Thursday, June 13, 2013

Who Cares About Surveillance?

The Washington Post reported that most Americans don't care that much about recent surveillance disclosures. Perhaps this is because there is bipartisan agreement among Congressional leaders that everything being done is kosher and necessary, and because the president has also weighed in reassuring the public that nobody is eavesdropping on their phone calls. Perhaps it is because it is hard to get worried about anything you don't notice and whose effects you can't see. Perhaps it's because we are now too distant in history from European surveillance states; the fall of the Soviet Union was a long time ago from the perspective of a college student, and Nazi German is the stuff of old movies. (Do they even read 1984 in schools any more?) There is North Korea of course, but people think of that place as so remote and isolated as to be almost a joke (unless they have Korean relatives). As danah boyd has observed (meandering thoughts on the NSA scandal), activists care, but activists are the ones most likely to commit speech and thought crimes.

It seems not to be taken for granted by most Americans that whether the surveillance is unconstitutional is not a matter for consensus decision, since it involves infringement of the Fourth Amendment. As the Washington Post reports, "while it might be fine for your neighbors to let the government inspect their personal lives, it’s not okay for your neighbors to say it’s fine for officials to inspect you. 'The whole purpose of the Bill of Rights was to protect the minority from the will of the majority,' [Professor Lori Andrews] says."

The Washington Post and the Guardian may have muddied the waters by going to press too incautiously with reporting based only on the infamous PowerPoint presentation and on Edward Snowden's interview. The first version of the Post's reporting was walked back in significant respects with very little notice. Declan McCullagh, a respected digital-affairs reporter, has concluded that there is no evidence that the NSA has direct access to Internet service provider servers, as the Guardian and the Post declared and as Facebook and Google denied. Maybe those PowerPoint slides were the work of an overzealous marketing flak. If the newspapers that had the scoop got it wrong, it becomes easier for the public to be reassured that there is nothing creepy or improper going on.

Yet we still don't quite get how the surveillance systems work, and it is reasonable to mistrust what the NSA says since it plainly has misrepresented things in the past. Even if all that exists is the "metadata" log of all US telephone calls -- which could well have been lawfully collected -- that would surely be inconsistent with Director of National Intelligence James Clapper's Congressional testimony that the NSA does not hold any information on tens or hundreds of millions of Americans. (Not to mention last year's testimony that the NSA can't scan email of Americans because it does not have the technology to do so.) I for one think a version of Kerckhoff's Principle should be honored here: The system itself should be public knowledge, though not of course anything about what the system has revealed. Knowing how the system works will make us more secure, not less, because it will reduce the reliance on "security through obscurity." (Cf. Blown to Bits.) 

With so much about the surveillance system still undisclosed, I wonder if the following could be true. As I said in the Washington Post story cited at the top, it would be very cheap to record and store all US telephone calls. Audio is highly compressible; a back of the envelope calculation suggests the government could store a whole year's telephone calls -- all of them -- for a small number of millions of dollars, given the low cost of massive storage units. What is preventing the government from doing that is, presumably, wiretap law. Could the calls be lawfully be recorded by the government, but listened to only after issuance of an appropriate court order? Could the recordings be made by the telcos and held in dead storage, but turned over to the government in response to a narrow and specific court order? I am not a lawyer.

One hates to raise paranoid fears on the basis of a couple of unguarded statements, but consider these.

A CNN exchange on May 1, 2013 between interchange between Erin Burnett and a former FBI counterterrorism expert.
BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It's not a voice mail. It's just a conversation. There's no way they actually can find out what happened, right, unless she tells them?
CLEMENTE: No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It's not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.
BURNETT: So they can actually get that? People are saying, look, that is incredible.
CLEMENTE: No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not.
OK, let's not get too excited. But was this just a slip of Senator Feinstein's tongue, from today's New York Times? My emphasis:
Analysts can look at the domestic calling data only if there is a reason to suspect it is “actually related to Al Qaeda or to Iran,” she said, adding: “The vast majority of the records in the database are never accessed and are deleted after a period of five years. To look at or use the content of a call, a court warrant must be obtained.”
I thought it was only metadata, the phone numbers calling and called and the date and time and length of the calls, that were being logged.  Not the content of the calls.

It is hard not to wonder. It is easy to log all the metadata for all domestic phone calls and we now know it is being done. It would be easy and cheap to record all the phone calls being made in the U.S. If the government is not doing it, it's not because they haven't thought of it, and it's not because it would not be useful to do it. It can only because there are legal barriers, and with recent revelations about uses of the PATRIOT Act that have surprised even the bill's primary author, it is hard to be sure where the limits of existing laws actually are.


  1. The Bamford 2012 Wired article (here: seems to say that widespread recording and analysis of phone calls, emails, etc. is precisely what is happening (the article doesn't seem to say that everything is recorded). There are two paragraphs that state that the NSA has access to the AT&T and Verizon call data, which is what Snowden confirmed (for Verizon anyway).

    1. Wow, thanks for that. How many spooks were declared enemies of the people for leaking stuff to this reporter? Really, none?

  2. Just in case in slipped by your attention, here's a wonderful explanation of how some tidbits of metadata can yield insight into social networks.

    Obviously call data could be quite useful to law enforcement and anti-terror teams but the ends do not justify the means. Particularly when, as you observe, justified means seem to be within easy grasp.

    1. The use of metadata is a classic example of the B2B maxim, "More of the same can be a whole new thing." Phone call metadata, what used to be called pen register data for reasons that I think go back to the beginning of telephony, has an entirely different legal status from the content of phone calls. The logic is, "You told Verizon whom you wanted to call, and once a third party knows, it's not so bad if the government knows too." That was before the days of big data analysis, and as someone said, it's quite different to look at one dot of a Seurat painting than to see the whole painting. So for the metadata aggregation and searching to be disallowed, there would have to be some artificially imposed limit on the government gathering data that it can lawfully get a little bit at a time. That is why I said the phone logs may well have been lawfully acquired.

      For email there is an additional confusion. The difference between data and metadata is much fuzzier for email than for phone communications, since an email is just a bit string, in which a few bytes at the beginning are the header and the rest is the message itself. Once you have the email in hand, you can decide not to peek at the body, or you can force it through a filter that discards the body and just keeps the header, but it doesn't natively come, as a phone call does, with categorically different data and metadata.

  3. Another reason why people might not be to upset about Gov invaation of privacy is people already put lots of stuff
    about themselves out there (e.g., facebook). And also the
    expecation that (as noted in B2B) LITTLE brother is watching-
    we are invading each others privacy anyway.

    This is not a good thing- I"m just speculating WHY people are not more upset.

    Another possible reason- and I hate to sound partisan here-
    if W did this there would be more of an outcry because
    defending our privacy rights is more of dem thing
    (and also libertarians). Similar to the Drone program not
    getting much outcry. If the BP oil spill happened under W
    we would never hear the end of it. ANYWAY, this may also be a contributing factor.

  4. Judging by the CNN poll numbers out today, young people may be starting to care a little. Perhaps they just have an inchoate, nagging feeling that something is not right -- that there are things going on that maybe someone should be thinking about. The 2009 G-20 news story today may matter too. I'm optimistic.