On the NSA: How Well-Meaning Bureaucrats Build a Surveillance State

On Thursday, the Guardian published a secret government order that forces an arm of Verizon to turn over the phone calling records of its mobile customers every day, for three months, to the U.S. government.

In one sense, the story was a massive scoop showing how the government’s secret surveillance programs work and what the government thinks the limits of the Constitution are.

In another sense, it just confirms the details of what’s been known in the bones and reported for years — the nation’s telecoms function as an extension of the U.S. government’s intelligence apparatus.

The latter interpretation was given weight by the nation’s top senators on Tuesday, who defended the order, saying this kind of collection has been going on for seven years and, perhaps, best of all, that no citizen has complained.

So don’t be too particularly pissed at Verizon, however pliant the telecom has been in the past. The order is likely routine and something every telecom gets. It’s very likely that similar orders are dropped on the nation’s credit card companies and ISPs.

What does the revelation mean?

Very simply, it means that the government is likely running a secret, massive data-mining operation. At the very least, the feds are collecting and storing huge amounts of data so that they can tell which numbers are calling which numbers. Think of it as how the Internet is built of links. There’s a lot of knowledge just in those links.

Then, say, the feds get a tip about a potential spy — they can then figure out that person’s phone number, query their giant database and see all the numbers that number was in contact with, and what numbers those numbers were in contact with — and then use other tools to force phone providers to disclose the names associated with those accounts.

Or, one could, following the dreams of John Poindexter, run pattern matching software on the metadata, looking for patterns of communication that resemble those of a terrorist cell. There you’re seeking to find the “bad guys” before they strike, albeit with the very real probability that the feds will put under suspicion political movements, knitting circles, book groups, etc.

That would mean the the government is likely still running, at least in part, the Total Information Awareness program that was ostensibly shut down 10 years ago, and the Verizon order is, in all likelihood, just a sliver of the government’s secret data collection about American citizens.

The collection of the metadata is legally predicated on a maximalist interpretation of an obscure catch-all provision of the PATRIOT Act known as the business records provision.

It was meant to augment the powers to wiretap and physically search targets in a terrorism investigation. Sec. 215 was there to give terrorism investigators a way to get other kinds of records, say from a rental car agency suspected of being used by a known suspect.

But instead of being targeted, it’s being used as a dragnet.

The government tells a secret court that phone records are relevant to counter-terrorism or intelligence, and the court gives them a three-month order — every three months.

Sec. 215 wasn’t intended to let the feds collect all the things all the time, but it seems some clever lawyer in the Obama administration came up, sometime around 2009, with a secret, broad interpretation that passed muster with a secret court.

But there’s something very intriguing of note in the order. The government asked for all the data on which numbers called which numbers and when and where — but explicitly ordered Verizon not to provide the names and billing information on those accounts.

It’s an odd way to narrow the request, because there’s nothing in Sec. 215 that prevents the collection of names. There are rules that force the NSA to anonymize (“minimize”) the names of Americans caught on its wiretaps, but that wouldn’t apply here — this is meta-data, not content.

So why would the feds explicitly say they don’t want the names?

My guess is that it’s a policy choice driven by the desire to be able to say technically accurate, though highly misleading, things, like, “The NSA is not creating dossiers on Americans.” But that’s only narrowly true because the data doesn’t have names attached — even though attaching names is a very simple matter.

But that leaves us with a few cold truths:

1) The NSA, thanks to the original warrantless wiretapping program started in 2001 and this program continued after, no longer believes that it should not be spying on Americans. That used to be the NSA’s honor code after the abuses of the 60s and 70s. It no longer exists.

2) The Obama administration’s interpretation of Sec. 215 to allow the collection of databases full of information on American citizens’ lawful activity on an ongoing daily basis is extremely dangerous.

The Administration will say that it’s not really so bad because they don’t know names. But they only don’t know names because of a policy decision that could fall at any time in this administration or the next.

The interpretation also makes it possible for the government to order any company to turn over, on a regular daily basis, all of the records to be stored indefinitely. Those could include health records, purchase records, veterinary records, you name it.

The Obama adminstration’s interpretation of Sec. 215 allows the feds to demand any database — and nothing in the law prevents this uber-database from being used for criminal investigations.

The only thing that stops all the databases from being siphoned is a politically driven policy decision inside the administration in power.

And if Obama has taught us anything about the presidency and institutions, it’s that new administrations do not relinquish the power carved out by the one that preceded it, no matter what promises get made on the campaign trail.

3) There is no winding down of the surveillance state, despite Obama’s pledge to deescalate the so-called “Global War on Terror.”

The tools have been built and the political imperative not to have a terrorist attack will keep them in place, regardless of whether they are effective or invasive.

These databases will be abused, just like FBI agents did when Verizon and AT&T were paid millions to station employees inside the FBI to make it faster to search phone records.

The political will to firewall off these databases only for intelligence and anti-terrorism will fade and at some point, all the databases will be opened to investigations of all kinds (the so-called legal Wall between intelligence and law enforcement was knocked down post-9/11).

The administration and the previous one are and were full of well-intentioned men and women seeking to prevent another attack on the country.

But we’ve allowed them, to build, out of fear, a surveillance apparatus on a scale only imagined previously by science fiction writers and dictators.

It’s time to bring that apparatus into the sunlight, think about what could be done with it in the hands of people with good intentions run wild, and then, if we do not outright smash it, we should start to unbuild it.