nsa-hqI’ve been trying to figure out a way to address the subtleties that are being missed or ignored by most critics of the NSA’s recently revealed PRISM program, but it’s gotten lost in the process of readying for the Paris Air Show and covering those things that the famous Washington journalism pack isn’t following in the defense world. Then Jim Lewis at CSIS penned this op-ed and all was well. Read what I think is the most rational and informed discussion of the NSA’s monitoring so far. We’ll have something of our own up after the air show based on discussions with an array of current and former intelligence officials. The Editor.

BY James A. Lewis

The revelations of various National Security Agency (NSA) surveillance programs have led to a discouragingly shallow debate. Putting aside the blindingly obvious conclusion that less surveillance means more successful terrorist attacks, and ignoring the polls that show a majority of Americans support such programs if there is adequate oversight, let us consider some points that critics have overlooked.

The most basic of these is the difference between collection and reading. NSA collects a large amount of traffic. It reads almost none. Computer programs sort through billions of messages to find a few thousand that a human will actually read. The difference between collect and read is usually elided over or ignored in almost all discussion of the issue. Most communications are uninteresting. The rest remain unread. Having a machine examine the strings of ones and zeros that make up digital communication is an abstruse threat to privacy at best. NSA (and the larger U.S. intelligence effort) focuses the bulk of its attention on terrorism, proliferation, and a few hostile countries that threaten the United States and its allies. These are the priorities; there simply are not enough analysts to look at much else.

The simple fact of collection offends many. They assert that privacy is a fundamental right. The right guaranteed in the Universal Declaration of Human Rights is “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence” (Article 12). Privacy is not absolute, interference is permissible if it is not arbitrary, and the antonyms of arbitrary include oversight and constitutional. In this regard, the NSA programs were designed to conform to the laws protecting individual rights.

An appeal to the right of privacy avoids more important issues, however. The drafters of the Constitution did not propose some absolute right to privacy; they (like the drafters of the Universal Declaration) saw privacy as a means to achieve a larger goal, to protect political liberties. This is a vital distinction. Most countries in the world have domestic communications surveillance programs; their scope depends largely on resources available. Many wealthy countries and all “great powers” conduct surveillance of foreign communications—the Internet has been of immense benefit in doing this. Since surveillance is for all practical purposes universal, how should we distinguish among programs?

The key is to focus on political liberty. One critic of the NSA programs pointed out that the collection of metadata could allow the government to track opposition leaders. This is very confused thinking. Was this individual really suggesting that NSA collected data on Republicans and then went and briefed Republican congressional leader on the results? It is unreasonable to suggest that these leaders would have remained passive and quiet if this was occurring.

The essential political rights are freedom of expression and assembly, freedom from arbitrary detention, and the right to petition the government for a redress of grievances. If these four rights are protected, surveillance is immaterial in its effect on civil liberties. Citizens can criticize, oppose, and replace their governments in those countries where such rights are respected. We can quickly sort those countries that use surveillance to suppress political opponents and those that do not. Data is easily obtained by counting politically motivated detentions, censorship, suppression of speech, or coercion of political opponents. None of these have occurred in the United States, or in any of the other Western democracies that engage in broad communications surveillance. Respect for political liberties is the fundamental test for surveillance — the NSA program passes this test. Effectiveness is another test. One result of the war on terror that began after 9/11 was the creation of new constraints on individuals and expensive new programs that spent billions without reducing risk. Counterterrorism in the United States was often unnecessarily and disturbingly intrusive without positive effect. That cannot be said of the surveillance program, which has successfully blocked a number of attacks. Providing more information on these successes would help increase transparency and provide for a debate that was better informed.

A fundamental test is oversight and transparency. No one accepts that the watchers should watch themselves or authorize themselves to act. The NSA program, approved by the courts and routinely briefed to congressional leaders, passes this test. It appears that strenuous efforts were made to ensure its constitutionality, to minimize any intrusions, and to limit the effect on privacy to that which was necessary for security.

One legitimate area of dissatisfaction would be the lack of transparency for NSA programs. No professional organization—and this includes al Qaeda and Hezbollah—was unaware of the collection efforts. Home-grown amateur jihadis or lone wolves may have been unaware; they will now be more careful and this increases the likelihood of a successful attack. The defense by some senior officials (expressed privately) that the program needs be secret so that the targets of surveillance remain unaware makes no sense. There is a balance between transparency and effectiveness, but this needs to be recast in favor of transparency. Greater insight into the decisions of the Foreign Intelligence Surveillance Act (FISA) Court and the release of FISA submissions that need no longer be kept secret would be appropriate.

Such measures are unlikely to quiet critics, because the critics do not trust Congress, the court, or the executive branch. This is a deeper and more serious problem. A corrosive popular culture that paints government and intelligence agencies as malevolent entities contributes to this, but the larger issue is the erosion of legitimacy and dissatisfaction with government found in countries around the world. Perhaps governments overpromised and cannot meet the expectations of their citizens; perhaps the scope of regulation and services to ensure the public good has become stifling; perhaps the cheerful corruption found in tax policy or subsidies to favored industries has undercut authority. Whatever the reason, distrust of government is increasingly normal for parts of the population, and there is nothing that will persuade them that surveillance is not an ominous threat.

All nations surveil communications. Surveillance reduces risk. This makes it worthwhile if the political risks can be managed and minimized. Respect for political rights, oversight and transparency, and effectiveness are the tests for judging a surveillance program and if those who employ it are defending our rights or abusing them.

James A. Lewis is a senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies. Jim is one of Washington’s most respected experts on cyber and signals intelligence policy issues.

 

Comments

  • PolicyWonk

    The POTUS did say that all three branches of the US government are in on this program: the executive, judiciary, and HoR’s. And for that reason, we should trust them.

    However, given the priorities of the HoR – especially the congress – and their appalling lack of productivity and proven willingness to sell the other aspects of our national security down the tubes instead of doing their job and fixing the sequester, our national economy, amongst other serious issues facing this nation to further their short-term political gains (and be so vocal about it): I see no reason to trust their judgement.

    And according to numerous polls (including those conducted by the republican party), even the GOP’s own voters have repeatedly found their party’s leadership: out of touch, unwilling to compromise, untrustworthy to wisely spend taxpayer dollars, and less likely than the POTUS or democrats to find an equitable solution to the this nations economic problems.

    Hence – asking the American public to trust the congress who has repeatedly demonstrated a lack of judgement and/or integrity is asking a lot. Especially a congress that has proven to be by far the least productive in US history.

  • weedenbc

    I wish people would stop using the word “collect” when reporting on the surveillance. It’s definition under the law regarding the NSA’s activities is very different from the way most people define it. The NSA can do a mass grab of everyone’s phone calls and put it in a giant database, and that is not “collecting” as defined under the law. You can see an example of this in the declassified version of USSID 18 (definitions are under Section 9):
    http://cryptome.org/nsa-ussid18.htm

    I do question the recent claims that PRISM and other mass surveillance programs have prevented “dozens of terror attacks” according to GEN Alexander’s testimony yesterday. That doesn’t quite make sense. For it to be true, it would mean that there were dozens of successful terror attacks in the time period before these surveillance programs came online. I don’t see any evidence of that, although there’s been no specificity over the time period or definition of “terrorist attack” so it’s hard to tell.

    Of course the other possibility is that the number of potentially successful terror attacks has risen dramatically over the last several years. That runs completely counter to the Obama Administration’s assertions that al-Qaeda is on the run and we’re safer today than we were before. It also runs completely counter to the Bush Administration’s assertions that invading Afghanistan and Iraq was beneficial to the war on terror.

    Perhaps what’s really going on is measurement bias. The surveillance programs have revealed many more potential terrorist plots, or at least people thinking about committing terrorist acts, and allowed the government to arrest those people. In other words, the more we look the more we find.

    If that’s the case, then it’s not true to say that all those plots would have succeeded without intervention. That’s only an assertion, not proven fact.

    • http://defense.aol.com/ Colin Clark

      Weeden, a consummate intel wonk’s analysis. LOVE the point about collection, which I bet 83.4 percent of the world will never get!!! I bet you are absolutely right about finding more scorpions when one turns over more rocks but I bet it’s also true they have discovered plots across the globe using PRISM to work the communications network of the bad guys. Id love to know if the NRO has provided cell phone targeting data as Carlson indicated they could.

      • weedenbc

        Thanks. I’m only an amateur cyber wonk, but I’m quickly becoming an expert on methodology & validity as I prepare to propose my dissertation :)

        I see at least three separate programs going on. One, the NSA has compelled all major phone companies (save QWest) to turn over all customer metadata every 3 months which gets stored in a massive database. This is what was revealed by the FISA court order, and probably used for pattern/network analysis. And yes, location info is part of metadata so my guess is they have all the location info they want, and if I recall location data is not considered protected content.

        Two, NSA likely has taps on the big internet pipes for major tech companies (http://twit.tv/show/security-now/408). This is probably what the “prism” in PRISM means, as to do so would require using something akin to a prism to split off part of the light in a fiber optic cable. That would allow them to look at patterns and network analysis for all the Internet traffic in/out of those companies, and also grab the unencrypted stuff (like emails) by keywords without actually targeting or collecting on any specific person. This is exactly what a previous whistleblower revealed was happening to AT&T in 2006:
        http://en.wikipedia.org/wiki/Room_641A.

        Three, they use the data gleaned from the first two activities to create formal FISA requests to go after specific targets. Once these orders are approved, they then either dig up that target’s records from the phone database or send a NSL to one of the big tech companies to get the data they have (including the encrypted stuff).

        Beauty of this whole thing is that it’s completely legal. Getting all the records and metadata from the phone companies is not collecting or targeting, and neither is putting a tap on everything going in/out of Google/Facebook/etc. And if the taps are downstream from those companies, they are none the wiser and have complete deniability. Once a pattern is found or suspicious info from the queries of all this data, they can craft a specific FISA request for a person or persons and off they go.

        It also explains why Twitter hasn’t “joined” PRISM. All tweets are public by default and Twitter provides its whole firehose as a service. So no need to tap Twitter’s traffic, just need the ability to serve it NSLs to access account info or DMs for specific users.

  • Jack

    Funny how the NSA claims they are not collecting data on citizens but are putting all this data in their secret files. Putting lip stick on the NSA spy’s is still treason and against the 4th amendment.