Richard Falkenrath, a Brookings scholar and former Bush NSA official, has an op-ed in today’s WaPo defending the NSA’s acquisition and algorithmic combing of phone records. His argument boils down to this:
The potential value of such anonymized domestic telephone records is best understood through a hypothetical example. Suppose a telephone associated with Mohamed Atta had called a domestic telephone number A. And then suppose that A had called domestic telephone number B. And then suppose that B had called C. And then suppose that domestic telephone number C had called a telephone number associated with Khalid Sheik Mohammed, the mastermind of the Sept. 11, 2001, attacks. The most effective way to recognize such patterns is the computerized analysis of billions of phone records. The large-scale analysis of anonymized data can pinpoint individuals — at home or abroad — who warrant more intrusive investigative or intelligence techniques, subject to all safeguards normally associated with those techniques.
Frankly, bloggers who aren’t at Brookings and haven’t served on the NSC were cranking out better analysis before our first cup of coffee Thursday morning. By early afternoon, my colleague Steve Verdon even had some cool formulas up laying all this out.
Regardless, Falkenrath’s analysis is fine as far as it goes. Kevin Drum, though, dubs Falkrenrath an apparatchik, an odd designation for a legitimate expert employed for a short time at the highest levels of government, and is outraged by the use of the term of art “anonymized.”
Even a child knows that phone numbers can be linked to names and addresses using ordinary commercial databases. There is absolutely nothing anonymous about this data, and only a shameless con man would try to convince us otherwise. Why does the Post give space to this obvious agitprop?
But “anonymized” is not meant to convey “anonymous.” Of course there are means of reverse lookup on the data. What would be the point of searching it for patterns, otherwise?
Sir! We have found evidence that 202-555-1212 is a terrorist!
Excellent job, Smith! Let’s bring him in.
Sir, there’s a problem. . .
The point of anonymizing data is not to prevent figuring out whose data it is but to prevent inadvertant disclosure of information. In this case, presuming the USA Today report is accurate, NSA computers are combing through data looking for patterns that match algorithms written by NSA Poindexters and analysts are looking at some printouts that are spit out. Presumably, even some large number of those printouts that are spit out turn out to be nonsense. Regardless, until a human gets to the point of thinking there’s a reasonable chance that an Aha! moment has occured, no one has seen any information that is connected in their brain with any other specific human being.
At the moment a detailed human investigation begins, presumably, it’s time to add names and addresses back into the picture. I suspect the NSA’s handy dandy computers can do that in seconds.
It may well be the case, too, that–before the de-anonymization (I don’t know if that’s a word) occurs–warrants may need to be obtained to actually get the phone records of the individual suspects. It’s one thing to scan information in an anonymized database; it’s another to look at a specific individual’s phone records knowing who that individual is.