A series of Congressional hearings this week is drawing renewed attention to the issue of the National Security Agency’s program to collect data on telephone and internet activities of hundreds of millions of Americans. While much of the media has focused on whether Edward Snowden is, personally, a hero or a villain, some commentators have plunged into the substantive debate that he hoped to touch off: Is the program he has blown the whistle on really something we want our government to be doing?
One of the most articulate commentators to come to the defense of the NSA is Thomas Friedman. His recent column in the New York Times epitomizes what bothers me most about this whole affair—the readiness of people who claim to be defenders of an open society to make excuses for people and policies that undermine it.
Friedman argues that although what the NSA is doing is distasteful, we should put up with it because it might stop some future terrorist attack, which in turn, would prompt even more intrusive violations of our freedoms. He explains that he fears government abuse of privacy less than he fears another 9/11,
not because I don’t care about civil liberties, but because what I cherish most about America is our open society, and I believe that if there is one more 9/11—or worse, an attack involving nuclear material—it could lead to the end of the open society as we know it. If there were another 9/11, I fear that 99 percent of Americans would tell their members of Congress: “Do whatever you need to do to, privacy be damned, just make sure this does not happen again.” That is what I fear most.
That is why I’ll reluctantly, very reluctantly, trade off the government using data mining to look for suspicious patterns in phone numbers called and e-mail addresses—and then have to go to a judge to get a warrant to actually look at the content under guidelines set by Congress—to prevent a day where, out of fear, we give government a license to look at anyone, any e-mail, any phone call, anywhere, anytime.
Here are three things that trouble me about this line of argument.
1. It looks like the NSA can already do pretty much whatever it wants
My first concern is that we appear alreadyto have given the security establishment a license to look at anything they want. Snowden’s revelations give us a peek at this broad program of surveillance, but we don’t know a lot of the details, nor are we likely to find out any time soon. Here is what we do know:
- The NSA routinely collects “outside of the envelope” data about most if not all of our electronic communications, landline, cell, and internet.
- They comb through this data with computer models that look for patterns of suspicious activity.
- When they find something that looks suspicious, they make a secret request to a secret judge who decides in secret whether to allow the NSA to “open the envelope” and read or listen to the content of the communication.
- The judges hear only the government’s side of the case and almost never say no.
How is that not “giving the government a license to look at anyone, any e-mail, any phone call, anywhere, anytime?”
The only evidence we have to the contrary is the word of our intelligence professionals, who keep telling us that they only look inside the envelopes of the bad guys, and that doing so has allowed them to foil many vaguely specified plots. The trouble is, our intelligence professionals are inherently not credible. That is because they see themselves as having a duty to lie to us when they think we are getting too close to the truth.
Yes, not just a duty to keep secrets, but a duty to lie. That is more than just a conjecture. Exhibit A is the lie that James Clapper, director of national intelligence, told Congress in March this year. Here is a link to the video clip, in case you haven’t watched it yet. In the clip, Congressman Ron Wyden asks Clapper to answer “yes” or “no” as to whether the NSA collects any kind of data at all on millions of Americans. Clapper answers “No” and then adds, disingenuously, “Not wittingly.”
What is revealing is not so much the answer, which Snowden’s revelations have shown to be false, and which Congressman Wyden probably knew to be false from previous closed hearings, but Clapper’s defense of the answer. Speaking to NBC’s Andrea Mitchell, he explained “I was asked a ‘when are you going to stop beating your wife’ kind of question, which is, meaning not answerable necessarily, by a simple yes or no. So I responded in what I thought was the most truthful or least untruthful manner, by saying, ‘No.’”
In fact, Wyden did not ask the trick question, “Have you stopped beating your wife?” He asked the simpler question, “Do you beat your wife?” It is hard to think of a more untruthful answer than “No.” What is interesting is that Clapper did not choose the less untruthful answer, “I cannot answer that question in open session.” The inference I draw from his untruthful “No” is that he understands his duty not to reveal secrets to include an obligation to tell outright lies whenever a simple “No comment” might be too revealing.
In short, it is my view that giving our intelligence agencies the authority to do a limited amount of data collection and at the same time giving them permission to lie about whether they are exceeding the limit is functionally the same as giving them unlimited authority in the first place. Interpreting what any intelligence professional says on the subject, whether to a journalist or under oath to a Congressional committee, is like trying to figure out one of those trick cards that read, on one side, “The statement on the other side of this card is true,” and on the other, “The statement on the other side of this card is false.
2. We know the NSA’s methods are fallible
We are supposed to be reassured to know that the NSA initially gathers only information “outside the envelope” and uses that information only as input to computer models than look for “patterns.” The trouble is, pattern-finding models are prone to errors. How do we know? We know because Wall Street hires a lot of people to do the same thing. Wall Street firms can pay higher salaries than the NSA, so they presumably get first pick of the best pattern searchers. Still, they make mistakes, sometimes big ones, as happened in the infamous London Whale episode. In the best case, their models are right more often than they are wrong—right often enough to make money for JPMorgan Chase and right enough for the NSA to catch some bad guys.
Still, any statistical models, no matter how sophisticated, have to be calibrated in a way that turns up a lot of false positives. If they are not, they will miss too many true positives. On Wall Street, false positives result in bad trades. In the intelligence world, false positives result in God knows what.
At best, the subject of an intelligence false positive might be hassled at airport security. At worst, if the false positive is unlucky enough to live in Waziristan or Yemen, he may find himself in the crosshairs of a drone. The CIA does not always know the specific identity of its targets. As reported in the Los Angeles Times and elsewhere, the agency also conducts so-called “pattern of life” strikes, which means killing people who it thinks, on the basis of computer models, are probably dangerous terrorists. Those programs, too, are of necessity calibrated to tolerate some nonzero level of false positives.
Let’s suppose you are a false positive and you are lucky enough only to end up on a no-fly list instead of in the crosshairs of a drone. At that point, you run up against another aspect of fallibility—that of the process through which you can appeal to get off the list. Here is how the ACLU describes its attempts to get help one group of no-fly list victims.
Our brief [in the case Latif v. Holder] highlighted the utter irrationality of the government’s No Fly List procedures. The plaintiffs in Latif all flew for years without any problems. But more than two years ago, they were suddenly branded as suspected terrorists based on secret evidence, publicly denied boarding on flights, and told by U.S. and airline officials that they were banned from flying—perhaps forever. Each of them asked the government to remove them from the No Fly List through the only “redress” mechanism available—the Department of Homeland Security Traveler Redress Inquiry Program. But the government has refused to provide any explanation or basis for their inclusion in the list. Our clients have been stuck in limbo ever since.
3. We know the NSA’s people are fallible
Beyond the fallibility of the NSA’s computers, we have to worry about the fallibility of their people. One of the most astonishing things about the reaction to Snowden’s revelations is the parade of intelligence officials who have told us that he could not, or should not, have had access to the very information that he has leaked. If one low-level contract employee could bypass the NSA’s internal firewalls, we have to assume that others can as well. Snowden took his information to the Guardian and the Washington Post. Who knows to whom others might be leaking information? To foreign governments or terrorists? Obviously, but there are other possibilities that are not much less worrisome:
- Hedge fund managers have billions to spend in search of patterns of behavior that could be the basis for profitable trades. How do we know they are not planting Snowden-like IT people at the NSA to snoop for such patterns in the Prism database? What would that say about the integrity of our markets, let alone of our government?
- On the same page of the New York Times where Friedman’s column appeared, James B. Rule, Professor of Law at the U.C. Berkeley Law School, noted that the NSA database could be very handy for uncovering patterns of behavior that reveal crimes other than terrorism. Its use for such purposes is not yet authorized, but Rule worries that once the tools are in place, it will be hard to resist calls to use them for such worthy purposes as targeting child abusers, drug smugglers, and tax evaders. True, those uses are not yet authorized, but how can we be sure that there are no unauthorized uses? Suppose Jane at the IRS thinks she can get a promotion by cracking a big tax evasion case. What keeps her from getting help from her boyfriend at the NSA? The same firewalls that failed to stop Snowden?
- NSA people are only human. Some of them presumably have personal grudges. What stops a vindictive employee from, say, inserting false information into the database that will put a former spouse or lover on the no fly list, or derail their application for a security clearance?
Of course, most federal intelligence employees are straight shooters, but a frighteningly large number of people work in intelligence. The Snowden episode shows that some of them, at least, are willing to step out of line, and that internal controls are less than perfect. In fact, Snowden is actually a special case, in that the nature of his infraction of the rules—whistleblowing—necessarily means the public finds out about him. We are much less likely to learn about those—if there are any—who are passing insider information to hedge funds, or slipping an unauthorized tip to friends in another branch of law enforcement, or working out grudges against former lovers. Even if they are caught, it is likely that their cases will be hushed up as administrative matters, not tried in open court.
The bottom line
Thomas Friedman fears rocking the boat, lest doing so lead to “the end of the open society as we know it.” Personally, though, I am not satisfied with the degree of openness of the society we now know—the society of secret lists, secret courts, and officials who feel free—no, who feel duty bound—to lie to us and our elected officials about what they are up to.
“But it’s all perfectly legal!” you say. Well, as Sen. Rand Paul put it the other day, “Just because Congress approved it doesn’t make it right.” (That’s the same Congress, by the way, in which a majority thinks it would be an outrage against our constitutional rights to maintain a federal register of firearms data. Go figure.)
The whole NSA program, including its façade of legality, is uncomfortably reminiscent of SORM, an internal eavesdropping system first developed by the KGB in the 1980s and extended in Putin’s Russia to encompass cell phones, internet, and every other known form of communication. Interestingly, SORM, like its American counterpart, requires the security services to get a court order before installing equipment to capture data. However, Andrei Soldatov, an investigative journalist and author of several books on Russian security services, has told the Moscow News that the system of court supervision is a sham. “It’s all regulated by internal procedure, by the FSB, essentially,” he said. “Supposedly, there’s some sort of prosecutor control, but nobody’s heard of it [being used]. Nobody is required to show these warrants, so [we] never know for sure whether [the agencies] actually have one.” (Bracketed material is from the Moscow News original.)
I don’t deny that there are real terrorists out there who would be happy to blow me up in the name of whatever warped cause they represent. On balance, though, I welcome the Snowdens who are willing to risk rocking the good ship Open Society a little before it sinks with all of us on board. I’d rather take the risk of a little rocking than cower in the hold, hoping that if we accept things as they are, they won’t get any worse.
Original post