More from the USA Today story on government domestic surveillance that Orin mentioned earlier today:
One major telecommunications company declined to participate in the program: Qwest.
According to sources familiar with the events, Qwest's CEO at the time, Joe Nacchio, was deeply troubled by the NSA's assertion that Qwest didn't need a court order — or approval under FISA — to proceed. Adding to the tension, Qwest was unclear about who, exactly, would have access to its customers' information and how that information might be used.
Financial implications were also a concern, the sources said. Carriers that illegally divulge calling information can be subjected to heavy fines. The NSA was asking Qwest to turn over millions of records. The fines, in the aggregate, could have been substantial.
The NSA told Qwest that other government agencies, including the FBI, CIA and DEA, also might have access to the database, the sources said. As a matter of practice, the NSA regularly shares its information — known as "product" in intelligence circles — with other intelligence groups. Even so, Qwest's lawyers were troubled by the expansiveness of the NSA request, the sources said.
The NSA, which needed Qwest's participation to completely cover the country, pushed back hard.
Trying to put pressure on Qwest, NSA representatives pointedly told Qwest that it was the lone holdout among the big telecommunications companies. It also tried appealing to Qwest's patriotic side: In one meeting, an NSA representative suggested that Qwest's refusal to contribute to the database could compromise national security, one person recalled.
In addition, the agency suggested that Qwest's foot-dragging might affect its ability to get future classified work with the government. Like other big telecommunications companies, Qwest already had classified contracts and hoped to get more.
Unable to get comfortable with what NSA was proposing, Qwest's lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.
The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events.
In June 2002, Nacchio resigned amid allegations that he had misled investors about Qwest's financial health. But Qwest's legal questions about the NSA request remained.
Unable to reach agreement, Nacchio's successor, Richard Notebaert, finally pulled the plug on the NSA talks in late 2004, the sources said.
All I can say is, at least someone is apparently resisting the administration's seemingly bottomless claims of executive power. Qwest is now improbably at the vanguard of protecting civil liberties, ahead of the other two branches of the federal government. The administration may decide to punish Qwest, as the story suggests, but perhaps the market for telecommunications services can reward the company.
For the time being, I'll leave in Orin's very capable hands an analysis of whether this particular domestic surveillance program is legal. We have only sketchy allegations from unnamed sources at this point, so it it will be very hard to assess the legality of the program, if it exists at all. For reasons I hope to give in the not-too-distant future, I think the NSA program revealed last December is unconstitutional. I'm less certain about the legal/constitutional standing of this program, since it doesn't appear to involve warrantless eavesdropping on domestic calls.
I would not be surprised if the broad outlines of the USA Today story are true. Nor would I be surprised to learn that there are other such secret "programs" authorized by this administration, including some not even revealed on a confidential basis to members of Congress.
Legal or not, based on what we know now the program seems very hard to justify as a security measure in light of its actual and potential damage to Americans' privacy. Perhaps the administration can offer a defense of the program that makes sense, but so far it feels no need to explain itself to anybody. In the balance between civil liberties and security — which I fully agree has to be adjusted toward the latter in a post-9/11 world — the administration has continually opted for overkill. There is such a thing as security overkill, just as there is such a thing as preserving trivial liberties at the expense of protecting lives. If collecting data on every single call made by every single person in the U.S. every single day for a dubious enhancement of security does not count as overkill, well, the administration will soon show us what does.
Related Posts (on one page):
- Another Reason to Try VOIP:
- I'm switching to Qwest:
It's just as likely that the NSA was acting on its own. I think President Bush is getting the blame for actions by agencies that he has little influence with and almost no control over.
911 made a lot of people look bad at the intelligence agencies. They could have taken these actions to repair their egos.
Of course, given that (I assume) hundreds of millions of Americans have phone service, I'd be interested to know how what process of selection is being used to winnow the list down to "tens of millions."
I just hope your plans don't included legal courses on the sharia...but then again, why not plan ahead...
Um, I'd like to ask Dale what exactly IS the "actual and potential damage to Americans' privacy".
It seems to me that there is zero actual damage to privacy, since no personally identifying information is being collected - no names, no addresses, etc.
So, Dale, what is the potential damage you are talking about?
Bush has "little control" over the NSA? Since when?
And if the NSA is some rouge agency now is it wise to put it's out of control leader in the top spot at CIA?
Assuming it is true that the phone companies are not PROVIDING names and addresses, that doesn't mean the NSA isn't COLLECTING names and addresses and correlating them with the phone records in question. As the article explains, "[T]he phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information."
I'm waiting for the ever popular "why do you support the terrorists?" and "If you're not guilty, you have nothing to fear".
I think we already saw that from f.u.w.f.
2) I keep asking myself "Are those having hysterics over this suicidal, simply abysmally ignorant about datamining, or constitutionally unable to understand that people on the streets of the US are plotting mass murder?"
2) Exactly how will the privacy of Americans be infringed? Does Dale fear that NSA spooks will be making anonymous calls to spouses telling them to check their spouse's pockets or perhaps playing country western songs about cheating over the line? I can see why this news would be potentially injurious to the operators of phone sex businesses, but I think that is not too high a price to pay for continued life. No one gets to call a phone sex line when he or she is dead.
True, warrants will be sought and issued for surveillance of me if the computer pops out the information that that I have been having cozy chats twice weekly with some crazed London mullah, and I have abruptly started to make phone calls to multiple cities in an apparent effort to contact others in the mullah's calling list. Does Dale think this is an unnecessary measure?
3) If we don't use such measures, I suppose Dale is in favor of rounding up Arab Americans? Having the FBI randomly monitor Muslim converts? Placing a largely innocent population under unfair scrutiny?
4) If libertarian lawyers really want to protect American's privacy when it counts, they need to look at the 314(a) lists that are being sent to banks (US Patriot Act). A law enforcement official can place Dale's name on that list. No warrant is required. Every bank in the country will have to go through its records for years and report back if it has done business with Dale. It is illegal for any one to tell Dale that his name is on that list. Then a warrant will be issued to the reporting banks and they will produce all Dale's account records. That's what you need to fear.
5) But of course Congress passed the Patriot Act, and so no one wants to worry about Congress, right? It's Bush that's the terrible, horrible fascist threat to the universe, isn't it?
6) If Congress doesn't want this, Congress can move back into the field. Congress won't do so, because it is afraid of having to make tough choices. Your real beef should be with Congress rather than the Bush administration. What they have authorized is far more dangerous to your liberty than the NSA's datamining. Right now, the NSA's datamining is being use to protect your liberties.
7) I call you on this specious nonsense. I understand you may not know a thing about datamining and its uses, but surely a poster to Volokh should be able to realize the implications of government officials being able to track all your financial dealings on a whim? Don't you find that more of threat than the phone-sex line bit?
And what information is kept? Does it include all information about me that the phone company knows, such as my Social Security Number, my payment history, and my calls to customer service?
For instance, network theory has the concept of a "forbidden triad" which basically means that if A knows B and B knows C it's unlikely that A will not also know C. However this is exactly the sort of structure you'd expect to find in a terrorist system where only one terrorist forms a liason (structural hole) between two cells (cliques). By establishing exactly how rare such behaviors are in the general population, the NSA (or FBI or whomever) would know how to effectively snowball sample in a more targetted investigation. That's just an example and there's all sorts of other structural features for which they could be trying to establish a baseline.
Personally, I think this is very useful for intelligence and (assuming that the data is appropriately scrubbed before analysis and archiving) presents negigible risk to individual privacy. Unfortunately Congress and the courts don't really understand the underlying science well enough to get that. Theoretically the administration could have asked for permission, but given the whole Total Information Awareness flap I doubt Congress would have approved it. Nonetheless, America has the rule of law so I'm not saying that expediency justifies the program, only that it was (probably) good policy, albeit illegal policy.
Medis,
Even if that is correct, are they making those correlations? There is no evidence they are.
To me, this has no greater effect on privacy than, say, turnstile records in the subway. They keep records of who goes into the subway and who comes out of the subway! Yeah, it's helpful to know what subway lines are under or over-used. But without a correlation between that information and who the individuals using the subway are, there is no real privacy concern.
I don't know if they are making those correlations. But I take it that if it turns out that they are making such correlations, then you will see the privacy concerns as legitimate.
Gabriel,
And I take it you are basically of the same view (that your analysis depends on no such additions of personal identifying information to the database).
Secondly, what privacy interest is being invaded here and isn't it just a minimal and theoretical only type interest. If doing this can save some lives isn't it worth the sacrifice? Isn't that what the anti-gun liberals say about taking away the civil liberties of an effective self-defense?
There is nothing to see here move along is stated by someone above. While they meant it in sarcasm it seems quite correct to me. What we should be upset about are the people who leaked this national security information, what crimes they committed by leaking and whether or not the USA Today reporters and editors are guilty of a crime for printing this national security information.
I'm still waiting and hoping for some of these reporters to be frogged marched out of their Manhattan offices in front of the cameras for their unpatriotic and in my mind treasonous behavior.
Says the "Dog"
Yes.
I'm not saying "you're supporting terrorists," I'm just asking for some specifics on how we can use the resource legally. I guess you could make the case we shouldn't do this becuase there is no threat, or that the threat doesn't justify this response. I reject that argument. I think there is a threat and we should respond. The NSA is responding. You disagree with their methods. What is your counter proposal?
yes, the type of analysis i am describing requires no additional data beyond just a very long list of phone calls (what is technically known as an "edge list").
yes, i would consider it a serious invasion of privacy if the NSA was drawing particularly unusual phone numbers out of this dataset and (without a warrant) either merging the phone numbers with personal information or listening to the content of the phone calls. however, i wouldn't consider it to be terribly outrageous if they did that sort of thing with a warrant.
I can not speak for all people making this molehill into a mountain, but my personal concern is not centered on the specifics of any individual NSA program, but on the complete lack of independent oversight of these programs by any non-executive branch body. When the DOJ is precluded from investigating possible crimes because the DOD won't give them a security clearance, am I meant to accept on faith that everything is on the up-and-up?
So, to paraphrase A.S., until someone show me evidence that the NSA activities are being monitored by a responsible adult, I will continue to harbor my concerns.
Il faut cultiver notre jardin
If we started talking about what MIGHT be happening, that would turn us into a bunch of conspiracy nuts.
Where do you draw the line between expressing concern about a lack of transparency and oversight of executive branch function, on the one hand, and conspiracy nuttery, on the other?
That's not OPR's job. Legality was passed upon by the lawyers who OPR was to look at, as well as by NSA's lawyers.
Soon people will be making highly emotional arguments based on their initial reactions that have little relevance to the truth.
But, that is the way of things in today's America! Some people want to believe the worst about Bush-Hitler and rational debate goes out the window.
Soon people will be making highly emotional arguments based on their initial reactions that have little relevance to the truth.
But, that is the way of things in today's America! Some people want to believe the worst about Bush-Hitler and rational debate goes out the window.
Thank God we have this example of an unemotional, moderate, argument based on specific facts to help further rational debate.
Some people want to believe the worst about this administration, and others (a lot on this board) want to believe the best. I guess that's what you call faith-based politics at its best.
What I would like is some assurance that there are legitimate oversights to the actions being taken by the executive branch. When Arlen Specter says he needs to call AT&T to figure out what's going on, I fear that the checks and balances may need a new prescription for Risperdal.
ET Phone Home
As I asked above - what possible abuses? Can you explain to me what the possible abuses are if there is no personally identifying information being gathered?
You see no even POSSIBLE abuses of a massive operation like this? Aside from the legal problems that Orin and others have identified ..., I found the following piece from salon.com, which I'm shamelessly cribbing/quoting here, a good summary of my thoughts.
First, the Bush administration -- without an act of Congress, without a ruling from the judiciary -- has written its own set of rules for gathering telephone records. Forget words like "subpoena" and "warrant" and "probable cause." Under the Bush administration's rules, the NSA gets access to every single phone record it can persuade anybody to give it.
What is the government doing with the phone records? Well, we don't know, and we don't really have any way of finding out for sure. The president said today that his administration isn't "mining or trolling through the personal lives of millions of innocent Americans." OK, but isn't it "mining or trolling" through the data? And if it isn't, why has it gone to the trouble and expense of collecting that data at all?
How is the government safeguarding the information? Well, we don't know that, either. Imagine for a moment that an FBI agent investigating a kidnapping wants to see who's been calling you. The Electronic Communications Privacy Act sets forth the safeguards to be observed before the agent can get the records from a phone company. But now that the NSA has all the records, can the agent simply search through them to find what he needs without getting anyone's approval first? Now imagine that the would-be searcher isn't an FBI agent investigating a crime, but a Bush administration official doing some research on a political opponent. Can he run a search through the records, too?
Maybe it's safe to assume that the answer in both cases is no. But the thing is, we shouldn't have to assume. And if we still had a government that operated in the way the framers imagined, we wouldn't have to. The checks and balances would guarantee it. We'd know that the executive branch was obeying the laws that Congress adopted because it wouldn't have its hands on phone records until a court approved a request and a telephone company complied with it.
It's not like that now. Unless you're lucky enough to live in an area served by Qwest, the NSA apparently already has computer files showing every telephone call you've made or received over the last few years. Maybe the NSA won't look at your calls. Maybe it won't let anyone else do so, either. But you don't know that right now, do you? Sen. Arlen Specter says he's going to hold hearings, and maybe Albert Gonzales or Michael Hayden or someone from the NSA will appear and say -- once again -- that innocent Americans have nothing to worry about here. Maybe you'll trust them. Maybe you won't. But at the end of the hearing, those will pretty much be the extent of your options.
"Possible" abuses is an easy one, even by your standards, because it would be possible to abuse such a database without personal identifying information simply by performing some of the correlations we have described. And again, that doesn't require sophisticated surveillance--it just takes a reverse phonebook.
In other words, you are arguing there is no proof of ACTUAL abuses--but the potential for abuse is quite obvious.
It also seems to me that the Salon article posted above by JosephSlater relies entirely on the premise that personally identifying information is being gathered. Again, we have no evidence of that. So it seems to me to be completely irrelevant. (For example, it states "Imagine for a moment that an FBI agent investigating a kidnapping wants to see who's been calling you." Well, without personally identifying information, the database would be useless to know who is on either end of those calls - the FBI could not find out who you are nor who is making the calls.)
And we find bad guys -- assuming that's the purpose of this -- exactly how, if personally identifying info isn't kept in some way? And you know that personally identifying info isn't kept because ...?
Perhaps you need to define what you mean by "gathered". The NSA does not necessarily need to "gather" personal identifying information, because plenty of databases already exist which correlate phone numbers with that information (eg, the White Pages). And, of course, an investigator might have other sources for knowing that certain phone numbers are associated with some particular parties.
So, if anything is keeping the government from abusing the database in this way, it is not that the necessary information would have to be "gathered" first. Rather, it would have to be some sort of self-imposed rule about using the database in that way ... and the possible existence of such a self-imposed rule is obviously not an answer to the possibility of abuse.
This program sounds strickingly familiar to the Total Information Awareness program that was specifically forbidden by congress and de-funded. Iran Contra redux anyone? Hayden engineered this, abu gonzales referenced it, and now its out in the open. And there are some of the libertarian bent who feel that the whistleblowers leaking about the gov.t's massive surviellance programs arent the traitors to the US rather its the other way around. DIG IT.
God bless.
~disgruntled~
Now add this thought. AT&T says we as patriots would be happy to help catch terrorists and we would be happy to voluntarily turn over these business records of ours, but if we do so we, AT&T, might violate some law or another and we are concerned about this possible theoretical legal violation. The government replies, no problem we will give you immunity from prosecution if you agree to voluntarily provide us copies of these business records you legally created and have in your possession.
Any laws violated and warrants needed in such a situation as the above?
Asks the "Dog"
Well, I can tell you that "immunity from prosecution" in the ordinary sense does not apply to lawbreaking that has not yet occurred. Offhand, I would be looking at possible conspiracy charges for the government officials involved in such a transaction. If the President himself authorized such activities, I would say he is violating the Take Care clause of the Constitution.
Incidentally, if it helps, imagine the government asking a private company to assassinate people it suspects of being criminals but against whom they can't build a criminal case, promising the private company immunity from prosecution for such murders. You can then ask the same questions you asked about what laws have been broken.
My view is that the FISA argument is not that good here. FISA was designed with bugging suspected Russian and Chinese spies. There weren't a lot of them, and if it took a month to get a warrant, then fine. All indications are the the volume of the first NSA program exposed would more than swamp the FISA system many times over (including the DoJ resources required). Do we really want thousands of DoJ attorneys spending their lives putting the paperwork together for FISA warrants? Plus, the time frame involved in getting the warrants was also a major part of the problem. The intelligence agencies were operating in terms of minutes and hours, while FISA warrants typically took a month or so. (And the AG has repeatedly testified that the emergency orders provision wasn't much help because it still required the same paperwork - just within 72 hours).
But this program is far, far, worse. Instead of thousands of calls, we are talking billions of records - probably on the order of a billion records a day being generated and ultimately potentially considered.
I noted on my previous post that probably somewhere on the order of a billion telephone records are generated every day here in the U.S. It may be two or three times that, but it most likely isn't that much less. But if we assumed three billion, that would give us a trillion phone records a year, and 4-5 trillion so far. What that means is that a program that looks at all this data is sharply constrained by all this information. It just takes too much space to store, too many I/Os to read, etc.
To see why you wouldn't want to carry around the personal information, let's start with what you would need. First, the two phone numbers. Figure approximately 12 digits each (to handle international calls). Another 12 digits for mmddyyhhmmss. That gives you 36 digits. Round up to 40 to cover call duration, flags, etc. Then divide in half because it would be silly not to convert to four bit BCD. This requires stripping off the ASCII zone bits - i.e. "0" is ASCII x"30" and BCD 0, whereas "9" is ASCII x"39" and BCD 9. Many processors even have instructions just for this purpose. So, you are now down to 20 bytes per record. You do this because this simple change halves your storage requirements. But, then, you would probably need at least another 20 bytes for the name and 40 for the address. Why triple or quadruple the record size, esp. when you are talking trillions of records?
The other part of this is that it has been routine for decades to use one field in a record to look up other records. This is built into the relational databases that we take so much for granted (like Microsoft Access that I run on this system). Indeed, this theory, that you carry around keys instead of duplicating data, is so embedded these days in database technology that we don't even think about it any more.
So my educated guess is that the NSA is has a very large database containing minimal call information, and a much smaller database (on the order of probably fewer than a billion records) containing identification information. This database probably has additional information merged into it, than you will find in the on-line telephone directories, because I suspect it also contains unlisted, etc., phone numbers. The phone company most often has the SS# of the person on the account, so that may also be included. Then, when their computers find phone numbers that should be investigated, it is trivial to tie them together.
The telephone usage database is probably double or triple that in size though. I would expect that they are merging in potentially all the calls from the other ECHELON countries plus probably Iraq and Afganistan, as well as all the call history information from all those foreign calls being routed through the U.S. thanks to NSA prodding of AT&T. They are also probably merging in anything they can pick up from the ether, including some foreign cell phone calls and most calls routed via satellites plus the few still routed using surface microwave towers (as a historical note - Sprint was started by using railroad microwave towers to carry long distance calls).
The next question is what are they doing with all this information? I question whether they are going to find any real patterns in the call information in a vacuum. But what they can, and most likely are doing, is starting with suspicious telephone numbers, and building call networks. A1's number is found on a phone seized off of al Qaeada in a raid in Baghdad. A1 called or was called by B1, B2, B3. B1 may have called C1, C2, C3. B3 may have called C4 and C5. Both C2 and C5 were called by D1. D1 may then be considered of interest. Not suspicious, just interesting. Alternatively, a second cell phone is seized from A2 in a second raid in another province, and that leads back to D1. This would probably make D1 even more interesting.
This is where the first program now comes in. D1 now calls E1 somewhere in the U.S. Since the computers had decided that D1 was of interest, the call is taped. And then, possibly, listened to. The odds of it being listed to would be increased if it turned out that computers could determine that the call had been in Arabic or Farsi, and less so if it were in English.
The NSA needs as much call information they can get their hands on because they need to be able to intercept that call from D1 within hopefully minutes of A being grabbed. It does little good gathering call information after the fact, first, because you won't have it when you need it, and secondly, rolling up terrorist networks changes calling patterns.
I was wondering how call patterns within the U.S., except as they tie into the above might fit in, and was somewhat stumped. But one thing that is feasible (and therefore at least was likely investigated) would be for the NSA to get a database of legal aliens from the successor to the INS, and maybe even illegal aliens from the IRS, and tie that to the identification information. Then, they might flag all records from aliens from, say, Saudi Arabia, to be of some interest and look for patterns in their domestic and international calls.
Just some thoughts.
Actually, some of us are pretty p.o.'d about both.
I don't think anyone was suggesting the NSA would tag each phone number with all the identifying information each place it appears in the call records. Rather, it would obviously be enough to simply tie together what you are calling two databases in the way that you described (eg, such that a user could connect a phone number to a person, or a person to a phone number, on demand). In other words, it is that functionality that matters, not the underlying architecture.
Your info is being sold by everyone you do business with to others for marketing reasons. No one seems to care about that anymore, we've gotten over it. Why shouldn't the NSA use these same datamining procedures to protect us from terrorism?
Ummm... you mean the way the IRS collects extensive financial data on every working citizen(and non-citizen)?
This word 'unprecedented', I do not think it means what you think it means...