NSA PRISM Story Overhyped

Not only do we not know the whole story of the NSA data mining operation, key details of what thought we knew are wrong.

big-data-vortex

A central point I’ve come back to time and again as the NSA data mining story has unfolded is how little we actually know.  It’s increasingly clear that key details of what thought we knew are wrong.

In “NSA Bombshell Story Falling Apart Under Scrutiny; Key Facts Turning Out to Be Inaccurate,” The Daily Banter‘s Bob Cesca notes that many facts reported by The Guardian‘s Glenn Greenwald and The Washington Post, who broke most of the initial story, were at best exaggerated.

Google, Facebook, Dropbox, Yahoo, Microsoft, Paltalk, AOL and Apple all announced in separate statements that not only were they unaware of any PRISM program, but they also confirmed that there’s no way the government had infiltrated the privately-owned servers maintained by these companies. Furthermore, Google wrote, “Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.” Google also described how it will occasionally and voluntarily hand over user data to the government, but only after it’s been vetted and scrutinized by Google’s legal team.

[…]

Glenn Greenwald used the phrase “direct access,” as in unobstructed direct server access, four times in his article, most prominently in his lede, “The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.” Unless the tech companies were collectively lying, Greenwald’s use of “direct access” is inaccurate. And if it’s inaccurate, the most alarming aspect of this NSA story is untrue.

On Twitter, Greenwald defended his reporting by reiterating that the NSA said within the PRISM document that there has been “collection directly from the servers of these US service providers: Microsoft, Yahoo, Google, Facebook…” But this could mean that the data was drawn from the servers, vetted and handed over to the NSA per Google’s stated process of legal vetting. And if the data was made available, it’s possible that the tech companies posted it on a server for the NSA analysts to download, just as you might download a file from work or a friend via Dropbox or an FTP server. Regardless, it seems as if Greenwald’s entire story hinges on a semantic interpretation of the PRISM language. And his mistake was to leap from “collection directly from servers” to “direct access.”

[…]

Additionally, the NSA whistleblower who provided the information to the Washington Postwas quoted as saying, “They quite literally can watch your ideas form as you type.” Without direct access to the servers this would be impossible — that is, unless the NSA was intercepting user data in transit. But that’s not what Greenwald reported, which was direct server access. This was the bombshell — that the NSA could grab information at will — and, as of this writing, it’s inaccurate.

[…]

To summarize, yes, the NSA routinely requests information from the tech giants. But the NSA doesn’t have “direct access” to servers nor is it randomly collecting information about you personally. Yet rending of garments and general apoplexy has ruled the day, complete with predictable invective about the president being “worse than Bush” and that anyone who reported on the new information debunking the initial report was and is an Obamabot apologist.

In “The real story in the NSA scandal is the collapse of journalism,” ZDNet’s Ed Bott documents the degree to which WaPo changed its original reporting without acknowledging that it had done so:

On Thursday, June 6, the Washington Post published a bombshell of a story, alleging that nine giants of the tech industry had “knowingly participated” in a widespread program by the United States National Security Agency (NSA).

One day later, with no acknowledgment except for a change in the timestamp, the Post revised the story, backing down from sensational claims it made originally. But the damage was already done.

The primary author of the story, Barton Gellman, is a Pulitzer Prize winner, and the Washington Post has a history in investigative journalism that goes back to Watergate and All the President’s Men. On a roster of journalistic failures, this one has to rank near the very top.

[…]

Within hours after the story broke, it had been amplified by other news agencies and tech websites and had inspired expressions of outrage over this invasion of privacy. And seven of the nine companies named issued categorical denials that they knew of or participated in any such program.

And then a funny thing happened the next morning. If you followed the link to that story, you found a completely different story, nearly twice as long, with a slightly different headline. The new story wasn’t  just expanded; it had been stripped of key details, with no acknowledgment of the changes. That updated version, time-stamped at 8:51 AM on June 7, backed off from key details in the original story.

Crucially, the Post removed the “knowingly participated” language and also scrubbed a reference to the program as being “highly classified.” In addition, a detail in the opening graf that claimed the NSA could “track a person’s movements and contacts over time” was changed to read simply “track foreign targets.”

While this phenomenon has been considered malpractice in the blogosphere for more than a decade, it has been commonplace in mainstream journalism for at least as long. The Associated Press is infamous for this, treating its online reports as rough drafts, changing them as they go, including correcting facts, without the slightest acknowledgement. In the political blogosphere, at least, this is a no-no. While most of us will correct typos and the like without acknowledgment (I’ll sometimes do that on a years-old post), the standard practice for correcting substantive errors is to append a prominent update to the post and/or publish a new post updating the reader. Greenwald himself is a leading exponent of this practice, not only adding frequent updates to his postings but typically doing it at the top of the posts.

While I’m no fan of the buried correction, especially once a story has been widely quoted, it’s so customary as to be banal. This, however, is more problematic:

The real story appears to be much less controversial than the original alarming accusations. All of the companies involved have established legal procedures to respond to warrants from a law enforcement agency or a court. None of them appear to be participating with widespread surveillance.

So what went wrong with the Post?

The biggest problem was that the Post took a leaked PowerPoint presentation from a single anonymous source and leaped to conclusions without supporting evidence.

[…]

Normally, an investigative piece like this would be reported thoroughly before being published. Instead, it looks like the Post rushed to publish, perhaps fearing that the slide deck had been leaked to another publication that would beat them to the punch.

Almost no one who reacted to the story initially did so with any skepticism about the Post’s sources or its conclusions. Indeed, a common thread among reactions to the denials by those big tech companies was that they were using careful wording and common talking points to avoid responding to the specific allegations. In fact, the wording of those statements was similar because each company was responding to the specific language in the Post story.

That rush to publication set off the Internet echo chamber and the cable news networks at a full-throated roar. The story and its key, now apparently discredited arguments have been spread far and wide.

The Post compounded its error by quietly correcting its story and not publicly acknowledging that there were errors in the original story. In fact, the revised story still claims the NSA and the FBI are “tapping directly into the central servers” of those companies when that allegation no longer appears to be true.

In short, one of the great journalistic institutions of the 20th Century is now engaged in outright click-baiting, following the same “publish first, fact-check later” rules as its newer online competitors.

While I agree with Bolt that this is extremely worrisome, I’m more sympathetic to the Post than he is. While we may be wistful for the fabled journalistic standards of 1974, we live in a Twitter world. Newspapers simply have to speed up their publication cycles to meet that new reality. As it was, Greenwald got out ahead of the Post on the story and was driving the coverage.

My problem isn’t that the Post got the story wrong but that they didn’t more prominently update their readers on their new understanding of the facts as it evolved. It’s unreasonable to expect papers to sit on breaking news for days until they’ve tripled-checked the facts. But if we’re going to accept that instant reporting means frequently getting it wrong, then it stands to reason that we should also expect instant updating so that the ongoing reporting is as right as it can be.

Compounding the problem are the complexities of this particular episode. First, as I’ve been noting all along, the Top Secret subject matter means that there’s an incredibly sophisticated apparatus working to hide the truth from the public. Second, the highly complex nature of the technical enterprise means that most of the people reporting and commenting on the story—yours truly absolutely included—don’t fully understand what they’re talking about even within the true facts at their disposal.

Third, while Greenwald is both a dogged reporter and scrupulously honest in his reporting, he’s also an unabashed activist with a not-at-all-hidden agenda. He fundamentally opposes the national security state, the war on terror, and even the notion of classified information. While he would never knowingly publish false information, he’s eager to run with credible-seeming information that shows the national security state run amok.

Additionally, it’s worth noting here that, while some very key details of what has been reported are wrong, the updated story is hardly uninteresting. The federal government is still collecting massive amounts of information on its citizens with no probable cause, bypassing the 4th Amendment’s protections, through use of a special system designed to govern the collection of foreign intelligence. That it’s apparently not doing it in real time and that the private companies are apparently applying at least some scrutiny to what they hand over doesn’t change that.

FILED UNDER: *FEATURED, Intelligence, Media, National Security, , , , , , , , , , , , , , , , , , , , , ,
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College. He's a former Army officer and Desert Storm veteran. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Second, the highly complex nature of the technical enterprise means that most of the people reporting and commenting on the story—yours truly absolutely included—don’t fully understand what they’re talking about even within the true facts at their disposal.

    When has that ever stopped anyone on the internet? Far better to write a dozen posts about THE END OF FREEDOM than figure out what’s actually happening.

  2. superdestroyer says:

    In the left’s dealing with every negative issue occurring in the Obama Administration, step two always seems to be to claim that the issue is being over-hyped with Step One being to blame it on the Bush Administration. . In a couple of days we will get to move on the claim that the Republicans are guilty of overreach. The final step will be to call Republicans racist.

    No wonder the approval rating of the Obama Administration cannot go below 50%. No matter what happens, it is not the fault of the Administration, it is not a big deal, and anyone who talks about the issue is a racist.

    One has to wonder what the media will be going in the future when the U.S. has one relevant political party and it is impossible to criticize that party will be personally destroyed.

    Of course, the people ready to destroy Greenwald made him a hero when he was reporting on the Bush Administration.

  3. OzarkHillbilly says:

    Third, while Greenwald is both a dogged reporter and scrupulously honest in his reporting, he’s also an unabashed activist with a not-at-all-hidden agenda. He fundamentally opposes the national security state, the war on terror, and even the notion of classified information.

    There is a reason I have stopped reading Greenwald. All of the above is true, but I can only read about “the death of everything we hold dear!!!!” so often before I decide to not listen to the boy screaming, “WOLF!!!” anymore.

    I will just continue contributing to the ACLU and figure they will decide whether or not this really is a problem and if so to what extent and then how best to deal with it. Other than that I will only repeat what I have stated before: We created the NSA and now we are shocked to find that it is doing what we set it up to do? Really?

    “It’s alive! It’s ALIVE!!!” said the good doctor. And then the monster proceeded to do what monsters do.

  4. OzarkHillbilly says:

    Also this from David Simon, long time police reporter and the creator of “The Wire”:

    Is it just me or does the entire news media — as well as all the agitators and self-righteous bloviators on both sides of the aisle — not understand even the rudiments of electronic intercepts and the manner in which law enforcement actually uses such intercepts? It would seem so.

    Because the national eruption over the rather inevitable and understandable collection of all raw data involving telephonic and internet traffic by Americans would suggest that much of our political commentariat, many of our news gatherers and a lot of average folk are entirely without a clue.

    You would think that the government was listening in to the secrets of 200 million Americans from the reaction and the hyperbole being tossed about. And you would think that rather than a legal court order which is an inevitable consequence of legislation that we drafted and passed, something illegal had been discovered to the government’s shame.

    Well worth the trip to read the whole thing.

  5. OzarkHillbilly says:

    Simon also says this in a follow up post:

    For my part, the arguments of others convinced me that while I still believe the differences between call data and a wiretap are profound, and that the standard for obtaining call data has been and should remain far more modest for law enforcement, the same situation doesn’t apply with regard to internet communication. There, the law has few of the protections accorded telephonic communication, and so privacy and civil liberties are, at this moment in time, more vulnerable to legal governmental overreach. That’s a legislative matter, but it needs to be addressed. In this day and age, E-communication between individuals, if not public posts on public sites, should have the same measure of legal protection as telephonic communication.

    which is more to the point on the PRISM aspect of all this.

  6. James Joyner says:

    @OzarkHillbilly: Yes, a good post. He and I agree on two fundamental points that I’ve been making since Day 1: The sheer vastness of the data being collected yields its own privacy and there are rules governing what can be done with the data. It’s still scary, it’s still subject to abuses outside the law, and we still don’t have any real clue as to the real extent of the operation. But . . . yeah.

  7. James Pearce says:

    Hellooooooooo. (Starting to feel like I just stepped into an echo chamber. What the hey?)

    I’m in agreement with a lot of this.

    The federal government is still collecting massive amounts of information on its citizens with no probable cause, bypassing the 4th Amendment’s protections, through use of a special system designed to govern the collection of foreign intelligence.

    This is the essential issue, but this is the Facebook age. Who isn’t collecting massive amounts of information on American citizens?

    The collecting part is just a technical feat. The scrutinizing of the information is what counts.

  8. Dave Schuler says:

    I think the real conclusion is that we don’t know. A denial is not a refutation. If a program of Microsoft, Google, Facebook, etc. sharing data with the NSA exists, in all likelihood very few people wiithin those organizations know of its existence and they’re under a gag order with a threat of imprisonment. The official statements made by the various organizations may be technically true or even true to the knowledge of those making the statements without being true. We just don’t know.

    I’m not particularly assuaged by the assertion that there was no direct access to their servers. You can have complete access without direct access; nearly all access is indirect these days.

    So, in the end, I just don’t know what to believe. I don’t find the casting of such a wide net as nearly everyone believes is the case (the call records) particularly comforting.

  9. Todd says:

    As was pointed out in the article, the real story here is the death of journalism. We live in a world where just about everything is politicized, and there’s almost no way to recognize whether a source of information is credible or not.

    The truly Orwellian aspect of this story in a not that the government can spy on us (with today’s technology that should be assumed); it’s that we the public can be so easily manipulated (whether by government or it’s opponent’s) via the “news” that we willingly consume

  10. michael reynolds says:

    The PRISM story is overhyped, the IRS story is at least somewhat overhyped and the AP story is overhyped. That leaves the Rosen story, I suppose. But the fond hope of so many that this would A) Destroy Obama, and B) Demonstrate the terrible perils of big government, will apparently be denied.

    Swing and a miss.

  11. @michael reynolds:

    Yes because who cares about a government agency that operates in secret that is secretly collecting and analyzing massive amounts of data, right?

    This all started with the PATRIOT Act, and indeed before it. The fact that so many people don’t seem to care about it all is truly depressing.

  12. mt noise says:

    Is the NSA tapping into the feeds from the various companies with or without there knowledge & assistance? The answer is probably. That’s what they do and they have done since the 60’s in various forms. Operations like Ivy Bells, Shamrock, Minaret, Echelon, etc.

    Is there anything we can really do about it if its happening? Nope. So why get upset?

    I suspect you won’t hear too much complaining from other governments about all of this because they’re doing it too. Stones in glass houses.

  13. Ben Wolf says:

    Cesa’s story fell apart right here:

    On Twitter, Greenwald defended his reporting by reiterating that the NSA said within the PRISM document that there has been “collection directly from the servers of these US service providers: Microsoft, Yahoo, Google, Facebook…” But this could mean that the data was drawn from the servers, vetted and handed over to the NSA per Google’s stated process of legal vetting.

    In other words his entire argument rests on information he doesn’t have. All he’s saying is, “Well, if the process happens this way the we couldn’t really say the NSA has direct access. His entire is pure supposition, whereas the documents obtained by the Guardian specifically state it collects via direct access to the servers.

    So absolutely nothing has changed, other than establishment journalists covering for the intelligence community by spreading confusion.

  14. Ben Wolf says:

    @Ben Wolf: Should read, “His entire argument . . .”

  15. Barry says:

    @James Joyner: “The sheer vastness of the data being collected yields its own privacy and there are rules governing what can be done with the data.”

    Vastness is well-conquered terrain by now; you might. As well have said something is secret because it’s on Mount Everest.

    Rules? Those are well-conquered, as well.

  16. john personna says:

    I’m sorry, but the denials do not satisfy my ear, that of a trained(*) data architect.

    * – at least I took a few Oracle classes and worked for a few years at a company doing large scale data replication (mirroriing).

    In the denials the list of companies kept very much to a script. They do not offer “direct access.”

    Of course not. They mirror requested information, and as I’ve said, every request makes the mirror larger. In the case of Verizon metadata, the mirror is complete.

  17. john personna says:

    Yeah, reading carefully, this is a kind of fisking. What it does is find the most extreme claims about PRISM, calls them “the charges” and knocks them down one by one.

    Without the most extreme charges is there anything left? Of course.

    Nothing above disputes this:

    Under the FISA Amendments Act of 2008, the NSA and the attorney general apply for an order allowing them to access a slice of the stuff that a company like Facebook keeps on its servers. Maybe this order is for all Facebook accounts opened up in Abbottabad, Pakistan. Maybe there are 50 of them. Facebook gets this order.

    Now, these accounts are being updated in real-time. So Facebook somehow creates a mirror of the slice of stuff that only the NSA can access. The selected/court-ordered accounts are updated in real-time on both the Facebook server and the mirrored server. PRISM is the tool that puts this all together. Facebook has no idea what the NSA is doing with the data, and the NSA doesn’t tell them.

    You have to read carefully about that “slicing” to get why.

  18. Third, while Greenwald is both a dogged reporter and scrupulously honest in his reporting, he’s also an unabashed activist with a not-at-all-hidden agenda.

    LOL, yes, which is one of the major reasons why I trust his reporting more than that of major media outlets like Fox, CNN, ABCNews, etc., etc. Everyone has an agenda. Would you rather a reporter’s or news outlet’s agenda be hidden, or obfuscated, or denied? I wouldn’t. I’d rather have it out in the open. I’d rather have transparency than a disingenuous claim of “objectivity.” Being an “unabashed activist” does not equal being dishonest or inaccurate, as you yourself acknowledge.

  19. Google, Facebook, Dropbox, Yahoo, Microsoft, Paltalk, AOL and Apple all announced in separate statements that not only were they unaware of any PRISM program, but they also confirmed that there’s no way the government had infiltrated the privately-owned servers maintained by these companies.

    Given that all the companies in question likely fear a customer backlash if people begin getting concerned about their ability to protect the confidentiality of their data, I see no reason to accept these statements at face value, especially given that they were all in “suspiciously specific denial” style.

    Take Google for instance:

    First, we have not joined any program that would give the U.S. government–or any other government–direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.

    Not we don’t participate in any program, we just didn’t “join” it. Not we don’t give the U. S. government access to our servers, we just don’t give them “direct” access. You don’t give them access to information stored at Google’s data centers. Do you give them access to information stored someplace else? You haven’t heard of a program called PRISM. Does that mean you never heard of any similar program, or that just no one ever called it PRISM?

    Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process.

    So you’re in accordance with the law. What does the law require of you? When you push back, are you usually successful?

    And then they end off with a statement that basically says “there’s something else we really want to tell you all, but we’re not allowed to”

    Finally, this episode confirms what we have long believed–there needs to be a more transparent approach. Google has worked hard, within the confines of the current laws, to be open about the data requests we receive. We post this information on our Transparency Report whenever possible.

    So what data requests are they receiving that within the confines of current laws they can’t be open about?

  20. @James Joyner:

    there are rules governing what can be done with the data

    Again, the problem remains that due to the complete lack of transparency involved, we have no idea what those rules are, how they are being enforced, or if anyone really obeys them.

  21. James Joyner says:

    @Kathy Kattenburg:

    Being an “unabashed activist” does not equal being dishonest or inaccurate, as you yourself acknowledge.

    No, not at all. My point is simply that Glenn is naturally very enthusiastic about the story and therefore less likely to question it than someone who’s relatively neutral. He’s also more liable to dismiss valid explanations for the program, since he dismisses the very notion that there is information that needs to be protected.

  22. john personna says:

    @James Joyner:

    So the government does not have a complete copy of the Verizion metadata?

    The art here, in the counter-story, seems to be to create and deny charges that are separate from the underlying data architecture. Basically you say things that will reassure people who don’t know how computers work.

    If you take the spirit of your denials above, and do not read them for technical detail, there is no way the government could possibly have the Verizon data. Except we know they do. Which means that the denials are not quite as complete as you suggest.

  23. john personna says:

    Why did the FISA court allow the NSA a complete copy of Verizon metadata?

    The best answer is that they did not think metadata had an expectation of privacy.

    Do Microsoft, Yahoo, Google, Facebook or Apple own any metadata?

    I would think so.

  24. rudderpedals says:

    There are two separate stories here: The Verizon metadata that’s probably a realtime feed because it’s hard to see how it would saturate even an old T1, and the PRISM program which seems to be an extension of and the end product of the law requiring eavedsropping hooks in ISP equipment.

  25. john personna says:

    @rudderpedals:

    The slice mechanism described above can serve both jobs. The difference between the Verizon information request and those which Google etc. tacitly acknowledge is only in the generality of the “slicing rule.”

    Google might get “give me all queries from Iran,” Verizion gets “give me all data.”

    (Our belief that Google’s slice rules are more limited comes from Larry Page’s statement that “we had never heard of the broad type of order that Verizon received.” Presumably an “all from Iran” rule would surprise no one.)

  26. john personna says:

    @rudderpedals:

    Put differently, when corporate data is in a SQL database, mirroring is the CHEAPEST way to provide ongoing selections for investigators.

  27. john personna says:

    In describing Boundless Informant, the Guardian said this:

    Iran was the country where the largest amount of intelligence was gathered, with more than 14bn reports in that period, followed by 13.5bn from Pakistan. Jordan, one of America’s closest Arab allies, came third with 12.7bn, Egypt fourth with 7.6bn and India fifth with 6.3bn.

    You don’t get those kind of numbers with “few and narrow” FISA requests.

  28. michael reynolds says:

    @Doug Mataconis:

    Just repeating the word “secret” does not cause me to run around in circles crying that the sky is falling. Yes, the government does secret things. We have an intelligence system. So what?

    Look, if the law has been violated then someone should pay. If this is unconstitutional, obviously we’ll have to stop it. But on the practical level, I’m not seeing the outrage. I want the USG to be in the intel business. I don’t think I’d enjoy bombs going off in shopping malls and airports. I don’t live in fear of it, but all things being equal I’d like the government to have tools to stop terrorists.

    So far no one has explained to me – setting aside the constitutional issues – why any of this should matter to me. I remain unconcerned that the government knows how long I talked to my wife on the phone.

  29. john personna says:

    @michael reynolds:

    I guess this would be the serious answer:

    Is a democratic surveillance state possible?

    I am not too worried myself, even expecting expansion of the surveillance state. The only thing I push back on is rationalization that we don’t in fact have a surveillance state in place.

    (Someone also pointed me to this 2006 article, The Snooping Goes Beyond Phone Calls)

  30. michael reynolds says:

    @john personna:

    I didn’t find that piece very compelling. It’s full of unsupported assumptions and assertions. It’s all still got a vagueness to it that doesn’t connect dots from PRISM (to use the current case) to my life, your life, my kids lives. And the people most upset by this wander off into scare quotes and booga-booga words that don’t paint a picture of why I should be outraged. That plus rhetorical questions worded in as inflammatory a way as possible.

    (An interesting thought experiment: if one could subtract Orwell from our collective memory, would we still find it terribly upsetting?)

    If this is a Really Big Deal then why can no one paint a convincing picture of the harm done?

  31. @rudderpedals:

    the PRISM program which seems to be an extension of and the end product of the law requiring eavedsropping hooks in ISP equipment.

    Actually, I’m betting that PRISM is the old Total Information Awareness program coming back under a new name.

  32. Dave Schuler says:

    @john personna:

    The paper that Konczal links to in the WP article you cite is available here and is well worth reading. IMO whether we have an “authoritarian surveillance state” or a “democratic surveillance state”, what we have, and what we need are all worth considering.

  33. john personna says:

    @michael reynolds:

    You and I may have average enough lives that full disclosure would produce few shockers. That doesn’t mean that an “authoritarian surveillance state” could not manipulate someone with their secrets.

    Or heck, in an authoritarian surveillance state our applications for X or Y might hinge on opaque analysis of our lives, rather than what we think we submit as our data.

    From Dave’s link:

    The National Surveillance State is a permanent feature of governance, and will become as ubiquitous in time as the familiar devices of the regulatory and welfare states. Governments will use surveillance, data collection, and data mining technologies not only to keep Americans safe from terrorist attacks but also to prevent ordinary crime and deliver social services. In fact, even today, providing basic social services-like welfare benefits-and protecting key rights-like rights against employment discrimination-are difficult, if not impossible, without extensive data collection and analysis. Moreover, much of the surveillance in the National Surveillance State will be conducted and analyzed by private parties …

  34. Dave Schuler says:

    @michael reynolds:

    You might want to take a look at the article in the link above. Jack Balkin does a pretty good job of outlining the harm that’s done.

    Meanwhile, let’s engage in a thought experiment. Assume that the federal government is invariably efficient and benign. Under those circumstances what harm would a law prohibiting flag burning be? Governmental review of all newspaper articles prior to publication? Prayer in the schools? The death penalty for certain federal crimes?

    IMO the answer is that we can’t make that assumption. I’m not suggesting that we can assume the opposite, either. I.e. that the government is always inefficient or bad.

    There needs to be better oversight over the NSA’s activities than there has been to date. The court that its defenders have leaned so heavily on is rather clearly a rubberstamp. And I interpret the NSA as stonewalling attempted oversight by the Congress. What’s the oversight under those circumstances? Trust us?

  35. john personna says:

    BTW, it’s pretty easy for a surveillance state to know who all the gun owners are, without any need for registration.

    If you ever used a credit card to buy ammunition or to pay at the range, you are tagged.

  36. michael reynolds says:

    @Dave Schuler:

    None of your examples work. Prayer in school involves the state pressuring my kids into a set of beliefs they don’t share. A flag burning law actively forbids free expression. That’s not what we have here. You need to connect the dots from “USG has phone logs and my browser history,” to, “USG makes me do or stop doing something.” That’s what is missing.

    A) They know who I call on the phone, leading inevitably to:
    B)

    What is ‘B?’

  37. Dave Schuler says:

    @michael reynolds:

    It’s not limited to that, Michael. They don’t just have call logs. From the call logs they’re able to derive a complete profile of your behavior. You might not self-censor based on that but a lot of people will. That’s harm.

  38. Dave Schuler says:

    @michael reynolds:

    BTW, if violating your freedom of conscience or beliefs constitutes a harm, why doesn’t violating the belief that the federal government shouldn’t be monitoring its citizens? Once you’ve accepted the notion of intangible harm aren’t you stuck with making value comparisons you’re in no position to make?

  39. Mikey says:

    @michael reynolds: I’m not seeing it either. The issue isn’t that the government has the information–hell, a lot of organizations have the information. That horse left the barn a long time ago. For goodness’ sake, Facebook knows most of the meals I had on my family vacation to Germany last year because I put up pictures to make all my friends jealous.

    The issue is how the information is used–the “B” in your question. And so far nobody has come up with a tangible “B.”

    Of course, if the programs are objectively un-Constitutional, that is a harm in and of itself, but we don’t even have that, and it appears the initial reporting that raised Constitutional questions was not accurate.

  40. john personna says:

    @Mikey:

    Michael may not give a hoot that gun owner data mining trumps gun registration, but what about registration opponents?

    It would be a funny world if they opposed registration but didn’t care about being found anyway.

  41. Todd says:

    I’m not sure if “expectation of privacy” really means the same thing in 2013 as it did even in the relatively recent past. Legally, yes I don’t dispute that there are implications and concerns about the government having access to so much information. But logically, I really do have a hard time seeing how anybody putting information on the Internet, or talking on a cell phone has any (let alone a “reasonable”) expectation that it’s actually private.

  42. john personna says:

    Why should we require background checks? We can just data mine for at risk people who also make firearms related purchases, and put them on a watch list. A little bell can go ding when a police dash cam sees their car’s license plate. Security can be notified when facial recognition puts them in a public place.

  43. Spartacus says:

    @michael reynolds:

    I remain unconcerned that the government knows how long I talked to my wife on the phone.

    The interview with Edward Snowden that Doug posted on another thread clearly explains why there is harm in letting the govt track innocent communications. As I’ve argued on other threads, it’s because that data is used to derive suspicion and buttress allegations of wrongdoing, which can and does cause real harm to innocent people.

    The govt’s not claiming that calling certain numbers or visiting certain websites is a crime; it’s claiming that those kinds of activities can be consistent with the conduct of terrorists. Therefore, the govt will investigate and maybe even obtain a search warrant based on someone’s patterns of calls and internet searches. While investigating, the government will discover comments that the investigated person made on a blog. The government will interview that person’s employer.

    Now, if that person made negative comments about U.S. foreign policy on a blog and that person works for a defense contractor or some irrational patriot, that person’s career will be harmed, maybe even ruined, even though he may have done nothing. That person’s friends will learn the lesson unless they’re independently wealthy, they better not make controversial statements that can later be attributed to them. So, in addition to one family being financially and professionally harmed, others have their free speech rights diminished.

  44. OzarkHillbilly says:

    @Doug Mataconis: Yes because who cares about a government corporate agency that operates in secret that is secretly collecting and analyzing massive amounts of data, right?

    FTFY, Doug. Really…. Why do you worry so much about the gov’t when it is corporations that control it?

  45. Spartacus says:

    @john personna:

    If you take the spirit of your denials above, and do not read them for technical detail, there is no way the government could possibly have the Verizon data. Except we know they do. Which means that the denials are not quite as complete as you suggest.

    I’ve read all of Greenwald’s stories, the Bob Cesca story cited above and all of the links in all of those stories and, for the life of me, I don’t see how any of what Greenwald wrote is overhyped. As you point out, the denials are extremely bland, narrow and non-specific.

    Further, the claim by some that the attorneys at these companies are reviewing the requests to ensure that the govt doesn’t overreach is pure b.s. Neither these companies nor their attorneys have any right or power to narrow the scope of a warrant if that’s what the government is relying upon. As is plain from the FISA warrant issued to Verizon, those things can be limitless in their scope. And, if the govt isn’t relying on a warrant to obtain this info from these companies, why are they giving any info to the govt in the first place?

    So, if these companies are providing data to the govt in order to comply with a warrant and the Senate Committee charged with NSA oversight doesn’t even have a clue about the number of Americans whose data has been turned over, there seems to be no basis for thinking the volume of info is anything other than very large. That then leads to determining what is the most efficient way to turn this data over to the govt. This story is “overhyped” only if you believe the answer to that technical question is all-important.

    But the impact of this story does not at all hinge on the technical manner that the govt uses to collect and analyze data on Americans for whom there is no basis for believing have committed a crime. And even if the story’s impact did hinge on that, the govt’s own document says it has “direct access,” which is what Greenwald reported.

  46. Mikey says:

    @john personna: The difference is gun-owner registration is a specific action regarding a specific person that’s taken before any suspicion arises, but (as far as we know) this data-mining stuff doesn’t focus on a specific person until there’s already a reasonable suspicion.

    Again, possession of the data doesn’t matter nearly as much as what’s done with it. And I think this is how we will have to start thinking of privacy, because what we used to think of as privacy is utterly dead. As security guru Bruce Schneier has written: “Soon everything we do, both online and offline, will be recorded and stored forever. The only question remaining is who will have access to all of this information, and under what rules.”

  47. michael reynolds says:

    @Dave Schuler:

    No, I don’t think I’m trapped into equating actual actions taken in actual schools, with government data collection whose harm I have yet to see convincingly explained.

    What I’m seeing is a lot of people jumping from USG has data to USG carries out action against you, without explaining how we get from A to B. By the same logic the USG has an army and various armed law enforcement types therefore they’re going to shoot me.

    The USG is already powerful in very real-world ways. It has guns, it has microphones, it has cameras. Here’s how Doug might deal with those facts: “Do you really want a heavily-armed government to know exactly where you are and where your kids are? Don’t you care about freedom?”

    But what harm has come of the USG having both guns and my location? Do they have the physical capacity to locate me and shoot me? Yes they do. Have they shot me? No. Is there any evidence that they’re going around randomly shooting people for writing blog comments? No.

    So now the government also knows that I make phone calls. And they can use metadata to form a picture of me. So? There’s a big, yawning gap between “Government knows who I called,” to, “Government does something that harms me.”

    I don’t see where this is anything more than an adaptation to the modern world, an adjustment to the ubiquity of the cell phone and the internet in our lives. Laws still exist, evidence must still be legally obtained, charges must still be brought, I must still be tried by a jury of my peers. Data ≠ Tyranny.

    What would bother me quite a bit more is if my kids couldn’t go to the mall because six bombs had gone off over the last three weeks, let’s say. If this country were subjected to the kind of sustained terrorist assault that Israel has endured we’d freak out. The Patriot Act would be a joke compared to what we are capable of if we were well and truly scared. 9-11 resulted in us blowing the sh!t out of one country, with military action spilling out in multiple directions, as well as all the inconveniences of air travel, etc.. That single isolated terrorist attack has cost us what now? A trillion? Two trillion? Imagine a second and third and fourth round.

    So, I weigh the damage to civil liberties that would flow inevitably from that situation, against the abstract and unconvincing damage that comes of the USG collecting data, and I prefer the latter.

  48. Spartacus says:

    @michael reynolds:

    What I’m seeing is a lot of people jumping from USG has data to USG carries out action against you, without explaining how we get from A to B.

    That’s a very fair point. I don’t think any of us who strongly oppose this can lay out any evidence of a government plan that bridges that gap. Instead, our concerns are based on our knowledge of govt overreach with less advanced tools and the hardship that has caused. I did, however, run searches on govt terror prosecutions and came across the link at the bottom.

    It’s a very long paper that tries to explain why so many terror suspects plead guilty. It lays out arguments that both undermine and support my claim about using flimsy info to extract a plea bargain. However, if you read on pages 23-29 about the govt’s declared strategy of “preemptive prosecution” and its case against Hamid Hayat and his father, it will be clear that the govt’s extremely aggressive approach led to the questioning of the Hayats even though there was no evidence of wrongdoing by them. And during that questioning the Hayats lied, which led to the plea bargain by the older Hayat.

    Now, of course, they shouldn’t have lied, but they wouldn’t have even been in that position if the younger Hayat hadn’t been on the No-Fly list. And you can imagine that even before charges were brought against them the govt’s investigation most likely involved contacting their neighbors, business associates, etc. So even if charges had never been filed against them, unknown data that was secretly collected on them would have been used to prevent one of them from traveling and would have raised suspicions among the acquaintances of both of them.

    There are over 500 Americans on the No-Fly list. These are people who haven’t been charged with any crime, have no clue why they’re on the list and have no way of getting off the list. In short, the govt has severely restricted their right to freedom of movement without any due process.

    We now know that there are multiple agencies within the US govt that have requested data and new capabilities from PRISM. The data is not being collected because it contains evidence of a crime. Instead, it’s being collected in order to create a database that can be used to establish patterns of conduct by people the govt believes are terrorists or other wrongdoers. What happens when the telephone and internet conduct of innocent people looks like the patterns of these suspected terrorists? Some of these people will be investigated; search warrants will be issued; employers/neighbors will be contacted; some of these people will be placed on a no-fly list; and some forced to make a choice between either defending themselves against terrorism charges or pleading guilty to some minor charge.

    Lindsey Graham says we have nothing to worry about if we haven’t done anything wrong to which we could be pressured to plead guilty. That’s not the standard and that is why the Constitution prohibits a general warrant. We don’t want the govt to have too great a capability to investigate people or even convict them of every little crime they may commit. The mere possession of that kind of capability is, in itself, wrong even if it’s never actually used.

    That is why the burden to prove the govt will bridge the gap you described above should not be on those who oppose this. Instead, the govt and those who support this should have the burden to prove no innocent person will be harmed by it.

    Sorry for the incredibly long post.

    http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1546717

  49. michael reynolds says:

    @Spartacus:

    Yes, government has extraordinary power to compel plea bargains. They do it every day. They’ve done it for a very long time and no one gives a damn because the victims are often black kids supposedly “wilding.”

    But none of that is new. Wrong, yes. New or different or substantially changed by this new technological approach? No.

    The prosecution still needs to present evidence in court and convince a jury. First they have to convince a judge and later a jury that a crime has even been committed. Nothing about PRISM changes that. And nothing about PRISM changes the fact that prosecutors are very often unscrupulous, amoral careerists who will twist the law so they can rack up another win.

    So, if you want to tell me we need stronger safeguards and different incentives for prosecutors, I will enthusiastically agree. But PRISM isn’t in my opinion any more relevant than any number of other local, state or federal programs designed to score prosecutorial victories.

  50. Spartacus says:

    @michael reynolds:

    First they have to convince a judge and later a jury that a crime has even been committed. Nothing about PRISM changes that.

    The govt doesn’t have to produce anything to put someone on the no-fly list. It doesn’t have to do anything to start investigating someone based on the patterns of data that are found in its database. Those investigations alone – even if they never lead to a prosecution – cause harm as I described above. And, of course, these patterns of data can be the basis for obtaining a warrant to go search a person’s home or tap his phone.

    You’re looking at the safeguards that remain in place once a criminal defendant is sitting before a jury of his peers. However, the overwhelming majority of criminal defendants never get to that point. I’m talking about the absence of safeguards to protect against the harm (financial, social, professional and liberty) people will suffer long before a jury has been impaneled.

    PRISM and the Verizon data greatly increase the likelihood that those harms will occur. And unlike other tools that govt currently uses, there are no meaningful checks on these tools. The govt officials charged with exercising oversight of the NSA don’t have a clue about how the program is being used or how many Americans are the subject of these data collections. There are no parallels to this elsewhere in the govt.

  51. @michael reynolds:

    The prosecution still needs to present evidence in court and convince a jury. First they have to convince a judge and later a jury that a crime has even been committed.

    Are you forgetting the government now reserves the right to hold you in military detention indefinitely without charge if they don’t feel like dealing with a court or a jury? Or just launching a missile at you if they can’t be bothered to disappear you?

  52. James Joyner says:

    @Stormy Dragon:

    Are you forgetting the government now reserves the right to hold you in military detention indefinitely without charge if they don’t feel like dealing with a court or a jury? Or just launching a missile at you if they can’t be bothered to disappear you?

    None of this happens to be true.

  53. @James Joyner:

    I’m sure all the people in Guantanmo for the last 12 years without trial (or in some cases having won their trial but the government refusing to release them anyways) and all the people killed in drone attacks without trial will be glad to hear that!

  54. James Joyner says:

    @Stormy Dragon: You addressed that to @michael reynolds, not presumed members of the Taliban operating on foreign soil. We treat the two differently.

  55. @James Joyner:

    Except that every attempt to codify that distinction has failed (most recently the NDAA amendment), so we only treat the two differently until we don’t. Was Maher Arar a presumed member of the Taliban operating on foreign soil?

  56. Quit blaming bush and man up says:

    @Facebones:
    You mean like Gun control? What an awesome twist that would be if a gun banning reporter or politician actually knew something about guns.

    Also the “Bush did it” excuse grace period is now over. Own it Obama you ran on a platform of transparency and repeal of the patriot act, what a douche nozzel!