You don’t need a wiretap to hear what people are saying about the National Security Agency’s phone surveillance program. The program’s details, disclosed in a secret court order leaked to the Guardian, show that at least one major company, Verizon, has been legally required to give the government information about its subscribers’ communications. “An astounding assault on the Constitution,” says Rand Paul. “Obscenely outrageous,” says Al Gore. “Beyond Orwellian,” says the ACLU.
Chill. You can quarrel with this program, but it isn’t Orwellian. It’s limited, and it’s controlled by checks and balances.
The program’s purpose, according to administration officials and knowledgeable members of Congress, is to find out who’s been calling or receiving calls from phone numbers linked to known or suspected terrorists. If Tamerlan Tsarnaev had been in contact with somebody flagged as a possible jihadist operative, this is the kind of surveillance that would have brought him to the attention of counterterrorism investigators, even without Russian assistance.
The leaked order is certainly worth discussing. It confirms that previous lines have been crossed. It’s now clear that the surveillance program, which was known to have been conducted under President Bush, has continued under President Obama. Moreover, there’s no requirement that at least one party to the call must be foreign. The order includes calls “wholly within the United States.” Nor is there any requirement that the government show probable cause to justify its demand for any particular record. It only has to offer “reasonable grounds to believe” that the records being sought are “relevant to an authorized investigation.”
But the program is also restrained in several ways. Here’s a list.
1. It isn’t wiretapping. The order authorizes the transfer of “telephony metadata” such as the date and length of each call and which phone numbers were involved. It doesn’t include the content of calls—which is more tightly protected by the Fourth Amendment—or the identity of the callers. In short, the targeted data are mathematical, not verbal. They’re the kind of information you’d request if you were mapping possible extensions of a terrorist or criminal network.
2. It’s judicially supervised. The leaked document is a court order. It was issued by the Foreign Intelligence Surveillance [FISA] Court. To get the Verizon data, the FBI had to ask the court for permission. The Bush administration used to extract this kind of metadata unilaterally. The Obama administration has changed the rules to bring in the court as an overseer.
3. It’s congressionally supervised. Any senator who’s expressing shock about the program is a liar or a fool. The Senate Intelligence and Judiciary Committees have been briefed on it many times. Committee members have had access to the relevant FISA court orders and opinions. The intelligence committee has also informed all senators in writing about the program, twice, with invitations to review classified documents about it prior to reauthorization. If they don’t know about it, they weren’t paying attention.
4. It expires quickly unless it’s reauthorized. The leaked order was issued on April 25 and expires on July 19. That’s the way these orders have worked for years: The court has to review and reapprove the surveillance request, or the authority to transfer the records expires.
5. Wiretaps would require further court orders. The reason the leaked order is so broad is that it applies only to metadata. If, after looking at its map of phone numbers, the government decides that yours might belong to a terrorism suspect, it can seek further information, including the content of your calls. But in that case, it has to ask the court for a separate order, which in turn would require enough evidence to override your Fourth Amendment rights.
Is government surveillance worth worrying about? Sure. But even broad surveillance, per se, isn’t outrageous. What’s important is that the surveillance be warranted by real threats, appropriately limited, and supervised by competing branches of government. In this case, those standards have been met.
While you were tweeting an Instagram of your home-cooked tikka masala last night, we learned that the National Security Agency (NSA) has been collecting data on millions of Verizon customers. The Guardian published the full top-secret court order that forced Verizon to deliver customer information daily to the NSA. In essence, this meant that every time my 3-year-old daughter called to tell me that her imaginary friend Spiral Bunny just recited the alphabet, the NSA probably knew about it. It also knew that I was traveling on a high-speed train somewhere outside of New York City, and that she was sitting at her easel in our home. The fact that I’m actually an AT&T customer doesn’t exclude me from data collection, since my daughter calls me from a Verizon mobile phone.
When I read about the news last night on my various connected devices, I was shocked. But not at the revelation. Rather, I was taken aback that so many people were surprised and enraged by the blanket surveillance.
The reality is that we all live in clouds of deeply personal data, and we carry that information everywhere we go and in nearly everything we do. Stop for a moment, and think about all of the services you use and the conveniences you enjoy. Do you really think that Verizon is the only company divulging your information? Or that the NSA is the only organization doing the monitoring?
As an exercise, I thought about my average day, and what kind of data I'm creating and broadcasting. After a morning routine that involves checking my Nexus phone, responding to email, and reading through/posting to Twitter, Facebook, and LinkedIn, Google Now tells me that I’m about to be late for my train to New York—and that I need to bring my umbrella. Google Now knows this because it’s constantly monitoring my schedule, email, and messages, along with local traffic and weather.
I hop into my car and Google Now tells me to take a different route than usual because of an accident on the freeway. Once at the train station, I use my MasterCard for entry into the parking lot, ditch my car and run up three flights of stairs to the waiting area. (I know it’s three flights, because my Fitbit is tracking all of my daily movements and transmitting that information to both my phone and to Fitbit's servers.) Along the way, I’ve counted six CCTV and security cameras, and those are only the ones in plain sight.
On the train, I show the conductor a QR code on my phone, which is my Amtrak ticket. She scans it with her own phone. The guy across from me is talking aggressively on his phone about some big digital ordeal at work. The conductor and I exchange a silent, knowing glance. Curious to know who he is, I sneak a look at his name, which is displayed at the top of paper ticket he printed out at the station. Seconds later, I’ve looked him up on LinkedIn, Spokeo, and Sonar and I know that he’s the chief marketing officer at a huge financial services corporation. I also know where he went to college, that he drinks Dewar's, and that he plays golf. I’ve also accidentally downloaded a picture of his house. I purposely leave my own profile visible, so that after I chat him up about his company, he’ll see my name pop up on his own LinkedIn profile and remember that I had great ideas to help his company with that big digital problem.
My train arrives in New York, and I begrudgingly check into Foursquare. It’s a network I don’t really benefit from anymore, but a few of my friends still use the social-local network and will see that I’ve arrived. Throughout the day, I attend Skype conference calls, buy lunch with my AmEx, search walking directions from Time Warner to a conference where I’m speaking that afternoon. It winds up being too far to travel on foot, so I open Uber and broadcast my location to town cars looking for a quick fare across town. As I wait to get picked up, I log onto Amazon to buy a replacement iPhone charger. I ignore the suggested purchase on my screen: a set of pink Bridgestone golf balls.
Eventually, I text my husband to tell him I’m running 15 minutes late. I know that, he texts back. Waze, an app we sometimes use, has already messaged him.
Before all of this technology, I would’ve been stuck in the country's worst traffic on a truly awful, time-wasting commute. I’d have been soaking wet, lost, and clutching a piece of notebook paper covered in illegible shopping lists and reminders.
By definition, you’re surrendering your privacy by using your phone. Companies like Verizon have to locate you geographically in order to connect you to a tower that then connects back to a central service station. All of those shiny Foursquare badges appear because you’ve fulfilled a certain number location requirements by sharing your physical whereabouts. We’re reminded by virtual assistants to bring our umbrellas and to leave earlier than we’d planned because we engage multiple services to store our calendars, itineraries and emails. Remember, the only way sophisticated technology like this works is via willing participation by vast groups of users like us.
All of this convenience and efficiency requires sacrificing our personal data. I discovered last night after the Guardian broke the NSA/Verizon news that the only thing different between me and the vast majority of technology users in the U.S. is that I knowingly share my data while others do it unwittingly.
This is the sort of thing we heard about repeatedly during the George W. Bush era. Remember warrantless wiretapping? The Patriot Act? Verizon isn’t even the first provider called into question. Back in 2008, the Electronic Frontier Foundation filed suit against the NSA and other agencies on behalf of AT&T customers for widespread surveillance. And just last year, Verizon and MasterCard both said publicly that they’ve been mining customer habits and selling that data to advertisers. One of Verizon’s marketing execs, Bill Diggins, said that “data is the new oil” during an industry conference.
The very organizations you rely on for convenience rely on you for monetization and national security.
Before you argue that this infringes on our liberty, privacy, and free speech, consider the Boston Marathon bombing. The attackers were found and caught precisely because we submit to constant surveillance. A photo posted to social networks, combined with CCTV, mobile broadcast signals, and hordes of overnight activists allowed us to find two out of 600,000 people. (To be sure, this very same technology was also to blame for misreporting, possible libel, and potentially another death.)
I’m certainly not shilling here for big credit card companies, who turn your data over to advertisers. Or for the NSA for that matter. That said, it's 2013, not 1942. Violence isn't just restricted to remote battlefields. It's arrived at our national monuments and our neighborhood sidewalks. The fact that our data is being transmitted for purposes outside of our personal information clouds isn't good or bad. It's our inevitable and present reality.
There are serious social and legal repercussions when we allow a government or any organization unfettered, ubiquitous access to personal information. There are also serious repercussions when citizens don’t stop to think about the personal data they’re sharing, with whom and for what purpose. You may not be able to stop sharing that data, but you certainly can know what it is that you’re broadcasting.
....for your consideration....