Wiretaps Run Amok

Andrew Sullivan is soliciting right-of-center comments on a report by Eric Lichtblau and James Risen that has mostly attracted left-of-center commenters thus far. Here’s the lede:

The National Security Agency intercepted private e-mail messages and phone calls of Americans in recent months on a scale that went beyond the broad legal limits established by Congress last year, government officials said in recent interviews.

Several intelligence officials, as well as lawyers briefed about the matter, said the N.S.A. had been engaged in “overcollection” of domestic communications of Americans. They described the practice as significant and systemic, although one official said it was believed to have been unintentional.

As with most of the news on this story over the years, it’s difficult to comment because it’s rather mysterious what precisely has been going on.  It’s apparently something more intrusive than electronic data mining and less intrusive than ordinary wiretapping. Here’s how the present story describes it:

After a contentious three-year debate that was set off by the disclosure in 2005 of the program of wiretapping without warrants that President George W. Bush approved after the Sept. 11 attacks, Congress gave the N.S.A. broad new authority to collect, without court-approved warrants, vast streams of international phone and e-mail traffic as it passed through American telecommunications gateways. The targets of the eavesdropping had to be “reasonably believed” to be outside the United States. Under the new legislation, however, the N.S.A. still needed court approval to monitor the purely domestic communications of Americans who came under suspicion.

Unlike torture or detention without trial, I’m not reflexively outraged at the prospect of intelligence agencies sifting through the communications with overseas parties for clues on terrorist activity.  I’m troubled by skirting existing law to do it, to be sure, but am willing to grant a lot of license on national security matters when no obvious harm results.

Again, though, this may simply be because I don’t understand what is being done here.  Given that there are 300 million-odd Americans and maybe 100,000 agents available for investigating terrorism, they’re not sitting around listening to everyone’s phone calls and reading all our emails.  I’m given to believe that they’re doing something more than electronic sifting of data looking for keyword patterns (data mining).

In the case of this particular report, what precisely has been “overcollected”?  And how is it possible to overcollect unintentionally?

Now this is troubling:

As part of that investigation, a senior F.B.I. agent recently came forward with what the inspector general’s office described as accusations of “significant misconduct” in the surveillance program, people with knowledge of the investigation said. Those accusations are said to involve whether the N.S.A. made Americans targets in eavesdropping operations based on insufficient evidence tying them to terrorism.

And in one previously undisclosed episode, the N.S.A. tried to wiretap a member of Congress without a warrant, an intelligence official with direct knowledge of the matter said. The agency believed that the congressman, whose identity could not be determined, was in contact — as part of a Congressional delegation to the Middle East in 2005 or 2006 — with an extremist who had possible terrorist ties and was already under surveillance, the official said. The agency then sought to eavesdrop on the congressman’s conversations, the official said.

The problem with targeting specific individuals is that this obviously triggers 4th Amendment rights.  Now, granted, if the motive for investigating is gathering counterterrorism intelligence rather than putting together a legal case, most of the harm is mitigated.  After all, the remedy for violated 4th Amendment rights is the Exclusionary Rule — disallowing information so obtained and any information thereby tainted (the Fruit of the Poisonous Tree Doctrine) from use in court against the aggrieved person.  But it’s still a violation of civil rights.   And the targeting of a Member of Congress by the executive branch without judicial oversight is a fundamental breach of separation of powers.

All that said, I do agree with Steven Taylor — who has been much more exorcised about this issue over the years than I have — that this demonstrates why we need oversight on government power.  That is, even if perfectly well intentioned, things go wrong.  And this: “If people want something to worry about in terms of the expansion of governmental power, the issue isn’t bank bailouts or loans to GM, as those will pass, it is stuff like this which has the tendency to grow.” Not that the former precedents don’t create bad tendencies, too, mind you.

Photo by Flickr user Scruffy Dan and Breanne, used under Creative Commons license.

FILED UNDER: Law and the Courts, National Security, Terrorism, , , , , , , , ,
James Joyner
About James Joyner
James Joyner is a Security Studies professor at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. Tlaloc says:

    I found it… I guess flabbergasting is the right word… that so many on the right could straight faced say that there was no way the warrantless wiretapping program was used to do anything but monitor terrorists even though they refused to put in place any kind of real monitoring to that effect.

    “Trust but verify” indeed.

    When conservatives applaud, nay, demand a program of snooping on Americans with no oversight you have wandered into a land every bit as strange as Alice’s adventures through the looking glass.

    I hope all the guys at Redstate and Powerline and Townhall sleep very well knowing they worked so hard to hand that unrestrained power to Obama and Napalitano.

  2. PD Shaw says:

    Can’t muster any outrage here. I believe the concept of a right to “privacy,” invented about 100 years ago in response to the mass production of the camera involves a fairly minimal set of intangible harms that deserve little protection. It’s how the information is used which may be problematic.

  3. And this: “If people want something to worry about in terms of the expansion of governmental power, the issue isn’t bank bailouts or loans to GM, as those will pass, it is stuff like this which has the tendency to grow.” Not that the former precedents don’t create bad tendencies, too, mind you.

    Agreed. However, the likelihood of the feds staying in the car business, let alone expanding its role therein, is low. That is will remain in, and expand, its collection (or, indeed, overcollection) of data about innocent citizens, is far too likely.

    What I find especially vexing, however, is that many think that the car company loans=the end of the Republic, but they seem not to care about the surveillance.

    (And for the record, I think that GM should be allowed to go into bankruptcy).

  4. James Joyner says:

    I found it… I guess flabbergasting is the right word… that so many on the right could straight faced say that there was no way the warrantless wiretapping program was used to do anything but monitor terrorists even though they refused to put in place any kind of real monitoring to that effect.

    I’m for both judicial and congressional oversight in these things. What I’ve been willing to do is recognize the exigencies of tracking people who move globally and communicate with email and cell phones and allow a wider discretion to the executive in the specific instance.

    For example, we’ve given police more leeway in the age of motor vehicles than we did previously in recognition that the item to be searched would otherwise be long gone before a warrant could be obtained. Even there, though, we have limits on the police.

  5. PD,

    I dunno, I kind of like that whole Fourth Amendment protection that goes back a tad farther than 100 years.

  6. I have absolutely no direct knowledge on these programs, so everything I’m about to say here is based on what I’ve read in the media and pieced together from that information. I am an expert in the software engineering field, and have several colleagues and good friends who are at the very cutting edge of data mining, so I at least have some specific domain knowledge to apply here.

    My best guess is that they’ve got a system setup that automatically monitors everything they can about “known” terrorists, international criminals, foreign agents, etc – basically, any foreign national that they’ve legally decided to keep an eye on. When I say “everything they can”, that’s quite a lot: phone records (who they’re calling and when), actual phone conversations (for a lot of people – the NSA can intercept a lot), e-mails, text messages, twitters, probably credit and banking records, maybe even shopping patterns, depending on the area possibly even stuff like library book checkouts. Seriously, any kind of electronic data they can get their hands on.

    They’re probably doing an analysis pass on all of this data to figure out who these people are talking to – and what they’re talking about. Now, it’s my understanding that it has long been well within the law to record any conversation these people are having, even if a US citizen is on the other end. So, if we’re recording Osama bin Laden and, say, Ted Koppel calls him up for an interview, keep the tape rolling. But typically you’d need a court order to then keep recording ol’ Ted beyond this – we’ve established that they’re in contact with each other, but any sane judge would quickly realize that Koppel is simply performing his job as a journalist and getting an interview (especially since that’s what the conversation tapes reveal), and would probably deny a warrant for further recording. If, on the other hand, the other caller was a random US citizen and the conversation centered around plotting an actual terrorist attempt, hey, let’s get a warrant. As with any other domestic legal affair, there’s a lot of gray area, but that’s why we have judges in the mix instead of just a checklist.

    I think they’re data mining all of that stuff I mentioned earlier that they’re recording to find out who “known subjects” are talking to. Still not a big problem, and nothing new.

    Here’s where I think the new stuff (and the problem) lies:

    I think they have an automated system setup that is either

    A) Recording unbelievably massive amounts of conversations anywhere and everywhere around the world, not matter who is participating so that they can sort it all out later (based on what they’re datamining from the known suspects).

    or

    B) Using the data mining anaysis to automatically figure out who the next recording target should be, follow them around for a bit, and use some further automated analysis to figure out if they’re worth paying any more attention to or if they’re worthless.

    The NSA is certainly capable of A. And honestly, from a purely technical standpoint, that would be the best approach. Intercept and record everything we possibly can (storage is cheap), and use some really sophisticated software to ignore 95% of it and drill down into what’s important. This way, we don’t have to figure out ahead of time what is worth intercepting.

    That may be directly illegal, so it’s more likely that they’re using a sophisticated data mining algorithm to automatically continue electronic surveillance of “possible” suspects.

    Civil rights watchdogs are justifiably concerned that this approach violates the privacy of US Citizens – and worse, that these recordings and intercepts could be used for brazenly political purposes.

    The intelligence community is arguing, in essence, that all of this is done algorithmically and without a human in the loop – hence, from a practical standpoint, it’s pretty much impossible to use it in a political manner and it gives us a really useful intelligence tool.

    Frankly, I’m still not sure what side of the debate I come down on. I think a lot of my opinion would depend on technical details of the system that I don’t have access to. Remember, this entire post is nothing more than informed speculation combined with what I would try to do if I were designing a system like what has been described.

    The real problem is that the only people with the real technical knowledge to understand the system are the experts who created it. Most of our elected government officials are WAY out of their league on this (I could be wrong, but I’m not aware of a single software engineer in Congress). And because the NSA (understandably) wants to be secretive about it, we can’t get the discussion out into the general public, where there are millions of experts who could make a pretty good discussion out of it.

    My own inclination on this issue is to say that the system as it is likely to exist right now is probably fine, but I worry a lot about what it’s likely to become if we allow it to continue. As nifty and cool as it might be, it’s dangerous and at the bare minimum should be watched with oversight to ensure that it doesn’t grow into something more sinister.

    It’s probably also worth updating the specific wording of applicable laws to allow something similar to exist but require safeguards on it to prevent it from becoming a true civil rights violation.

    But again, it’s hard to really say without more knowledge than I have.

  7. Tlaloc says:

    I’m for both judicial and congressional oversight in these things. What I’ve been willing to do is recognize the exigencies of tracking people who move globally and communicate with email and cell phones and allow a wider discretion to the executive in the specific instance.

    Hopefully you know I wasn’t criticizing you personally. One of the reasons I like OTB so much is it’s one of the few righty but sane sights I can find. Seems that all of the sane ones tend libertarian (OTB being no exception).

    If the argument is one of “we need better tools to deal with changing circumstances, and here are the checks and balances” then I don’t think many even on the furthest left have a problem with that. I certainly don’t (and on most matters I’m pretty FAR left).

    That said the previous regime (secret FISA court with retroactive warrants after 48 hours) seemed pretty damn permissive. I find it really hard to believe it was an unacceptable burden on our ability to catch terrorists.

  8. just me says:

    I think the problem with the wiretapping issue is that we haven’t figured out a good way to monitor for the new technology and stay at least with it. I think oversight makes sense, but I also think it makes sense to give some leeway to those doing the monitoring to monitor whatever they can where there is suspicion.

  9. Franklin says:

    I think oversight makes sense, but I also think it makes sense to give some leeway to those doing the monitoring to monitor whatever they can where there is suspicion.

    Suspicion – exactly! Reasonable suspicion leads to getting court-ordered warrants, which are a good way to get the oversight you desire.

  10. PD Shaw says:

    Franklin, I’m not sure one can get a warrant for the activity described by Russell Newquist. For example, “where” is the location to be searched?

  11. Michael says:

    I am an expert in the software engineering field

    I’ve never heard somebody make this claim, and have it turn out to actually be true.

    My own highly-informed, but not expert level, take is that they are using some kind of computer learning algorithm to determine, on the fly, what communications warrant recording, and which are innocuous. Given the variety of data that is being inspected, any such algorithm would naturally generate many false positives, and that the data from those catches are being misused.

    As for misconduct, such a system can easily be “taught” to flag and record any number of patterns/topics/discrepencies. If there is no oversight on the legality of what is being taught, but acceptance that anything caught is caught legally, then you have a problem.

  12. Michael says:

    Franklin, I’m not sure one can get a warrant for the activity described by Russell Newquist. For example, “where” is the location to be searched?

    The network hubs would be the physical locations, but I thought you could get a warrant to eavesdrop on a person, not just a property.

  13. Tlaloc says:

    Franklin, I’m not sure one can get a warrant for the activity described by Russell Newquist.

    Nor should one be able to. It is the data equivalent of rifling through the houses of everyone in harlem in order to catch a criminal. Excessive and a violation of the 4th.

    Allowing that kind of ubiquitous monitoring by the government is pretty atrocious really.

  14. Tlaloc says:

    Let’s take a different tack-
    is there any evidence this program works and is effective?

    The FBI has claimed that the leads given them by the NSA were all pretty much garbage. There haven’t been any serious terrorist rings busted using this kind of info. Anyone have anything to actually support the program?

    Weighing a grotesque intrusion versus a serious security capacity is one thing, but a grotesque intrusion versus GIGO? That should be a no-brainer.

  15. Michael says:

    I think the problem with the wiretapping issue is that we haven’t figured out a good way to monitor for the new technology and stay at least with it.

    Most internet communications are still unencrypted, and most go through a relatively small number of centralized hubs. The security agencies shouldn’t have any trouble keeping up with that.

    If the communications are encrypted, they’re pretty much SOL with or without a warrant, because modern cryptography would take too much time to break.

  16. PD Shaw says:

    michael, maybe I should ask, when you go to the judge to ask for a warrant, how do you answer the questions: who, when and where?

    Plus, what is being mined is not simply the content of the communications but their fact.

  17. Michael says:

    michael, maybe I should ask, when you go to the judge to ask for a warrant, how do you answer the questions: who, when and where?

    I’m not a lawyer, so I don’t really know what the standards are for getting a warrant. However, I would imagine that the “who” is well enough known by the time the warrant is sought, the “when” seems kind of arbitrary, and there “where” would either be the end systems (phone, PC, iPod, etc) or somewhere in the line of transmission at the TelCo, ISP, etc.

  18. Michael says:

    Plus, what is being mined is not simply the content of the communications but their fact.

    The fact is probably far more telling than the content anyway, but even that can be hidden by using an anonymizing proxy or TOR.

  19. Tlaloc says:

    If the communications are encrypted, they’re pretty much SOL with or without a warrant, because modern cryptography would take too much time to break.

    I strongly suspect the NSA can break most encryption out there, or doesn’t have to due to backdoors. Maybe I’m wrong, but if things like PGP really stopped them I think you’d see it pretty quickly disappear under national security directives.

  20. Oldcrow says:

    The problem with targeting specific individuals is that this obviously triggers 4th Amendment rights.
    But it’s still a violation of civil rights. And the targeting of a Member of Congress by the executive branch without judicial oversight is a fundamental breach of separation of powers.
    James Joyner | Thursday, April 16, 2009

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    There is nothing obvious about this, the problem here is people refuse to acknowledge the difference between law enforcement evidence gathering and intelligence gathering they are not the same evidence is gathered to arrest and prosecute in a court of law thus it can be used to take away your freedom and is a function of the justice system, intelligence gathering is used to target our nations enemies militarily and to help our decision makers to take action and is wholly a function of the executive branch, no where in the constitution does it mention privacy the concept of expectation of privacy was made up from whole cloth it does not exist, if the government uses Intel to detain, prosecute and jail me a U.S. citizen using evidence gathered without a warrant then they have violated my civil rights, if they listen to my phone conversations, read my email or whatever and use that to find and target foreign agents/terrorists then it is not a violation of my civil rights, nothing was searched nor siezed and then there is that pesky unreasonable part is it really unreasonable for our security and Intel agencies to be gathering Intel on those talking to possible foreign agents terrorists? No I don’t think so and the Supreme Court has agreed in every case.

  21. Michael says:

    I strongly suspect the NSA can break most encryption out there, or doesn’t have to due to backdoors.

    Unless the NSA has a quantum computer that hasn’t even been theorized yet, they have no way of breaking modern cryptography.

    Maybe I’m wrong, but if things like PGP really stopped them I think you’d see it pretty quickly disappear under national security directives.

    For a while, PGP wasn’t allowed out of the USA, it was categorized as a weapon. The problem is that the NSA couldn’t stop the spread of encryption.

  22. Tlaloc says:

    Unless the NSA has a quantum computer that hasn’t even been theorized yet, they have no way of breaking modern cryptography.

    Maybe, or maybe there are advanced mathematical ways to break the codes that aren’t otherwise apparent. It’s like saying you can’t move faster than the speed of light or you can’t resolve objects smaller than the wavelength of the radiation used to probe- generally true but there are always ways around it if you’re clever enough.

  23. Michael says:

    Maybe, or maybe there are advanced mathematical ways to break the codes that aren’t otherwise apparent.

    I suppose it’s possible, but the very best and brightest mathematicians have poured over these algorithms for years, so I don’t believe the NSA has anything that can break them in a reasonable timeframe.

    It’s like saying you can’t move faster than the speed of light or you can’t resolve objects smaller than the wavelength of the radiation used to probe- generally true but there are always ways around it if you’re clever enough.

    You say that, and yet both examples you’ve given nobody can find a way around.