What Bothers Me About NSA Data Collection: A Reply To Thomas Friedman

A series of Congressional hearings this week is drawing renewed attention to the issue of the National Security Agency’s program to collect data on telephone and internet activities of hundreds of millions of Americans. While much of the media has focused on whether Edward Snowden is, personally, a hero or a villain, some commentators have plunged into the substantive debate that he hoped to touch off: Is the program he has blown the whistle on really something we want our government to be doing?

One of the most articulate commentators to come to the defense of the NSA is Thomas Friedman. His recent column in the New York Times epitomizes what bothers me most about this whole affair—the readiness of people who claim to be defenders of an open society to make excuses for people and policies that undermine it.

Friedman argues that although what the NSA is doing is distasteful, we should put up with it because it might stop some future terrorist attack, which in turn, would prompt even more intrusive violations of our freedoms. He explains that he fears government abuse of privacy less than he fears another 9/11,

not because I don’t care about civil liberties, but because what I cherish most about America is our open society, and I believe that if there is one more 9/11—or worse, an attack involving nuclear material—it could lead to the end of the open society as we know it. If there were another 9/11, I fear that 99 percent of Americans would tell their members of Congress: “Do whatever you need to do to, privacy be damned, just make sure this does not happen again.” That is what I fear most.

That is why I’ll reluctantly, very reluctantly, trade off the government using data mining to look for suspicious patterns in phone numbers called and e-mail addresses—and then have to go to a judge to get a warrant to actually look at the content under guidelines set by Congress—to prevent a day where, out of fear, we give government a license to look at anyone, any e-mail, any phone call, anywhere, anytime.

Here are three things that trouble me about this line of argument.

1. It looks like the NSA can already do pretty much whatever it wants
My first concern is that we appear alreadyto have given the security establishment a license to look at anything they want. Snowden’s revelations give us a peek at this broad program of surveillance, but we don’t know a lot of the details, nor are we likely to find out any time soon. Here is what we do know:

• The NSA routinely collects “outside of the envelope” data about most if not all of our electronic communications, landline, cell, and internet.
• They comb through this data with computer models that look for patterns of suspicious activity.
• When they find something that looks suspicious, they make a secret request to a secret judge who decides in secret whether to allow the NSA to “open the envelope” and read or listen to the content of the communication.
• The judges hear only the government’s side of the case and almost never say no.

Get The News You Want

Read market moving news with a personalized feed of stocks you care about.

Get The App

How is that not “giving the government a license to look at anyone, any e-mail, any phone call, anywhere, anytime?”

The only evidence we have to the contrary is the word of our intelligence professionals, who keep telling us that they only look inside the envelopes of the bad guys, and that doing so has allowed them to foil many vaguely specified plots. The trouble is, our intelligence professionals are inherently not credible. That is because they see themselves as having a duty to lie to us when they think we are getting too close to the truth.

Yes, not just a duty to keep secrets, but a duty to lie. That is more than just a conjecture. Exhibit A is the lie that James Clapper, director of national intelligence, told Congress in March this year. Here is a link to the video clip, in case you haven’t watched it yet. In the clip, Congressman Ron Wyden asks Clapper to answer “yes” or “no” as to whether the NSA collects any kind of data at all on millions of Americans. Clapper answers “No” and then adds, disingenuously, “Not wittingly.”

What is revealing is not so much the answer, which Snowden’s revelations have shown to be false, and which Congressman Wyden probably knew to be false from previous closed hearings, but Clapper’s defense of the answer. Speaking to NBC’s Andrea Mitchell, he explained “I was asked a ‘when are you going to stop beating your wife’ kind of question, which is, meaning not answerable necessarily, by a simple yes or no. So I responded in what I thought was the most truthful or least untruthful manner, by saying, ‘No.’”

In fact, Wyden did not ask the trick question, “Have you stopped beating your wife?” He asked the simpler question, “Do you beat your wife?” It is hard to think of a more untruthful answer than “No.” What is interesting is that Clapper did not choose the less untruthful answer, “I cannot answer that question in open session.” The inference I draw from his untruthful “No” is that he understands his duty not to reveal secrets to include an obligation to tell outright lies whenever a simple “No comment” might be too revealing.

In short, it is my view that giving our intelligence agencies the authority to do a limited amount of data collection and at the same time giving them permission to lie about whether they are exceeding the limit is functionally the same as giving them unlimited authority in the first place. Interpreting what any intelligence professional says on the subject, whether to a journalist or under oath to a Congressional committee, is like trying to figure out one of those trick cards that read, on one side, “The statement on the other side of this card is true,” and on the other, “The statement on the other side of this card is false.

2. We know the NSA’s methods are fallible

We are supposed to be reassured to know that the NSA initially gathers only information “outside the envelope” and uses that information only as input to computer models than look for “patterns.” The trouble is, pattern-finding models are prone to errors. How do we know? We know because Wall Street hires a lot of people to do the same thing. Wall Street firms can pay higher salaries than the NSA, so they presumably get first pick of the best pattern searchers. Still, they make mistakes, sometimes big ones, as happened in the infamous London Whale episode. In the best case, their models are right more often than they are wrong—right often enough to make money for JPMorgan Chase and right enough for the NSA to catch some bad guys.

Still, any statistical models, no matter how sophisticated, have to be calibrated in a way that turns up a lot of false positives. If they are not, they will miss too many true positives. On Wall Street, false positives result in bad trades. In the intelligence world, false positives result in God knows what.

At best, the subject of an intelligence false positive might be hassled at airport security. At worst, if the false positive is unlucky enough to live in Waziristan or Yemen, he may find himself in the crosshairs of a drone. The CIA does not always know the specific identity of its targets. As reported in the Los Angeles Times and elsewhere, the agency also conducts so-called “pattern of life” strikes, which means killing people who it thinks, on the basis of computer models, are probably dangerous terrorists. Those programs, too, are of necessity calibrated to tolerate some nonzero level of false positives.

Let’s suppose you are a false positive and you are lucky enough only to end up on a no-fly list instead of in the crosshairs of a drone. At that point, you run up against another aspect of fallibility—that of the process through which you can appeal to get off the list. Here is how the ACLU describes its attempts to get help one group of no-fly list victims.

Our brief [in the case Latif v. Holder] highlighted the utter irrationality of the government’s No Fly List procedures. The plaintiffs in Latif all flew for years without any problems. But more than two years ago, they were suddenly branded as suspected terrorists based on secret evidence, publicly denied boarding on flights, and told by U.S. and airline officials that they were banned from flying—perhaps forever. Each of them asked the government to remove them from the No Fly List through the only “redress” mechanism available—the Department of Homeland Security Traveler Redress Inquiry Program. But the government has refused to provide any explanation or basis for their inclusion in the list. Our clients have been stuck in limbo ever since.

3. We know the NSA’s people are fallible

Beyond the fallibility of the NSA’s computers, we have to worry about the fallibility of their people. One of the most astonishing things about the reaction to Snowden’s revelations is the parade of intelligence officials who have told us that he could not, or should not, have had access to the very information that he has leaked. If one low-level contract employee could bypass the NSA’s internal firewalls, we have to assume that others can as well. Snowden took his information to the Guardian and the Washington Post. Who knows to whom others might be leaking information? To foreign governments or terrorists? Obviously, but there are other possibilities that are not much less worrisome:

• Hedge fund managers have billions to spend in search of patterns of behavior that could be the basis for profitable trades. How do we know they are not planting Snowden-like IT people at the NSA to snoop for such patterns in the Prism database? What would that say about the integrity of our markets, let alone of our government?
• On the same page of the New York Times where Friedman’s column appeared, Original post