Steven G. Bradbury headed the Justice Department’s Office of Legal Counsel from 2005 to 2009 and led the legal effort to obtain initial court approval for the National Security Agency’s telephone metadata collection.
Given the political sensitivities around the National Security Agency (NSA) and the technical and legal complexities involved in NSA programs, it is perhaps no surprise that the President’s Review Group on Intelligence and Communications Technologies produced a glib and unconvincing report.
But a recent defense of that report by one of the group’s members, Michael Morell [“Correcting the record on the NSA review,” op-ed, Dec. 29], underscored the contradictions at the report’s core.
The group’s most alarming recommendations relate to the NSA’s telephone metadata program.
Metadata means transactional records of communications, not the content of messages. For telephone calls, it reveals what phone numbers have called other numbers and the time and duration of the calls. Phone companies generate these records for billing purposes.
Most courts have held that no search warrant is required to obtain records like these, as they don’t give the government access to anyone’s private communications. Regulatory and law enforcement agencies often use subpoenas to collect transactional records to preserve them in a database for later searching as part of an authorized investigation.
That’s what the NSA does — though the volume of metadata it collects is far greater, commensurate with the importance of its mission to protect the nation from foreign attack. The NSA collects telephone metadata under a court order approved by the federal judges who sit on the Foreign Intelligence Surveillance Act (FISA) court.
While the volume of data is vast, the NSA’s access to it is strictly limited under the court’s order. There is no “data mining” or random trolling through the database for suspicious patterns. It may be accessed only when the government has reasonable suspicion that a particular phone number is used by terrorists; that “seed” number is then tested against the database to discover connections. The NSA is permitted to analyze patterns of connections two to three “hops” out from the seed number.
Only a tiny fraction of the total data is ever reviewed by analysts, but the NSA must have the largest available field of data to find the relevant connections. The agency aggregates the data from several companies, converts the information into an efficiently searchable format and retains it for five years to enable historical analysis.
By revealing patterns of connections to suspected terrorist numbers, this program provides a unique tool for discovering previously unknown phone numbers that may be used by terrorist cells operating within the United States.
In defending the review group’s report, Morell acknowledged that if this metadata program had been in place before September 2001, “it would likely have prevented 9/11.” He said that the program “has the potential to prevent the next 9/11.”
Yet the review group recommended that Congress pass legislation prohibiting the government from collecting telephone metadata in bulk and requiring that storage of the data be turned over to phone companies or a private third party. It also recommended that the NSA be required to obtain approval from the FISA court each time it wished to query the database. These changes would “slow the process of searching the metadata,” Morell acknowledged, but “this loss of flexibility” would be “manageable” and worth the added “protection of personal freedom.”
In fact, the recommendations would throttle the effectiveness of the program while introducing significant privacy and national security vulnerabilities.
No phone company maintains all the needed metadata, and none has the capacity or inclination to combine the data from multiple companies and maintain that information for a sufficient period of years. So the review group’s proposal would require ceding control over the database to a private, third-party contractor.
Today the database is kept secure and segregated in the basement of Fort Meade. If it were outsourced to a private contractor, where would this supersensitive data be housed? Probably in some suburban office park and certainly on less secure servers.
The database would be far more vulnerable to privacy breaches and incursions from foreign governments, terrorist groups, criminal organizations and hackers. And the data could be exposed to court-ordered discovery by private litigants in civil lawsuits.
Private contractors with access to the database would also be much less subject to effective oversight by the executive branch, the FISA court and Congress.
Furthermore, requiring court approval in advance for each query of the metadata would severely constrain the program’s speed and responsiveness and, if applied to second and third hops from the original seed number, would compromise the program’s utility entirely. Insisting on court approval of each reasonable-suspicion determination would impose a legalistic overlay on a judgment designed to be made by seasoned intelligence analysts.
None of these outcomes is desirable, whether for reasons of civil liberties or national security. None should be viewed as acceptable.
If the integrity of the metadata program is put at risk and the NSA’s ability to perform its mission significantly hampered, Edward Snowden would realize his objectives. America’s vital advantage in communications intelligence would be further degraded, and the dedicated men and women who carry out our intelligence programs would have an even deeper crisis of confidence.