Tag: NSA

You Could Have Read It Here First

If you’ve been reading Cato at Liberty and www.cato.org, then you already know, as the lead story in the Washington Post reported this morning, that both the constitutionality and the necessity of the NSA’s massive surveillance are in doubt:

From the moment the government’s massive database of citizens’ call records was exposed this year, U.S. officials have clung to two main lines of defense: The secret surveillance program was constitutional and critical to keeping the nation safe.

But six months into the controversy triggered by former NSA contractor Edward Snowden, the viability of those claims is no longer clear.

In a three-day span, those rationales were upended by a federal judge who declared that the program was probably unconstitutional and the release of a report by a White House panel utterly unconvinced that stockpiling such data had played any meaningful role in preventing terrorist attacks.

Reviewing the Review Group: Practice What You Preach

The “President’s Review Group on Intelligence and Communications Technologies” has issued their report. Convened in late summer to advise the president on what to do in the wake of the Snowden revelations (without mentioning Snowden), the group was rightly criticized for its ‘insider’ composition. The report has beaten the privacy community’s low expectations, which is good news. It advances a discussion that began in June and that will continue for years.

Some observations:

- Contrary to expectations, the report is outside the White House’s “comfort zone.” That’s good, because, as noted, this group could easily have decided to ratify the status quo, handing the administration and the National Security Agency a minor victory. The report positioned Senate Judiciary Committee chairman Patrick Leahy (D-VT) to say: “The message to the NSA is now coming from every branch of government and from every corner of our nation: You have gone too far.”

- There is no reason to treat the report as a reform “bible.” This was a problem with the 9/11 Commission report, for example, which was held up as sacrosanct even when it was wrong. The Review Group report is right about some things, such as eliminating administratively issued National Security Letters, it is wrong about some things, and it omits some key issues, such as the government-wide penchant for secrecy that created the current problems.

- Weaknesses are more interesting than strengths, and a particular weakness of the report is its call for retaining the phone calling surveillance program. Recommendation Five calls for legislation that “terminates the storage of bulk telephony meta-data by the government under [USA-PATRIOT Act] section 215, and transitions as soon as reasonably possible to a system in which such meta-data is held instead either by private providers or by a private third party.” The debate over data retention mandates ended some years ago, and the government was denied this power. The NSA’s illegal excesses should not be rewarded by giving it authorities that public policy previously denied it. Outsourcing dragnet surveillance does not cure its constitutional and other ills.

- The data retention recommendation is in conflict with another part of the report, which calls for risk management and cost-benefit analysis. “The central task,” the report says, “is one of risk management.” So let’s discuss that: Gathering data about every phone call made in the United States and retaining it for years produces only tiny slivers of security benefit, the NSA’s unsupported claims to the contrary notwithstanding. Considering dollar costs alone, it almost certainly fails a cost-benefit test. If you include the privacy costs, the failure of this program to manage security risks effectively is more clear. The Review Group’s conclusion about communications surveillance is inconsistent with its welcome promotion of risk management.

Most legal scholars and most civil liberties and privacy advocates punt on security questions, conceding the existence of a significant threats, however undefined and amorphous. They disable themselves from arguing persuasively about what is “reasonable” for Fourth Amendment purposes. Concessions like these also prevent one from conducting valid risk management and cost-benefit analysis. Some of us here at Cato don’t shy from examining the security issues, and we do pretty darn good risk management. The Review Group should practice what it preaches if it’s going to preach what we practice!

D.C. Court: Smith Is Not Good Law

In debates about the NSA’s mass surveillance of all our phone calling, pro-government lawyers have often tried to play a trump card called Smith v. Maryland. Smith is a 1978 Supreme Court decision as right for our times as laws requiring public buildings to provide spittoons. But lawyering rightly relies heavily on precedent, so there it was, the argument that people don’t have a constitutional interest in data about their phone calling because a suspected burglar and obscene phone-caller didn’t have such an interest back in 1976.

D.C. district court judge Richard Leon ruled today that Smith is not an appropriate precedent for considering the constitutionality of the NSA’s mass surveillance program. “[T]he Smith pen register and the ongoing NSA Bulk Telephony Metadata Program,” he concluded, “have so many significant distinctions between them that I cannot possibly navigate these uncharted Fourth Amendment waters using as my North Star a case that predates the rise of cell phones.”

When phone calling was home- or office-bound and relatively rare, people’s interest in the information about their calling was not as great as it is today. Cell phones now accompany most people everywhere they go every single day. “[T]he ubiquity of phones has dramatically altered the quantity of information that is now available and, more importantly, what that information can tell the Government about people’s lives.” (emphases omitted)

Judge Leon applied the “reasonable expectation of privacy” test in finding that he is likely to determine that the NSA’s data seizures are a Fourth Amendment violation, even though that standard has been thrown into doubt by recent Supreme Court decisions. But what is important is that his decision breaks the circular logic adopted by the panels of judges ratifying mass domestic surveillance under the Foreign Intelligence Surveillance Act. These panels believed they could act in secret because of the premise that Americans don’t have a constitutional interest in data about their calls. Their secret operations barred Americans from contesting that premise. And the band played on. Until someone leaked this mass domestic spying to the public.

Judge Leon’s assessment of the government’s interest is notable. He picked up on the fact that the government’s collection of data about all our calls is simply to make things a little quicker when they want to do an investigation.

“[T]he Government’s interest,” he writes, “is not merely to investigate potential terrorists, but rather, to do so faster than other methods might allow. … Yet … the Government does not cite a single instance in which analysis of the NSA’s bulk metadata collection actually stopped an imminent attack, or otherwise aided the Government in achieving any objective that was time-sensitive in nature.” (emphases omitted)

Databasing of all our calls is a convenience and not a necessity. That stacks up poorly against the privacy costs all Americans suffer by having their phone-calling catalogued in government databases.

There will almost certainly be an appeal, and there will be more cases coming up through the courts that explore the many dimensions of this issue. But now we can tell our lawyer friends who have been a little too slavish to precedent that Smith v. Maryland is not good law.

A Data Retention Mandate? NO

The Wall Street Journal reports that a panel convened by the president to review the National Security Agency’s programs will recommend that “the records of nearly every U.S. phone call now collected in a controversial NSA program be held instead by the phone company or a third-party organization.” That recommendation is a non-starter.

Mandatory data retention has been floated for years using the most politically appealing rationale, child predation. In 2007, we characterized the idea as costly, outsourced surveillance, and Congress has consistently denied that power to the government. In fact, child protection bills containing data retention mandates were introduced in several Congresses but only passed once provisions deputizing communications providers into government surveillance were stripped out. Randy Barnett and I made this point in our brief urging the Supreme Court to take up the NSA’s mass surveillance of Americans’ telephone calling.

“Congress has declined to institute mandatory data retention laws because the costs, risks, and privacy consequences for innocent citizens outweigh their law enforcement and security benefits,” we wrote. “The Verizon order reverses this Congressional policy by requiring a telecommunications provider to turn all data over to the government for retention by the National Security Agency.”

How ironic it would be if the NSA’s illegal excesses delivered it a victory on a policy initiative that it lost years ago. Is secretly violating Americans’ communications privacy really rewarded by a policy requiring the violation of Americans’ communications privacy?

Rep. Jim Sensenbrenner (R-WI), who claims authorship of the USA-PATRIOT Act, came to Cato two months ago to lament the NSA’s use of that law for domestic spying he did not intend the NSA to have. In the past, he has said that data retention “runs roughshod over the privacy rights of people who use the Internet for thousands of lawful purposes.” Assumedly, he believes the same as to people’s use of the phone, and he will continue working with other privacy-minded legislators to relegate data retention mandates to the dustbin of history.

The Black Budget, a Sense of Magnitudes

On October 28th, I wrote a blog post, “The NSA’s Rent Is Too Damn High,” in which I looked at the $52.6 billion price tag for America’s spook infrastructure – the so-called “black budget.” When allocated across every American taxpayer, this staggering sum comes out to $574 per taxpayer, per year.

But, there are other edifying ways of gaining perspective on such a whopping amount of money. Doing so is important. Indeed, according to John Maynard Keynes’ biographer, Lord Skidelsky, Keynes believed that a good economist must always have “a sense of magnitudes.”

We can get a sense of magnitudes by looking at this year’s black budget as a portion of the major sources of the federal government’s revenues. The table below tells that tale:

Source of Federal Revenue 2012 Amount $ Billion Black Budget $ Billion Black Budget as % of Revenue Source
Individual Income Taxes $1,132.21 $52.60 4.6%
Corporate Income Taxes $242.29 $52.60 21.7%
Social Insurance Taxes $845.31 $52.60 6.2%
Excise Taxes $79.06 $52.60 66.5%
Estate and Gift Taxes $13.97 $52.60 376.4%
Customs Duties $30.31 $52.60 173.6%
Miscellaneous Receipts $107.01 $52.60 49.2%
Deficit (Borrowing) $1,086.96 $52.60 4.8%
     Source: Congressional Budget Office

The NSA’s Rent Is Too Damn High

For months, the American public has received a steady stream of new information detailing the massive scale and scope of the United States’ spying activities. Of course, maintaining a surveillance state powerful enough to reach into the inboxes of world leaders, friend and foe, is not cheap. Indeed, as the Washington Post revealed when it released portions of the so-called Black Budget, this year’s price tag on America’s spook infrastructure comes out to a whopping $52.6 billion.

This is, of course, a tremendous sum – more than double the size of the Department of Agriculture, more than triple the size of NASA; the list goes on… But, what really puts this number into perspective is its average cost to each American taxpayer, or what I would call the NSA and associated agencies’ “rent.”

Yes, the NSA’s rent, charged to every taxpayer living under its web of surveillance, comes out to an exorbitant $574 per year. If this is the price the federal government is charging American taxpayers to have their own privacy invaded, then I say the NSA’s rent is too damn high.

Normally, at the end of one of these blogs, I would ask a rhetorical question like: “Washington, are you listening?” But, in this case, we know Washington is listening, and now we know how much we’re being charged for it.

The Defense of NSA Spying that Wasn’t

In an interview with CNN yesterday, outgoing FBI director Robert Mueller offered up words one could characterize as defending mass surveillance of all Americans’ phone calling. Indeed his interview has been portrayed as a defense of such spying, with outlets like NRO’s “The Corner” reporting “Outgoing FBI Chief: ‘Good Chance’ NSA Would Have Prevented ‘Part’ of 9/11.” But Director Mueller spoke much more equivocally than that.

Here’s what he actually said.

CNN: If we had the kind of intelligence that we were collecting through the NSA before September 11th, the kind of intelligence collection that we have now, do you think 9/11 would have been prevented?

MUELLER: I think there’s a good chance we would have prevented at least a part of 9/11. In other words, there were four planes. There were almost 20 — 19 persons involved. I think we would have had a much better chance of identifying those individuals who were contemplating that attack.

CNN: By this mass collection of information?

MUELLER: By the various programs that have been put in place since then. … It’s both the programs (under the Patriot Act) but also the ability to share the information that has made such dramatic change in our ability to identify and stop plots.

Mueller vaguely cited “various programs,” giving them a retroactive chance of preventing “a part of 9/11.” But even this defense of post-9/11 powers is insufficient.

In our 2006 paper, “Effective Counterterrorism and the Limited Role of Predictive Data Mining,” IBM scientist Jeff Jonas and I recounted the ease with which 9/11 attackers Khalid al-Mihdhar and Nawaf al-Hazmi could have been found had government investigators pursued them with alacrity. The 9/11 Commission said with respect to al-Mihdhar, “No one was looking for him.” Had they been caught and their associations examined, the 9/11 plot probably could have been rolled up. Sluggish investigation was a permissive factor in the 9/11 attacks, producing tragic results that nobody foresaw.

That absence of foresight is a twin with retrospective assessments like Mueller’s, which fail to account for the fact that nobody knew ahead of 9/11 what devastation might occur. Immediately after the 9/11 attacks, everybody knew what such an attack could cause, and everybody began responding to the problem of terrorism.

Would Patriot Act programs have prevented at least a part of 9/11? Almost certainly not, given pre-9/11 perceptions that terrorism was at the low end of threats to safety and security. A dozen years since 9/11, terrorism is again at the low end of threats to safety and security because of multiplicitous efforts worldwide and among all segments of society. It is not Patriot Act programs and certainly not mass domestic surveillance that make us safe. Even Mueller didn’t defend NSA spying.