Subscribe via RSS Feed

The NSA’s Metadata Program Can’t Be Justified

[ 48 ] January 24, 2014 |

I have a longer piece about the report of the Privacy and Civil Liberties Oversight Board up. To me, the key takeaway is that even if we assume arguendo that the program is legal, it certainly imposes substantial burdens on privacy and free speech rights that aren’t remotely justified given the lack of concrete benefits:

In a perverse way, programs that restrict civil liberties become self-justifying because of restrictions on civil liberties are simply assumed to increase security and order. For example, in their 2007 defense of Bush-era expansions of executive branch powers to combat terrorism, Terror in the Balance, the eminent legal scholars Eric Posner and Adrian Vermuele proceed under the (empirically undefended) assumption that there is a substantial policy space in which there is a direct tradeoff between civil liberties and national security. This assumption stacks the political deck against civil liberties, because most assertions of executive authority are assumed to increase national security by virtue of their burdens on freedom on the one hand, and on the other that the people most likely to have their rights violated are likely to be unpopular minorities. The tendency of public officials to exaggerate threats further throws the tradeoff out of balance.

But the NSA program illustrates that this assumed tradeoff is often unfounded. Even in theory, in a world of finite resources it’s far from clear that collecting metadata is a better means of protecting national security than searches based on individualized suspicion. Analyses of metadata may reveal suspects and evidence that might otherwise go hidden, but they also consume valuable resources searching data generated by people with no connection to terrorism. Whether this tradeoff is beneficial is, at best, questionable. Generally, one doesn’t add triple the size of the haystack before searching for the needle. Given the real burdens placed on fundamental rights, the burden of proof is on those asserting that the programs are effective enough to justify such burdens.

The report concludes, however, that such evidence is sorely lacking. The report concedes three theoretical advantages to preemptively collecting huge amounts of metadata: speed, historical depth, and breadth of potential contacts. That these programs have some value in theory, however, is insufficient to demonstrate that they are superior to other available methods or effective enough to justify their intrusions into the privacy of individuals. Ultimately, after considering a substantial number of cases where terrorist plots have been stopped, the report concludes that the NSA program does not come close to justifying its costs: Based on the information provided to the Board, we have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation.” In the rare cases where the metadata has provided leads pertaining to known terrorists, it had simply duplicated the work already being done by other law enforcement agencies such as the FBI.

Comments (48)

Trackback URL | Comments RSS Feed

  1. joe from Lowell says:

    Analyses of metadata may reveal suspects and evidence that might otherwise go hidden, but they also consume valuable resources searching data generated by people with no connection to terrorism.

    Doesn’t this depend on the details of the “analyses of metadata?”

    Searching through everyone’s data using an algorithm intended to identify activity that fits a profile, and then flagging everyone who meets that profile would seem to be a waste of resources.

    Searching through a database for all of the calls and emails sent by a particular person of interest to find who they are in contact with, on the other hand, would require all of the resources needed to bring the records that have a certain value in a column to the top of your Excel spreadsheet, and allow you to know who the person is in contact with. Those two situations seem to very a great deal both in terms of resources and potential utility.

    In the rare cases where the metadata has provided leads pertaining to known terrorists, it had simply duplicated the work already being done by other law enforcement agencies such as the FBI.

    Isn’t this commonly known as “independent confirmation of a lead?”

    • Manta says:

      Armchair detective Joe to the rescue!
      If the inept Scotland Yard would only follow your advice more often, all terrorists would be caught.

      Unluckily for us, whatever method the NSA is using it’s not working (and unlike armchair detective Joe I am not in position to judge details, since it’s secret and I am not a detective).

      • joe from Lowell says:

        Armchair detective Joe to the rescue!

        Agreeing with intelligence agencies instead of a civil liberties board on a question of the efficacy of an intelligence program would seem to be poor target for the charge of amateurishness.

        Quite the opposite, champ.

        Now, for the fourth time: if an Intelligence Efficacy Oversight Board issued a report saying that the metadata program didn’t violate civil liberties, how much weight would you give to its conclusions?

      • brewmn says:

        Hey, the government themselves tells us that it’s prevented the terrorists from winning. If it’s good enough for Joe, why isn’t it good enough for all of you other liberals?

      • GoDeep says:

        I think Joe is certainly right. Imagine if we took that approach with rapists, felons, and DNA. If in the early ’90s ppl had taken that tack–”Well theoretically there might be something of value to this semen evidence but we can’t know what that will be for years & years”–then certain rapists would be walking the streets today. Cops frequently hold on to evidence for decades before forensics science evolves to a point where its capable of processing that data. Same here w/ NSA’s massive quantities of intel.

        Back in ’02 I worked with a tech company that developed sophisticated AI security algorithms. At the time it was just cool IP b/cs of the difficulty of processing the data it required. But since then processing power has increased like 24X & that (and similar) IP is now regularly used in security programs. Ultimately its all a question of how many billions of GHz NSA has to throw at this.

        • DrS says:

          Ultimately its all a question of how many billions of GHz NSA has to throw at this.

          Yep. And with the way that this stuff can be parallel processed and/or thrown at massive CPU clusters, Moore’s “Law” isn’t even really the bottleneck.

          This stuff is cheap.

          • joe from Lowell says:

            Now, human resources, which are necessary for doing something useful with all of that raw, and even processed, data – that’s not cheap, either in dollar terms, or in opportunity costs.

            What is all of this automated gathering and searching generating? Tens of thousands of low-percentage leads? That would require a huge amount of human resources investment to produce meaningful security results. Lists of people who communicate electronically with persons of interests? Police departments all over the country make good use of information like that.

            Talking about the broad category “meta-data collection and analysis” in a generic sense is useful from a civil liberties perspective, but the question of efficacy requires a finer-grain look.

            • GoDeep says:

              I think the billions we spend on NSA would be better spent reducing everyday crime & improving the jobs environment…I don’t personally consider what they’re doing legal, even, though hopefully we’ll get a SCOTUS ruling that says likewise in the not too distant future.

        • darrrelplant says:

          There’s a difference between collecting semen from a victim or a crime scene and collecting all semen at every expression, no?

          • joe from Lowell says:

            From a civil liberties perspective, absolutely.

          • GoDeep says:

            Well, sure, but CA does collect the DNA of every single felon. You could be convicted of wire fraud & they’ll capture your DNA just for shits & giggles.

            And, interestingly , they can use that DNA to connect ppl to crimes whose DNA they don’t even have. Say your cousin Jimmy has never ever been in trouble with the law but wakes up tomorrow & rapes someone. AG Harris can scan the state’s DNA db, and even tho she won’t find a match for Jimmy, she will find a “similar” profile to Jimmy’s cousin Jerry. But since she knows Jerry is in jail & couldn’t have done it, she now knows her investigators need only focus on Jerry’s relatives. And, that, my friends is called efficacious; it has resulted in 29-60 arrests. Constitutional? I don’t know.

    • Murc says:

      Searching through everyone’s data

      If they’re searching through the data at all, they need a fucking warrant to do so. If they don’t, either the constitution or the law should be changed so that they are required to obtain one.

      Honestly. The cops can’t do something as basic as trawl phone records without probably cause, but we’re gonna let intelligence agencies do it just because?

      • joe from Lowell says:

        Police are allowed to trawl through phone records without a warrant. They do so all the time, and have for decades.

        The civil liberties question is whether the long-standing constitutional doctrine needs to change as a result of how technology and society have changed the significance and power of phone/electronic metadata.

        • Joe says:

          I take one has to subpoena phone records which requires some minimum relevance test. Is the rules the same for the NSA? At least for a subpoena, you don’t go to a secret court, even if the rubber stamp is similar.

          • joe from Lowell says:

            As I understand it, they do have to make a showing of “reasonably related to some investigation” or some similar language, but it’s purely an internal review within the NSA. Someone correct me if I’m wrong.

        • Murc says:

          Police are allowed to trawl through phone records without a warrant.

          … holy shit, really? I had always been under the impression that they needed a warrant for that, just like searching your house. They can just go trawling through the phone records because they feel like it?

          I again take the tack that if that’s considered constitutional, either the constitution or our understanding of it needs to change.

          • joe from Lowell says:

            Yeah, the old “ask the phone company for the person of interest’s records,” Smith case standard.

            Remember, we’re talking about phone records, not content. It’s the old outside of the envelope/contents distinction.

            And yeah, it probably does need to change, because a whole lot has changed since 1979 in terms of what you can do with those kinds of records.

  2. Shakezula says:

    Of course it doesn’t make sense to us proles. Our personal finances aren’t entwined with the NSA’s budget.

    But it makes perfect sense to people who make out like bandits over the massive boondoggle data ranch out in Utah.

  3. Grumpy says:

    This is the main thing I’ve been wondering, honestly: how much does the metadata program accomplish, what does it cost to accomplish it, and what are the alternative ways we could be spending that money (on security–i understand we need money for lots of things but let’s try to keep the debate somewhat bounded).

  4. Russell says:

    People need to think about privacy issues in a scope larger than just what the government does. What prevents the telecom companies from selling email and voice-mail metadata to a variety of other enterprises, where it then gets analyzed for marketing, credit rating, worker selection, and other purposes? Or even gets packaged for sale to interested individuals?

    So far as I can tell, nothing.

    Either we erect legal barriers to the use of such metadata. Or we accept that it is out there for exploitation, barring whatever technical steps we take individually to limit that. In the latter environment, a 4th amendment argument against the government using starts to sound strained. It’s one thing to say “privacy laws require telecom companies to keep this data secret from anyone.” It’s something else to say “the government can’t mine this metadata looking for terrorists, but your bank can mine it looking for signs of credit risk and Joe the telemarketer can mine it looking for saps.”

    • Anna in PDX says:

      This has always been an important issue. I think there should be a lot more consumer protection laws that keep consumers from being a product for advertisers. However in many ways that ship sailed a really long time ago.

    • Grumpy says:

      If we prevent govt from doing it we probably want to also prevent companies from selling the data to the govt, because that is 100% what will happen once the govt cares to bid enough for it.

      • Russell says:

        To me, this seems an interesting legal question. If a data set X, containing information about a variety of individuals, is traded commercially between businesses, can there be a 4th amendment argument that the government must first obtain a warrant to access that data set? May the government bypass that requirement simply by purchasing the data?

        • rea says:

          If a data set X, containing information about a variety of individuals, is traded commercially between businesses, can there be a 4th amendment argument that the government must first obtain a warrant to access that data set?

          Traditionally, the first question under 4th Amendment jurisprudence is: Do you have a reasonable expectation of privacy in the area being searched? The cops don’t need a warrant to see something in plain view from a place open to the general public. The traditional view with regard to letters, for example, is that anything on the outside of the envelope can be read by the police without a warrant, because you have no expectation of privacy in the outside off the envelope.

          Now, if we want to make a new rule, in this brave new world of electronic communications, that we will treat metadata for electronic communications differently than how we treat what is written on the outside of an envelope–well, I can see why we might want that rule. But it cannot be that data that can freely be traded between commercial enterprises is nevertheless secret from the government.

          • Russell says:

            I’m not entirely comfortable with this brave, new age where I send an email to a sailing pal, and the next thing I know, every website I visit has ads popping up for winches and deep-cycle batteries. Admittedly, it’s a bit convenient to get ads for something I sometimes want, rather than for completely random junk. A bit eerie, too.

            It wasn’t the government that created that all-seeing eye in the digital sky. OK, it was some. The government spurred the internet, and launched the satellites. Mostly, though, it has been private companies such as Google and Facebook that have been farming data on us all, and feeding it back in maps and ads. And we helped them do it.

            Here’s the technical view: we’re on the brink of technological progress that will accelerate that trend. The information publicly available about you is about to become orders of magnitude more, and more easily obtained and analyzed and correlated with information about others. Anyone over forty has a notion of privacy that isn’t just obsolete, but downright quaint to those under twenty. And even those twenty year-olds may be surprised by what the next twenty years bring. When I hear this argument whether the NSA needs warrants to compile and analyze phone and email metadata, observing this cold snap, I’m somehow reminded of discussions of how best to use the car’s choke on cold mornings.

  5. Arania says:

    So…I see post…and I see all the comments and they all agree like the bobble-head on my dashboard, but no one blames the president who got out front and on camera and said you all are full of shit and he’s just gonna keep on doin’ what he’s been doin’ and you can go fuck yourselves.

    Who’s to blame if not the president in charge?

    • Anonymous says:

      Who’s to blame if not the president in charge?

      Mmmmm……BUSH?

    • Hogan says:

      From the first paragraph of the linked article:

      This damning report makes it clear that President Obama’s proposed reforms to the program don’t go far enough.

      Now step over to the bar and get yourself a tall frosty mug of shut the fuck up.

  6. Ariana says:

    I see all the comments and they all agree like the bobble-head on my dashboard

    Did I add that I’m a moron and have trouble with basic literacy?

    Please take my thoughts seriously, on all matters pancake and non-pancake.

  7. joe from Lowell says:

    A bit OT: the next time you see a libertarian make the observation that changes in technology render the old pen register/call information standard obsolete, that would be a wonderful time to point out the Constitution is a living document, fill of rights and protections whose meaning and scope evolve over time.

  8. Michael C says:

    Those of you who, like me, agree that the benefits of mass metadata collection are minimal and do not justify the costs.

    First, if it’s so obvious to us, why isn’t it already obvious to THEM (the security state folks)? Answer: It IS obvious to them.

    So why do they keep building this massive surveillance machine if it isn’t a good terror-fighting tool? Answer: Because they have other good uses for it, and NOT just because they want to keep their jobs.

    1. Investigating crimes

    2. Fighting “pre-crime”

    3. Suppressing dissent

    Take your pick. I say all three, and they’re already doing them.

    • wengler says:

      All three require an amount of competence and dedication that simply doesn’t exist in DC these days.

      It’s more like private contractors peddling mostly unworkable software and tech for millions and/or trying to engineer information systems that will make them money in the Wall Street casinos.

      The more competent part of the NSA is doing more interesting things like breaking the tools that enable secure internet transactions, obviously a benefit to every guy that has a couple hundred spare supercomputers around.

    • FlipYrWhig says:

      the benefits of mass metadata collection are minimal and do not justify the costs.

      Are the costs substantial? My first thought would be that the benefits are minimal but the costs are also minimal, which is why they figure they might as well collect every last piece of data they can find and store, and figure out interesting ways to use it at some future point.

      • Russell says:

        That’s similar to someone in 1980 arguing that the minor benefit of WordStar isn’t worth the cost of putting a PC on every office worker’s desktop. Which was true, at a certain point in time, given the then cost of PCs. And completely overlooks that that was just the first stepping stone into a world of rapidly expanding technology.

        We’re at the beginning of Big Data. What the NSA now may be paying a pretty sum to do, in ten years, every Tom, Joe, and Harry will be able to do. With broader data sets. The NSA isn’t doing this because it views this as one-off technology. Or even for the intelligence benefits it thinks today’s technology brings. It’s doing this get one step ahead, in a game it knows is vital to intelligence and that will be a long marathon for decades to come.

    • joe from Lowell says:

      First, if it’s so obvious to us, why isn’t it already obvious to THEM (the security state folks)? Answer: It IS obvious to them.

      Or, alternately, they actually disagree with you.

      This is like global warming denial. “It’s obvious to me that there’s no global warming, so it must be obvious to the scientists, so what are they really after? Something nefarious.”

      Or maybe you’re wrong. Or maybe they’re just wrong.

  9. wengler says:

    The NSA sees its current role as vacuuming up as much data as it can for analysis later. From anywhere and everywhere. It’s like a locked safe that’s just waiting to be opened to find the riches inside. Except there’s nothing inside. But we’ve spent a lot of time and money on perfecting just how to open empty safes that ending the program just won’t do. Because terrorism!

    At least the stats portion of the powerpoint presentation looks very impressive.

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.

  • Switch to our mobile site