Metadata Is Here to Stay. What Do We Do About It?

Military analysis.
Dec. 19 2013 5:24 PM

Metadata Isn’t Going Away. Here’s How to Control It.

What we can learn from Judge Leon’s opinion and the recommendations of a presidential commission.

57585554
The National Security Agency in Fort Meade, Md.

Photo by Paul J. Richards/AFP/Getty Images

It’s a good bet that, in the next few weeks, President Obama will impose some serious reforms—and ask Congress to enact a few more—on how the National Security Agency scoops up and stores data from the phone and Internet records of American citizens.

The case for reform received two massive boosts this week: first, from a federal judge’s opinion that the NSA’s massive metadata program is probably unconstitutional; then, from a presidential commission’s report concluding that the program is not only dangerous but unnecessary on policy grounds.

In this one-two punch, the crucial blow will be dealt not by the dramatic (really, stunning) court ruling, but rather by the more prosaic—and, for all that, more potent—commission report.

Advertisement

Obama created the commission in August, soon after Edward Snowden’s first leaks about NSA domestic surveillance, and many predicted it would churn out the usual blue-ribbon slush, allowing the president to slap on a few cosmetic patches that let the gigantic machine at Fort Meade continue running unhindered.

But that’s not what happened here. This five-man panel produced a 300-plus-page report, containing 46 recommendations, which, if carried out, could make a genuine difference.

The report’s authors make no judgment on the surveillance program’s legality, though they do note its harsh dissonances with the Fourth Amendment, which guarantees the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” More to the point, they state that the NSA’s most indiscriminately intrusive program—the one that the federal judge denounced as “almost Orwellian” and probably unconstitutional—isn’t necessary.

This program—the one that the initial Snowden leaks uncovered—allows the NSA, conceivably, to sweep the phone calls of every American citizen—not their contents but where the calls are going and how long they last. It also allows the NSA to store this data and if necessary retrieve it, for many years.

In the course of their work, the panelists asked top NSA officials if they’ve ever gone back to look at data two, three, or five years after it’s been gathered. The answer: no, never.

One particularly contentious aspect of the NSA program is that it allows analysts to make three “hops” in tracing communications. Let’s say that an American suspected of terrorist activities has phoned 100 people in the last five years. The NSA can track not only the suspicious American’s calls but also the calls of those other 100 people. That’s just the first hop. Let’s say each of those 100 people also called 100 people in the last five years. The NSA can track all of their calls, too. That’s the second hop—and it puts (100 times 100) 10,000 people on the agency’s radar screen. In the third hop, the NSA can trace all the calls of those 10,000 people, and the calls of all the people that those 10,000 people call—for a total of (10,000 times 100) 1 million people.

In other words, tracking the calls of just one person allows the NSA to track the calls of as many as 1 million people.

The panelists asked how often they’ve actually made a third hop. The answer: an infinitesimally small number of times. How often have they made so much as a second hop? A very small number.

So, this wildly expansive program is almost entirely unused and almost certainly unnecessary. The report makes the latter point explicitly, in an all-too-low-key passage in the middle of Page 104:

Our review suggests that the information contributed to terrorist investigations by the use of Section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional Section 215 orders.

(Section 215 is the provision of the Patriot Act that allows bulk collection of data—though, as the Snowden documents have revealed, the collection has been quite a lot bulkier than all but a few outsiders had previously known.)

If that’s all there was to it, we could all rest easily: The metadata sweeps have resulted in almost nothing, and the NSA doesn’t really sweep as deeply as it allowed itself to sweep anyway. But just because the agency doesn’t sweep so deeply today doesn’t mean it won’t go very deep tomorrow. As the report’s authors put it:

[W]e cannot discount the risk, in light of the lessons of our own history, that at some point in the future, high-level government officials will decide that this massive database of extraordinarily sensitive private information is there for the plucking. Americans must never make the mistake of wholly “trusting” our public officials.

In other words, the same algorithms that enable NSA technicians to track suspected terrorists would also enable them, if so ordered, to track political opponents, street protesters, malcontents of all stripes—whomever and whatever sorts of targets a rogue NSA director, or more to the point an authoritarian president, might want to track.

To put it another way: Imagine if this technology had been around when Richard Nixon was president and J. Edgar Hoover was FBI director. Now assume that Nixon and Hoover were not the last of their kind. Our political system is not immune to the ascension of authoritarian leaders, especially if we were to come under another 9/11-type terrorist attack.

  Slate Plus
Slate Picks
Dec. 19 2014 4:15 PM What Happened at Slate This Week? Staff writer Lily Hay Newman shares what stories intrigued her at the magazine this week.