9/11, Al Qaeda, Data mining, Dzhokhar Tsarnaev, Edward Snowden, Federal Intelligence Surveillance Act, FISA court, Fourth Amendment, Individualized suspicion, Moral relativism, National Security Agency, NSA, Patriot Act, Phone call metadata, President Bush, President Clinton, President Obama, Privacy, Rolling Stone, Search warrants, Security, Selectors, Surveillance, Terrorism, World Trade Towers
NSA Surveillance and Americans’ Dislike of Nuance
We Americans are not known for our subtlety. We’re not big on nuance or moral complexity. We don’t go for delicate inflections and circumlocutions. We like things cut-and-dried, black-and-white, good-or-evil, yes-or-no. Criminals must be “animals,” not people with histories and emotions. Terrorists must be cowardly, even physically ugly movie caricatures. Hence the storm against the Rolling Stone for its cover photo of Dzhokhar Tsarnaev’s handsome young face, as if a good-looking terrorist were an oxymoron. Edward Snowden must be a hero or a traitor, and there can’t be any question about the mutual inconsistency of the two.
I think this is part of the American character, but I also think it is more pronounced in conservatives than in liberals. Maybe someday I’ll argue the point at greater length, but suffice it here to cite a conservative critique of Bill Clinton when he was president: he was, conservatives said, a “moral relativist.” In the conservative view of things, relativism is an entirely bad thing, and what is relativism but a respect for nuance?
But liberal and conservative commentary alike on the National Security Agency’s recently revealed surveillance programs has been remarkably devoid of nuance. Depending who’s talking, those programs are either entirely unconstitutional intrusions into our privacy or entirely necessary protections of our national security.
Lost in the argument between categorical condemnation and categorical support are important matters of degree and important distinctions among the various components of the NSA programs. Also lost are important distinctions between what we know and what we don’t yet know.
Let me start by declaring my bias: I am generally opposed to government collection of data about Americans’ private lives for national security or law enforcement purposes that is not supported by both individualized suspicion and court-issued search warrants. And I think it’s completely unacceptable that neither the Bush administration nor the Obama administration felt it necessary to put these programs out for democratic discussion and debate, not even in broad and general terms. President Obama’s press conference yesterday belatedly addressed this, as did the release of the Justice Department’s legal memo concluding that the program is legal. But it appears that the administration would never had acknowledged the existence of the NSA surveillance programs had Snowden not forced the issue.
Next, I want to discard several canards that have, unfortunately, become mainstays of the discussion.
First, let’s set aside the sanctimonious outcry at the discovery that the government collects personal information on Americans. Government has collected our personal information for as long as there has been government. If you have a birth certificate, a marriage certificate, a death certificate, a driver’s license, a vehicle registration, a passport, or a social security number, if you have ever filed a tax return or a census form, if you have ever applied for a government guaranteed college loan or served in the military, if you have ever been fingerprinted for a job (or for an arrest), or if you have ever done any one of a hundred other things in your life, then the government has collected all variety of personal and sensitive information about you.
What’s new and problematic about the NSA surveillance programs is not the collection of private information, but how the information is used.
The second canard is that the NSA surveillance programs constitute a unilateral abuse of executive power. But the Obama administration maintains, and I’ve seen no credible contrary argument, that the programs are within the scope of Congressional authorization via the Patriot Act, that the programs are specifically approved pursuant to the Patriot Act by periodic orders of the Federal Intelligence Surveillance Court, which was created by the Federal Intelligence Surveillance Act and is therefore known as the FISA court, and that members of Congressional intelligence committees have been briefed about the programs. If these surveillance programs are illegal or ill-advised, the legislative and judicial branches must share the blame.
The third canard is that the FISA court’s oversight is a farce because the court’s orders are issued after hearing from only one side, and issued in secret. But law enforcement searches are always authorized after hearing from only one side, and are always authorized in secret. Confidential, one-sided court proceedings in this context are a well accepted part of our jurisprudence.
The fourth canard is that the collection of phone call metadata is an unconstitutional search under the Fourth Amendment. Supreme Court cases going back almost 25 years have clearly established that a person has no reasonable expectation of privacy in this “metadata.” People are free to disagree with the Supreme Court, and of course the Court gets to change its mind, but as of today, government collection of phone call metadata is simply not a Fourth Amendment violation.
Again, I need to emphasize, the fact that a program is not unconstitutional doesn’t mean it’s a great program. There is no obligation on Congress to authorize every law enforcement action that the constitution permits, and there is no obligation on the executive branch to exercise every law enforcement option that Congress permits.
And my final canard for the day is that the NSA uses the phone call database for “data mining.” Reading the commentary, I suspect that this canard owes at least in part to a misunderstanding of the term “data mining.” Some people seem to think that the large scale collection of data is “data mining.” But the term has nothing to do with the collection of data; “data mining” refers to the use of data once it is collected – specifically, data mining is rummaging through the data at large, looking for trends and patterns that provoke suspicion. “Data mining” in this context would be the opposite of “individualized suspicion,” which would refer to the use of the database to find evidence in support of a suspicion that already has independent evidentiary support.
A search warrant ordinarily requires “individualized suspicion.” A search warrant authorizes law enforcement to look for evidence of criminality, but the warrant is issued only if law enforcement already has evidence making it reasonably likely that the further search will produce more evidence of criminality.
The Obama administration has insisted, time and again, that the NSA does not query the phone call metadata database unless it has individualized suspicion of criminality. The difference between suspicionless searches and searches based on individualized suspicion is huge. As a general matter, the government does not have the right to stop me, or to search me or my possessions, based on the mere possibility that the stop or search will produce something suspicious. The government must have a reasonable suspicion based on actual evidence before it can stop me or search me.
To my knowledge it has not been reported, and we have no basis to assume, that the NSA is searching the phone call metadata database without individualized suspicion. To me, that makes a big difference.
More nuance: just because it makes a big difference does not make it OK. Even if today’s NSA, advised by today’s attorney general, under the administration of today’s president, does not use the phone database for data mining doesn’t mean that tomorrow’s NSA won’t do it. And really, don’t we want more assurance of our privacy than the good intentions of the people who happen to be in office at the moment?
There are at least two solutions to that problem. The government might collect the data, but not be allowed access to it except with a court-issued search warrant based on individualized suspicion. There is good reason for the government to collect the data and create the database: phone companies don’t keep phone records very long. If the individualized suspicion develops more than a few months after a phone call is made, the phone records are gone and all the search warrants in the world won’t bring them back.
But this solution leaves the government in possession of a database that, no matter the safeguards, is inaccessible to the government only so long as the NSA is run by people of good faith.
A better solution therefore might be for the government to require by federal statute that phone companies maintain phone call metadata for the required number of years and that the government reimburse the phone companies for their costs in maintaining it. The government would get to order searches from the phone companies’ databases only based on court-issued search warrants, and the government would suffer no temptation to peek, since the database isn’t held on government servers.
It’s also important to make distinctions between the NSA’s phone call surveillance and its e-mail surveillance. For phone calls, the NSA compiles “metadata” from phone company records that includes the numbers from which and to which a call is made, the time of the call, and the duration of the call. The data collection extends to all phone calls made within, to or from the United States.
The NSA’s separate surveillance program for e-mail is less intrusive in some respects and more intrusive in other respects. The e-mail surveillance program was revealed by an Edward Snowden leak as far back as June 20, but the press, which has not covered itself in glory here, has just noticed. The New York Times reported only Thursday on the June 20 leaks. (The Times’ excuse? – the disclosure was made in one paragraph “amid 18 pages” – meaning that reporters couldn’t be bothered to read the entire leaked document before reporting on it.)
According to the Times, the NSA’s surveillance of e-mails and “other text-based communications” is very broad. The messages are copied, then screened by computer for key words and other “selectors.” The search takes a few seconds, after which the messages that do not produce “hits” on the “selectors” are deleted. Messages that produce “hits” are kept for further review by human analysts.
There are several important points here. Taking the Times account as true, the content of all of our e-mails and other “text-based messages” is screened, without individualized suspicion of any kind. In this respect the e-mail surveillance program is much more intrusive than the telephone surveillance program.
But the content-based screening is done by computer, after which the vast majority of messages are deleted and no record of them is kept. Only a very small percentage of our e-mails are kept. In this respect the e-mail surveillance program is much less intrusive than the phone surveillance, since metadata for all phone calls is kept for a significant period of time, apparently five years.
Furthermore, the administration insists that the content screening of messages is very narrow. The administration insists that it is not searching e-mails for references to general subjects of common interest, like Al Qaeda, bin Laden, terrorism, and so on, but for references to much more specific indicators of possible involvement with or knowledge of terrorist activities or planning.
The only example of a “selector” that I’ve seen reported is a telephone number associated with terrorists. The Times quoted a former NSA official as saying, “If someone is sending that number out, chances they are on the inside of the plot, and I want to find the people who are on the inside of the plot.”
What the actual “selectors” are of course determines whether the NSA is narrowly searching for evidence that furthers existing suspicions or more broadly searching for new suspicions. And of course the actual “selectors” are the exact thing the government can’t tell us – disclosing the selectors that trigger scrutiny would be schooling terrorists in how to evade that scrutiny.
It makes sense to me that the NSA does use the e-mail surveillance in the narrow fashion that it claims. Human analysts are a scarce and costly resource, and if computerized screening produced mountains of e-mails about general topics like terrorism, the human analysts would spend forever getting to the good stuff. The NSA is trying to prevent terrorism and catch terrorists; it’s not in the NSA’s interests to get bogged down in sorting through thousands of innocent discussions of current events. The point of the screening is to produce the needles, not the entire haystack.
And the NSA’s logic seems sound to me – if an e-mail states an exact phone number that is already associated with terrorists, there is a reasonable chance that the parties to the e-mail have information that the NSA should get.
Still, the program raises big issues that demand democratic debate and discussion. Even if we decide that we’re OK with computer screening of e-mail for very specific “selectors,” we are entitled to firm assurance – once again, more than the good faith of the people who happen to be in charge today – that the screening can’t go farther in the future.
The Obama administration again insists that the program is within the scope of Congressional authorization and is rigorously reviewed by the FISA court. And again the problem from the point of view of the public is that the FISA court’s rulings are kept confidential from us.
The NSA surveillance programs raise critically important issues of privacy versus security. We were shocked into action when Al Qaeda took the World Trade Towers down, and, with twelve years’ hindsight, it’s clear that we overreacted. I don’t necessarily say this critically – it would have been unnatural, inhuman, not to overreact to that terrible event. But having overreacted, we are now pulling back on some of our post-9/11 security measures. This is also to be expected, as 9/11 becomes less immediate and less visceral.
So we need to find a new balance of security and privacy. A need for balance assumes that neither of those interests is trivial and neither is decisive. Security measures have value, and privacy guarantees have value. This will not be an easy debate, and we need to be prepared for the fact that the next terrorist attack may well start the process all over again.
Finding the right balance requires an appreciation for nuance. As yet in this discussion, nuance has been the one thing that is in shortest supply.
December 13, 2016 – Unlike distance from physical objects, distance from temporal events generally enhances clarity. Today, well over three years after Edward Snowden’s celebrated disclosure of classified government documents, the New Yorker runs a piece by Malcom Gladwell that brilliantly captures the nature of Snowden’s actions. Using a comparison between the whistle-blowing actions of Snowden and Daniel Ellsberg, who disclosed portions of the “Pentagon Papers” some 45 years ago, Gladwell demonstrates the difference between carefully deliberated disclosure directed precisely to the wrong at issue (Ellsberg; the wrong being the lies told the public by the Kennedy and Johnson administrations about the supposedly successful progress of the Vietnam War) and the indiscriminate flood of information having nothing to do with the wrong at issue (Snowden; the wrong being the mass-scale surveillance of Americans by the National Security Agency). Ellsberg carefully avoided disclosing information unrelated to the wrong at issue; Snowden blithely disclosed hundreds of thousands of documents having nothing at all to do with domestic spying by the NSA. Gladwell succinctly characterizes this difference as the difference between “leaking” and “hacking.”
Gladwell accuses the NSA of reducing an important policy question (what is the role of surveillance in a democratic society?) into a technical question (how much data can we capture?). He compares the NSA to Snowden, who he says made the same mistake – he reduced a policy question how can disclosure of government secrets strengthen a democracy?) to a technical question (how much secret information can I grab?). Gladwell concludes with the devastating observation that “Snowden did not repudiate the NSA’s error; he duplicated it.”