Within mainstream media, the debate went in two phases: The fundamental question of the purpose of these programs was concluded early on. Then, the spectrum of debate shifted (or narrowed) to the issue of scale, under the assumption that mass surveillance is in the national security interest.

I regard the question of purpose as fundamental because the answer has two critical outcomes:

• If mass surveillance is for the purpose of national security — as it has been justified — then these programs should continue.
• But if mass surveillance is not for the purpose of national security, or if national security is not the principal concern, or if the existence of these programs is not in the national security interest, despite intentions, then these programs are unjustified to continue.

Questions of morality, scale, and the balance of privacy are important questions, but they are out of the scope of my analysis because their answers do not lead to an unequivocal conclusion. National security is the centerpiece of the government’s justification of mass surveillance. Without this, the government’s argument falls apart.

To answer the fundamental question in the affirmative requires satisfying the definition of “national security.” Because the argument is the government’s, I will rely on the government’s definition of national security.

In doing so I will demonstrate that the following sentence is false:

“The programs established under Section 215 of the PATRIOT Act and Section 702 of the FISA Amendments Act are for the purpose of national security.”

This answers the fundamental question in the negative, which leaves the government without a justification for these programs.

Let’s start by defining “national security.”

On June 8th, 2013, then-Director of National Intelligence James Clapper issued a memo on the PRISM program. He wanted to assure everyone that the program was being used for the right reasons, against the right people, and was yielding results useful to national security:

Communications collected under Section 702[:]

[…] have provided the Intelligence Community insight into terrorist networks and plans.

[…] have yielded intelligence regarding proliferation networks and have directly and significantly contributed to successful operations to impede the proliferation of weapons of mass destruction and related technologies

[…] have provided significant and unique intelligence regarding potential cyber threats to the United States including specific potential computer network attacks. This insight has led to successful efforts to mitigate these threats.

Gleaning from this list, we can define national security by three objectives:

• Thwarting terrorism
• Stopping the flow of deadly weapons
• Cybersecurity

Let’s see how the NSA performs in each area.

Thwarting Terrorism

Regarding terrorism, when pressed further, Clapper could provide only two specific examples of thwarted terrorist activities as a result of PRISM or bulk metadata collection (Section 215 of the PATRIOT Act). In a letter from Senator Ron Wyden, he was asked:

Please identify any specific examples of instances in which intelligence gained by reviewing phone records obtained through Section 215 bulk collection proved useful in thwarting a particular terrorist plot.

Clapper responded with only two examples:

We have previously declassified two instances where the Section 215 bulk collection was useful: the attempt by Najibullah Zazi to bomb the New York subway system, and the material support investigation of Basaaly Moalim.

The “material support” example was a case in which Basaaly Moalim, a Somali immigrant, sent $8,500 to the al-Shabaab terrorist group.

An analysis published by the non-partisan Washington think-tank, the New America Foundation, looked at 225 “individuals recruited by al-Qaeda or a like-minded group or inspired by al-Qaeda’s ideology, and charged in the United States with terrorism since 9/11.” They found that:

Surveillance of American phone metadata has had no discernible impact on preventing acts of terrorism and only the most marginal of impacts on preventing terrorist-related activity, such as fundraising for a terrorist group.

A White House report finalized on December 12, 2013 came to similar conclusions, at least about Section 215:

Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders.

The NAF report went further on to address the specific case of Moalim, where the government claimed that Section 215 and Section 702 played a significant role:

According to the government, the database of American phone metadata allows intelligence authorities to quickly circumvent the traditional burden of proof associated with criminal warrants, thus allowing them to “connect the dots” faster and prevent future 9/11-scale attacks. Yet in the Moalin case, after using the NSA’s phone database to link a number in Somalia to Moalin, the FBI waited two months to begin an investigation and wiretap his phone. Although it’s unclear why there was a delay between the NSA tip and the FBI wiretapping, court documents show there was a two-month period in which the FBI was not monitoring Moalin’s calls, despite official statements that the bureau had Moalin’s phone number and had identified him.

Supposedly Clapper’s other examples of thwarted terrorism that are too secret to mention put the grand total at fifty-four “events”, according to an internal memo:

Assuming that “National Security Agency” is an accurate term, we’re left pondering the relevance of forty-one of these events that did not occur on American soil, or perhaps forty-five that did not involve “US persons or facilities overseas.” Nevertheless, let’s grant this figure of fifty-four examples — of which only two are specified — to the NSA’s credit. What role did Section 702 and Section 215 play in these investigations?

In July 2013, NSA Director Keith Alexander was the keynote speaker at the Black Hat conference on computer security. Regarding thirteen events related to national security, he said:

[The] initial tip came from the PRISM FAA 702 data. Business Record FISA is a tool that also adds value, but it can only add value in the United States. […] It had a role in 12 of those 13. In four, it came up with no results [of] value to the FBI. In the other eight, it provided leads for the FBI to go after.

The NAF report found that:

Traditional investigative methods initiated 60 percent of the cases we identified. In 5 percent of the cases, a violent incident occurred prior to prevention, and in 28 percent of the cases — involving 62 individuals — court records and public reporting do not identify which methods initiated the
investigation.

So in total, out of 225 investigations:

NSA surveillance of any kind, whether bulk or targeted of U.S. persons or foreigners, played an initiating role in only 7.5 percent of cases.

• Section 215 — 4 cases (%1.8)
• Section 702 — 10 cases (%4.4)
• Unknown authority — 3 cases (%1.3)

The NAF report concluded:

Our review of the government’s claims about the role the NSA “bulk” surveillance of phone and email communications records has had in keeping the United States safe from terrorism shows that these claims are overblown and even misleading.

Metadata and Cybersecurity

Senator Wyden expressed his concerns that the NSA was gathering much more than just the phone records of Americans.

In his letter, he asked:

Has the NSA used USA PATRIOT Act authorities to conduct bulk collection of any other types of records pertaining to Americans, beyond phone records?

Clapper responded:

In addition to the bulk telephony metadata collection, NSA has in the past used FISA authorities to collect bulk Internet metadata. The Government terminated this collection program in 2011 for operational and resource reasons as reflected in the classified December 2, 2011 letter to the Senate Select Committee on Intelligence. NSA has not used USA PATRIOT Act authorities to conduct bulk collection of any other types of records. Additional information is provided in the classified supplement.

What specific “collection program” Clapper was referring to that was terminated in 2011 is still a mystery.

The government has attempted to assuage privacy concerns by explaining that only “metadata” is being collected. By definition, “metadata” is “data about data.” This sounds much nicer — that the NSA collects information about videos and emails like file sizes or email addresses but not the videos or emails themselves. But this is an unusual claim, since metadata is often used to index data. What would be the point in storing just metadata?

On July 31, 2013, The Guardian published details of XKeyscore, a program that allows the government to view emails and monitor Internet activity. Queries rely on metadata to access data more easily. The user inputs an email address and gets a list of emails to and from that address.

In addition, the user can access Facebook chat and other private communications.

XKeyscore shows that the NSA doesn’t just store metadata. The program is massive, with The Guardian reporting at least 41 billion records collected within a 30-day period in 2012.