Odds are you aren't upset about the news that the National Security Agency has been collecting phone data from millions of Americans. A majority of Americans--56 percent, according to Pew--don't have a problem with it. Civil libertarians are outraged, but elsewhere the news was met with a collective yawn. On Twitter, people joked about the poor NSA agent who has to monitor their boring lives or wondered who could be so naïve as to believe the government wasn’t spying on them. More nuanced skeptics pointed out that the NSA isn’t listening in on our phone calls and that when it does look at the content of conversations, it’s only those of foreigners—or that the whole program is completely legal. That’s all true, but you should still be worried.
When President Obama defended the NSA’s program on Friday, he offered repeated reassurances that “nobody is listening to your telephone calls.” That is reassuring only if you don’t understand the power of metadata—the record of who calls whom and where they’re located—when processed by a powerful computer. It’s true that the NSA doesn’t want to listen to your boring conversations; metadata is far more useful, less time-consuming to monitor, and potentially more invasive. A sequence of phone calls between business executives could reveal an impending corporate takeover, as former Sun Microsystems engineer Susan Landau told The New Yorker’s Jane Mayer. It could disclose who is meeting with members of political opposition groups, where, and for how long. On a more personal level, calls to doctors and family members could show that you have cancer, and records of where your phone goes at night could show who you’re sleeping with. “The public doesn’t understand,” Landau told Mayer. “It’s much more intrusive than content.”
Which isn’t to say the NSA isn’t collecting content, too. The Prism program, from what we know so far, monitors emails, chats, Facebook messages, Skype calls, and other digital communications, but only, the administration says, of noncitizens outside the U.S. Except that it also monitors the communications of anyone with two degrees of separation from a suspect, and anyone whom the NSA determines has a 51 percent likelihood of being a foreigner. Exactly how the NSA makes that determination isn’t known, but it’s a safe bet that plenty of data belonging to U.S. citizens are being swept up.
Even if the data are being used only to find suspected terrorists, the system is ripe for abuse and mission creep. Once all the data have been collected and stored—say, in the massive NSA data center being built in Utah—all it takes is one aspiring J. Edgar Hoover to start blackmailing political foes, intimidating activists, or tracking down whistleblowers. Because of the lack of oversight—or oversight mechanisms so shrouded in secrecy that no one outside the intelligence community knows what’s going on—it would likely be a while before we found out about any abuses. It wouldn’t have to be a senior official, either. In the same stroke we learned that the NSA is collecting troves of data on U.S. citizens, we also learned that the NSA isn’t very good at vetting who has access to it. They gave top security clearance to an IT guy with a few years’ experience.
All it takes is one aspiring J. Edgar Hoover to start blackmailing political foes, intimidating activists, or tracking down whistleblowers.
“I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal e-mail,” Snowden said in a video interview with The Guardian. About half a million other private contractors have top-secret clearance. That’s a lot of potential security breaches.
The most worrisome part of the NSA’s program, however, is the secrecy surrounding the whole thing. It wasn’t just the data being collected that was secret, or the existence of the program itself: the very interpretation of the laws that made the program possible was secret. Sens. Ron Wyden and Mark Udall were reduced to making cryptic hints that the American people would be very surprised if they knew how the Patriot Act was being interpreted. How it was being interpreted, we now know, was that things like the metadata for every call in the U.S. was “relevant” to protecting against terrorism, and so the government could seize it.
The program’s secrecy makes all the assurances about its legality ring hollow. Yes, the NSA has to get approval from a Foreign Intelligence Surveillance Act court, but the court approves practically all requests—99.97 percent of them, anyway—and its opinions are secret. Yes, Congress has to renew the law, but if it can’t tell the public how the law is being interpreted by the courts, which determine what the law actually means, then the public can’t demand that Congress change the law. The shroud of secrecy means that whenever someone tries to challenge the surveillance program or just tries to find out exactly what it does, they run into an impenetrable Orwellian loop: the Supreme Court dismissed the ACLU’s challenge to a 2008 expansion of FISA because no one can prove they’re being secretly spied on; when Sen. Wyden tried to find out just how far-reaching the NSA’s program was, the inspector general told him that estimating how many people are under surveillance would violate the privacy of the people under surveillance.
Last month I spoke with a Texas judge who was making his decisions on secret surveillance requests from federal law enforcement public, a separate but related issue. His rationale was that for democracy to work, the public has to know how the law is being interpreted before it can demand representatives change it. Maybe it’s true that the public would consider a bit of extra security a fair trade for whatever decrease in privacy the NSA’s program entails, but secrecy makes that sort of public discussion—one that Obama said he welcomed—impossible. It also creates a surveillance program prone to creeping expansion and liable to abuse.