Up Front

PRISM and Boundless Informant: Is NSA Surveillance a Threat?

Richard Lempert

The NSA’s recently revealed PRISM project allows the NSA to monitor the internet traffic of foreigners, but sweeps up American communicators in the process while the once equally secret Boundless Information program analyzes and is fed in part by metadata on calls routed through Verizon, and it is safe to assume, other telecommunications carriers as well. How concerned should we be?  The answer depends on what one’s concerns are. If the concern is the privacy of one’s own conversations, there is little reason for all but a handful of Americans to lose sleep over this, and those most likely to lose sleep are also most likely to pose security threats.

The programs are somewhat different, but given what we have been told so far, here’s how they are likely to work. The telecommunications data mining appears to be both vast and indiscriminate but only collects so-called metadata; that is, data on which phone numbers called which other numbers, how long the calls lasted, the locations where calls were made and received and the like. No conversations have been recorded, so what was said is forever beyond the government’s reach. If, however, a number called or called from belongs to a suspected terrorist, here or abroad, or to someone whose calling patterns or call locations arouse suspicions, the NSA, FBI or other agency will most likely be able to secure a warrant, based on probable cause, that will authorize listening to what is said in calls to and/or from the identified number. It is not, however, just those who call or are called by previously identified suspicious numbers who will be vulnerable to having their calls seen as suspicious and their conversations monitored. Data mining can cast suspicion on those who call others who have called suspicious numbers, those who call third party numbers whom suspicious callers call and the like. Still, although the net is potentially wide, it is likely that relatively few Americans are selected for active surveillance, and then only after a court has reviewed the reasonableness of monitoring requests given patterns in the metadata and connections to known security risks.

To give an example, consider the aftermath of the Boston Marathon bombing. The authorities feared the Tsarnaev brothers might have had domestic accomplices, and they also wanted to know if foreign instigation played a role. Through PRISM, they would have been able to retrieve archived phone data, examine calls made to and from the Tsarnaev brothers’ phones and identify not only patterns that might suggest others were involved but also people they might talk to to learn more about how the Tsarnaevs had been radicalized. The data analysis would allow them to take a giant step toward answering the questions that most concerned them in a less intrusive and more objective way than by having human gumshoes patiently track down various leads and leads stemming from leads. This may explain why very soon after the bombings the authorities could tell us they were reasonably confident that the Tsarnaevs had acted alone and had hatched their plot without foreign involvement. (Given Tamerlan Tsarnaev’s travels back to Russia, the latter conclusion is not yet completely safe to draw; modern technology does not obviate all needs for gumshoe detective work). President Obama, members of Congress and James Clapper, the top U.S. intelligence official, have all said that the kinds of monitoring that feed Boundless Informant have contributed to identifying terrorists and thwarting possible attacks. There is no reason to doubt their word.

PRISM appears to be a far narrower intelligence gathering program but far more intrusive. It can capture not just metadata but the content of communications transmitted via the web, including messages sent and retrieved, uploaded videos and the like. It is specifically targeted, and without a warrant neither American citizens nor permanent resident are legal targets. However, the protections citizens and permanent residents enjoy appear loose. News stories suggest that data capture is allowed to proceed whenever a responsible agent thinks it more likely than not that a possible target is foreign. The standard, if true, means that some communications involving only Americans are inevitably captured, and Americans may be caught up in surveillance aimed at foreigners, such as recordings of foreign chat room conversations.

The protection most of us enjoy under PRISM may be more practical than legal. The amount of data that can be collected limits the reach of the program. Not only is capturing too much information from innocent Americans a waste of resources, but also suspicious communications can be lost in a forest of irrelevant data. The NSA thus has powerful reasons to limit impermissible observations, at least where there is no good reason to suspect Americans of terrorist involvements. Still we lack two bits of information important in assessing this program. One is the fate of information pertaining to Americans who should not have been observed in the first place. If this information is purged from all databases except perhaps when the person is dangerous, erroneous capture is less of a concern than it otherwise would be. Second, we don’t know how monitoring targets are determined or the number of targets selected. To the extent that individuals, organizations and sites are targeted based on target-specific concerns about the threats they pose, the net cast is likely to be narrow, and even if the reasons for targeting do not rise to the level of legally cognizable probable cause, they tend in this direction. But if targets are selected based on the impersonal outputs of other data mining efforts like the telephone records that feed Boundless Informant, all bets are off. Depending on the algorithms used and the degree to which they have been empirically validated, the net could be wide or narrow, and the likelihood that a target would be involved in terrorism or that citizens would be swept into the net may be great or small. Congress in overseeing PRISM should demand this information if it is not already provided.

It is easy to be cynical about government and the respect that agencies show for the laws under which they operate. Cynicism is fed by occasional scandals and by the more frequent pseudo-scandals which make it appear that within the Beltway things are out of control. Having spent four years as a Division Director at the National Science Foundation and three years as Chief Scientist in the Human Factors/ Behavioral Science Division of DHS’s Science and Technology Directorate, I am not cynical.  Time and again I have seen government employees seek to follow the law even when it seems silly and interferes with their mission. When I joined DHS I was most surprised by the fierceness of efforts to comply with the U.S. Privacy Act. At times interpretations of what the Act protected were so broad as to border on the ridiculous, and costs were real: research projects with national security implications were delayed, redesigned or even precluded because privacy officers, sometimes with little basis in the statute, felt there was a risk that personally identifiable information (PII) would be impermissibly collected. The absence of any reason to fear revelation or misuse made no difference. The strict scrutiny applied to research that might involve PII is, to be sure, relaxed in front line operational settings like PRISM and legal restrictions may differ, but my experience in two agencies as well as conversations with people in the intelligence community (IC) lead me to believe that it is a mistake to regard as a sham the legal restrictions on PRISM or other IC data mining and surveillance activities.

Through its PRISM and Boundless Informant efforts, NSA is working to protect the nation, apparently with some success. The 99.9% of us who pose no threat of terrorism and do not inadvertently consort with possible terrorists should not worry that the government will track our phone or internet exchanges or that our privacy will be otherwise infringed.

This does not mean, however, that the NSA programs and the capacities they reveal are of no concern. They should be regarded as canaries in the coal mine; they provide early warning of dangers we may be confronting. These capacities, along with increasingly ubiquitous surveillance cameras, photo recognition software, the ongoing development of rapid recognition DNA analysis, drones that can spy or kill and DNA, fingerprint, photo and other searchable digital databases together create what I have called the infrastructure of tyranny.


“These capacities, along with increasingly ubiquitous surveillance cameras, photo recognition software, the ongoing development of rapid recognition DNA analysis, drones that can spy or kill and DNA, fingerprint, photo and other searchable digital databases together create what I have called the infrastructure of tyranny.”

These technologies potentially enable small groups of people to control and restrict the freedom of far larger numbers. We think this could not happen here, and I do not claim it is imminent, but recent trends in politics and social life suggest that if the fear was ever groundless, it no longer is. Not only are our politics deeply and too often viciously divided, but divisions seem to be stoked by extremists who personally profit from their ability to arouse emotions and by small numbers of extremely wealthy individuals who spend freely to advance their views of the good society. Moreover, our political parties and Congress itself sometimes seem more interested in thwarting the opposition or scoring points with their most committed supporters than with cooperating and compromising to promote the national interest. Concerns raised by these developments are exacerbated by an increased tendency within Congress to ignore more or less neutral procedural commitments and understandings that have allowed effective governance despite sometimes deep differences in political goals. In addition, we live in a time of increasing inequality and decreasing social mobility. The experience of other countries from the French Revolution on suggests that when inequality becomes too great and a small group of “haves” is seen as capturing too large a share of the pie, protests begin that even if peaceful at the start are prone to erupt into violence. Even before violence from below erupts, and almost always afterwards, we have seen those on top muster their resources to suppress dissent and to preserve their positions of power, using violence of their own if need be.

Historically the masses tend, sooner or later, to prevail, but in PRISM, Boundless Informant and other new technologies we are developing a set of tools that make it more likely that an elite core will be able to disrupt nascent revolt and maintain its preferred position by increased surveillance and even selective killing. Although it is not likely, it is not unimaginable that a future administration could, with substantial popular support, use a genuine crisis as an excuse to postpone a scheduled election, could put down subsequent protests with violence and could create a situation in which it maintained itself in power using the infrastructure we are creating to protect us from crime and terrorism. Even if the possibility is small it cannot be too much diminished.  Doing this is likely to involve combating inequality, strengthening democratic institutions and perhaps abandoning the volunteer army, matters too far afield to be further discussed here.

Even if it seems fanciful to fear that American democracy could one day be imperiled by technologies and activities developed to fight crime and terrorism, it is not farfetched to recognize the degree to which foreign governments can, and to some degree are, using these technologies to enable powerful elites to control people who desire more freedom or might seek to replace them in power. Moreover the lines demarcating those in control may relegate people of certain religions, gender, or gender preferences or ethnic heritage to permanent positions of economic disadvantage and powerlessness. The capacity that foreign nations have to use technology to suppress dissent is likely to grow over time with profound effects on our country’s relations with them. It would be nice to think that by controlling American exports of these technologies, we could forestall this, but we can’t. We no longer can control, if we ever could, the use or development of sophisticated surveillance and suppressive technologies. I don’t even have a solution to suggest for this one.

Beyond these fateful concerns and of more immediate import is a peculiar feature of the way the debate over data mining and other surveillance technologies has developed. People, or at least the chattering elites, seem most upset when the federal government is acting. Attention falls off when privacy infringing technologies are used by state governments or in the private sector. Yet the federal government really is on our side and is using these technologies to protect us. Moreover, through our votes and outrage we can to some extent control how the federal government uses them. The same is not true of the private sector. They can and do use these technologies to track our purchases, to stimulate impulsive buying, to set different prices for different customers, to extend or deny credit using attributes with little obvious relation to credit worthiness, to hire or not based on health indicators or long past or other employment-irrelevant behavior and to decide whether or at what price we are insurable against various harms. None of this is done in our interest as consumers or citizens although not everything runs counter to these interests, and most of what is done is unregulated. States are similarly often more free than the federal government to employ surveillance technologies because federalism allows them to do things the federal government cannot do, and we attend less to what is going on in their nether reaches.  Here the danger is not that they don’t have their citizens’ interest at heart but rather that if we decide to deny the federal government a certain capacity, states may develop that capacity and the federal government may be able to do what we thought we were forbidding by working through the states. This may have happened when some early federal data mining efforts were protested and withdrawn.

Of the surveillance concerns I have mentioned the private sector and state-level capacities are the easiest to deal with. As a general principle whenever efforts are made to restrict federal government activities in the interest of privacy, potential privacy infringements by the private sector and state governments should also be considered and often should be regulated. Moreover, because the private sector uses data mining and surveillance technologies to reach ends of no interest to the government, we should develop philosophies and policies suitable to the protection of privacy and other interests in private sector contexts.

Data mining in connection with PRISM and Boundless Informant appropriately raises concerns. But it would not be surprising if upon closer inspection and as more is known, it is discovered that the privacy threats that these programs pose for American citizens are small, their compliance with legal restrictions is genuine, and their contributions to the fight against terrorism has value more than commensurate with any costs they impose. At the same time we are well advised to be wary about what we are creating. Efforts associated with the “war against terrorism should be regarded as military in essence, and the posse comitatus law which prevents the military from acting to enforce domestic criminal law, no matter how great the need, should be clearly extended and strictly applied to the NSA, the CIA and similar organizations, including some aspects of work done by the FBI, even if they could make valuable contributions to crime control more generally. Moreover, what we are learning about these programs should serve as a wakeup call to stimulate social and political changes that will make it less likely and less possible for a government in power to extend its time in office by undemocratic means. In addition, as we think about privacy and data mining, we should be as alert to and concerned about the privacy dangers posed by private and state sector data mining as we are to the dangers posed by federal activity. Regardless of who is doing the infringing, privacy is a human value we should cherish.