A bus passes by a poster of Edward Snowden, a former contractor at the National Security Agency (NSA), displayed by his supporters at Hong Kong's financial Central district during the midnight hours of June 18, 2013. Reuters/Bobby Yip
Since we learned that the government has been collecting and storing Americans’ call data for years, Senate Intelligence Committee chair Dianne Feinstein; her counterpart in the House, Mike Rogers; and James Clapper, director of national intelligence, have been trying to claim it is not as bad as it sounds. The collection doesn’t include the content of communications, merely “metadata,” they argue, and anyway, the secret Foreign Intelligence Surveillance Act (FISA) court limits the circumstances under which the government can access this information. “The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization,” says Clapper.
In other words, the government’s response amounts to “trust us.”
But Americans have good reason to distrust the program, which, according to The Washington Post, is called MAINWAY. That’s true not just because history reminds us that the government has abused surveillance authorizations in the past, as it did when it used COINTELPRO to spy on dissidents decades ago. It’s also true because one of the direct predecessors of this program proved ripe for abuse.
Beginning in 2002, the government worked with the three major phone companies (at the time AT&T, Verizon and MCI) to set up lines in the FBI’s New York office—and later its Washington counterterrorism office—from which phone company employees would be able to access their company’s databases directly. FBI agents would have those employees query the database right from the FBI office, mostly using National Security Letters (NSLs)—a means of obtaining information directly from service providers without review by a judge. The purpose was similar to the newly revealed collection program: to allow the government quick access to metadata on any calls made in the United States. The metadata was then uploaded and entered into government computers in an easily usable format.
The earlier program started being phased out in 2006, just as the current one was being phased in, suggesting that this program replaced the earlier one. By creating copies of phone company databases, which are updated daily, the government has simply shifted the companies’ role. Today, the phone companies turn everything over in bulk. Rather than having phone company employees access the data, the NSA or FBI does it.
A 2010 report by the Justice Department’s inspector general (IG) shows that the predecessor program was a mess. The FBI failed to keep adequate records of requests made by the government to phone companies, frequently violating the limits of what they were entitled to take. More troubling still is a tool the FBI implemented, ostensibly for emergency situations, called “exigent letters”: basically a request to phone companies to provide data immediately, with a promise to provide the appropriate legal paperwork—either an NSL or a subpoena—after the fact. Using exigent letters, the FBI obtained records for more than 3,000 phone numbers, often failing to submit the paperwork, or doing so without the appropriate approvals. Requests were often approved by junior staffers, who had no authority to do so.
Moreover, some requests were not tied, as required, to a specific authorized investigation. Significant numbers (perhaps 17 percent, judging from figures in the IG report) were tied not to national security investigations, but to domestic ones. At times, the FBI requested information on phone numbers when no investigation was pending. When accepting information from phone companies, the FBI didn’t always compare its contents with the original request and therefore may have entered unrelated information into FBI databases. In an unknown number of other requests, the FBI submitted no paperwork at all.
In addition, in several cases, the FBI obtained reporters’ phone records by using this method, including the Post’s Ellen Nakashima and the Times’s Jane Perlez.
These abuses were uncovered over a number of years. As early as November 2004, the phone companies started complaining that they didn’t have the proper paperwork, which they needed to prove they had not turned over their customers’ phone records illegally. Then, as the FBI tried to provide legal cover for the missing paperwork, more senior FBI figures became aware of the problems. The IG investigation—the early phases of which started not long after being mandated by the Patriot Act renewal in 2006—itself identified some problems. But it appears their full extent was not uncovered until the IG investigation discovered them in 2008—two years after the current practice had been put into place.
Based on the details revealed to date, the government has improved oversight in at least two ways. According to NSA chief Keith Alexander’s testimony at a congressional hearing on June 18, only twenty-two specially trained officials have the authority to make or approve queries. Previously, most analysts making queries had little experience with national security investigations or NSLs.
In addition, the government at least claims all queries are documented and can be audited, though it has provided no details on how it ensures documentation. Alexander testified that the executive branch reviews queries and provides details on those queries in aggregate to the FISA court and Congress. The Court does not—as Congressman Adam Schiff suggested ought to happen—review the queries themselves.
Several other potential oversight mechanisms have gotten weaker since 2006. Whistleblowers might still expose problems, but national security whistleblowers are not provided the same legal protections as whistleblowers in other areas of government. The inspector general is working on a review of the department’s use of NSLs and Section 215 orders (the latter being the Patriot Act provision currently being used). But it has been five years since the last review of the Section 215 programs, which assessed the program implementation only for 2006, and the discussion of this collection program appeared in a still-redacted classified appendix. Further, this new report will cover the program only through 2009. So even the most useful tools for exposing past abuses—a review of the actual queries by the Justice Department’s inspector general—is only now auditing how the program was implemented four years ago.
Perhaps most important, removing the phone companies from the search process eliminates one check on the process, because the companies no longer have the opportunity or incentive to do what they did almost a decade ago: demand paperwork to meet the terms of the law.
At the hearing on Capitol Hill, the NSA and the FBI tried to demonstrate the value of the government’s dragnet by pointing to terrorist plots it helped thwart. Witnesses boasted that ten plots have been foiled with its help over seven years—a rather unimpressive figure when one considers that these “plots” include things like indirect material support of terrorism, and that the government has thwarted five times that many plots just in the last three years. Does this truly require the government to collect all Americans’ phone data?
The hearing suggested that the answer is no. When Congressman Schiff asked witnesses whether the same information could have been obtained with individual requests to the phone companies for the data, they admitted that, with some work, they could (and now, with the exposure of the program, are considering doing just that).
The conclusion: for seven years, the government has been systematically collecting and keeping our phone records, all to thwart a handful of plots that, it turns out, could have been stopped in a much less invasive fashion. Is this really a program the Obama administration wants to defend?