29 January 2014

Metadata

'Secret without Reason and Costly without Accomplishment: Questioning the National Security Agency’s Metadata Program' [PDF] by John Mueller and Mark G. Stewart comments that
When Edward Snowden’s revelations emerged in June 2013 about the extent to which the National Security Agency was secretly gathering communications data as part of the country’s massive 9/11-induced effort to catch terrorists, the administration of Barack Obama set in motion a program to pursue him to the ends of the earth in order to have him prosecuted to the full extent of the law for illegally exposing state secrets.
However, the President also said that the discussions about the programs these revelations triggered have actually been a good thing: “I welcome this debate. And I think it’s healthy for our democracy. I think it’s a sign of maturity because probably five years ago, six years ago, we might not have been having this debate.” There may be something a bit patronizing in the implication that the programs have been secret because we weren’t yet mature enough to debate them when they were put into place. Setting that aside, however, a debate is surely to be welcomed—indeed, much overdue. It should be conducted not only about the National Security Agency’s amazingly extensive data-gathering programs to amass information on telephone and e-mail conversations—programs that have, according to the President, included “modest encroachments” on privacy—but also more generally about the phenomenal expansion of intelligence and policing efforts in the wake of 9/11.
As Dana Priest and William Arkin have documented in their the remarkable book, Top Secret America, by 2009 there were something like 1,074 federal government organizations and almost 2,000 private companies devoted to counterterrorism, homeland security, and intelligence spread over more than 17,000 locations within the country. At least 263 of these were created or reorganized after 9/11. Collectively this apparatus launched far more covert operations in the aftermath of 9/11 than it had during the entire 45 years of the Cold War.
A comparison might be useful. Since 9/11, 53 cases have come to light of Islamist extremist terrorism, whether based in the United States or abroad, in which the United States itself has been, or apparently has been, targeted. The total number of real terrorists, would-be terrorists, and putative terrorists populating this set of cases, excluding FBI and police undercover operatives, is less than 100. Thus, the United States has created or reorganized three entire counterterrorism organizations for every terrorist arrest or apprehension it has made of people plotting to do damage within the country.
Although much of discussion in this article can be extrapolated more widely, it focuses primarily—and for starters—on one of the two surveillance programs revealed by Snowden. These two programs have often been mixed in, or confused, with each other.
One of them, Prism, somewhat more commonly known from its section in the law as 702, permits NSA to gather electronic communication information on e-mail and phone conversations after approval by a judge if the target is both outside the United States and not an American citizen and if there is an appropriate and documented foreign intelligence purpose for the collection.
The other, known as 215, authorizes the gathering in bulk of business and communication records within the United States. It has been used in particular to amass telephone billing records—numbers called, numbers received, and conversation length—for every telephone in the U.S. In principle, the 215 data are only supposed to be collected if there are “reasonable grounds to believe” the records are “relevant” to a terrorist investigation of a “known or unknown” terrorist organization or operative. Creatively expanding the word “relevant” to the breaking point, it has been taken in practice to mean that NSA can gather billing records for every telephone conversation in the country: if there might be a known or unknown needle in the haystack, the entire haystack becomes “relevant.” As many, including Senator Patrick Leahy, have pointed out, this broad approach could also be applied to banking, credit card, medical, financial, and library records, all of which could be held as reasonably to be somehow “relevant” to the decidedly wide-ranged quest to catch terrorists.
The information gathered by either program can be held for five years.
This article primarily deals with the 215 program, the more controversial of the two, the one that involves the massive gathering of telephone billing records, or “metadata,” within the United States.
In the debate that has burgeoned since Snowden’s revelations, a number of questions have been raised about the civil liberties and privacy implications of NSA’s massive surveillance efforts. This article focuses on three additional questions. None of these is terribly legalistic, but they are questions that ought to be given more thorough examination.
The first two—why was the program secret and how much does it cost?—seem never to come up even though they are crucial if we are going to have an adult conversation on the issue. The third—what has the program accomplished?—has attracted some attention, but it clearly needs much more, and this article examines it in the broader context of the obsessive, and massively expensive, efforts by police and intelligence since 9/11 to deal with the threat that is envisioned to be presented by terrorism, a quest that has involved following literally millions of leads that go nowhere.
Although those opposed to the program are deeply concerned about privacy issues, they have also argued that the program fails to be “an effective counterterrorism tool,” in the words of Senator Patrick Leahy. In December 2013, two judges came to opposite conclusions about the 215 metadata program, and it is clear the program’s effectiveness figured importantly in their decisions. Judge Richard J. Leon, in finding the program was likely unconstitutional, noted that the government “does not cite a single instance” in which analysis of bulk metadata collection “actually stopped an imminent attack,” failed to present “any indication of a concrete danger,” and provided “no proof that the program prevented terrorist attacks.” Eleven days later, Judge William Pauley, in approving the program, stressed in his first sentence that the world is “dangerous and interconnected” and went on to insist that the effectiveness of the data collection program “cannot seriously be disputed, ” noting that the “the Government has acknowledged several successes in Congressional testimony and in declarations.” Meanwhile, a special Presidential group set up to review the NSA programs, while dwelling mostly on legal issues, also noted, in recommending the termination of 215, that information provided by the program “was not essential to preventing attacks and could readily have been obtained in a timely manner” otherwise, and that “there has been no instance in which NSA could say with confidence that the outcome would have been different” without the program.
In all this, the key question, as the Presidential review group points out, is not whether a surveillance program “makes us incrementally safer, but whether the additional safety is worth the sacrifice in terms of individual privacy, personal liberty, and public trust.”
The analysis in this article suggests that any benefit of the 215 metadata program is considerably outweighed by its cost even assuming that the unknown, and perhaps unknowable, cost figure is quite small. If the issue is security versus privacy, in this case privacy wins.