Leaking 41 slides and a four-page court order has led to one of most hotly contested debates in recent memory. As President Obama pointed out, “you can’t have a 100 percent security, and also then have 100 percent privacy and zero inconvenience.” So the question remains: How does the U.S. government, the National Security Agency (NSA), and the American public strike the right balance?
It’s not “what” you say; it’s when, from where, and for how long you say it.
Last week, NSA contractor Edward Snowden leaked top secret documents to the media. Among the documents released were excerpts from a slideshow describing the NSA’s PRISM program, which collects information from the servers of Internet companies such as Google, Facebook, and YouTube. The slides also indicate that the NSA is combining its PRISM capabilities with other methods of collecting signals intelligence — for instance, by combining information collected from Internet companies with information obtained from communications infrastructure. The other document released was an order from the Foreign Intelligence Surveillance Court (FISC), which indicates the collection of phone records happens on an “ongoing, daily basis.”
The legislative authority to conduct the PRISM program stems from a 2008 amendment to the Foreign Intelligence Surveillance Act (FISA). The FISA Amendment Act authorizes the targeting of persons reasonably believed to be located abroad, so long as intelligence officials obtain a court order and comply with Fourth Amendment protections against unreasonable searches and seizures. Meanwhile, the legislative authority granting the FISC the power to order Verizon and other companies to provide business records stems from Section 215 of the Patriot Act. According to Section 215, the government can obtain “any tangible things” relevant to an international terrorism investigation or clandestine intelligence activities.
President Obama and the Director of National Intelligence, James Clapper, have both defended the NSA’s programs, arguing that the programs don’t monitor the “content” of phone calls and emails. Instead, when the NSA uses “data mining” techniques to sift through records from Internet and phone companies, it only has access to the “metadata” — that is, the information about when a call, email, or online chat began, how long the communication lasted, and possibly the general location of the parties involved. To be clear, the NSA still has the ability to monitor the “content” of communications after it follows the normal judicial procedures and initiates a wiretap. The focus of the current debate is whether the NSA should also be authorized to aggregate vast amounts of “metadata” from the general public and be authorized to sift through that data.
The security interest.
The U.S. government has a significant security interest in collecting metadata. The Chairman of the House of Representatives Intelligence Committee, Mike Rogers, and a former intelligence and FBI official, John Miller, have both suggested that PRISM helped foil a plot to bomb the New York subway system in 2009. According to them, an email was uncovered that linked Najibullah Zazi, an Afghan-born U.S. resident, to an Al-Qaeda bomb-maker based in Pakistan. Although commentators have pointed out that it was actually British intelligence that uncovered Zazi’s email, it does not undercut the argument that PRISM may still have been an important component of the investigation. Another indicator that NSA surveillance programs provide intelligence is that the President’s Daily Brief cited PRISM data 1,477 times last year.
In addition to enabling intelligence agencies to prevent attacks, gathering phone and online metadata could play a significant role in tracing the sequence of events and revealing the terrorists involved after an attack has taken place. Unlike other forms of information such as eyewitness testimony and anonymous tips, signals intelligence is generally precise and accurate. Moreover, programs such as PRISM can serve as an efficient tool that allows analysts to hone in on key events, saving time and resources during an investigation.
The privacy interest.
The significance of an individual’s privacy interest depends, in part, on when you think privacy has been invaded. One view is that privacy is invaded as soon as the NSA stores or gains access to vast amounts of metadata; simply storing personal information is the invasion of privacy. A second view is that the invasion of privacy happens when the NSA actually “data mines” by using software to pinpoint communications that are relevant an investigation.
According to a 1979 Supreme Court case (Smith v. Maryland) and subsequent cases, citizens generally have a diminished expectation of privacy when third-parties already have access to the information. Put differently, if an Internet or phone company already knows when a call was made and how long it lasted, the law assumes there is less of a privacy interest in not having that same information exposed to the government. The privacy interest associated with the second view is more concerning because even though the NSA is not authorized to “intentionally target” U.S. citizens when sifting through metadata, it is unlikely U.S. citizens could be completely shielded. For instance, what if an “intentional target” is a foreign terrorist who happens to call or email an unsuspecting neighbor, colleague, or friend? These individuals might not have anything to do with terrorist activities; yet, they could be subjected to government scrutiny based on an innocent relationship with the target of an investigation.
So what next?
Putting aside the fact that criminal charges against Snowden are imminent, that the NSA needs to tighten its security protocols, and that members of Congress should attend the briefings that enable them to perform oversight, two critical questions remain. The first is whether the advances in technology warrant taking legislative or legal action to curtail the NSA’s power. The second is whether Americans are willing to sacrifice some of their privacy in exchange for increased security. In a press conference last Friday, President Obama said he “welcome[s] this debate.”