PCLOB Report Concludes NSA's Bulk Collection of Customer Phone Records Is Unlawful
Time 2 Minute Read
Categories: Cybersecurity, International, U.S. Federal Law

On January 23, 2014, the Privacy and Civil Liberties Oversight Board (“PCLOB”) released a report (the “Report”) concluding that the National Security Agency (“NSA”) does not have a valid legal basis for its bulk telephone records collection program. The NSA’s bulk collection of consumer telephone records has been under increased scrutiny since Edward Snowden leaked information about the program in June 2013, and recently has faced legal challenges. According to the Report, the NSA’s program exceeded its statutory parameters.

The PCLOB is an independent agency within the executive branch, composed of a chairman and four part-time members. Its duties include reviewing the counterterrorism activities of the executive branch to ensure that the privacy and civil liberties of individuals is protected.

The NSA’s bulk collection of consumer phone records ostensibly is conducted pursuant to Section 215 of the USA PATRIOT Act. According to the Report, however, the NSA’s collection of consumer telephone records far exceeds the framework devised by Section 215. The Report states that Section 215 is designed to allow the FBI to acquire business records when those business records are relevant to an FBI investigation. According to the Report, however, the telephone records collected by the NSA “have no connection to any specific FBI investigation.” The Report further states that because the records are collected in bulk, “they cannot be regarded as ‘relevant’ to any FBI investigation as required by [Section 215] without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts.”

In addition, the PCLOB concluded that the NSA’s bulk collection of consumer telephone records violates the Electronic Communications Privacy Act (“ECPA”). ECPA prohibits telephone companies from disclosing customer records to the government, except in specified scenarios. The Report stated that none of the ECPA scenarios permitting disclosure apply to the NSA’s bulk collection of customer records.

Read the PCLOB’s Report.

Tags: Consumer Protection, Electronic Communications Privacy Act, National Security Agency
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page