The “New” NSA Kerfuffle, Day 2
Even as a Washington Post/ABC News poll—in itself a bit deceiving (on which, more later)—reveals that 66% of Americans “said they would not be bothered if NSA collected records of personal calls they had made,” many of the usual suspects (be they Bush-haters angling to scuttle the Hayden nomination to DCI, or civil liberties absolutists looking to stroke themselves for an ostentatious “willingness” to surrender a bit of security for the greater good of a “privacy” they never really enjoyed in the first place) are, predictably, screaming to the heavens about government overreach and a rape of constitutional protections.
For instance, reacting to Michelle Malkin’s Newsday op-ed on yesterday’s blockbuster scoop (read: publishing [old] classified information intended to gin up controversy) by USA Today, in which Malkin points out that
[USA Today] admits the kind of data collection involved is not new. The Clinton administration’s Echelon program was far more intrusive.
President Bush made clear yesterday: “We’re not mining or trolling through the personal lives of millions of innocent Americans. Our efforts are focused on links to al Qaeda and their known affiliates. So far we’ve been very successful in preventing another attack on our soil.”
Nevertheless, the civil liberties Chicken Little are screaming “Bushitler!” on cue. What they should be screaming for are the heads of the blabbermouths endangering all of us by running to the fifth-column press when they don’t get their way in Washington. But you can never find the leak-decriers when you need them, can you?
…Kerry Howley writes at Reason’s Hit & Run:
The penalty for violating the Stored Communications Act is $1000 per individual violation. Section 2707 of the Stored Communications Act gives a private right of action to any telephone customer “aggrieved by any violation.” If the phone company acted with a ÃƒÂ¢Ã¢â€šÂ¬Ã…â€œknowing or intentional state of mind,” then the customer wins actual harm, attorney’s fees, and “in no case shall a person entitled to recover receive less than the sum of $1,000.”
The Electronic Frontier Foundation is already suing AT&T for cooperating with the NSA’s secret wiretapping programs; the Department of Justice claims that such matters are, you know, secret, and wants the case dismissed.
Leaving aside for a moment the fact that Reason (free minds, free markets!) has linked approvingly to Think Progress, the outfit responsible for peddling the story that our use of Willy Pete in Fallujah was “evidence” of chemical weapons abuse by the US military in Iraq, and so a war crime (oh, the IRONY, they shouted, until they were shown to be, well, “cherrypicking” their source material)—and leaving aside earlier Hit & Run posts positing conspiracy theories involving an embittered Washington Post jealous of being scooped by USA Today and the mass “tapping” of our phones (as well as the cheers from Reason editor Nick Gillespie that support for data-mining analysis meant to stop terror attacks appears to be on the wane)—what is remarkable to me about Ms Howley’s post is its barely concealed joy over what is essentially a nuisance suit. The information the NSA is collecting is already available on individual phone bills, and SCOTUS has ruled that such information is not covered under any expectation of privacy because, as John Stephenson notes, “there are countless numbers of people who are exposed to your phone records before your bill makes it into the envelope.”
But then, perhaps I am coming out too strong in favor of this collection of data being a matter of settled law. A story in today’s WSJ, for instance, frames the legal question this way:
Law-enforcement officials routinely use what is known as “pen registers” and “trap and trace devices” to collect information about incoming and outgoing calls to and from a specific phone number. While a court order is required to get such information, the threshold is a lot lower than obtaining an order to actively listen to a call. Given the broader nature of the NSA terrorist-surveillance program, obtaining individual court approvals would be an enormous task, some legal experts say, and not entirely necessary.
“This is a new area that we’ve never seen before,” says Roscoe Howard, former U.S. attorney in Washington, D.C. “I can’t point to anything that would say the government can’t do this or would be breaking the law.”
Mr. Howard says the Fourth Amendment’s protection from unreasonable seizures applies a specific test: whether that information would be available to a third party. And in the case of call-detail records, the phone company collecting them would qualify as the third party, and thus the government would be allowed to have access to whatever it did, says Mr. Howard.
Of course, it is the nature of legal wrangling and interpretation that for every constitutional expert who can find no violation of protections in a given action, there is a Glenn Greenwald, who, let’s face it, can find violations of constitutional protections in the packaging of breakfast cereals.
So in lieu of a consensus on the legal issue, the question becomes a political / social one: do we err on the side of security (the program appears to have been quite successul), or do we err on the appearance of maintaining “privacy” (which results in much hyperbole about ordinary Americans having their phones “tapped,” and jubilation over massive class actions suits on behalf of, well, digits.)
Earlier, I mentioned that the WP/ABC poll was a bit misleading—though not for the reasons cited by Reason’s David Weigel or Nick Gillespie. Instead, let me focus on this bit from the WaPo story:
According to the poll, 65 percent of those interviewed said it was more important to investigate potential terrorist threats Ã¢â‚¬Å“even if it intrudes on privacy.Ã¢â‚¬Â
But whether or not a collection of unattributed phone numbers being used for trend analysis “intrudes on privacy” in the first place is in dispute, and so the question itself, one could argue, sets up a bit of a false dichotomy. That is to say, the choice might not be between security and actual privacy so much as it is between security and the erroneous suggestion that privacy is being intruded upon—which makes the 65% number that much more telling. Had the question been framed differently—for instance, say respondants had been asked if it was “important to investigate terrorist threats, even if that meant doing trend analysis of phone traffic which did not include names, recording conversations, or listening to the content of phone calls?—would we see an appreciable jump in those who support the program?
My guess is yes.
Which is not to minimize the seriousness of this issue. Many of us who support the program, though we are frequently painted as bedwetters willing to turn over all of our rights to the government in exchange for Dear Leader’s protection, are not completely comfortable with such data-mining—and would only support such measures under extraordinary circumstances. And unlike many of our opponents on this issue, we feel that, in dealing with an enemy that hides within our social matrix, hoping to use its protections and openness against us, it would be imprudent NOT to allow that the circumstances are indeed extraordinary, and so call for extraordinary measures.
Captain Ed summed it up well:
After 9/11, we discovered that the terrorists had easily infiltrated our society, used our communication systems to coordinate the plotting and execution of the attacks, and had done little else to indicate their hostility. In retrospect, we saw patterns of behavior and communication that many felt the government should have recognized as potentially dangerous. Not only that, but we also realized that more terrorists may still be living among us, and we demanded that the government root them out before they could attack again.
Targeting their communications is certainly a smart strategy, but the problem is the volume of phone calls in the US. Even if a phone number came up as a suspected terrorist line, the amount of time it would take to get the phone records involving that number would be enormous. The phone companies do not sort in both directions under normal circumstances, and so subpoenaing records on one account not only takes too long, but gives an incomplete picture.
When we discover terrorist phone numbers, we need to see more than just what numbers that phone dialed. We need to see who called the account as well, because the traffic might not be reciprocal in that manner. (In other words, just because I call you doesn’t necessarily mean you call me.) Some phone accounts, like cell phones, have that information, but local calls on land lines normally do not. Even beyond that, when intelligence agencies have two or three known data points (terrorist phone numbers), they need to quickly find all of the other phone numbers that have called or have been called by the suspect accounts, especially those in common to all. That allows the search to expand quickly to identify even more potential sleepers, who rely on phones to communicate and coordinate.
As a database administrator and someone who has worked on telco issues for several years, I can tell you that any attempt to do that with traditional phone records pulled in a traditional manner will take far too long to complete. The only way to efficiently find these needles in very large haystacks is to create a relational database that will sniff out those relationships. In order to ensure that the effort succeeds, the database must therefore contain as many of the records of phone calls as possible—all of them, under ideal circumstances.
Only such a database could make that kind of dot-connecting possible in any meaningful fashion. The kinds of patterns and connections that would reveal the potential for terrorist activity will be so small as to be impossible to discover through normal research. That’s what makes Senator Pat Leahy’s reaction so frightfully stupid. He said, “‘Are you telling me that tens of millions of Americans are involved with al Qaeda? ‘These are tens of millions of Americans who are not suspected of anything … Where does it stop?’’ Leahy either ignores or fails to grasp that the problem is precisely that so few in the US might be terrorist sleepers. If it were a large group, they would be much easier to track and data mining would not be necessary.
That presents the government with a powerful tool in determining the behavior of people inside the US, and for that matter outside of it as well. Is such a tool reasonable under the circumstances we face now? That is ultimately a political question instead of a legal one, depending on whether people feel themselves more in danger from terrorists or their government. In my opinion, the effort is reasonable and limited. The calls themselves do not get monitored, and the records do not contain billing information or even names in their raw form. With the US still in danger of terrorist attack and with the rational possibility of sleeper cells hiding in our communities, the use of this tool makes sense and provides security for a reasonable loss of privacy.
However, that does not make the collection of this data completely benign under any circumstances. This kind of data could be used for purposes other than finding terrorists. For instance, it could be used against whistleblowers to discover their contacts. It could get deployed against opposition parties to determine their scope and the location and number of their supporters. People could get blackmailed for their phone calls in ways that have nothing to do with national security. If the CIA or State Department (which has its own intelligence service) had this program rather than the NSA, many on the Right would feel much less sanguine about its implications.
When we finally acknowledged that Islamist terrorists had declared war on us, George Bush warned us that we would have to make sacrifices in order to beat our enemy. So far, we have not been asked for much in the way of sacrifice. Now that we see how the NSA has kept us safe, we should recognize that the limited loss of privacy on our telephone habits is not much of a sacrifice in giving the intelligence community a tool to root out terrorist sleeper cells. However, we should not dismiss the risks of giving even more power to the federal government so lightly, and we should ensure that the power we do grant them does not get misused.
We have to straddle a fine line here between giving government too much power and giving them enough power to keep us safe. Bush, using the NSA, has hit on a program that has connected the very kinds of dots we missed before 911, and he has done so with little inconvenience to Americans, the cooperation of most of the major telecom companies, and with both FISA oversight (periodic reviews by the courts) and the approval of those select few in Congress who were briefed on the program.
There is no doubt that the Bushies kept all of this very close to the vest, knowing that Congresspeople are nothing if not sieves. Which is all in the nature of opportunists—who are not averse to using the appearance of impropriety as a weapon against their political opponents, even if that means undermining a successful program that has undoubtedly taught us valuable lessons about terror cell communication patterns and habits, and has likely foiled more attacks than we are aware of.