Today the blogosphere has focused on the supposedly new revelation by USA Today reporters that the National Security Agency has built a database of telephone records from the exchanges of most (not all) major phone providers in the United States. The NSA collected basic information on origination and destination on millions of phone calls, both domestic and international, creating a database of call records that data miners can exploit to determine calling patterns when intelligence and law-enforcement agencies suspect a phone of being used for terrorist purposes:

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren't suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

"It's the largest database ever assembled in the world," said one person, who, like the others who agreed to talk about the NSA's activities, declined to be identified by name or affiliation. The agency's goal is "to create a database of every call ever made" within the nation's borders, this person added.

This sent the nation into hysteria across the entire political spectrum -- a hysteria that should embarrass everyone, since this story hardly tells anyone anything new. This only repeats what James Risen and Eric Lichtblau reported on December 24th of last year in a follow-up to their December 16th revelation of the warrantless surveillance on international calls linked to terrorists. Risen and Lichtblau specifically reported on the data-mining exploits of the NSA at that time:

Since the disclosure last week of the N.S.A.'s domestic surveillance program, President Bush and his senior aides have stressed that his executive order allowing eavesdropping without warrants was limited to the monitoring of international phone and e-mail communications involving people with known links to Al Qaeda.

What has not been publicly acknowledged is that N.S.A. technicians, besides actually eavesdropping on specific conversations, have combed through large volumes of phone and Internet traffic in search of patterns that might point to terrorism suspects. Some officials describe the program as a large data-mining operation. ...

Officials in the government and the telecommunications industry who have knowledge of parts of the program say the N.S.A. has sought to analyze communications patterns to glean clues from details like who is calling whom, how long a phone call lasts and what time of day it is made, and the origins and destinations of phone calls and e-mail messages. Calls to and from Afghanistan, for instance, are known to have been of particular interest to the N.S.A. since the Sept. 11 attacks, the officials said.

This so-called "pattern analysis" on calls within the United States would, in many circumstances, require a court warrant if the government wanted to trace who calls whom.

The use of similar data-mining operations by the Bush administration in other contexts has raised strong objections, most notably in connection with the Total Information Awareness system, developed by the Pentagon for tracking terror suspects, and the Department of Homeland Security's Capps program for screening airline passengers. Both programs were ultimately scrapped after public outcries over possible threats to privacy and civil liberties.

Nothing in the USA Today report gives us anything we didn't already know. But does that mean that Leslie Cauley reported nothing of significance? No; while the program does not violate the law like the media and some Democratic politicians fairly seethed today, the building of these records does create a further intrusion into private behavior that should concern libertarians. The question we have to answer is whether that intrusion is limited and reasonable given the circumstances.

After 9/11, we discovered that the terrorists had easily infiltrated our society, used our communication systems to coordinate the plotting and execution of the attacks, and had done little else to indicate their hostility. In retrospect, we saw patterns of behavior and communication that many felt the government should have recognized as potentially dangerous. Not only that, but we also realized that more terrorists may still be living among us, and we demanded that the government root them out before they could attack again.

Targeting their communications is certainly a smart strategy, but the problem is the volume of phone calls in the US. Even if a phone number came up as a suspected terrorist line, the amount of time it would take to get the phone records involving that number would be enormous. The phone companies do not sort in both directions under normal circumstances, and so subpoenaing records on one account not only takes too long, but gives an incomplete picture.

When we discover terrorist phone numbers, we need to see more than just what numbers that phone dialed. We need to see who called the account as well, because the traffic might not be reciprocal in that manner. (In other words, just because I call you doesn't necessarily mean you call me.) Some phone accounts, like cell phones, have that information, but local calls on land lines normally do not. Even beyond that, when intelligence agencies have two or three known data points (terrorist phone numbers), they need to quickly find all of the other phone numbers that have called or have been called by the suspect accounts, especially those in common to all. That allows the search to expand quickly to identify even more potential sleepers, who rely on phones to communicate and coordinate.

As a database administrator and someone who has worked on telco issues for several years, I can tell you that any attempt to do that with traditional phone records pulled in a traditional manner will take far too long to complete. The only way to efficiently find these needles in very large haystacks is to create a relational database that will sniff out those relationships. In order to ensure that the effort succeeds, the database must therefore contain as many of the records of phone calls as possible -- all of them, under ideal circumstances.

Only such a database could make that kind of dot-connecting possible in any meaningful fashion. The kinds of patterns and connections that would reveal the potential for terrorist activity will be so small as to be impossible to discover through normal research. That's what makes Senator Pat Leahy's reaction so frightfully stupid. He said, "'Are you telling me that tens of millions of Americans are involved with al Qaeda? 'These are tens of millions of Americans who are not suspected of anything ... Where does it stop?'' Leahy either ignores or fails to grasp that the problem is precisely that so few in the US might be terrorist sleepers. If it were a large group, they would be much easier to track and data mining would not be necessary.

That presents the government with a powerful tool in determining the behavior of people inside the US, and for that matter outside of it as well. Is such a tool reasonable under the circumstances we face now? That is ultimately a political question instead of a legal one, depending on whether people feel themselves more in danger from terrorists or their government. In my opinion, the effort is reasonable and limited. The calls themselves do not get monitored, and the records do not contain billing information or even names in their raw form. With the US still in danger of terrorist attack and with the rational possibility of sleeper cells hiding in our communities, the use of this tool makes sense and provides security for a reasonable loss of privacy.

However, that does not make the collection of this data completely benign under any circumstances. This kind of data could be used for purposes other than finding terrorists. For instance, it could be used against whistleblowers to discover their contacts. It could get deployed against opposition parties to determine their scope and the location and number of their supporters. People could get blackmailed for their phone calls in ways that have nothing to do with national security. If the CIA or State Department (which has its own intelligence service) had this program rather than the NSA, many on the Right would feel much less sanguine about its implications.

When we finally acknowledged that Islamist terrorists had declared war on us, George Bush warned us that we would have to make sacrifices in order to beat our enemy. So far, we have not been asked for much in the way of sacrifice. Now that we see how the NSA has kept us safe, we should recognize that the limited loss of privacy on our telephone habits is not much of a sacrifice in giving the intelligence community a tool to root out terrorist sleeper cells. However, we should not dismiss the risks of giving even more power to the federal government so lightly, and we should ensure that the power we do grant them does not get misused.

Trackback Pings

TrackBack URL for this entry is