A Tale of Two NSA Leaks

By Benjamin Wittes, Robert Chesney
Monday, June 10, 2013, 10:57 AM

The New Republic has just published an essay we wrote over the weekend on the late unpleasantness involving surveillance. It opens:

Former NSA contractor Edwards Snowden sure does know how to change the subject. Only a few days ago, everyone was talking about the excesses of leak investigations. But now, as a result of his set of disclosures to the Guardian and The Washington Post, we’re back on the surveillance state—and the dangers of the leaks themselves.

The New York Times complains in an editorial that “most lawmakers did not know the government was collecting records on almost every phone call made in the United States or was able to collect anyone’s e-mail messages and Internet chats.” The Washington Post describes President Barack Obama as facing “a rash of disclosures that have revealed the extent to which his administration . . . has [cast] a massive electronic surveillance net . . . within the United States that appears to have gathered data on almost anyone with a computer or phone.” Maureen Dowd, writing in the Times, asks with her characteristic snark, “Now that we are envisioning some guy in a National Security Agency warehouse in Fort Meade, Md., going through billions of cat videos and drunk-dialing records of teenagers, can the Ministries of Love and Truth be far behind?”

The first of Snowden’s bombs detonated in the Guardian, which started the ball rolling by disclosing that the FISA Court had ordered Verizon Business Services to produce all metadata—information about who is calling whom, when, and for how long, though not the contents of any call—for calls within or with one end in the United States. The Washington Postimmediately followed with a story revealing the NSA’s PRISM system, which reportedly involves agreements between the government and an array of U.S.-based internet companies (like Google and Facebook) that enable the NSA to monitor the online communications of non-U.S. persons believed to be physically located outside the United States. Both stories made a tremendous splash, and they quickly blended together in the media’s mind.

At a high-level of abstraction, it does make some sense to lump these stories together. They both concern the tension between privacy and the need to collect intelligence in the context of evolving technologies—and the leaks, of course, came from the same source.

But at another level, conflating these two stories is a big mistake. They are by no means of equal weight and importance when it comes to informing the public about the government’s data-collection and monitoring powers. ThePost story actually tells us little we did not already know—other than operational details that may prove of considerable use to those seeking to avoid NSA surveillance. By contrast, the Guardian story reveals a genuinely surprising and significant government legal position—albeit one apparently accepted by the FISA Court and congressional oversight leaders for a number of years---with important implications for the future of big data in government collection, surveillance, and intelligence authorities.