The United States National Security Agency (NSA) has stated that by the end of November 2015, its access to the bulk phone data collected under its Patriot Act surveillance program will end; however, it will retain records of the data for the purpose of civil litigation.
The office of the Director of National Intelligence said on Monday that the telephone data it obtained from phone companies, such as Verizon, would be destroyed in compliance with the recently passed Freedom Act, which mandated a 180-day transition period ending November 29. Once this period expires, the intelligence agency's access to the data will cease.
However, the NSA added the proviso that it will allow technical personnel continued access for an extra three months "for data integrity purposes", and the agency will keep records "until civil litigation regarding the program is resolved, or the relevant courts relieve NSA of such obligations".
The NSA claimed that the records being kept "will not be used or accessed for any other purpose, and, as soon as possible, NSA will destroy the Section 215 bulk telephony metadata upon expiration of its litigation preservation obligations".
Section 215 of the Patriot Act had been historically used by the federal government to obtain access to customer metadata -- including telephone numbers, the dates and times of calls, but not the content -- without a warrant.
The Patriot Act was passed by Congress as emergency legislation for the purposes of tracking potential terrorists within weeks of the September 11, 2001, attacks on the US. The vague wording of s215, which allowed for the collection of "intangible things" in regards to "books, records, papers, documents, and other items" gave the government widespread powers to obtain communications information without oversight.
In early May, the Second Circuit Court of Appeals ruled that the program wielded under that section "exceeds the scope" of what its lawmakers intended when the legislation was first passed.
"The text of [section 215] cannot bear the weight the government asks us to assign to it, and that it does not authorize the telephone metadata program," judge Gerard E Lynch wrote in his ruling.
Under the Freedom Act, subsequently passed by Congress in early June, federal intelligence agencies are now required to obtain a warrant from a secret counter-terror court, based on the individual circumstances of each case, before it is allowed to collect call data from telecommunications companies. The NSA must now identify a specific person or group of people suspected of terror ties in order to gain access to that person's metadata.
However, the new legislation does not curb the powers of the NSA's PRISM program, which reportedly collects data from technology companies, including from email providers, social networks, and voice services. Under Section 702 of the Foreign Intelligence Surveillance Act, the NSA has the power to compel tech companies to supply residents' international calls and emails without a warrant.
In March this year, Microsoft, Apple, and Google, among other tech companies, trade associations, and civil rights groups, joined the Reform Government Surveillance alliance in an effort to stop the bulk collection of metadata and push through further amendments to surveillance laws.
"We have a responsibility to protect the privacy and security of our users' data. At the same time, we want to do our part to help governments keep people safe. We have little doubt that Congress can protect both national security and privacy while taking a significant, concrete step toward restoring trust in the internet," Google's chief legal officer David Drummond said at the time.
The US government's unchecked widespread surveillance program was revealed by whistle-blower Edward Snowden in 2013, when he began leaking documents obtained while working as a contractor for the NSA.
Similar to the situation in the US, the United Kingdom High Court this month struck down its own rushed metadata-retention legislation, ruling various elements of it to be unlawful, as it is incompatible with the rights to privacy and the protection of personal data under the EU Charter of Fundamental Rights.
The Data Retention and Investigatory Powers Act 2014 was passed as emergency stop-gap legislation in order to fill the void after the European Court of Justice in April 2014 ruled against a European Union directive mandating that telecommunications operators retain all customer communications data for up to two years.
The UK legislation mandated that all ISPs and telcos retain customer communications data -- including the time and duration of a communication, phone numbers and email addresses involved in the communication, and location data -- for a period of one year, and granted access to police and intelligence agencies without the need for a warrant.
In Australia, however, warrantless access to the communications data of citizens was recently passed by parliament. The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 will see all customers' call records, location information, IP addresses, billing information, and other data stored for two years, accessible without a warrant by law-enforcement agencies.
"These laws help create a culture of fear, a culture where we are all under suspicion and subject to heightened mass surveillance," New South Wales Labor MP Jo Haylen said.
"The challenge for lawmakers is to strike the right balance ... between privacy and security, between transparency and strength, and between the power of government and the rights of citizens. The government's data-retention laws do not strike the right balance, and neither does Labor's support of these laws."