Thursday, January 16, 2014

Ken Gude: It’s time to get the government out of the mass collection business

  President Barack Obama will deliver a major speech tomorrow regarding the National Security Agency’s, or NSA’s, intelligence collection activities, both in the United States and around the world. There has been great controversy and confusion around these activities since former NSA contractor Edward Snowden began leaking details of these and other NSA programs last June. Many Americans were particularly shocked by the revelation that the government maintained a secret database of all the telephone calls made by or to phones in the United States. The existence of government data collection on this scale could influence the choices Americans make with profound negative effects on our society and economy.

  A new report from President Obama’s handpicked review panel to examine the NSA programs has provided some clarity about the different NSA collection programs and focused the debate on whether such bulk collection should continue. The president has the authority right now to suspend this bulk collection and instead require the NSA to seek an order from the court that oversees this activity each time it wants to search phone records. Doing so in this manner would not harm national security but would get the government out of the mass data collection business and re-establish meaningful checks on the NSA when searching Americans’ phone records.

How the bulk collection program works now

  Currently, the U.S. Foreign Intelligence Surveillance Court, or FISA Court, authorizes the NSA under Section 215 of the USA PATRIOT Act, or Patriot Act, to collect the metadata from multiple phone companies on all telephone calls made within, to, or from the United States and consolidate it into a massive database stretching back over five years of call records. The NSA then decides when and on whom to make queries of this metadata database based on the reasonable articulable suspicion, or RAS, that the target of the search is connected to international terrorism.

  After the NSA analyzes the target’s call records, it can then make two more searches, or hops, of the database looking for connections that can identify terrorist networks. If the average person calls or is called by 100 different numbers over a five-year period—the so-called first hop—and each of those numbers is also connected to 100 other numbers and so forth, the second hop would return a search of 10,000 numbers, and the third hop would return 1,000,000. So one seed number can allow the NSA to search the records of 1,000,000 Americans.

  The FISA Court’s current oversight is at the programmatic level—the authorizing of bulk collection—and of minimal utility because it does not scrutinize in advance the NSA’s decisions to hop to 1 million call records. In now-public rulings, however, we know the FISA Court repeatedly held that the NSA exceeded court-imposed limits on these searches. It is true that stronger procedures are now in place at the NSA to prevent its searches from intentionally or unintentionally exceeding these court-imposed limits. And it is appropriate to believe the good-faith arguments of the responsible NSA officials that their only intention is to protect Americans from attack by lawful means, as well as that the NSA will report to the FISA Court any action that exceeds its lawful authority. Yet this self-policing is insufficient given the depth of the American public’s mistrust of the NSA and the American system of government that is based on meaningful checks on any such activity.

  In addition to concerns about viable oversight of the program as currently constructed, a greater fear is the potential, chilling effect that could result from the existence of a huge government database containing all the telephone-call records of all Americans. The specter of mass collection is the problem, along with its potential impact on the choices of Americans in the global information age.

  Modern communications technologies have dramatically improved Americans’ ability to stay connected with one another. Other modern information technology has provided greater access to more information for more people than ever before, and it has significantly lowered the barriers to participation in public discussion and debate. As a result, our country is undergoing an information revolution that is driving the kind of innovation that will protect America’s global economic leadership. Although this transformation has not come without costs, it has enormously benefited American democracy, our economy, and our global competitiveness.

  At the same time, these new technologies create huge amounts of unique data about the daily activities and beliefs of millions of Americans. Regardless of whether the information is freely turned over to third parties by the traditional legal definition established by the Supreme Court in the days of rotary telephones and before personal computing, it is simply not possible to actively participate in American society today without leaving a digital trail from which a detailed picture of one’s life can be drawn. Who you talk to, what you read, what you buy, and who you consider friends are all easily and precisely found in our modern digital world.

  The reality of the telephone metadata program on its own clearly does not sweep in all of our digital data. This is not the only such collection program, however, and the NSA’s Internet metadata program was suspended at the end of 2011 only because of excessive cost, not due to an NSA judgment that the program violated legal limits. Regardless, the government being in the mass digital data collection business at all is the problem. Furthermore, it does not require a conspiratorial mind to be concerned about what other programs are out there when a secret government database of all the call records of all Americans has existed for nearly a decade. It would prove extremely damaging to our society if Americans began to feel they needed to choose between fully participating in American public and economic life and their right to keep the intimate details of their core activities and beliefs out of the hands of the government.

Changing the program

  In somewhat of a surprise, the president’s intelligence review panel recommended significant changes to the bulk collection program. It favored new legislation that would end the NSA’s bulk collection and instead leave the call-record data in the hands of the telephone companies or, if that was deemed too difficult to manage, establish a third party to hold a consolidated database. This would be a meaningful change and would allow the FISA Court to check the NSA’s actions when the agency collects and searches Americans’ telephone records. Having Congress engage on this critical issue is also important, as it has been excluded from consideration of it until now.

  Congress reauthorized Section 215 of the Patriot Act in 2006, and, shortly after it became law, the Bush administration argued in secret to the FISA Court that the section was extremely broad and allowed bulk metadata collection. The FISA Court agreed and issued a secret ruling that approved such power. At no point during this consideration of the Patriot Act reauthorization did Congress debate whether Section 215 would authorize bulk collection of metadata. Congress reauthorized this section of the Patriot Act in 2010 and 2011 without change. There was no public debate, Congress was never provided with the legal reasoning that supported this expansive interpretation of Section 215, most members of Congress had no idea that this was how the law was being applied, and those that did were specifically prohibited from making any public statement about it. Having Congress provide its view on this program is essential, but let’s be clear: It would be the first time Congress has been allowed to make an informed judgment on it.

  Consequently, President Obama should immediately suspend bulk metadata collection under Section 215 of the Patriot Act and instead require the NSA to obtain an order from the FISA Court for each specific query. The NSA could secure individual orders under Section 215 for call records pertaining to any identifier that meets their current RAS standard, and each order would cover current telephone metadata records residing with the phone companies and those in the existing database of such records.

  The president should also request that the phone companies ensure that they preserve these call-record data in a similar format to how they are currently transmitted to the NSA for a period of at least 18 months. Current federal regulations require the phone companies to store these data for 18 months for accuracy in billing, and the president should make clear that the phone companies must preserve the records in a format that allows the companies to be quickly responsive to FISA Court orders. This would give Congress and the president ample time to create through legislation a nonprofit third-party entity to serve as the repository of a consolidated database of records from multiple companies. This would get the government out of the data collection business and provide meaningful distance from the program for telephone companies so as not to harm their business by the specter of association with mass data collection.

  Suspending bulk collection in this manner preserves the NSA’s capability to access metadata for counterterrorism purposes while Congress and the president work out new legislation, and, therefore, it does not harm national security. Taking this decisive action would also establish a clear and strong position for the president with the American people and help restore their trust that the government is not in the mass collection business.

Concerns regarding this change

  Critics of this change claim that extra time would be required to consolidate data from multiple phone companies into the format that is searchable by NSA systems using an RAS query. While the technical details of the current NSA bulk collection program remain appropriately classified, it is clear that the NSA already possesses the capability to convert the metadata it receives from different telephone companies into a format compatible with its supercomputers and algorithms. Otherwise, the NSA would not be able to operate the program as currently constructed. As a matter of logic, the time required to collect and convert an individual’s—or even several individuals’—metadata into the compatible format would be no more than that required under the current program with millions of records.

  In the event that there is a small disruption of the program because of this change, however unlikely, it is an acceptable tradeoff to get the government out of the mass collection business. Additionally, given its mission and resources, the NSA should be able to adapt its systems to meet these new requirements and eliminate any delays that arise during the transition period if so ordered by the president.

  Another concern is that in an emergency, the added time of both technical hurdles and the necessity to obtain an order from the FISA Court could undermine the capability to prevent terrorist attacks. The telephone metadata program may be useful in a scenario in which the government needs to determine as quickly as possible whether a terrorist attacker has connections to others inside the United States. This change, however, should not diminish that capability. In the current system with rolling bulk collection, whatever time is required to convert the bulk metadata into the format used by the NSA establishes a window of call records for any target that cannot be searched immediately. As noted above, it could not possibly take the NSA any longer to convert a handful of records than it does for the current millions of records; therefore, that window would not be larger for technical reasons under this proposed change.

  Obtaining approval from the FISA Court and serving orders on the telephone companies in such an emergency would add additional steps but not significant additional time. The FISA Court can approve orders in the small hours of the night on an emergency basis, and procedures for immediate notification and response by the telephone companies can be established in advance if they do not already exist. And the government has many different tools, such as wiretaps, to obtain information about any telephone use from known and still-at-large terrorists as quickly as possible.

Conclusion

  Ending the practice of mass digital data collection by the government is essential as we navigate our way into the global information age. Requiring the NSA to seek individual orders to search Americans’ telephone-call records in a database not controlled by the government would maintain the capability to use this information for legitimate counterterrorism purposes. Conversely, preserving a government-held database of such a large scale approved by an informed Congress would establish an enduring legal framework of mass digital data collection by the government that could impact the way Americans choose to live their lives with negative effects on our democracy and our economy.

  It’s time to get the government out of the mass data collection business.

  About the author: Ken Gude is a Senior Fellow at the Center for American Progress.

  This article was published by the Center for American Progress.

No comments:

Post a Comment