Americans are discovering that, in addition to nearly 3,000 fellow citizens who died, another casualty of September 11, 2001, might be privacy in the digital age.
While there have been many recent reports in the news media pointing to an erosion of privacy, the major stories have concerned the mysterious National Security Agency (NSA). Like an onion being peeled layer-by-layer, the NSA has been the subject of one revelation after another concerning a domestic-spying program that takes advantage of the world's dependence on high technology. After 9/11, the program moved into high gear in an all-out effort to find al-Qaeda operatives and other terrorists.
But as each new layer is revealed, some people fear that what is underneath might be enough to bring tears to any civil libertarian: a real-world 1984 in which one's every word and deed is monitored in the name of security.
The Most Intelligence in the World
You might picture the NSA as a small, top secret committee with a mix of ad hoc agents and high-tech equipment, like the mysterious governmental network in The X-Files TV series. Or perhaps you're thinking of the den of assassins in the movie Enemy of the State.
Regardless, the NSA has historically denied easy description. Dubbed "No Such Agency" by observers and "Never Say Anything" by its staff, it was the Area 51 of government agencies -- so secret that even its existence was barely acknowledged.
But today the NSA is coming into clearer focus. According to James Bamford, author of Body of Secrets, the NSA, established in 1952, is currently the world's largest and most powerful intelligence agency -- far bigger than its better-known cloak-and-dagger cousin, the CIA.
Bamford, who covered the same subject 25 years ago in his book Puzzle Palace, has written that the NSA has nearly 40,000 employees, a massive "Crypto City" of more than 60 buildings hidden in suburban Maryland, and the most powerful computers on the planet. NSA scientists, Bamford says, are secretly working to develop computers capable of more than 1 septillion operations per second -- that's a 1 followed by 24 zeroes.
The NSA breaks codes, operates listening posts around the world, takes information from spy satellites, taps into phone conversations, sifts through data transmissions for leads on cases, and creates and releases computer viruses to disrupt enemy systems.
But, like many other aspects of American life, the NSA's activities are divided by a bright line marked "9/11."
Before 9/11, the NSA's focus was outside the United States. It couldn't spy in the U.S. without permission granted under the auspices of the Foreign Intelligence Surveillance Act (FISA). In fact, the NSA's charter specifically prohibits it from "acquiring information concerning the domestic activities of United States persons."
"What changed after 9/11," says John Pike, director of the public-policy and research organization GlobalSecurity.org, "was that they started to listening to everybody" -- inside and outside the country.
The First Few Layers
Late last year, The New York Times peeled off the first layer of the onion and revealed some of what the NSA has been doing since 9/11. Based on sources within the intelligence community, the Times reported that the NSA had been monitoring international calls and international e-mails that originated in the U.S., without court-approved warrants. The story reported that the calls might number in the hundreds, possibly thousands, but that they did not involve domestic-only communications.
In May, USA Today reported that the NSA was operating the world's largest database, keeping records (times, numbers called, durations, and so on) on all phone calls made through AT&T, Verizon, and BellSouth -- domestic and international. This operation involved billions of calls, the paper reported, and, again, was done without warrants.
The fallout was immediate: Verizon and BellSouth have denied that they entered into any contract with the government to turn over data, and Qwest Communications, which says it was approached for information but did not hand any over, has suddenly become the network of choice for those who think the Bush administration overstepped its bounds.
For its part, AT&T is revising its privacy policy to explicitly declare that it owns customers' records and that it may use that information in combating "any threat," with or without legal orders. The policy had previously stated that the company would only turn over customer records as required by subpoenas or other legal orders.
After first denying the story, the White House claimed that no personal information was ever revealed. Some legal experts have suggested that warrants are not needed to look for patterns in the kind of anonymous data obtained by the government.
Since May, there have been other reports that phone conversations have been monitored, possibly including domestic-only calls. Seymour Hirsch of The New Yorker has reported that government sources told him that "tens of thousands of Americans" have had their calls monitored "in one way or the other."
In the uproar that followed this and later revelations, the Bush administration responded with the argument that presidential war powers give it the right to spy in the U.S. without FISA oversight. For Frank Gaffney, president of The Center for Security Policy and a former assistant Secretary of Defense in the Reagan administration, this makes sense. "We're in a war, and these communications we're trying to monitor are battlefield intercepts -- except the battlefield is here."
In such an environment, he says, the right to conduct warrantless eavesdropping is "inherent in the president's authority."
A Different Sort of Battlefield
But because this is a new kind of war, being waged in such a different environment than previous wars, the issues surrounding the NSA's activities are complex and fraught with controversy.
The surveillance is part of a war on terrorism, with an unseen enemy who might be anywhere. It takes place in the digital, networked environment of the early 21st Century, in which highly sophisticated, massive, across-the-board monitoring is possible. And, in the arguments it raises about preserving American liberties, it compels us to debate exactly what those liberties are.
Taking on an unseen enemy in modern America involves radically new approaches for two old intelligence objectives: targeting a known individual or a group, and looking around the general landscape for clues about individuals or groups not yet discovered.
The recently reported intelligence gathering of financial records, for example, appears to be a reflection of targeted searches. The U.S. Treasury has said that it is only gathering financial intelligence on those who are under investigation for suspected terrorist activity.
But it is the NSA's wholesale searching of phone records, Internet communications, and phone conversations that has alarmed critics. This kind of "data mining" is used in several industries to search for proverbial needles in the haystack, frequently without even knowing what the needles look like.
In an often-cited example, a major grocery chain might data-mine all customer purchases and eventually discover that beer and diapers are often bought together. Finding a nonintuitive pattern such as this might lead to new ways of marketing or product placement.
Similarly, identifying a pattern that links terrorists to a specific time or place might lead to the foiling of a dangerous plot. Whatever specific discoveries the NSA has made, however, remain secret. Given that the agency operates what is likely the world's largest and most-sophisticated data-mining operation, the layers that have been peeled back so far suggest a very big onion.
So how much of the total U.S. communications traffic is being watched? "I think that it's a lot of it," says Christopher Calabrese of the American Civil Liberties Union (ACLU), "because of where their taps are, right in the middle [of the main traffic switches]." The new model for surveillance, he says, is to grab as much information as you can and sift through it later.
GlobalSecurity.org's Pike says that there used to be a physical limit to what could be monitored, pointing to a time when many communications were on paper or analog media. But now, he says, thanks to rapidly increasing computer power and switches that sit on the main arteries of the communications networks, "They can monitor all of us, all the time."
And recently, two former AT&T workers told The New York Times that the company's facility in St. Louis had a separate room, protected by double doors and retinal/fingerprint scanners, where "a government agency" monitored network traffic.
Engaging Conversations
Experts disagree on whether the NSA's scrutiny is fixed only on text- and data-based communications, which computers can readily process, or on phone conversations as well.
According to Bamford, the NSA is listening only to a relatively small number of targeted conversations, even as it uses computers for massive scanning of text and data communications. "For every voice conversation," he says, "it takes at least one human being to listen." Using a voice-to-text program to streamline the process would be very limiting, he says, since many of the conversations in question involve heavy accents and do not translate accurately with current technology.
GlobalSecurity.org's Pike disagrees.
He believes that the NSA might be using highly advanced voice-to-text programs on powerful computers to scan heavily accented or foreign language conversations, possibly on a massive scale.
If highly efficient voice-to-text software was not now available at the NSA, Pike said, "It would be a scandal." His reasoning is that text-to-text translation software, such as Babblefish, and optical-character recognition software were operational at U.S. spy agencies 15 to 20 years earlier than the consumer versions. Since general-market voice-to-text software is now available -- decent but not industrial-strength -- the NSA must have technology that is at least a decade or more advanced, Pike says.
Even if bulk processing of voice-to-text is not yet available at the NSA, he says, the agency is still capable of searching conversations on a broad scale. Seymour Hirsch has, in fact, reported that computerized keyword-searching of actual conversations is taking place.
How Effective Has It Been? Some observers point out that, since the anthrax attacks in the immediate weeks following 9/11, there have been no terrorist attacks on U.S. soil.
According to the Bush administration, the NSA program has helped to prevent attacks. The White House cited a plot to destroy the Brooklyn Bridge with blowtorches, an operation it says was disrupted because of NSA eavesdropping. A plot to use fertilizer-based bombs in Great Britain has also been uncovered in part through this program, according to the administration.
But in a recent report in The New York Times, FBI sources maintained that the NSA leads were a waste of time, at least when it came to following terrorism cases inside U.S. borders. Because the NSA is not an enforcement agency, it hands off the information it collects to the FBI for domestic enforcement and to the CIA or other agencies for foreign enforcement. Much of the information provided by the NSA has led to dead ends or to targets already under surveillance, FBI sources told the Times.
Former Assistant Secretary of Defense Gaffney disputes the significance of that assertion, saying the FBI's standards are not necessarily the standards for intelligence. "What do you expect? The FBI has been trained to prosecute cases. But the NSA is looking for a needle in a haystack, not prosecutable evidence."
For the ACLU's Calabrese, the issue of whether the eavesdropping works to deter terrorism should be secondary. "The first question is, whether it is legal."
The ACLU has never had a problem, he says, with using a warrant to obtain information, assuming the warrant itself is the result of lawfully obtained leads. The ALCU is currently suing the feds on the grounds that the government is listening to phone conversations without warrants.
The basic problem, says Bamford, is that nobody really knows the scale or the effectiveness of the NSA program, because the mechanism that was meant to guarantee checks and balances -- FISA -- has now been bypassed.
"You now literally have a rogue agency," he says.
The Shadow of FISA
In 1978, following revelations of illegal spying on U.S. citizens by American intelligence agencies, the Foreign Intelligence Surveillance Act (FISA) was passed. The law attempted to regulate intelligence by balancing security needs with civil liberties.
Established as the "exclusive means" for domestic electronic surveillance, FISA allows for quick-response electronic surveillance in several ways. For example, during the first 15 days of a declared war, electronic surveillance may be conducted without a warrant. The stated Congressional intent at the time was to allow for immediate wiretapping after an attack, and to allow 15 days for Congress to amend the law to provide for further warrantless spying if needed.
FISA also allows eavesdropping for up to 72 hours, as long as a warrant is retroactively obtained. An emergency warrant can be obtained within hours, and it has been rare when any judge has denied a warrant.
The Bush administration, through the Department of Justice (DOJ), has acknowledged that it did not comply with FISA. It contends it doesn't need to.
DOJ has said that the NSA is authorized to conduct warrantless wiretapping because of Congress' Authorization for Use of Military Force against al-Qaeda, which was passed the week after 9/11. Justice has also said that Bush, as the commander in chief, has the unlimited authority to collect "signals intelligence" on the enemy.
Many legal scholars have weighed in on the subject, with a fair number coming down against the Bush administration's interpretation of its powers. One group that included a former deputy U.S. attorney general, the former deans of the Yale and Stanford law schools, a former counsel to the president, and a former director of the FBI, declared that the warrantless NSA spying "fails to identify any plausible legal authority for such surveillance."
Essentially, Bamford says, the NSA has now taken the power to authorize its eavesdropping in the U.S. away from a FISA judge and "given it to a shift supervisor." Bamford echoes the ACLU in contending that no one is saying that the NSA should be denied the ability to eavesdrop inside the U.S. to prevent terrorism. "But when it's done," he adds, "it has to be legal."
Living in America 2.0
For GlobalSecurity.org's Pike, the rules have vanished. The Bush administration's position -- which Pike summarized as "We can do whatever we want to, and we don't have to tell you what we're doing" -- has led to confusion winning the day.
"If the NSA can do it electronically, without rules, then the CIA is permitted to infiltrate Lord knows what," Pike says. He argues that the next iteration could be cameras on street corners with industrial-strength face-recognition software, installed and operated without warrants. According to Pike, there's no real difference between data mining on the street and data mining through warrantless eavesdropping. Such surveillance, he says, would lead to a very different kind of United States. "It would definitely be America 2.0."
But do we need FISA 2.0? This question arises when looking at how to obtain a warrant without knowing the pattern or the person you're looking for. One solution might be putting wholesale data collection in a black bag, so that agents can only look for patterns, not people. ACLU's Calabrese suggests that data miners could encrypt information going in and leads coming out. Then, when there is a pattern, "You could get a warrant to remove the anonymity."
But Kim Taipale, executive director of the Center for Advanced Studies in Science and Technology Policy, says the problem is FISA.
"FISA is broken," he argues. His view is that it does not provide a way to take advantage of state-of-the-art surveillance methods, such as using automated means at the wiretap itself to look for patterns. He also points out that, in an age of proxy servers and packet-based communications, it may not even be possible to determine if a particular communication takes place in the U.S.
There needs to be some process to accommodate this new world, Taipale says. "But it's dangerous to say FISA is all we have and let's just apply it."
Up until a decade or so ago, before the Internet and before all transmitted communications became digital, paper and analog were still major players. Paper letters were commonly written, newspapers were printed daily, political rallies and rock concerts were publicized with leaflets. Electronic communication was analog, and processing it efficiently, on a massive scale, was impractical.
Now, we are networked and digital. Home videos, soccer schedules, phone conversations, bank and credit card records, instant messages, online calendars, business e-mails, even the records of which movies you rent -- all have become digital media. When was the last time you actually wrote and mailed a paper letter?
"We've gone from a world, years ago, with a tremendous amount of privacy, for business, for love letters, whatever," Bamford says. "But there's been a tremendous loss of privacy in the last few years. Our final bit of privacy is gone if neither Congress nor people do anything about it."
|
