Rick Bowmer\/AP Photo The National Security Agencys $1.5 billion data storage facility in Bluffdale, Utah, June 2013 <\/p>\n
Supporters of the National Security Agency inevitably defend its sweeping collection of phone and Internet records on the ground that it is only collecting so-called metadatawho you call, when you call, how long you talk. Since this does not include the actual content of the communications, the threat to privacy is said to be negligible. That argument is profoundly misleading. <\/p>\n
Of course knowing the content of a call can be crucial to establishing a particular threat. But metadata alone can provide an extremely detailed picture of a persons most intimate associations and interests, and its actually much easier as a technological matter to search huge amounts of metadata than to listen to millions of phone calls. As NSA General Counsel Stewart Baker has said, metadata absolutely tells you everything about somebodys life. If you have enough metadata, you dont really need content. When I quoted Baker at a recent debate at Johns Hopkins University, my opponent, General Michael Hayden, former director of the NSA and the CIA, called Bakers comment absolutely correct, and raised him one, asserting, We kill people based on metadata. <\/p>\n
It is precisely this power to collect our metadata that has prompted one of Congresss most bipartisan initiatives in recent years. On May 7, the House Judiciary Committee voted 32-0 to adopt an amended form of the USA Freedom Act, a bill to rein in NSA spying on Americans, initially proposed by Democratic Senator Patrick Leahy and Republican Congressman James Sensenbrenner. On May 8, the House Intelligence Committee, which has until now opposed any real reform of the NSA, also unanimously approved the same bill. And the Obama administration has welcomed the development. <\/p>\n
For some, no doubt, the very fact that this bill has attracted such broad bipartisan approval will be grounds for suspicion. After all, this is the same Congress that repeatedly reauthorized the 2001 USA Patriot Act, a law that was also proposed by Sensenbrenner and on which the bulk collection of metadata was said to resteven if many members of Congress were not aware of how the NSA was using (or abusing) it. And this is the same administration that retained the NSAs data collection program, inherited from its predecessor, as long as it was a secret, and only called for reform when the American people learned from the disclosures of NSA contractor Edward Snowden that the government was routinely collecting phone and Internet records on all of us. So, one might well ask, if Congress and the White House, Republicans and Democrats, liberals and conservatives, all now agree on reform, how meaningful can the reform be? <\/p>\n
This is a reasonable question. This compromise bill addresses only one part of the NSAs surveillance activities, and does not do nearly enough to address the many other privacy-invasive practices that we now know the NSA has undertaken. But its nonetheless an important first step, and would introduce several crucial reforms affecting all Americans. <\/p>\n
First, and most importantly, it would significantly limit the collection of phone metadata and other business records. Until now, the NSA and the Foreign Intelligence Surveillance Court have aggressively interpreted a USA Patriot Act provision that authorized collection of business records relevant to a counterterrorism investigation. The NSA convinced the court that because it might be useful in the future to search through anyones calling history to see if that person had been in contact with a suspected terrorist, the agency should be able to collect everyones records and store them for five years. <\/p>\n
The NSA has said it only searched its vast database of our calling records when it had reasonable suspicion that a phone number was connected to terrorism. But it did not have to demonstrate the basis for this suspicion to a judge. Moreover, it was authorized to collect data on all callers one, two, or three steps removed from the suspect numberan authority that can quickly generate more than one million phone numbers of innocent Americans from a single suspect source number. The fact that you may have called someone (say, your aunt) who in turn called someone (say, the Pizza Hut delivery guy) who was in turn once called by a suspected terrorist says nothing about whether youve engaged in wrongdoing. But it will land you in the NSAs database of suspected terrorist contacts. <\/p>\n
Under the USA Freedom Act, the NSA would be prohibited from collecting phone and Internet data en masse. Instead, such records would remain with the telephone and Internet companies, and the NSA would only be authorized to approach those companies on an individual, case-by-case basis, and only when it could first satisfy the Foreign Intelligence Surveillance Court that there is reasonable suspicion that a particular person, entity, or account is linked to an international terrorist or a representative of a foreign government or political organization. This is much closer to the specific kind of suspicion that the Fourth Amendment generally requires for intrusions on privacy. At that point, the court could order phone companies to produce phone calling records of all numbers that communicated with the suspect number (the first hop), as well as all numbers with which those numbers in turn communicated (the second hop). <\/p>\n
Further restrictions are necessary. Through these authorized searches the NSA would still be able to collect large amounts of metadata on persons whose only sin was that they called or were called by someone who called or was called by a suspected terrorist or foreign agent. At a minimum, back-end limits on how the NSA searches its storehouse of phone numbers are still needed. But the bill would at least end the practice of collecting everyones calling records. <\/p>\n
<\/p>\n