With last week’s failure of the Senate to pass, scrap or amend the Patriot Act and that body returning early this coming Sunday to try again, it might be a good time to review the bidding.
Of course, the contention is about Section 215, which has been used to authorize National Security Agency’s acquisition of metadata on American phone calls. Recall that metadata reveals the externals of a call: to, from, when, how long. It does not include content, which I am embarrassed that I have to say but feel compelled to do so since many allegedly knowledgeable commentators continue to repeat the calumny that NSA can enter the content of these calls at will.
The heated debate over metadata also threatens to ax other provisions of Section 215 dealing with roving wiretaps (used when suspected terrorists employ “burner” phones) and lone wolves (those self-inspired terrorists who cannot be operationally connected to a foreign group).
So a lot is at stake here, but the debate is focused on NSA’s acquisition and retention of metadata so let me, too, focus on that. Roving wiretaps and lone wolves are more law enforcement than intelligence issues. And, besides, domestic metadata acquisition began under me when President Bush authorized the STELLARWIND program in October 2001.
Actually, an interesting consensus has developed so that most of even those who think ill of this program now accept that there is no evidence that it has ever been used for other than its original purpose — to combat terrorism. Admittedly, there is a dark band out there who still thinks otherwise, but a good fraction of them almost certainly routinely wear tinfoil on their heads.
And, curiously, despite all the huffing and puffing about alleged lack of results and NSA being inundated with useless data, most still want the agency to be able to access the ocean of American metadata. The issue has come down to who should hold it, the government or American telecoms, not whether it is a good thing to hold — or access.
With that in mind, as the Senate resumes debate, I recommend a look at three characteristics before the final vote: agility, depth and breadth.
Agility has to do with how quickly and accurately the data can be queried. Having all the information accessible in one place where it can be queried immediately by intelligence professionals probably represents the high watermark here. That’s the system as it has existed since late 2001.
We already have slowed that process by requiring NSA to go to the Foreign Intelligence Surveillance Act court for approval of every individual query. Keep in mind what the FISA court is approving here: An intelligence analyst’s judgment that he has a reasonable articulable suspicion that a foreign telephone number is associated with international terrorism. I understand the comfort level that that might bring to some, but courts bring no special expertise to that exercise.
Now the USA Freedom Act would amend Section 215 so that metadata will be retained in separate caches by individual phone companies. The burden is on those who support this approach to show that contact chaining back and forth across individual carriers will introduce no further time delays or new errors in the process now used to see if suspected terrorists are in contact with anyone in the United States.
Depth has to do with how far we can look backward under the new structure. After all, what is being sought here is a pattern of past (revealing) behavior and how far back we can see makes a difference. NSA holds the data it acquires from the phone companies for five years. No carrier retains the data that long nor has a business need to.
The USA Freedom Act would set no time requirements for the telecoms. In fact, the act wouldn’t require the telecoms to keep the data at all. Could we see a race to the bottom here? Could telecoms try to reduce the time they retain data as some sort of commercially competitive advantage attractive to those who fear alleged government “snooping.” I hope not, but the law would not prevent it.
Breadth refers to how comprehensive the final database will be. When we started this in 2001, we knew that we would never have a record of all phone calls made within, to or from the United States. Technological and commercial realities made that impossible. Even in an age of corporate giants, there were still “mom-and-pops” out there. And we were well positioned to get records on landline calls that were routinely billed per call but not so much on cell calls, which were not.
The situation has gotten worse, as more and more of us use cellphones rather than land lines. The current NSA database, still useful, is comprised of a shrinking proportion of U.S. calls.
But if bulk data are no longer to be delivered to and queried at NSA, what is the possibility that the internal workings of telecoms might reveal more cellphone activity than the current bulk data dump of billing records? Can we access evidence of cell calls even if they are not routinely billed per call? Are companies prepared to work toward that end?
And if we cannot do that in retrospect, might we do it in prospect? Can we be alerted when a designated terrorist number shows up in the future in contact with any American phone?
Perhaps these kinds of detailed questions already have been vetted in closed sessions on the Hill. One would like to think so. But if they haven’t, they should be. Arguing over concrete characteristics like agility, breadth and depth would certainly be better than just yelling at one another.
• Gen. Michael Hayden is a former director of the CIA and the National Security Agency. He can be reached at firstname.lastname@example.org.