How wide-sweeping ‘security’ attacks our freedom and makes us less safe.
We know who caught Dzhokhar Tsarnaev: Federal Bureau of Investigation agents storming at a boat after a daylong manhunt across Boston. The interesting question is: Who didn’t catch him?
The National Security Agency is a federal bureaucracy whose job it is to keep our country safe through electronic surveillance, communications analysis, and network warfare. Yet despite the massive amount of online communications it vacuums up daily, the NSA failed to realize that Tamerlan had spoken online with a Muslim extremist. If our foreign intelligence agents had discovered the tie between the elder Tsarnaev and the extremist, “they would not have needed a multibillion-dollar intelligence apparatus to go on YouTube and see that Tsarnaev had posted a video playlist he labeled ‘Terrorists,’” Michael Daly at the Daily Beast notes.
The NSA collects vast amounts of different types of data: call records, emails, Face-book posts, instant messages, raw Internet traffic, and the contents of some phone calls. While the NSA is technically constrained to collecting only Internet communications from foreigners, some American Internet and phone activity gets caught in the agency’s wide net as well. All these data are stored in a massive $2 billion storage center in Utah to be stored for up to five years, though if the data contain “foreign intelligence information,” the NSA can keep them indefinitely. The agency can keep encrypted communications forever, as well. With all this data, then, why didn’t the NSA catch the Tsarnaev brothers before they bombed the Boston Marathon? The answer may lie in the sheer volume of data collected and the NSA’s brute-force method of attempting to thwart terrorism before it happens.
Let’s imagine that Brown were especially concerned with preventing dangerous acts of academic dishonesty, such as cheating or tampering with research data, before they happened. To that end, let’s imagine Brown collected and stored the contents of all brown.edu email addresses as well as searches made on and Facebook posts sent through its wireless networks.
What kinds of data would Brown collect? There are 6,133 un- dergraduates, 1,947 graduate students, and 460 medical students, all of whom have brown.edu addresses. The 713 faculty members have brown.edu addresses as well. That’s a total of 9,253 accounts the limited amount of Brown Computing and Information Services administrators would need to monitor to determine whether students were at risk of committing acts of academic dishonesty.
Most of the messages would be useless. The vast majority of search terms, Facebook posts, and personal emails would be pointless to read and utterly devoid of content that would indicate that a student or faculty member has been academically dishonest. It would be difficult for CIS administrators to prioritize which emails to read.
The real question is: What marks a student or faculty member as a potential academic criminal? What search terms would indicate that someone is cheating? How would CIS interpret sarcastic or joking messages? And most importantly, is everyone who seems academically dishonest online academically dishonest in reality? It’s possible that a group of students who sent each other explanations of problem set answers could have been helping each other out with a confusing homework assignment instead of copying from each other.
It’s easy to imagine that the University’s indiscriminate collection of Brown affiliates’ data would yield false positives and obscure the real cheaters while violating their right to privacy. So does the NSA’s operation, but on a much larger scale.
In August, a woman and her husband received a visit from six criminal intelligence detectives. On their work computer, they had Googled “backpacks” and “pressure cooker bombs.” The employer reported the suspicious searches to the authorities, who then visited the couple and ascertained that they were not terrorists.
The fact that the NSA did not send the detectives is not important. We can assume the NSA saw the searches anyway through its XKeyscore program, which collects in real time “nearly everything a typical user does on the Internet,” as the NSA’s presentation on the program explains.
What’s truly important is that this discovery was a false positive. Like the vast majority of foreigners and the 314 million people living in the United States, the two people falsely accused were innocent and posed no threat to the country. Investigating them was a waste of time — and a frightening experience for the “suspects.” On top of that, the NSA only has between 30,000 and 40,000 employees, who are tasked with examining a staggering number of communications between U.S. citizens as well as those from people around the world. How could we expect these people to effectively screen every message with possible security implications? These broad and shallow intelligence-gathering tactics do not leave us as safe as an operation that monitors everyone’s online activities should.
It would be wise for the NSA to ditch its large-scale, brute-force terrorism-thwarting operation in favor of a more nuanced approach. Let the Central Intelligence Agency and other foreign intelligence and anti-terrorism government agencies work in a more intelligent and targeted, less indiscriminately privacy-violating way. Vacuuming up the Internet activity of a nation and of people who don’t even live in this country is an ineffective way of fighting terrorism.
Instead of wasting $2 billion in taxpayer money on a behemoth data center and hiding surveillance requests behind a secretive court that does little to defend citizens’ constitutional protections against unreasonable search and seizure, the NSA should stop indiscriminately collecting Americans’ phone and Internet communications. To keep the organization accountable, and to ensure respect for our civil liberties, the NSA should have to disclose any court orders it receives for citizens’ data.
But most importantly, the NSA should fight smarter, not harder, against terrorism. As the Washington Post notes, “the agency depends heavily on highly targeted network penetrations to gather information that wouldn’t otherwise be trapped in surveillance nets that it has set at key Internet gateways.” It can use information from the CIA and FBI to begin pursuing targeted leads and avoid the false positive problem that befalls blanket surveillance. With these tactics we could also probably shrink the size of the NSA bureaucracy and save ourselves millions of dollars in debt. Most importantly, we would be safer. With a more nuanced approach to fighting terrorism, the United States’ foreign intelligence apparatuses would catch the next Dzhokhar Tsarnaev before he becomes a stain on American history.