The NSA’s Surveillance Order — Legal, But Unwise?

The revelation that the National Security Agency (NSA) has secured a court order directing Verizon to provide it with call data has sparked controversy. And, rightly so. If the order is genuine (and nobody has denied that it is), it reflects a significant expansion of America’s surveillance apparatus – one that should at a minimum be closely examined.

First, some details. The order applies only to “meta-data” of calls: the phone numbers called, the location of the cell phone when the call was made, and the time and duration of the call. So the order does not require Verizon to let the NSA monitor the conversations or other content of the calls.

Also, the order applies both to international calls and to calls occurring wholly within the United States. Verizon is required to update its compliance “on a daily basis.”

Finally, though the order disclosed Wednesday applies only to Verizon, the logic of the request supports an inference that similar orders have been issued to other major telecommunications carriers like ATT & Sprint.

In short, the order appears to give NSA blanket access to the records of Verizon customers’ phone calls –foreign and domestic—made between April 25, when the order was signed, and July 19, when it expires.

Of course, if the order is only the latest in a series of orders (as also seems likely), then the access may go back for quite some time.

To a large degree this revelation it is not unexpected. We are a country still at war against Al Qaeda and its affiliates.

As such, we need to have counterterrorism tools, such as Section 215 of the PATRIOT Act, which was apparently used in this case. And, though we don’t yet know the details, it is important to note that since 9/11, the powerful tools have been modified and amended to maximize the protection of civil liberties to the extent possible.

Here, the FISA court issued an order allowing for telephone calling data only, not the content of any calls. Such data are critical for link analysis — connecting the dots between phone numbers in terrorist investigations.

That is constitutional.

Meta-data are not currently protected under the Fourth Amendment, and the large-scale collection of that meta-data remains lawful.

On the other hand, it is uncertain how the NSA was allowed to collect information on U.S. citizens within the United States.

Historically, both law and policy have limited the NSA to collecting signals intelligence only when it involves foreigners. Presumably there is some underlying procedural or legal limitation that insures that the NSA’s actions conform to law – but to date we don’t know what that is.

Finally, whatever its legality, the entire order is remarkably overbroad and quite likely unwise.

It is difficult to imagine a set of facts that would justify collecting all telephony meta-data in America. While we do live in a changed world after 9/11, one would hope it has not that much changed.

Cybersecurity and the Chinese Hacker Problem

Earlier this month, I did a podcast on the Chinese Hacker problem with Richard Bejtlich.  Richard is the Chief Security Officer for Mandiant — the company that published the high-profile report on how Chinese hackers are tied to the Chinese military.  Here is a summary of the podcast:

A few weeks ago Mandiant, a private cybersecurity firm, released an explosive report attributing an epidemic of Chinese cyber espionage to the Chinese army. In light of this report and other intelligence findings, the New York Times reports that the Obama Administration has publicly called on the Chinese government to intervene directly to end such cyber attacks from its own military. Richard Bejtlich, the Chief Security Officer for Mandiant, discusses the content of that report. Our other cyber expert, Paul Rosenzweig, joins to discuss what, if anything, the United States should be doing about this problem. This previously recorded conference call is a part of a new Teleforum series on Cybersecurity and Public Policy.