President Bush has tried to be reassuring in defending the National Security Agency program of electronic eavesdropping on telephone calls between people in the United States and possible terrorist suspects overseas that was disclosed last December: “One end of the communication must be outside the United States.”
Along with many legal scholars, we are still convinced that program is illegal under the Foreign Intelligence Surveillance Act, which was passed following the disclosure of massive wiretapping programs in the 1970s and set up a secret court to issue warrants for surveillance of Americans. The fact that Gen. Michael Hayden, the CIA director-appointee who ran the NSA program, has expressed a willingness to “bring the program under federal law” suggests we are not wrong.
So now comes the news that the wiretapping program was small potatoes. Using data provided by AT&T, Verizon and BellSouth, the NSA has been secretly collecting the phone records of millions of Americans, with the goal of assembling a database consisting of every phone call placed in the United States. The idea is to use “data mining” to detect patterns or anomalies in telephone use that could lead authorities to identify terrorists.
The confidential sources who revealed the program to USA Today say it only collects telephone numbers, not names, addresses, Social Security numbers or other data. But it is easy to find a person’s identity from a phone number, and it would be amazing if that hadn’t been done.
There are several problems here. The first is that it is probably illegal for the National Security Agency, which was formed to monitor overseas communications, to collect this data in secret. In addition to the NSA charter, the Communications Act, first passed in 1934, has privacy provisions that seem fairly clear: Phone companies are not allowed to share data about customer calling habits unless presented with a warrant, and the fines can be stiff.
Second is that the program is probably useless when it comes to detecting terrorism. Jim Hall, director of information policy studies at the Cato Institute, who serves on a Department of Homeland Security data privacy committee and has discussed the issue with numerous experts, said data mining can be useful when looking for common patterns, like how a thief might use a stolen credit card. But terrorist acts are uncommon. One is more likely to get 99 percent false positives, which will lead to a waste of investigative resources, than to prevent a terrorist attack through this method.
It may be very American to be fascinated with the potential of technological fixes. Even aside from the privacy concerns — and they are serious — this looks like an enormous waste of time and taxpayers’ money. It should be ended immediately.