The New York Times has a follow-up piece today on the NSA story, which seems to confirm prior suspicion around the blogosphere (see these prescient posts by Bruce Schneier, Defense Tech, and Early Warning) that a large element of this story is about the use of new technologies:
What has not been publicly acknowledged is that N.S.A. technicians, besides actually eavesdropping on specific conversations, have combed through large volumes of phone and Internet traffic in search of patterns that might point to terrorism suspects. Some officials describe the program as a large data-mining operation….
Officials in the government and the telecommunications industry who have knowledge of parts of the program say the N.S.A. has sought to analyze communications patterns to glean clues from details like who is calling whom, how long a phone call lasts and what time of day it is made, and the origins and destinations of phone calls and e-mail messages. Calls to and from Afghanistan, for instance, are known to have been of particular interest to the N.S.A. since the Sept. 11 attacks, the officials said.
This so-called “pattern analysis” on calls within the United States would, in many circumstances, require a court warrant if the government wanted to trace who calls whom.
Assuming this is true, my reactions are mixed. I can see real security benefits from this kind of analysis in some instances, especially in terms of using relationship analysis to build out a the web of connections between people and their identifiers (i.e. phone numbers, e-mail addresses). If there are these tangible security benefits, and it is done in a way that makes a clear effort to protect privacy by such means as anonymization of data and user audits, then this can be an appropriate tool in the war on terror.
But this story reinforces what I wrote last Monday in this post, and my sense that the extra-legal path that has been chosen by the Administration will harm our efforts to fight the war on terror in the long-run, for all of the potential short-run benefits. A story like this has the potential to tar ALL data mining and data analysis activities in the government, without making distinctions between activities based upon their security benefits, built-in privacy protections, and consistency with other legal and societal norms.
I think it’s time for the United States to have an open and honest debate about data mining and data analysis for homeland security, one that shifts the debate away from the current dynamic where scaremongering and accusations of treason are the normal mode of discourse.
A good starting point for this discussion is my former colleague Mary DeRosa’s excellent study on Data Mining and Data Analysis for Counterterrorism, published last year.