Metadata is more invasive and a bigger threat
to privacy and civil liberties than the PRISM system
By Shane Harris
Forget PRISM, the National Security Agency's system to help extract data
from Google, Facebook, and the like. The more frightening secret program
unearthed by the NSA leaks is the gathering and storing of millions of phone
records and phone-location information of U.S. citizens.
According
to current and former intelligence agency employees who have used the huge
collection of metadata obtained from the country's largest telecom carriers,
the information is widely available across the intelligence community from
analysts' desktop computers.
The
data is used to connect known or suspected terrorists to people in the United
States, and to help locate them. It has also been used in foreign criminal
investigations and to assist military forces overseas. But the laws that govern
the collection of this information and its use are not as clear. Nor are they
as strong as those associated with PRISM, the system the NSA is using to
collate information from the servers of America's tech giants.
Metadata
is not protected by the Fourth Amendment. Content of emails and instant
messages -- what PRISM helps gather -- is. An order issued to Verizon by the Foreign Intelligence Surveillance Court
instructs the company to supply records of all its telephony metadata "on
an ongoing, daily basis." Although legal experts say this kind of broad
collection of metadata may be legal, it's also "remarkably overbroad and
quite likely unwise," according to Paul Rosenzweig, a Bush administration policy official in the Homeland Security
Department. "It is difficult to imagine a set of facts that would justify
collecting all telephony meta-data in America. While we do live in a changed
world after 9/11, one would hope it has not that much changed."
By
comparison, PRISM appears more tightly constrained and operates on a more solid
legal foundation. Current and former officials who have experience using huge
sets of data available to intelligence analysts said that PRISM is used for
precisely the kinds of intelligence gathering that Congress and the
administration intended when the Foreign Intelligence Surveillance Act was
amended in 2008. Officials wanted to allow intelligence agencies to target and
intercept foreigners' communications when they travel across networks inside
the United States.
The
surveillance law prohibits targeting a U.S. citizen or legal resident without a
warrant, which must establish a reasonable basis to suspect the individual of
ties to terrorism or being an agent of a foreign power. In defending PRISM,
administration officials have said repeatedly in recent days that the FISA
Court oversees the collection program to ensure that it's reasonably designed
to target foreign entities, and that any incidental collection of Americans'
data is expunged. They've also said that press reports describing the system as
allowing "direct access" to corporate servers is wrong. Separately, a
U.S. intelligence official also said that the system cannot directly query an
Internet company's data.
But the
administration has not explained why broadly and indiscriminately collecting
the metadata records of millions of U.S. citizens and legal residents comports
with a law designed to protect innocent people from having their personal
information revealed to intelligence analysts. Nor have officials explained why
the NSA needs ongoing, daily access to all this information and for so many
years, particularly since specific information can be obtained on an as-needed
basis from the companies with a subpoena.
Here's
why the metadata of phone records could be more invasive and a bigger threat to
privacy and civil liberties than the PRISM system:
1. Metadata is often more revealing than contents of a communication, which is what's being collected with PRISM. A study in the journal Nature found that as few as four "spatio-temporal points," such as the location and time a phone call was placed, is enough to determine the identity of the caller 95 percent of the time.
2. The Wall Street Journal reports that in addition to phone metadata, the NSA also is collecting metadata on emails, website visits, and credit card transactions (although it's unclear whether those collection efforts are ongoing). If that information were combined with the phone metadata, the collective power could not only reveal someone's identity, but also provide an illustration of his entire social network, his financial transactions, and his movements.
3. Administration officials have said that intelligence analysts aren't indiscriminately searching this phone metadata. According to two intelligence employees who've used the data in counterterrorism investigations, it contains no names, and when a number that appears to be based in the United States shows up, it is blocked out with an "X" mark.
But these controls, said a former intelligence employee, are internal agency rules, and it's not clear that the FISA Court has anything to say about them. In this employee's experience, if he wanted to see the phone number associated with that X mark, he had to ask permission from his agency's general counsel. That permission was often obtained, but he wasn't aware of the legal process involved in securing it, or if the request was taken back to the FISA court.
4. The metadatabase is widely available across the intelligence community on analysts' desktops, increasing the potential for misuse.
5. The metadata has the potential for mission creep. It's not only used for dissecting potential homegrown terror plots, as some lawmakers have said. The metadata is also used to help military forces overseas target terrorist and insurgent networks. And it is used in foreign criminal investigations, including ones involving suspected weapons traffickers.
For all
these reasons, and probably more yet to emerge, it's the metadata that's of
bigger concern. By comparison, PRISM is a cool name, a lame PowerPoint
presentation -- and business as usual.
No comments:
Post a Comment