In the end, NSA might not need to snoop so secretly after all
By Peter Grier and Harry Bruinius
Secret data-collection programs have spawned support and criticism. But in the debate, both sides may be overlooking a factor worth considering
ASHINGTON (TCSM) The headquarters of the National Security Agency is a campus of cubelike buildings set in giant parking lots at Fort Meade, Md., about 25 miles northeast of Washington. The complex inhales so many employees every morning that it has its own exit off the Baltimore-Washington Parkway. Curious commuters can't drive up that ramp for a look around, though it's closed to the public and guarded by security vehicles parked along the road. Access is restricted to those with proper clearance.
That's true for pretty much everything associated with the NSA, of course. The electronic espionage agency can be so secretive it makes the CIA seem as talkative as CBS News.
But now the NSA is facing unaccustomed and uncomfortable public scrutiny. Earlier this month, self-described whistle-blower and former NSA contractor Edward Snowden leaked details of agency programs that collect the phone records of millions of Americans and may scoop up a significant amount of their Internet records as well in a bid to track terrorist activity. That has set off a fierce debate about the interplay between national security and privacy in the Digital Age.
Should Americans worry about what's going on behind the exit marked "NSA Only"? After all, many Americans believe the US government is right to make the prevention of more terrorist attacks one of its highest priorities. The programs in question are carried out within a legal framework, according to the Obama administration. Relevant committees in Congress have been fully informed.
Others say these NSA activities are an invasion of privacy whose extent the public doesn't know, because they remain secret. And the amount of information produced by citizens' smart phones and social media is so vast, and analysis now so sophisticated, that "data mining" may raise wholly new privacy concerns.
"It is a really complicated set of issues, and we don't know everything going on. We should be cautious before rushing to judgment," says Fred Cate, law professor at Indiana University and director of the school's Center for Applied Cybersecurity Research.
A SUSPICION CONFIRMED
"I don't think we should be really surprised by any of this," says Professor Cate.
The NSA's activities are an obvious outgrowth of America's current security environment, others say. Consider the Boston Marathon bombings: In their wake, the Federal Bureau of Investigation and the Central Intelligence Agency were lambasted for not flagging Tamerlan Tsarnaev as a possible terrorist after receiving warnings about him from Russia and after his 2012 visit to Dagestan, a restive part of Russia's North Caucasus region. Perhaps US counterintelligence officials have learned they'd rather be criticized for going too far than for doing too little in the pursuit of national threats.
"Let's not kid ourselves.... Given the current danger, no president and no Congress will fail to operate programs like these," wrote Joel Brenner, former head of US counterintelligence under the director of national intelligence, on the Lawfare security blog June 11.
In general, those who support expansive US electronic surveillance proceed from the belief that the nation remains in a struggle with a capable and dangerous Al Qaeda. They add that a large majority of Americans already voluntarily provide extensive information about themselves online. Facebook knows our birthdays, our family members, our friends, and our relatives. Google knows what we like to read, view, and buy. Wireless carriers know where we are at almost every moment. Why shouldn't the NSA collect all this data so as to create the biggest haystack possible in which to look for the needle of a terrorist suspect?
Chances that the government will actually look at an average individual's phone metadata or Web use are infinitesimal, runs this argument. The NSA programs revealed by Snowden operate within a legal framework. The Foreign Intelligence Surveillance Court approves authorities' requests for information from phone carriers, for instance. Sure, it's possible the government could abuse its eavesdropping power. But does that mean, advocates ask, that the US should halt a useful effort due to worries about a notional problem?
"It is somehow strange that certain people feel OK using Gmail, which analyzes every line of your correspondence and responds with appropriate ads, but feel uncomfortable with NSA's search of billions of emails with the words 'infidel' and 'martyr' (written in any language)," writes cybersecurity expert Leonid Shtilman, chief executive officer of Viewfinity, in an e-mail response to questions.
The public may not understand how important such Web digging is to intelligence agencies, says Mr. Shtilman. "If this country is indeed in a war with extremists (and I believe it is) this is a legitimate action by the government," he writes.
OVERBROAD AND OVERREACHING?
The government's ability to engage in activities that infringe on the civil liberties of citizens is greatest in time of war or widespread insecurity, in this view. Thus, the government must be wary of overreach.
"Post-9/11 security efforts are sustainable and durable over the long term only if they are firmly rooted in America's commitment to its historic values and to a respect for individual liberties," wrote Daniel Prieto, Council on Foreign Relations senior fellow for counterterrorism, in a prescient 2009 working paper.
Plus, the data available for analysis are so vast, and the computers available to crunch them so powerful, that today's electronic eavesdropping may qualify as a wholly new thing, by which government agencies spin predictions of future behavior out of the raw data of who talked to whom where, and when.
"In effect, the traditional line between intelligence collection and analysis is blurred, so much so that new types of analysis end up amounting, in effect, to new forms of collection," wrote Mr. Prieto in 2009.
Critics of the NSA programs revealed by Snowden generally proceed from the assumption that many citizens feel violated when their personal information is collected by the government. Such activity means a fundamental right of privacy has been infringed.
Yes, this view holds, private firms like Verizon and Google know a lot about us, but so what? We provide them data voluntarily in return for services. We decide what we share with which company. When the NSA grabs our phone records for possible analysis, we don't have a say in the matter.
"Data is going to be collected. That's just the name of the game in an era of social networking and the Internet, but we need to know how this data is being used and by whom," says Kristene Unsworth, a professor of information science and technology at Drexel University in Philadelphia.
Furthermore, the NSA programs appear to be broad much broader than they need to be, say critics. Not that anyone can be sure about that, of course. Despite Snowden's revelations, much about the NSA activity remains secret and appears likely to remain so.
Bottom line for privacy proponents: Citizens may be ceding more in civil liberties than they are gaining in national security. In part this is because they are wary of government claims about the efficacy of these NSA activities.
Army Gen. Keith Alexander, NSA director, said in congressional testimony June 12 that the agency's phone program had helped prevent "dozens of terrorist attacks" both in the US and abroad. He provided no examples, but said he is working to declassify more information so as to bolster public support of the program.
Alexander later added, however, that these successes were due to the use of other secret programs in combination with searches of the giant "haystack" of US phone records. And others point out that for all the programs' supposed utility, neither NSA's data mining of phone information nor its Web effort flagged the Tsarnaev brothers as suspects, despite Tamerlan's extensive posting of jihadist-themed material on social media.
"There's a pretty strong debate going on right now that this type of data isn't very useful," says Indiana University's Cate. "It's great for big trends, such as who is going to have a heart attack, or who is going to go bankrupt, where many people are involved. But looking for six terrorists via pattern-based analysis doesn't [work as well]."
The government has not helped itself by past statements that, intentionally or not, misled the public about the nature of the NSA enterprises, Cate adds. He points to an incident in March when Sen. Ron Wyden (D) of Oregon asked Director of National Intelligence James Clapper whether the NSA collected data on millions of Americans.
"No ... at least not wittingly," Mr. Clapper replied.
"It turns out that wasn't true," notes Cate.
INCLINATION TO CEDE RIGHTS
Some modern polls support this conclusion. A Pew Research survey released June 10 found that 62 percent of respondents agree that it is more important to investigate terrorist threats than it is to protect privacy. That finding is consistent with results from Pew polls that asked that same question in 2010 and 2006.
Dealing with the specifics of recent revelations, 56 percent of respondents to the June 10 survey said it is acceptable for the NSA to get secret court orders to track phone calls of millions of Americans in order to investigate terrorism. Forty-one percent said this is not acceptable.
However, by a margin of 52 percent to 45 percent, respondents said it is unacceptable for the NSA to monitor everyone's e-mail during counterterrorism efforts.
Other polls, moreover, show that how Americans perceive the NSA's activities may depend crucially on the wording of poll questions. A CBS News survey released June 11 found that 58 percent of respondents said they disapprove of the federal government collecting the phone records of "ordinary Americans." Asked by CBS how concerned they are about loss of some privacy as a result of the government's efforts against terrorism, 59 percent said they are either "very" or "somewhat" worried.
TIME TO LIFT THE VEIL, AT LEAST A LITTLE?
"I think the issue of transparency is going to be very key here going forward," says Mr. Castro. "That's maybe how you strike that balance" between security and privacy.
From the perspective of US economic competitiveness, the nation does not want a situation in which big US-based technology firms such as Google and Facebook can't tell their customers the truth about the extent of their relationships with the government.
People are most concerned about their data being diverted and collected in secret for purposes other than what they were told that information would be used for, says Castro. The US government should be upfront about its NSA security program, including details such as what type of targeting the data will be used for. But then it should draw lines, saying the information would never be used for other purposes, such as domestic law enforcement.
"If they do that, if they make it clear to people how their data will not be used, I think that will be a better approach to privacy," says Castro. "What people really care about at the end of the day is, how is this going to harm me? How is this going to harm society?"
Sign up for the daily JWR update. It's free. Just click here.