An Obligatory Post On The NSA Data Mining Program
USA Today has revealed that the NSA has a massive collection of phone records. Here are the key details (Emphasis mine)
“The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.
The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren’t suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.
…Customers’ names, street addresses and other personal information are not being handed over as part of NSA’s domestic program, the sources said. But the phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information.
…This kind of data collection from phone companies is not uncommon; it’s been done before, though never on this large a scale, the official said. The data are used for “social network analysis,” the official said, meaning to study how terrorist networks contact each other and how they are tied together.
…Among the big telecommunications companies, only Qwest has refused to (voluntarily) help the NSA, the sources said. According to multiple sources, Qwest declined to participate because it was uneasy about the legal implications of handing over customer information to the government without warrants.
…Over the years, NSA code-cracking techniques have continued to improve along with technology. The agency today is considered expert in the practice of “data mining” — sifting through reams of information in search of patterns. Data mining is just one of many tools NSA analysts and mathematicians use to crack codes and track international communications.
Paul Butler, a former U.S. prosecutor who specialized in terrorism crimes, said FISA approval generally isn’t necessary for government data-mining operations. “FISA does not prohibit the government from doing data mining,” said Butler, now a partner with the law firm Akin Gump Strauss Hauer & Feld in Washington, D.C..”
First of all, let me note that this is a classified program and I hope that they track down the people who leaked this info to the press, fire them, and then prosecute them. These national security leaks are absolutely out of control.
Now that’s out of the way, so let’s talk about the program. The phone companies, other than Qwest, are voluntarily providing phone numbers to the government. What they provide probably looks something like…
555-555-5555 called 666-666-6666 for 5 minutes at 11:23 AM on May 10, 2006
Then NSA is then probably putting that info in a database and using it to create a spiderweb of connections between terrorist suspects. For example, if a call from an Al-Qaeda cell phone comes into 555-555-5555, they’re then probably looking at the numbers 555-555-5555 is calling, and then checking to see which numbers those people are calling, and looking for repeating numbers. If they find a number of interest, then they can use other databases to gather more information and try to put names and other info with those numbers.
Would that be useful in order to help uncover sleeper cells and Al-Qaeda agents in the US? You bet.
Is it legal?
Well, as USA Today mentioned, “FISA does not prohibit the government from doing data mining.”
Furthermore, Heather Mac Donald has previously noted that,
“Privacy advocates say that giving the government access to data held by commercial third parties violates constitutional privacy rights. They are wrong. The Supreme Court has repeatedly said that the government may obtain business and other records held by third parties without warrant or probable cause, because those records are no longer private. Law enforcement officials may subpoena records, or request that they be provided voluntarily, or may simply purchase data repositories on the market like any other player in the digital economy.”
So yes, it does appear to be legal.
Which brings us to the final question? Even if it’s legal, is this something that the government should be doing?
The program sounds as if it’s legal and very useful. Is there a privacy trade-off here? Perhaps a small one, but that’s it. I can tell you from working at an ISP wholesaler that worked with a lot of small phone companies that this information is only semi-private. Keep in mind that the phone companies have multiple people who can look at this information (and much, much more) any time they want and they can provide this info to law enforcement officials without a subpoena if they so choose.
Also, they can — and sometimes do — provide a lot of personal information about you to other companies. Just as an example, when I worked for the ISP wholesaler, at one point, our database was designed to allow us to look up the phone number, address, user name, and password for customers at the companies that worked with us. With the user/pass, I could even go in and tell you all the dates and times a customer logged onto the internet. But, people are freaking out because the government is using phone records identified by nothing but phone numbers to help track down terrorists? Please.
In my opinion, this program sounds like a great idea and I’m glad that they’re doing it. In fact, I wouldn’t be the least bit surprised if this program may be part of the reason we haven’t had another 9/11.