Expert Commentary

NSA surveillance: Clarifying and distinguishing two data collection programs

July 2013 Congressional Research Service report providing key background information on the National Security Agency surveillance programs. Also included are related papers and scholarly perspectives.

Disclosures by the media that the National Security Agency is actively collecting data on digital communications and telephone calls has led to a seeming split of opinion among members of the public. For example, in a Pew Research Center/Washington Post survey conducted in June, those polled felt that the NSA’s phone tracking was an acceptable anti-terror tactic. Surveys by Gallup and, more recently, Quinnipiac University, however, indicated more disapproval of government surveillance programs.

One possible explanation for such contradictory opinions is that in surveys, subtly different questions can yield starkly divergent answers. Frank Newport of Gallup has discussed the variations in question wording and their significance. Still, when the exact same question is asked over time, there can be significant trend-lines within polls; Quinnipiac has done this and finds rising civil liberties concerns, as of July 2013. On July 26, Pew released new results that provide insights into this “question wording” conundrum.

Scholars such as Noah Feldman and Archon Fung, among many others, have pointed out that the public needs to be better informed about the broad outlines of the surveillance laws and practices in question in order to ensure basic principles of democratic deliberation. A bipartisan group in Congress, as well as civil liberties and technology groups, are also pushing for more disclosure “so that Americans can have a more informed public debate,” reported James Risen of the New York Times. In July 2013, the Obama administration declassified several documents that shed additional light on the surveillance programs in question.

A July 2013 report from the non-partisan Congressional Research Service, “NSA Surveillance Leaks: Background and Issues for Congress,” seeks to summarize and supplement publicly available information about the two NSA programs currently being operated and to delineate between the scope and structures of the two. Both programs — the collection of domestic phone records, and the collection of foreign Internet-related data — generally operate under the Foreign Intelligence Surveillance Act (FISA), but they rely on different legal provisions.

The Congressional Research Service report notes that the “Obama Administration has argued that these surveillance activities, in addition to being subject to oversight by all three branches of government, are important to national security and have helped disrupt terror plots. These arguments have not always distinguished between the two programs.”

The report’s key points relating to the domestic collection of domestic phone records — the “Section 215” program — include:

  • This program “collects in bulk the phone records — specifically the number that was dialed from, the number that was dialed to, and the date and duration of the call — of customers of Verizon Wireless and possibly other U.S. telephone service providers. It does not collect the content of the calls or the identity of callers. The data are collected pursuant to Section 215 of the USA Patriot Act, which amended the Foreign Intelligence Surveillance Act (FISA) of 1978. Section 215 allows the FBI, in this case on behalf of the NSA, to apply to the Foreign Intelligence Surveillance Court (FISC) for an order compelling a person to produce ‘any tangible thing,’ including records held by a telecommunications provider concerning the number and length of communications, but not the contents of those communications. The FBI must provide a statement of facts showing that there are ‘reasonable grounds to believe’ that the tangible things sought are ‘relevant to an authorized investigation.’”
  • “The program collects ‘metadata’ — a term used in this context to refer to data about a phone call but not the phone conversation itself…. The data must be destroyed within five years of acquisition. Information collected does not include the location of the call (beyond the area code identified in the phone number), the content of the call, or the identity of the subscriber.”
  • “On June 27, 2013, The Guardian published an article alleging that NSA previously collected the metadata for Internet-based communications (email being the prime example) for Americans inside the United States. A spokesman for the [Director of National Intelligence] confirmed The Guardian’s account but said this program was discontinued in 2011. Intelligence officials have stated that, pursuant to the same FISA authorities, NSA does not currently collect in bulk the metadata of these types of communications.”

The report’s key points relating to the domestic collection of foreign Internet-related data – the “Section 702” program, also known as “PRISM” — include:

  • “A fact sheet provided by the DNI stated that PRISM is an internal government computer system used to facilitate access to these communications. This collection program appears largely to involve the collection of data, including the content of communications, of foreign targets overseas whose emails and other forms of electronic communication flow through networks in the United States. Compared to the breadth of phone records collection under Section 215, this program is more discriminating in terms of its targets but broader in terms of the type of information collected. Beyond that, the scope of the intelligence collection, the type of information collected and companies involved, and the way in which it is collected remain unclear. Examples cited by the Administration include the email content of communications with individuals inside the United States, but in those cases the targets of the intelligence collection appear to have been non-U.S. citizens located outside the United States.”
  • “Section 702 permits the Attorney General (AG) and the [Director of National Intelligence] to jointly authorize targeting of persons reasonably believed to be located outside the United States, but is limited to targeting non-U.S. persons. Once authorized, such acquisitions may last for periods of up to one year. Under subsection 702(b) of FISA, such an acquisition is also subject to several limitations. Specifically, an acquisition: May not intentionally target any person known at the time of acquisition to be located in the United States; May not intentionally target a person reasonably believed to be located outside the United States if the purpose of such acquisition is to target a particular, known person reasonably believed to be in the United States; May not intentionally target a U.S. person reasonably believed to be located outside the United States; May not intentionally acquire any communication as to which the sender and all intended recipients are known at the time of the acquisition to be located in the United States; and Must be conducted in a manner consistent with the Fourth Amendment to the Constitution of the United States.”

The Congressional Research Service report also provides detailed background on the legal basis on which the two programs are justified, summarizes arguments for and against them and discusses the nominal oversight provided for each. On the last point, it is also worth considering the perspective of political scientist Tobias T. Gibson, who writes at the scholar blog “The Monkey Cage” about “The Oversight of Too Much Oversight.” For more insight into the NSA’s programs, also see the news analysis article “Network Science at Center of Surveillance Disputes,” in the journal Science.

Related research: In a 2013 paper, “Internet Boomerang Routing: Surveillance, Privacy and Network Sovereignty in a North American Context,” University of Toronto researchers Andrew Clement and Jonathan A. Obar consider the volume of global Internet traffic coming through U.S.-based switches and the problems implicit in these dynamics. “It is worth noting that the prospect of NSA surveillance may also be damaging to the reputation of the U.S. government and its [Internet Service Providers], painting the American government as a ‘surveillance state’ that cannot be trusted,” they write. “The outcomes of this potential shift in reputation could include the political economic consequences of physical layer circumvention efforts by would-be sovereign nations protecting traffic from interception.” Further, a number of academic papers have examined the potential to make data, and metadata, truly anonymous and have concluded that this is increasingly difficult in the digital age, given the power of computation and algorithms to correlate seemingly unrelated pieces of data.

Tags: terrorism, law, civil rights, privacy

About The Author