“If it ain’t broke, don’t fix it,” the adage goes. But for the sunset of Patriot Act authorities later this year—including Section 215, a controversial provision that allows the National Security Agency to collect records, including those about Americans’ phone calls—the more applicable phrase may be “If it keeps breaking, throw it out.”

WIRED OPINION ABOUT Jake Laperruque is senior counsel for the Constitution Project at the Project on Government Oversight.

In 2015, Congress passed the USA Freedom Act to reform Section 215 and prohibit the nationwide bulk collection of communications metadata, like who we make calls to and receive them from, when, and the call duration. The provision was replaced with a significantly slimmed-down call detail record program, known as CDR. Rather than gathering information in bulk, CDR collects communications metadata of specific surveillance targets and individuals with one or two degrees of separation (called “two hops”) from targets. But this newer system appears to be no more effective than its predecessor and is highly damaging to constitutional rights. Given this combination, it’s time for Congress to pull the plug and end the authority for the CDR program.

It’s unsurprising that just last week a bipartisan group in Congress introduced a bill to do so. Last month, The New York Times reported that a highly placed congressional staffer had stated that the CDR program has been out of operation for months, and several days later, NSA director Paul Nakasone issued comments responding to questions about the Times story by saying the NSA was deliberating the future of the program. If accurate, this news is major but not shocking; this large-scale collection program has been fraught with problems. Last year, the NSA announced that technical problems had caused it to collect information it wasn’t legally authorized to, and that in response, the agency had voluntarily deleted all the call detail records it had previously acquired through the CDR program—without even waiting for a court order or trying to save some of the data—indicating that the system was unwieldy and the data being collected was not important to the agency.

Since its inception, we have not seen a single publicized instance of the program providing any unique security value---and in fact, the program has damaged privacy significantly. In its most recent transparency report, the NSA announced that it collected a staggering 534,396,285 call detail records during the 2017 calendar year; the agency said that number includes duplicates, but it provided no information on how significant the duplication issue is. Without knowing that or the average number of CDRs per person, it’s hard to say how many Americans this affects. The NSA claims it is unable to determine this—despite statutory requirement to do so and publicly disclose it—but the number is certainly enormous. Our communications metadata can be highly sensitive and can reveal intimate details of our lives. Americans should not be subject to this type of surveillance absent suspicion, particularly if the program conducting it has not yielded any demonstrated value in preventing or investigating terrorism.

When the issues are taken together—severe costs to privacy, no evidence of security value, technical flaws, the NSA’s willingness to broadly discard data it has collected, and a recent media report that the program has been shut down—they indicate that we are better off without this program.

But it’s important that Congress does more than just end the CDR program. Many in the privacy and civil liberties community worry that if the Section 215 metadata collection authority is no longer in use, the CDR program could still be active but justified with a different legal provision, and out of the public’s view. The public can only have confidence that congressional reforms are effective and not a meaningless game of whack-a-mole if lawmakers and the Privacy and Civil Liberties Oversight Board conduct rigorous oversight to find out whether such a shift happened with the CDR program. And if Congress does end the program, it should build in legal restrictions to ensure that the program cannot be restarted under a different authority.