fact, the CIA operates a bulk financial surveillance program under Section 215.

In sum: not only are national security investigations generally outside HIPAA and RFPA, but the very same authority at issue in Smith and Klayman allows access to medical and financial records.

Concluding Thoughts

Reasonable minds can disagree on whether the government's representations in Smith and Klayman were literally false. At minimum, they were highly misleading.

United States privacy law is notoriously convoluted. But this much is certain: medical and financial records are, by statute and rule, readily available to the intelligence community. The executive branch shouldn't even hint otherwise.


Thanks to the colleagues who provided feedback on the legal analysis in this post. All views are solely my own.

1. In most instances of domestic surveillance, NSA requests are passed through the FBI. Since the National Security Act designates the FBI as a member of the intelligence community, its national security investigations are also unregulated by HIPAA.

2. In a charitable interpretation, the attorney misspoke while attempting to note that Congress can craft more nuanced privacy rules than the courts, and that Congress can provide privacy protections beyond the Fourth Amendment. Those points are undoubtedly true, though undoubtedly known to the judges.

3. A plain reading of RFPA suggests some privacy protection: targets receive advance notice of a subpoena and have an opportunity to contest the subpoena. In everyday practice, however, RFPA's delayed notice provisions have swallowed the rule. Law enforcement agencies routinely obtain court orders that both eliminate the advance notice requirement and temporarily gag financial institutions from disclosure.

4. Where U.S. persons aren't involved, any foreign intelligence purpose is sufficient.

Reposted from Web Policy

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, bank records, doj, hipaa, klayman, nsa, patriot act, privacy, rfpa, section 215, smith, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 12 Dec 2014 @ 11:36am

    Hmm...

    Judges get pissed off an throw contempts of court around like candy when public Joe tries to mislead or dick with the court, but o noe's The gubermint is lying... better not make a fuss!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Dec 2014 @ 11:43am

    so, did you tell those who needed to know so it can be checked and further fucks stuck into DoJ?

    the ridiculous thing is, people go to court to have disputes etc settled and they expect that lawyers to tell the truth, especially when they are lawyers from the United States of America Department of Justice. the last thing expected is for lies and mistruths to be used and/or spread. getting a win may well be extremely important, but it should not be as important as having the truth out for examination!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Dec 2014 @ 11:51am

      Need to know [was Re: ]

      so, did you tell those who needed to know...?

      Aren't those who need to know ——aren't they the people of the United States of America?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Dec 2014 @ 12:09pm

    These lawyers should be disbarred. You shouldn't be able to lie with such impunity as a lawyer.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Dec 2014 @ 12:14pm

      Re:

      These lawyers should be disbarred.
      These DoJ lawyers are civil officers of the United States, aren't they?

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Dec 2014 @ 12:46pm

      Re:

      Why shocked? The very nature of a lawyer is to convincingly lie on behalf of their client... its the entire system the Game of Courts is based on!

      This is why the one with the most money usually wins... the Game of Courts... sans the boobs... well not in all cases.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Dec 2014 @ 12:18pm

    Posner on 4th amendment

    The second part of this 7-hour video includes extremely chilling remarks by Judge Posner on the 4th Amendment

    http://apps.law.georgetown.edu/webcasts/eventDetail.cfm?eventID=2532

    Cybercrime 2020
    The Future of Online Crime and Investigations
    Co-sponsored by Georgetown Law and the
    Criminal Division of the U.S. Department of Justice
    December 4, 2014

    link to this | view in chronology ]

  • icon
    Spaceman Spiff (profile), 12 Dec 2014 @ 12:27pm

    Why are we surprised?

    Why are we surprised when our favorite 3-letter acronymic gasbags lie to us? I think the word dissemble should be part of their names, just so we will remember that they are not upholders of truth, justice, and the American Way...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Dec 2014 @ 6:52pm

    Very interesting read, thanks.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Dec 2014 @ 11:47am

    I certainly wouldnt want a government and its various resources, exibiting criminal behaviour from knowing that i might be allergic to peanut butter, which might be lethal in large doses

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.