Mike Mozart/JeepersMedia

Tech

/

Doubts at the NSA: Shelving a Mass Surveillance Program

Earlier this year, Luke Murry, national security adviser for Republican House Minority Leader Kevin McCarthy, revealed that the National Security Agency had been averse over the last six months to using the phone surveillance program that hoovers information from millions of US phone calls and text messages. This was hardly a comforting point. The issue spoke as much to competence as it did to any broader issue of warrantless surveillance of the good people in Freedom’s land. Vast, cumbersome, and generally self-defeating, the essence of such programs is paranoid inefficiency. Put it down to “technical issues,” suggested Murry.

The Call Details Records (CDR) program, hostile to liberties in its warrantless nature, has been a fixture of the US security landscape since 2001 when that nasty piece of legislation known as the USA PATRIOT ACT found its way onto the statute books. The program was given legal approval by the Foreign Intelligence Surveillance Court pursuant to Section 215 of that dastardly piece of penmanship.

The extent of its operation was unveiled in dramatic fashion by Edward Snowden to media outlets in 2013, the surveillance system specific to gathering the metadata of domestic phone calls, a mosaic of caller, recipient and time of contact, has been the subject of scrutiny. There are numerous others, but this one came in for special attention.

As Elliot Harmer of the Electronic Frontier Foundation explains, “While these records don’t contain the actual contents of telephone calls, they do include phone numbers and call times and length – more than enough information to prove the NSA with a clear picture of our social relationships, interests, and affiliations.”

Murry was by no means the first to take issue with its effect and effectiveness. There is a growing library of stocked criticism against such bulk storage systems both from the perspective of feasibility and effect, and the broader ethical and legal issues of surveillance and civil liberties. The President’s Review Group on Intelligence and Communications Technologies, published in December 2013, recommended, “that Congress should end such storage and transition to a system in which such metadata is held privately for the government to query when necessary for national security purposes.”

Hardly a sentiment sympathetic to privacy, but one that went some way in questioning the bulk storage of telephony metadata. Besides, according to members of the Review Group, the whole appearance of it seemed an affront to defenders of privacy. “In our view, the current storage by the government of bulk metadata creates potential risks to public trust, personal privacy, and civil liberty.” Leave it, instead, to “private providers or by a private third party” to deal with such matters. The abuse might continue, but at least, in a good American tradition, it would be privatised.

The Privacy and Civil Liberties Oversight Board (PCLOB) also considered the scope of such a system in its 2014 report, deeming it unduly “broad” and incompatible with broader issues of proportionality. “If Section 215’s relevance requirement is to serve any meaningful function, however, relevance cannot be premised on the government’s desire to use a tool whose very operation depends on collecting information without limit. We believe that a tool designed to capture all records of a particular type is simply incompatible with a statue requiring reasonable grounds to believe that ‘the tangible things sought are relevant to an authorized investigation.’”

In 2015, Congress had a minor change of heart with the USA Freedom Act, which mandated phone companies to keep collected telephony data that might be relevant for law enforcement authorities in terrorism investigations. This had the effect of reducing the records kept – from billions per day to a few hundred million in a year. Even then, the process proved erratic. In 2016, the NSA accessed 151 million call logs, though the returns were miserly: court orders for a mere 42 targets. The following year was even less impressive from the standpoint of efficient prosecution: 534 million records for a pittance of 40 suspects.

Even then, the NSA remained cagey about the extent of the CDR program, giving it room for fanciful prevarications. It has refused to, for instance, supply unique identifiers in an annual transparency report required by the Office of the Inspector General over the course of three years. Its reasons for that are charming. “As of the date of this report [2017], the government does not have the technical ability to isolate the number of unique identifiers within records received from providers.”

In May 2018, the Agency gave the game away by admitting that it has overstretched itself in its surveillance remit. Section 215 of the Patriot Act as amended by the USA Freedom Act of 2015 was effectively misused to collect records the NSA had no authority to gather. The following month, the Agency revealed that hundreds of millions of collected call records would vanish into the ether due to “technical irregularities.” These deletions were considered reprehensible enough for Senators Ron Wyden (D-Or) and Rand Paul (R-Ky) to request an investigation from the Inspector General of the NSA, Robert P. Storch.

While the NSA is using its own singular and constipated way of reconsidering a program more conducive to causing headaches than granting relief, its fate lies with the White House. Till then, opinion amongst US lawmakers remains mixed. The NSA remains, for some, a jewel in the national security crown, one which must shine, however dully. Let them be, however competent. “If we have technical problems or challenges that the NSA has to take into account, that’s okay,” claims Republican Senator Richard Burr of North Carolina and chairman of the Senate Intelligence Committee. “It’s not something we easily shelve.”