The NSA programs enhance security without uniquely compromising privacy
At this writing, President Obama is set imminently to make one of the most momentous choices in the history of American intelligence. He will decide whether to curtail or terminate the National Security Agency’s bulk collection of phone-call records and e-mail traffic in its quest to find and stop terrorist plots against the United States. President Obama could continue a program that takes advantage of America’s technological superiority, meets the requirements of constitutional law, and has proven effective in stopping terrorist attacks. But, manipulated by intelligence leaks and stampeded by the demands of his anti-war base, he is likely to sacrifice national security in response to spurious claims of lost civil liberties.
In the wake of the September 11, 2001, terrorist attacks, the NSA established a program to trace phone calls and e-mails into the United States from suspected terrorists abroad. (One of us, John Yoo, judged the program to be constitutional as an official in the Justice Department in the months after the attacks.) The NSA already intercepts electronic communications abroad between foreigners in order to detect threats to U.S. national security and advance our foreign policy; that was the very purpose behind the establishment of the agency during the Cold War. To keep the intelligence agencies out of operations at home, however, the Foreign Intelligence Surveillance Act (FISA) allows only the FBI to eavesdrop on counterespionage and counterterrorism targets within the United States, after obtaining a special warrant.
The 9/11 attacks revealed a gap in this framework: The government had weakened its abilities to trace suspected terrorist calls and e-mails entering the U.S. by erecting a wall between the domestic and foreign aspects of electronic surveillance. Domestic- and foreign-intelligence officials could not share information or seamlessly monitor communications coming into, or passing through, the United States from abroad. In response, the NSA began collecting phone-call and e-mail records — their addressing information, rather than their content — to analyze patterns that might emerge once they were linked to a suspected terrorist message from abroad. The current head of the NSA, General Keith B. Alexander, has testified before Congress that the collection program has helped stop developing terrorist plots, and that had it existed in 2001, it could have led to the discovery of the 9/11 conspiracy.
Nevertheless, President Obama is now considering whether to end NSA surveillance as we know it. Even the most modest of his policy options — placing the database of call and e-mail records in the hands of private companies — would represent a radical change in the NSA’s effectiveness, without much gain for privacy. A White House blue-ribbon panel has even proposed to end special national-security surveillance abroad by requiring a warrant, as is the case with domestic searches, and some in Congress want to end the NSA altogether.
This uncertainty is thanks to one man’s success in generating international hysteria: Edward Snowden. Snowden apparently used his access as an NSA network administrator to steal massive amounts of U.S. military and intelligence secrets. Since fleeing to Hong Kong last June with four laptops jammed with classified data, Snowden has set up shop in Russia and has launched carefully stage-managed leaks of more and more secrets, such as U.S. surveillance of the telephones of foreign leaders. Snowden could not have done more damage to our national-security apparatus if he had been a Chinese or Russian mole.
Damage to the NSA doesn’t arise just from the stolen technical data. It’s also caused by the myths, misperceptions, and often downright lies about NSA data collection spread by Snowden and his supporters. Aided by a network of anti-government activists, Snowden has managed his leaks and distorted the truth to mislead the public into seeing the NSA data program as part of a vast Orwellian totalitarian nightmare, with our government gathering and inspecting the personal data of millions of innocent Americans.
Early on, for example, Snowden planted the notion that NSA workers were able to wiretap anyone, “even the president if I had a personal email,” as he told the Guardian newspaper. We now know that this claim was completely untrue. Also flatly wrong was the notion that the NSA stores the content of phone calls — yet a recent poll revealed that 38 percent of Americans believe it is true. And the revelation that 80 percent of the phone calls about which the NSA collects data are made outside the United States has done nothing to decrease the impression that our smartphones and civil liberties are under daily assault.
As a result of Snowden’s distorting leaks, the media routinely describe the NSA program as “domestic spying” or “eavesdropping.” Even now, the American Civil Liberties Union website proclaims that “the government is regularly tracking almost every ordinary American and spying on a vast but unknown number of Americans’ international calls, text messages, and emails.”
While spreading conspiracy theories about a tyrannical “national-security state” has been standard left-wing practice since the 1960s, it is disappointing to see some on the right joining in. Even though a federal judge recently rebuffed the ACLU’s lawsuit challenging the phone-data program, Senator Rand Paul (R., Ky.) is still suing the administration on the same ground, with the help of the Tea Party–backed think tank FreedomWorks and former Republican Virginia attorney general Ken Cuccinelli, who claims the suit is needed “to vindicate the Fourth Amendment rights of every American who uses a phone.”
Critics must return to earth and remember that the program was set up in 2001 in order to, as President Obama himself has acknowledged, “address a gap identified after 9/11” in tracing “the communications of terrorists so we could see who they may be in contact with.” The answer was to analyze metadata on millions of phone records from telecommunications providers in order to learn the numbers dialed by known terrorists. Only if analysis linked a pattern of suspicious calls to a terrorist could the government seek a warrant to learn the identity or content of the communications. In fact, far from involving unprecedented access to individual phone records or (in the case of the PRISM e-mail-surveillance program, launched in 2007) e-mail addresses, the NSA program is simply one more variant on the data-analysis techniques used by commercial companies.
With an eleven-judge panel overseeing every step, NSA handles data with a lot more care and supervision than Facebook or Google. Out of the thousands of NSA employees, for example, the phone database is handled by 22 technicians, and far from being deathly secret, their operating procedure is transparent, even (compared with the metadata’s possible uses) banal. Algorithms sift through mountains of phone calls, including overseas calls, matching phone numbers to numbers with known terrorist links. Only when the technician can show one of seven superiors “a reasonable, articulable suspicion” that the number could be linked to a terrorist network is he or she allowed to pull up the dates of calls made and received over five years, the other parties’ phone numbers, and the durations of the calls — and nothing else. The analyst may not listen to any calls, or read any text messages or e-mails sent on that phone, without a court warrant. Only after the NSA confirms a terror link through other sources can it pass the investigation on to the FBI, which can then seek a warrant for a wiretap.
How many times does this “reasonable, articulable link” get made? In all of 2012 there were exactly 288 such findings. In twelve of those cases, the NSA found grounds to pass the case on to the FBI — and in three of those, the information helped to prevent an attack. If Snowden and his congressional and White House allies have their way, that last number will be a zero.
Considering the millions of phone numbers making billions of phone calls that year and every year, these levels of surveillance can hardly be considered a major intrusive system. But what about the program’s constitutionality and alleged violation of the Fourth Amendment? The Fourth Amendment does not protect some vague and undefined right to privacy. Instead, it declares: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause.” The Constitution protects only the privacy of the “person,” the home, and “papers and effects,” which are usually located in the home. It does not reach information or things that we voluntarily give up to the government or to third parties outside of the home or our persons. The Fourth Amendment also does not make such information absolutely immune — it is still subject to search if the government is acting reasonably or has a warrant. These basic principles allow the government to search through massive databases of call and e-mail records when doing so is a reasonable measure to protect the nation’s security, which is its highest duty.
The most lucid critique of the constitutionality of this logic comes not from Senator Paul or the ACLU, but from Judge Richard Leon of the federal district court in Washington, D.C. In Klayman v. Obama, Judge Leon declared that the NSA’s bulk collection of phone records violated the Fourth Amendment to the Constitution. Leon’s decision encountered a major obstacle: a Supreme Court precedent directly on point, Smith v. Maryland (1979). In Smith, the Court held that the government did not need a warrant to use what is known as a pen register, a device that records dialed phone numbers. According to the justices, there was no constitutional right to conceal phone numbers because callers provide them to a third party — the phone company. When we reveal private information to a third party, we lose privacy rights over it.
Judge Leon could not rule that Smith’s logic does not include telephone metadata, since the calling records collected by the NSA are exactly the same as the phone numbers that were held to be unprotected in Smith. Judge Leon instead concluded that technology has changed so much that Smith is no longer good law. The “almost-Orwellian technology” that allows the government to collect, store, and analyze phone metadata is “unlike anything that could have been conceived in 1979” and, “at best, the stuff of science fiction,” Leon wrote. “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval,” he continued. “Surely, such a program infringes on ‘that degree of privacy’ that the founders enshrined in the Fourth Amendment.”
Whether changed circumstances render Smith v. Maryland infirm was not for Judge Leon to decide. It may perhaps be time to reconceive the rules of search and seizure in light of new Internet technologies, but that is the responsibility of our elected representatives. Only they can accountably determine what society’s “reasonable expectation of privacy” is in Internet and telephone communications, balancing existing privacy rights against the government’s need for information to protect the nation from terrorist attack. Judges are far too insulated and lack the expertise to make effective judgments on national security and foreign affairs.
If it comes to a judicial decision, the Supreme Court should find Judge Leon mistaken (as did a New York City federal district judge the following month). While the Fourth Amendment protects certain personal information, its text says nothing about the government’s ability to analyze data that legitimately come into its hands. Under Judge Leon’s theory, New York City’s use of data-mining to predict high-crime spots would violate the Constitution, even though the information comes from public records of arrests and incidents that have happened in the past. In fact, if Judge Leon is right that the increase in the government’s ability to collect and analyze information should suddenly confer on some data shared with third parties the constitutional protections now reserved for “persons, houses, papers, and effects,” then the courts should protect all kinds of information besides what the NSA collects. Under his theory, the Fourth Amendment should also protect all credit-card information, financial transactions, travel reservations, and public Facebook and LinkedIn posts because the information, though no longer private, can be analyzed to make inferences about our activities. But, contrary to this argument, we have always allowed law-enforcement and national-security agencies to search information that has been handed over to private third parties.
Still, can we trust the NSA to stay within its limits and handle only phone-call and e-mail records? Critics point to one of Edward Snowden’s earliest (and most misleading) leaks as proof that Americans aren’t safe: a 2012 internal report that the program had crossed the line on privacy rules more than 2,776 times between April 2011 and March 2012. Taken out of context, that figure is utterly misleading: It is a tiny fraction of the billions of calls the NSA intercepts every year. The same report showed that more than two out of every three mistakes involved foreign targets living abroad, not Americans, and the vast majority were due to human error. One NSA employee, for example, typed “202,” Washington’s area code, instead of “20,” Egypt’s international code, on a database query.
These are hardly East German Stasi surveillance standards. They pale even beside the tools used by social-media companies to collect and analyze information about our buying, reading, and travel habits. The president did the men and women in our intelligence agencies a disservice when he suggested in a January speech that the program could lead to Stasi-style abuses. Interfering with these arrangements would greatly disrupt our anti-terrorism efforts while yielding no gain in individual privacy. President Obama could do no better than to allow the men and women on the front lines of America’s intelligence wars to do their jobs and continue preventing terrorist attacks on the United States, which they have been doing against the odds for the last 13 years.
– Mr. Herman is the author of, among other books, Freedom’s Forge: How American Business Produced Victory in World War II. Mr. Yoo, a law professor at the University of California, Berkeley, and a visiting scholar at the American Enterprise Institute, is the author of Point of Attack: Preventive War, International Law, and Global Welfare, forthcoming in April.