tUSA Today has the latest blockbuster revelations on the domestic activities of the NSA in a story today:
The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.
The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans â€” most of whom aren’t suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews….
In defending the previously disclosed program, Bush insisted that the NSA was focused exclusively on international calls. “In other words,” Bush explained, “one end of the communication must be outside the United States.”
As a result, domestic call records â€” those of calls that originate and terminate within U.S. borders â€” were believed to be private.
Sources, however, say that is not the case. With access to records of billions of domestic calls, the NSA has gained a secret window into the communications habits of millions of Americans. Customers’ names, street addresses and other personal information are not being handed over as part of NSA’s domestic program, the sources said. But the phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information….
The government is collecting “external” data on domestic phone calls but is not intercepting “internals,” a term for the actual content of the communication, according to a U.S. intelligence official familiar with the program. This kind of data collection from phone companies is not uncommon; it’s been done before, though never on this large a scale, the official said. The data are used for “social network analysis,” the official said, meaning to study how terrorist networks contact each other and how they are tied together.
The White House response to this story is well-summarized in this follow-up piece from USA Today. Elements of this story are not new: much of it is seemingly alluded to in this New York Times piece from mid-February, this National Journal story last month, and the Electronic Freedom Foundation’s lawsuit against AT&T over the issue of cooperation with the NSA.
This story is a big, big deal, and the facts that it reveals are quite frankly appalling. I understand the potential value of this kind of social network analysis from a security perspective; in fact, I’ve written posts before arguing in support of certain types of data mining and data analytical tools, and I’ve been annoyed when publicly-known research projects such as Total Information Awareness have been shut down before being fully tested. I think that these tools have value when you’re starting with a known suspect or set of suspects, and then use social network analysis to develop a map of their web and patterns of relations. But I think that the security value of conducting social network analysis on the entire national telecommunications system – a set of 200+ million individuals – is marginal at best, and realistically likely to be close to zero. There’s far, far too much hay in the stack to ever find the needle and manage the false-positive problem, even with supercomputers crunching the data. It’s a bad investment in security.
Moreover, the secrecy and extralegality of this effort undermines the nation’s very real fight against terror, and is going to make us a more vulnerable nation. Freedom, liberty and the rule of law are core strengths of the United States, and the sources of the cohesion and national resolve that we need to fight the war against terror. The Administration’s shortsighted decisions to secretly pursue such projects are tearing at the social fabric of this nation, undermining the rule of law, and making us weaker as a nation. That’s dangerously unacceptable, and is the direct consequence of the choices that this Administration has made.
Update (5/11): Noah Shachtman’s been all over this story today at DefenseTech. His posts are here.