Secrecy & Leaks

Susan Landau on Minimization

By Wells Bennett
Tuesday, June 18, 2013, 8:00 PM

The following is a guest post by Susan Landau, author of Surveillance or Security? The Risks Posed by New Wiretapping Technologies.  That work is obviously relevant to current events, and to her chosen topic of minimization:

Things we should know include:

o Does the metadata minimization mean that the target's metadata can be searched if the target is a member of several groups, none of which are questionable on their own, but whose combination does trigger a search? The groups might be a mosque where there is some political discussion happening, a student group in support of a Palestinian state, and an Islamic study group? (Or it could be the St. Andrew's Lodge, the Long Room Club, and the Boston Committee of Correspondence; see Shin-Kap Han's charming study of Paul Revere's role in the American revolution.)

o Does minimization mean that the target's metadata can be searched because she is in frequent close proximity of a known target (where close proximity might be location, or it might be some other criteria)? What if the known target is in a popular location, say if Tamerlan Tsarnaev had been working and thus leaving his daughter in day care each morning? Would the parents whose children attended the same center also be under reasonable suspicion based on the specific and articulable facts because their phone was in close daily proximity with Tsarnaev's?

o Does minimization mean that that the target's metadata can be searched because he is "distance two" from a target (the target communicates with someone who communicates with the person)? What controls are in place if the person in the middle is someone who communicates frequently with many people, e.g., a plumber or taxi dispatcher?

o Does minimization allow the NSA to search the database for curious communication pattterns? If small terrorist groups have a characteristic communication pattern (e.g., a small cell that communicates only with each other, with exactly one member of the cell occasionally calling a Pakistani number not known to belong to a terrorist organization), do all groups that have such a communication patterns fall under suspicion?

The argument against revealing minimization details is that it could compromise the program's effectiveness. But handing such personal information over to the NSA without public discussion and clear rules governing use makes a mockery of the Bill of Rights. Two questions msut be answered. Are we are willing to have telephone companies give all call metadata to the government? If yes, what minimization rules should govern the use of this data? What oversight and audit will exist?

There are ways we could discuss the general shape of minimization without discussing specific rules in detail. Consider how the courts handle the FBI's use of the "Computer and Internet Protocol Address Verifier" (CIPAV), a software tool for probing a computer to find out IP and MAC addresses, open communication ports, and similar data. In court cases, the fact that CIPAV has been used is public, but how the software works is not. An analogous model could work for the government's use of telephone metadata. For example, we should know if it takes a single hit on one of the above criteria to create "reasonable suspicion"? Or is there a threshold that must be reached before NSA can access an individual's metadata? What flavor of criteria constitute "specific and articulable facts"? Is the fourth category --- interesting communication pattterns --- one that is simply out of scope, that is, insufficiently based on "specific and articulable facts" to allow a search? Discussing these rules in public is necessary for these Fourth Amendment searches (which is what phone metadata searches are, even if the law hasn't kept pace).

Thinking more broadly for a moment, it is far from clear that providing phone metadata to the government is a win for security. As the Church Committee pointed out nearly forty years ago, "When Government infringes those rights instead of nurturing and protecting them, the injury spreads far beyond the particular citizens targeted to untold numbers of other Americans who may be intimidated. Persons most intimidated may well not be those at the extremes of the political spectrum, but rather those nearer the middle." Though the report was focusing on political activity, those words have particular resonance in investigations of terrorism cases. As we know from London, the voices of moderation are the ones most likely to inform the police to, "Watch out for young so-and-so." Such warnings will happen only if the government is trusted; excessive surveillance undermines such trust.

A former spook once said to me, "NSA needs to be able to do its job; but the law doesn't need to make it easy." The data minimization requirements should be no more than what enables NSA to do its job and no less than what is needed to keep intact our personal privacy and security. We must have a public discussion of the minimization rules --- even if not all aspects of the rules themselves can be made public.