The NSA’s Preference for Metadata

Senior national security officials, from President Barack Obama on down, have made light of the National Security Agency’s intrusive monitoring of the public by saying “only” metadata about communications, not the content of those communications, are collected. One might ask, then, why is it that intelligence and law enforcement officials much prefer this metadata approach?

For one, analysts can determine a great deal about a person – any person – by following the electronic crumbs that people inevitably leave behind in the course of their daily routines. And this data-byte-crunching analysis is much less time-consuming than monitoring each phone call or reading each e-mail.

So, the distinction between listening in on conversations and “just” collecting phone numbers called and the duration of the conversations is a red herring. The truth is that persistent, bulk collection of metadata in support of analysis is – not can be – more revealing over time than content, the latter prohibited from collection unless probable cause criteria have been met in the eyes of a court.

Metadata collection can answer all but one of the five “W’s” of journalism: the Who, What, Where and When. Given time, it can even respond to “Why” someone interfaces with digital information systems the way they do. It can do this because it is possible to discern patterns of behavior in metadata.

A very simple example: You go to work via a toll road, taking essentially the same route five days a week, for about 48 weeks a year. A license plate scanner produces information about where your car was when it was scanned – and at what time. Your passive transponder (e.g., E-Z Pass) records your entrance onto the toll road at which ramp, and when you were there. The same transponder reports when and where you got off the toll road.

You stopped to get gas. Your credit card records where you were and when you bought the gas. You arrive at work and turn on your computer. Your Internet service provider (ISP) records when an IP address was given to your computer and what time it was provided. The IP address is associated with a server at a location with a specific address and is associated with your name.

So it is possible to know when you arrived at work. Or perhaps you called your wife to tell her you arrived safely. Your phone has locational information and the time of the call is recorded. Of course, the phone is associated with your account/name.

Similarly, any deviation from these patterns – for whatever reason – would also be apparent. A consistent deviation might reveal a significant change in your personal life (e. g. job trouble, health problems, marital difficulties).

While this ability to construct a mosaic of your life may not be understood by those inclined to believe what they hear on the evening “news” – that the metadata is no real threat to your privacy – this reality is eminently understandable to those familiar with the technological power of the various NSA programs. MIT graduate students, for example, have produced a video, based largely on personal experience as well as research, that makes it very clear.

A caveat here: I have not seen everything that has been released by former NSA contractor Edward Snowden so far, but I have seen most. Even taken together, these documents listing the names of the programs – like PRISM, XKEYSCORE and UPSTREAM – and the various diagrams depicting data flows on charts would not tell much to someone unfamiliar with the technological capabilities of these programs.

What is discernible is that NSA is interested in metadata and content from the Internet, a fact that is hardly classified. NSA is also interested in phone calls. That too is not classified, nor is it new. People have known for a long time that NSA’s mission is to produce foreign intelligence from communications.

Former NSA Director Michael Hayden long ago made it clear that – given the rapid changes in networked communications and associated technologies – NSA needed to master the “net.” There was no mistaking the intent. He even said he consulted with large Internet companies and their experts in Silicon Valley.

Bottom Line: Only people who work with these programs – the contractors who support information technology, the IT developers and the NSA analysts – understand what these programs are, what they do and how they do it, in other words, the extraordinary power that they possess.

A Highly Damaging Leak?

As for the “damage” from unauthorized disclosures of these programs over the past half-year largely from documents leaked by Snowden, defenders of NSA bulk collection are hewing to NSA’s talking points (recently acquired via a Freedom of Information request). Here are three of the 13 points listed:

“-DISCLOSURES HAVE DONE IRREVERSIBLE AND SIGNIFICANT DAMAGE TO SECURITY.

“-EVERY TIME THERE ARE DISCLOSURES, IT MAKES OUR JOB HARDER.

“-OUR ADVERSARIES ARE PAYING ATTENTION AND WE ALREADY SEE SIGNS THEY ARE MAKING ADJUSTMENTS.” [From NSA’s “MEDIA LEAKS ONE CARD”]

But these “talking points” obscure the real questions posed by the bulk collection of metadata on virtually all human beings who communicate through electronic means, from telephone to e-mail: What is the real threat posed to personal privacy by the persistent, bulk collection of metadata of innocent people? And what is the real damage from disclosure of this reality?

As for legality, do not be fooled by allusions to the infamous Smith v. Maryland (1979) court decision – which says Americans surrender their expectation of privacy over call data held by phone companies –upon which the Government rests its case for claiming its NSA metadata collection is legal.

That case had absolutely nothing to do with the persistent, bulk collection of metadata. The citation amounts to a stall tactic, with the Government knowing it takes just about forever for the federal court system to adjudicate the legality of such a claim – while the collection will continue.

Also, be skeptical about the Government’s claims about massive (but indeterminate) damage to national security. According to the rules for classifying material, it must have the potential to cause EXCEPTIONALLY GRAVE DAMAGE to the national security of the United States (TOP SECRET), SERIOUS DAMAGE to the national security (SECRET), or to cause DAMAGE to the national security (CONFIDENTIAL stuff), if divulged to the public at large.

It would be difficult for anyone in a court of law to make the case that public disclosure of NSA’s intrusive collection has done any of those things. Despite the NSA’s “talking points,” no clear-cut evidence has been presented supporting the claims of “IRREVERSIBLE AND SIGNIFICANT DAMAGE.”

But here is a real leak that caused “exceptionally grave damage” to the national security: On the night of 9/11, Sen. Orin Hatch, R-Utah, told The Associated Press, “They have an intercept of some information that includes people associated with [Osama] bin Laden who acknowledged a couple of targets were hit.”

Hatch made similar comments to ABC News and said the information had come from officials at the CIA and FBI. We never heard bin Laden or any of his close associates on a satellite phone again. THAT was a true compromise of security. But nothing happened to Sen. Hatch.

Has Snowden caused great embarrassment, especially about monitoring the communications of various high-level persons in foreign countries, such as Germany and Brazil? Yes, but do any of those countries pose a security threat to the United States? None of which I am aware.

And, contrary to the alarmist claims of the NSA “talking points,” the damage to intelligence sources and methods aimed at legitimate foreign targets is, so far, minimal. Part of the reason is because, quite simply, there are no current options to avoid either phones or the Internet or travel, all of which are heavily monitored. Alternatives aimed at evading monitoring are fragile, costly, inconvenient, and usually ineffective.

Another irony about all the teeth-gnashing over Snowden’s revelations is this: As noted elsewhere, the U.S. government is sure to improve – not degrade – its intelligence gathering/analysis if it abandons the kind of mass metadata collection and storage that serves mainly to drown analysts in data.

The current system has been shown to be ineffective in identifying terrorists, raising the question: How does one damage something that is already “ineffective”?