Politics & Policy

Why We Shouldn’t Trust the NSA with Our Metadata


Now is the weekend of our discontent, made glorious summer by this son of Ron. Or at least, it will be if Rand Paul finally manages to prevail in his crusade.

On Sunday the United States Senate will convene to stage an almighty fight over the future of the NSA’s infamous metadata collection program. The mood in Washington, the New York Times records, is “tense and unusual” — with nobody quite sure what is going to happen next. Already tempers are running high: If the program is nixed, Senator Tom Cotton predicts, we will inevitably see “attacks on the United States”; if it is not, Senator Paul concludes, Americans will have agreed to “relinquish our rights.” The showdown awaits.

RELATED: Why National-Security Republicans Lost the Patriot Act Debate

This is a matter of considerable import. But before bowling headlong into the fray, we might take a moment to establish our terms. As Rich Lowry noted earlier this week, the program under scrutiny is in fact rather more modest in its scope than we are typically encouraged to believe. Contrary to the many insinuations of the measure’s less sober critics, the practice at stake does not in fact involve old-fashioned “eavesdropping,” but rather, as Lowry writes, the collection of “so-called metadata, which means information about phone calls, but not the actual content of the calls — things like the number called, the time of the call, the duration of the call.” Moreover, he explains, there are strict rules governing how this data may be accessed by the powers-that-be:

As Rachel Brand of the Privacy and Civil Liberties Oversight Board writes, “It is stored in a database that may be searched only by a handful of trained employees, and even they may search it only after a judge has determined that there is evidence connecting a specific phone number to terrorism.”

Whether one considers such protections to be sufficient is, ultimately, a matter of judgment. For some, these limited intrusions on privacy are a small price to pay given the considerable threat we face from international terrorism. For others, they are little more than a repudiation of the American ideal — a general warrant for governmental trespass for which the Founders would never have stood. As should be clear by now, I am firmly in the latter camp, and I hope to see the program brought to a close. I am, of course, happy to accept that there is a material difference between active spying and the passive collection of metadata. But I am not as reassured by this distinction as others seem to be. We live, alas, in a world of rogues and of hackers and of blood-sucking incompetents — and this means that each and every time that we compile a database there is a substantial risk that it will be abused or stolen or left somewhere on a train. I have been living in the United States for four years now, and during this time the federal government has done precisely nothing to convince me that it can be trusted with my stuff. Even were I to presume that the National Security Agency is a model of moral rectitude and libertarian dogma, I can nevertheless see a situation in which a “low level” employee somewhere in Virginia accidentally sends the nuclear launch codes to Gawker and kicks off the second American civil war. You want to know who I’m calling on a Friday night? Marry me.

RELATED: Mike Lee: It’s Time to Put an End to the NSA’s Bulk Collection of Americans’ Metadata

All told, the “it’s just metadata” line strikes me as being incomplete, too. It is fair to submit that this sort of data is much less useful to a hacker or a rogue than is, say, wiretapping. But that difference can in practice be overrated. As the Electronic Frontier Foundation has established, the presumption that one can neatly separate out who one calls and what one says is false:

They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.

They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.

They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.

They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after. But the content of those calls remains safe from government intrusion.

They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood’s number later that day. But nobody knows what you spoke about.

As Marshall McLuhan might have said: The recipient is the message.

If we are worried that the NSA has too much power and too much information — as I am — shouldn’t we also be fixing to burn our 1040s?

The strongest arguments against the bulk collection of such data seem to me to be: a) that the collation of sensitive information into a centrally hosted database serves as a veritable invitation to hackers and to rogue agents; b) that it is unseemly for the state to acquire so much personal information on the citizenry purely as a result of the citizenry’s wishing to partake in the market; and c) that, because governments enjoy so much power over people these days, a surfeit of information will eventually lead to political abuse. If Americans value their privacy to the virtuous extent that Rand Paul suggests that they do, it is clear why they would not want this program to continue.

RELATED: NSA Data Collection: Necessary, or Unconstitutional?

This being so, though, one has to wonder why they have not kicked up a fuss against other, arguably far more intrusive, initiatives. Suppose that a stranger were to peruse the tax return that I submitted this year: He would be able to learn not only how much I earned, but where I travel for work and what I do; which side of the political aisle I sit on; which charities I choose to contribute to; how big my home is — and how much it cost; what furniture is in my home office — and how big it is; how many days I spent living in different parts of the country; whether or not I own a car; how much I spend on medical services; and, most important perhaps, whether or not I am in financial trouble and am therefore susceptible to blackmail or bribes. It is true — in theory at least — that the IRS is bound to keep my information secret and to stick to strict privacy guidelines that govern who can see it and under what circumstances. And yet, as with the NSA, these promises are only as good as the people who have made them. If we are worried that the NSA has too much power and too much information — as I am — shouldn’t we also be fixing to burn our 1040s?

#related#The risks adumbrated above are by no means hypothetical. Just last week, the IRS revealed that “organized crime syndicates” in Russia had “used personal data obtained elsewhere to access tax information, which they then used to file $50 million in fraudulent tax refunds.” In one fell swoop, CNN confirmed, 100,000 people had their information stolen. This, apparently, was not wholly unexpected. Per a damning report issued by the IRS’s ombudsman, “Computer security has been problematic for the IRS since 1997.” If it came down to a choice between one’s phone records and one’s tax returns leaking, one has to wonder if there is anybody out there who would opt for the latter.

Which is to say that the weekend may well bring great progress with it, but that there is an awful lot more for the champions of individual liberty to accomplish before they can claim credibly to have blocked the prying eyes of our insatiable federal state. To win in the Senate on Sunday would be to secure a partial restoration of the presumption of privacy and to deliver a blow to the burgeoning American panopticon. Perhaps next year we’ll care about other violations, too.


The Latest