- Should you care that the government is collecting telephone and Internet data?
- Shane Harris says attitudes to privacy have changed
- Massive quantity of data is unlikely to yield evidence of terrorist plots, he says
- Harris: We need hard evidence that trading off privacy for security actually works
Since it was revealed this week that the National Security Agency is collecting the telephone and Internet data of millions of people, this is the question most people have asked me more than any other: "Why should I care that the government has all this information?"
On Thursday, as we were learning that the NSA has been storing the so-called metadata of millions of Verizon customers, a woman told me that she was less concerned about the intelligence agency knowing her phone number than she was the local CVS, which has been calling her at inconvenient times and pressuring her to renew prescriptions she was filling at another pharmacy.
Maybe it's because we don't feel the surveillance state bearing down on us the way we do pushy marketers that many people aren't that concerned about the government compiling enormous databases on our digital activities.
Indeed, we already knew that intelligence agencies have been doing this for years. In 2006, shortly after the revelation that the NSA was monitoring some Americans' phone conversations without warrants, a poll showed the public was evenly divided on whether it was a good or a bad practice. If it helped catch terrorists or prevent attacks, roughly half of the people responding were willing to give up
some measure of privacy.
Inherent to that calculation is our understanding that the definition of "privacy" has changed. It doesn't have remotely the same context as it did in the late 1970s when the law restricting the government's authorities to monitor Americans -- authorities that had been scandalously abused -- was enacted.
Back then, our expectation of privacy extended to our relationships with our family and friends. To things like phone calls or the mail. Today, these personal connections, and the information we willingly share about ourselves, are the foundations of our increasingly public social networks. We know that complete strangers are looking at our Facebook pages. Should we be surprised that the government is too?
Probably not. But you might be surprised to find out that all this information the NSA and other agencies are collecting is not very useful for stopping terrorists, which is why it's being collected in the first place.
To date, there have been practically no examples of a terrorist plot being pre-emptively thwarted by data mining these huge electronic caches. (Rep. Mike Rogers, chairman of the House Intelligence Committee, has said
that the metadatabase has helped thwart a terrorist attack "in the last few years," but the details have not been disclosed.)
When I was writing my book, "The Watchers," about the rise of these big surveillance systems, I met analyst after analyst who said that data mining tends to produce big, unwieldy masses of potential bad actors and threats, but rarely does it produce a solid lead on a terrorist plot.
Those leads tend to come from more pedestrian investigative techniques, such as interviews and interrogations of detainees, or follow-ups on lists of phone numbers or e-mail addresses found in terrorists' laptops. That shoe-leather detective work is how the United States has tracked down so many terrorists. In fact, it's exactly how we found Osama bin Laden.
Now, electronic data does play a crucial role in those investigations. But only when it is narrowly searched, with specific criteria at hand -- a name, say, or a phone number. Officials have said that this is how that metadatabase is used. Analysts can only look at it when they have the number of a suspected bad actor, and they want to search for his connections. That may offer some reassurance, however slim, that there are at least some controls on how that information is being searched.
But we've also learned about a separate collection program, known as PRISM, that reportedly lets analysts tap directly into the central servers of top U.S. Internet companies, and then siphon off e-mails, photographs and audio and video files.
We're told that U.S. individuals' information is routinely swept up in these searches, and that it's subsequently segregated from information about foreigners. But according to training manuals for PRISM examined by The Washington Post
, analysts are told that when Americans get caught in the net, they should just file a quarterly report about the incident, and that "it's nothing to worry about."
This looks a lot like that big data mining that analysts have told me doesn't produce solid leads. What it does do is implicate potentially innocent Americans in a vast sweep of some of the most ostensibly private information there is, particularly your e-mails.
Reasonable people can come to different conclusions about how comfortable they are with the government building all these databases. But we shouldn't accept officials' broad claims that these searches, and the information they're based on, are protecting the nation's security. If we're going to hand over so much information about our once-private lives, we should have some assurance that the trade is worth it.