Internet Metadata Collection

Desperately Seeking Substance (Not Slogans) in Review Group Report on NSA Surveillance

By Peter Margulies
Thursday, December 19, 2013, 3:00 PM

While the Report of the President’s Review Group (see Ritika’s post here and Ben’s here) has already generated classic Washington-style buzz because of its criticism of the NSA’s bulk collection of metadata, the real embarrassment should be felt by the Review Group itself.  Its analysis of a central point – whether bulk collection is an effective counterterrorism tool – is scandalously slender.  Moreover, the Report is awash in unacknowledged contradictions that compromise its most far-reaching recommendations.  Critics of the bulk collection program will doubtless hail the Report, especially as it follows on the heels of Judge Leon’s decision.  More dispassionate readers may view the shelf life of each as short.

In recommending the termination of the current program, the Report discounts the program’s effectiveness in a conclusory fashion.  Labeling the program “not essential to preventing attacks,” the Review Group finds insufficient the government’s assertion that bulk collection supplied twelve tips for further investigation in 2012 alone.  Apparently, twelve tips are too few.  However, this kind of numerical judgment is far too hasty.  Even one tip is sufficient, if it leads to useful information on terrorism.  Take the Zazi case, where government officials have testified that the bulk collection program helped in the timely identification of co-conspirators in a plot to bomb New York’s subways.  That role should earn the program some props.  However, while the Report mentions the Zazi case in its favorable comments on section 702 and foreign surveillance, the interaction of 215 and 702 receives little attention.  Indeed, the entire issue of effectiveness rates only one page in a 300-page opus.

Actually, the effectiveness issue gets even less than a page, because the Report takes up some of that space with claims about feasible alternatives to bulk collection that don’t dovetail with its other findings.  The Report claims that any useful information obtained through bulk collection “could readily have been obtained in a timely manner using conventional section 215 orders” tailored to specific targets.  However, the Report’s subsequent discussion casts doubt on its claims of timeliness.  Discussing an alternative it prefers – entrusting bulk collection to the private sector – the Review Group concedes that this approach would be “less efficient” and could engender “problems in querying multiple, privately held data bases simultaneously and expeditiously.”  Exactly so.  The Report’s preferred solution is a new private sector entity that would assume the collection function now handled by the NSA.  However, the Report nowhere explains how this private sector entity would dodge the potential for abuse that the Report fears.   

This omission is peculiar, because the lion’s share of the Report is about the potential for abuse, not the reality of steadily improving compliance.  This concern with abuse often submerges vital information about checks currently in place, such as the FISC.  The Report admits that the FISC has been a substantial check on the government, for example by engaging in an iterative process that reins in initial government requests before granting them in modified form.  The Report also acknowledges that the bulk collection program requires that analysts query metadata only with a small number of identifiers approved by responsible NSA officials as triggering “reasonable and articulable suspicion” (RAS) of links to terrorism.  However, the Report then finds these safeguards inadequate, again without analysis.  Instead, the Report resorts to sloganeering, warning about the chill to freedom of speech when “government is one flick of a switch away” from massive amounts of metadata.  A more balanced report might have conceded that compliance problems with bulk collection---such as the use of non-RAS-approved identifiers---faded by late 2009 as the government implemented new safeguards required by the FISC.  However, a focus on facts might have diminished the space available for slogans.

The problems with the Report’s most drastic recommendations should not obscure the merit in some of its proposals.  For example, more extensive reporting to Congress is clearly vital (although a diligent legislator could obtain more than enough information pre-Snowden; see Ryan Lizza’s New Yorker profile of persistent bulk collection critic, Oregon senator Ron Wyden, which Tim Edgar posted about last week).  Furthermore, the public should now receive access to FISC decisions more regularly and comprehensively.  In addition, the FISC might benefit from an independent voice that could supplement the government’s on important requests.  On these issues, the Report can build momentum for change, complementing Senator Feinstein’s reform bill, already approved by the Senate Intelligence Committee.  Accepting the importance of those changes does not require endorsing the Report’s more extreme recommendations, which would compromise security without adding much to liberty – a bad bargain all around.