Washington is reeling after a court order was uncovered last night showing Verizon has secretly been handing over reams of customer phone records to the National Security Agency on a daily basis. The records don’t contain the content of phone calls—so, just to be clear, this isn’t wiretapping—but they do contain information such as phone numbers, the location and duration of calls, and subscriber and handset ID numbers, all of which fall under the category of “telephony metadata.”
Unless the NSA has some superpowered intelligence algorithm that helps them separate signal from noise, the agency is simply Hoovering up vast amounts of noise for little if any signal.
Calibrating the appropriate level of outrage will probably occupy us for most of the day. But far from a frivolous exercise, it’s an important process, because it involves the weighing of factors that might or might not matter to you depending on how serious (or potentially expansive) you think this violation of user privacy really is.
By itself, metadata can’t tell you very much about—well, you. Nor is it likely that our lives will proceed any differently today than they did for the last couple months. This particular surveillance program has been in effect at least since April, and the Bush administration engaged in similar activities. If you didn’t notice anything amiss then, your life will probably continue unchanged now.
But this is the latest in a string of scandals dealing specifically with the Obama administration and its use of phone records in potentially unethical ways. Previous incidents had the government targeting journalists as a way to get to whistleblowers, but as we indicated last month, nothing in those cases ruled out the broader surveillance of the American public. And now, via The Guardian’s original report, we seem to have found it.
The White House has gone to extraordinary lengths to punish previous administration leakers. For Obama, there’s even more at stake than there was with the AP scandal or the Rosen case. Those were about deterrence and retribution for bygone events. The Guardian’s revelation interferes with an ongoing government mission. The White House this morning defended the general practice of mass surveillance—but wouldn’t confirm specifics—saying it is “a critical tool in protecting the nation from terrorist threats.” As my colleague Garance Franke-Ruta pointed out last night:
Yet even if we grant Obama the benefit of the doubt, it’s not clear how gathering cell phone metadata actually helps the administration do its job better. One of the enduring paradoxes of intelligence is that the more you have of it, the harder it is to find what you’re actually looking for.
“Intelligence collection and targeting systems operate efficiently today in real time,” writes the intelligence scholar G. Murphy Donovan. “The strategic analysis process, however, does not provide a comparable return on investment.”
Unless the NSA has some superpowered intelligence algorithm that helps them separate signal from noise, the agency is simply Hoovering up vast amounts of noise for little if any signal. The idea that this is a standing court order without a clear, pre-identified suspect is further reinforced by a legal expert’s suspicions that what The Guardian uncovered was simply a routine three-month extension of an existing order dating as far back as 2006.
Six other questions remain.
Were communications companies other than Verizon involved?
The Electronic Frontier Foundation has reason to believe AT&T may also have been complicit, citing evidence that one of its technicians installed hardware designed to copy and forward Internet traffic to the NSA.
Does “telephony metadata” cover more than just phone calls?
The text of the court order doesn’t rule out text messages, multimedia messages, or other forms of communication conducted over telephony services. Did the NSA gather information about that stuff, too?
If the NSA has access to phone records, why the need to subpoena the AP’s logs?
As Marc Ambinder points out, if the NSA is already collecting metadata, why should the government need to subpoena said information to go after whistleblowers? In principle, barriers exist between the NSA (Pentagon) and the FBI (Justice Department) to prevent this sort of thing. In practice, however, the court order shows NSA was gathering the metadata on behalf of the FBI, so those barriers didn’t appear to operate as intended this time. One answer may be that even if DOJ had been able to look at the NSA’s information, it wouldn’t have been admissible as evidence in court—hence the need for subpoena. I’ve reached out to legal experts for a clearer answer, and I’ll update if and when we know more.
What does this mean for Eric Holder and James Comey?
Attorney General Holder goes to Capitol Hill later this morning to face lawmakers’ questions again. The scheduled appearance just got a lot more interesting. Comey, Obama’s pick for FBI director, famously opposed the warrantless wiretapping program under President George W. Bush. But it’s not clear whether this current form of domestic surveillance, one that involves a court order, is something he would support. Comey’s confirmation hearing just got a lot more interesting, too.
What does this mean for the future of cybersecurity legislation?
President Obama recently appointed the nation’s first privacy adviser. She probably has her hands full today. But more importantly, the revelation about Obama’s NSA surveillance program casts his cybersecurity efforts in a much different light. The White House has opposed the House cybersecurity bill , CISPA, on privacy grounds. But if the NSA court order is true, what the public thought was a principled stand by the president might turn out to be a matter of political expediency after all.
How hard will Obama go after his latest whistleblower?
AP/DOJ will look like peanuts next to this.