Commentary

Officials Need to Come Clean on NSA Surveillance Activities

Asked point-blank last July whether the National Security Agency’s new, billion-dollar Utah installation would hold the data of American citizens, General Keith Alexander, the head of the NSA, responded flatly: “No.”

“While I can’t go into all the details of the Utah Data Center,” he said at the American Enterprise Institute, “we don’t hold data on U.S. citizens.”

But the chairman of the House Intelligence Committee, Mike Rogers (R-MI), tells a different story. “Within the last few years, this program was used to stop a terrorist attack in the United States,” he says.

Rogers is talking about the documented report released by the Guardian (U.K.) showing that Verizon is under order of the secretive Foreign Intelligence Surveillance Court to hand over “all call detail records” about phone calls within the United States or crossing the U.S. border. The order, granted on April 25, requires the phone company to submit these records to the government “on an ongoing daily basis” through July 19.

The government is accessing “metadata” about millions of our phone calls. Don’t let the technical-sounding term confuse you. That’s information about who called you, and who you called. It’s what time your conversations happened, and how long your conversations continued. If you’ve made a call in the last few months, if you called a lost love, a counselor, a doctor, psychologist, or psychiatrist, the National Security Agency probably has that information.

The IRS scandal reminds us that government agents don’t always have our interests at heart. IRS agents investigated hopeful non-profit groups aiming to weed out those that might challenge government orthodoxy and power. Who’s to say that there isn’t someone in the NSA — or an entire program in NSA — with these same motives?

General Alexander might say his agency is unlike the IRS. So might Chairman Rogers. But who should we believe?

If General Alexander’s statement about not having American citizens’ data is true, how can Rogers’s be? And if Rogers’s statement about this program preventing an attack is true, General Alexander’s statement must be false.

Most likely, General Alexander is equivocating on language. Being Orwellian, in a word.

When General Alexander denied having data about American citizens — or appeared to — he said “we don’t hold data on U.S. citizens.” That preposition, “on,” is perfectly ambiguous, and it exploits gaps in the way we talk about personal data.

General Alexander might argue that all he has are phone numbers. That’s not information about people — just millions of phone numbers and the relationships among them.

It’s time to come clean as to whether the National Security Agency holds data about American citizens.”

But people who understand communications and information technology know that a phone number is an identifier. In fact, your cell phone number more directly identifies you than your name, which probably refers to a number of people in this big world. When the NSA analyzes information about our calls, it is just one, short inferential step from reaching us directly, by name, address, and the other identifiers we’re familiar with. In the modern world, phone numbers are better than names for identifying people.

Clearing up Chairman Rogers’s claims is a different ball of wax. Chairman Rogers should put his claims about security successes to public proof. How do millions of telephone records revealing the relationships of law-abiding citizens across the nation help with law enforcement and counterterrorism? Why can’t the same results be achieved with targeted investigation of genuine leads?

The only reason one might want access to the vast quantity of data collected in this program is for “data mining” — discovering the patterns that appear in data that are indicative of terrorism.

Data mining works with credit card fraud. There are thousands of examples per year from which to build models of what credit card fraud looks like in data. And the cost of getting it wrong is low. Credit card companies may call a customer or cause them a modest inconvenience by cancelling a card.

Data mining won’t work for terrorism because terrorism is too rare. There aren’t patterns reflecting terrorism planning or execution. Each plan and each attack, successful or unsuccessful, has been very different from the others. And the cost of false positives is high. Law enforcement personnel waste their time chasing false leads. Wrongly accused people are investigated, questioned, placed on no-fly lists or other derogatory lists, and sometimes people are wrongly arrested.

If Chairman Rogers can show otherwise, now is the time to do so. Language is important and too easy to exploit, so let’s make clear at the outset that “telling” isn’t “showing.”

And it’s time for General Alexander to come clean as to whether the National Security Agency holds data about American citizens. Along with “on” and “about,” one hopes that everyone knows what the meaning of the word “is” is.

Jim Harper is director of information policy studies at the Cato Institute.