The headline story of Tuesday’s House Intelligence Committee hearing with NSA Director Keith Alexander was the disclosure of four terrorist plots, which his agency’s PRISM Internet data analysis program and sweeping phone metadata collection were credited with preventing. It was an unusual revelation in an unusual setting — as Chairman Mike Rogers (R-Mich.) noted, “We think it is important to hold an open hearing today, though we don’t have many of those.” One of the four examples, a plot to bomb the New York City subway, was discredited a week ago, but Alexander claimed there have been over 50 such episodes of disruption thanks to the leaked programs.
There were also new details about the programs themselves as well as oversight procedures. But the explanations provided by Alexander and other officials representing the NSA, FBI, and Department of Justice seemed carefully rehearsed with Rogers and Ranking Member Dutch Ruppersberger (D-Md.). It was the most choreographed hearing I have ever covered—but there were still some attempts to answer questions that have been on the public’s mind. Let’s take a look at those.
Does the NSA Track Your Location with Metadata?
Alexander said that PATRIOT Act Section 215, regarding “business record sharing,” is only used by the NSA to access telephony metadata, a technical term for information such as call logs and phone numbers. Although he said this capability may have let law enforcement officials identify that a 9/11 hijacker was calling a known terrorist in Yemen from San Diego, he and the other officials asserted repeatedly that NSA does not collect cell tower or other location data.
This appears to contradict the leaked Foreign Intelligence Surveillance Court order to Verizon. Electronic Frontier Foundation Senior Staff Attorney Kurt Opsahl said in an interview that the order explicitly mentions “trunk identifier” data, and indeed it appears to include them in the “telephony metadata” it demands. Trunks are communication network nodes that branch out to multiple cell towers. Knowing what trunk a mobile phone’s signal was routed through indicates a general location range, but a location nonetheless. This seeming contradiction was not addressed in the hearing. (The court order specifies all phone lines, which includes landlines that are likewise tied to specific locations.)
Who Can Access Your Metadata?
Officials stated that telephony metadata collected under Section 215 are automatically deleted after being stored for five years in an archive segregated from the NSA’s other intelligence databases, without any addresses or personally identifiable information. Of the sprawling NSA staff, 20 analysts and two managers can access the information. Among them are General Alexander and fellow witness Robert Litt, General Counsel in the Office of the Director of National Intelligence (DNI). In most cases the FBI, not the NSA, analyzes database entries as part of an investigation. The NSA simply passes them along. Alexander noted that only 10 senior NSA officials can approve the dissemination of information such as metadata attributable to U.S. persons. By implication, data are only attributed after being pulled from the archive.
Access requires “reasonable, articulable suspicion” that independent evidence links an individual to a known terrorist organization. The Foreign Intelligence Surveillance Court (FISC), a special federal court created by FISA to deal with classified intelligence matters, approved less than 300 such queries in 2012, rejecting 11 requests of any kind since 1978 out of roughly 34,000. Since the FISA court is the only judicial branch check on the NSA, this raises obvious questions about the the robustness of oversight and the breadth of data collection. Every major American telecom shares metadata à la Verizon. This entails hundreds of millions of innocent U.S. citizens’ records.
What Oversight Does The NSA Face?
A resentful Litt defended the FISC’s oversight, noting that in many cases judges “push back” against requests, requiring more information and explanation. Such an iterative process “is hardly a rubber stamp” he declared. The many layers of oversight he alluded to include a litany of procedures. Among them are Intelligence and Judiciary Committee briefings, NSA internal reviews with the cooperation of the DNI and Attorney General, and strict requirements to report any compliance issues to the FISC, which in turn “pushes back,” demanding an explanation of what happened and how it will be subsequently prevented. Likewise, NSA is required to report novel judicial opinions, i.e. significant new interpretations of Section 215 and other statutes by FISC, to the aforementioned congressional committees, as well as the relevant requests and files.
However, the FISA court remains secretive and non-adversarial. Only the government represents itself as plaintiff; respondents cannot respond to charges or appeal decisions of which they are unaware. Last week I asked Senator Lindsey Graham (R-S.C.), an Air Force JAG lawyer, if this non-adversarial element concerned him, to which he responded, “I don’t intend to have an advocate for the terrorists there.” I followed up by asking if those suspected of committing a crime are really terrorists (without mentioning the presumption of their innocence). He dismissed the basic proposition: This is not a criminal matter he said, but a war. By implication, such legal principles do not apply. To be fair, this is his personal view, but it illustrates the gulf between the FISC and other Federal Courts.
One of the compliance issues NSA faces is the accidental collection of American citizens’ Internet communications by the PRISM program. The officials stressed that under FISA Section 702, the program can only target non-U.S. persons overseas, with special protections against “reverse targeting” of individuals who do not qualify under this standard through contact with someone who does. Any inadvertent collection of domestic information or a citizen’s data is reported and the files immediately expunged. However, this and other procedures are ultimately carried out and verified behind closed doors, mostly by a cadre of powerful intelligence officials. Indeed, internal NSA controls were emphasized as a key safeguard against abuses of power.
Why Does the NSA Collect Your Metadata?
After the hearing adjourned I asked Chairman Rogers what he would say to hundreds of millions of Americans whose phone records are being archived, given that the practice was previously denied by Director of National Intelligence James Clapper. He dismissed my premise and focused on explaining that the content of communications is not accessible under PATRIOT Section 215, attributing the controversy to public confusion on this point. Then he alluded to General Alexander’s comment that current technology and legal variances among different telecommunication firms essentially necessitate the present arrangement given the need for fast action when national security is threatened.
However, he noted earlier that slightly more than ten of the cases mentioned involved a domestic terror nexus, a vast majority of which involved the Section 215 program. Since FISA Section 702 prohibits domestic surveillance, this leaves a few unexplained cases, ostensibly covered by neither program yet cited as examples of their utility. There are a few possible explanations.
The officials may have been misrepresenting the facts. An undisclosed domestic surveillance capability may have connected the cases to data from PRISM. Or PRISM may have unearthed overseas communications that made reference to domestic terror activities. The third theory is most innocuous, but these domestic cases were specified during a discussion of telephony metadata and their value. This conundrum illustrates that although the hearing disclosed a lot of information, much remains to be understood about the NSA and domestic surveillance.