The National Security Agency has been collecting the phone records of all U.S. citizens—which numbers have called which other numbers, when, and for how long—in an enormous database. The government says this mass collection is OK because the database is “queried”—i.e., searched—only under court supervision. In theory, this two-tiered approach, with judicial scrutiny applied at the query stage rather than the collection stage, is defensible. But does the judiciary—in this case, the Foreign Intelligence Surveillance Court—really examine the database queries?
This week, at House and Senate hearings, five administration officials answered questions about the phone surveillance program. They held back plenty, but they told us a lot more than we had previously known. They testified that last year, the NSA had plugged fewer than 300 phone numbers into the database— numbers for which the agency could claim a “reasonable, articulable suspicion” of a connection to terrorism—to find out which other phones had called or received calls from those numbers. The officials cited multiple layers of supervision. But the judicial review they described is superficial. The NSA doesn’t have to get court approval each time it queries the database. It doesn’t even have to explain each query to the court afterward.
The officials who testified were NSA Director Keith Alexander, Deputy NSA Director Chris Inglis, Deputy Attorney General James Cole, FBI Director Robert Mueller, and Robert Litt, the general counsel to the director of national intelligence. Here are the key questions they addressed:
1. Who has access to the data?
“Only 20 analysts and NSA and their two managers, for a total of 22 people, are authorized to approve numbers that may be used to query this database,” Inglis testified. Mueller quoted the same figure: “You have just 22 persons who have access to this to run the numbers against the database—20 analysts and two supervisors.” Alexander elaborated:
“Could somebody get out and get your phone number and see that you were at a bar last night? The answer is no, because, first, in our system, somebody would have had to approve, and there's only 22 people that can approve a reasonable, articulable suspicion on a phone number. So, first, that [phone number] has to get input. Only those phone numbers that are approved could then be queried. And so you have to have one of those 22 [people] break a law.”
These statements don’t clarify whether the “access” reserved to these 22 people is a physical or just a legal matter. Is it possible for others to access the data? That raises the next question:
2. What are the barriers to unauthorized access?
Alexander testified, “To get to any data like the business records 215 data that we're talking about, that's in an exceptionally controlled area. You would have to have specific certificates to get into that.” Inglis told lawmakers that “the metadata is segregated from other data sets held by NSA.” Cole added that it’s “stored in repositories at NSA that can only be accessed by a limited number of people.” These statements imply that real barriers in physical or cyberspace protect the data. But what are the barriers? How is access controlled?
3. Can one person search the data alone?
Not legally. “Any analyst that wants to form a query, regardless of whether it's this authority or any other, essentially has a two-person control rule,” said Inglis. “They would determine whether this query should be applied, and there is someone who provides oversight on that.” Again, it isn’t clear whether this rule is just a legal requirement or is physically enforced by a dual-key system.