Redstate

By dave nalle Posted in User Blogs — Comments (2) / Email this page » / Leave a comment »

A significant part of the concern over the President's circumvention of FISA rules in the effort to fight terrorism basically comes down to a conflict between technology and the law - or more precisely between recent advances in technology and a very old law.  The problem originates in the incompatibility of how data mining software works with the limitations put on searches by the 30 year old FISA law.  Data mining is an enormously valuable tool in the War on Terror, but it's also in a gray area which was never conceived of and certainly not addressed when the FISA law was written.FISA was instituted at a time when a wiretap consisted of rerouting the phone calls of a specific suspect who was part of an ongoing investigation and then listening to or recording them.  Wiretaps were a tool for figuring out what a known bad guy was doing and gathering evidence to use against him in a court case.  When you went to get a warrant for a wire tap you knew who you were spying on, who he was likely to be calling and were working with a limited and identifiable number of people and phones he could be calling from and to.

With modern phone technology traditional wiretaps have become increasingly ineffective.  Cell phones, satellite phones, internet VOIP technology, and common availability of high-quality encryption have made it much more difficult to listen in on a phonecall assuming you can even figure out what phone a suspect is likely to be using.  When a terrorist can just stop in at 7-11 and get a new cell phone for $50 and then throw it away after his phonecall, how are you supposed to know what line he is likely to be calling from or even know when he's making a phonecall at all?

What the NSA and other investigating agencies needed was a method of identifying what phone suspects were using and then listening in on that source instantly and automatically, rather than playing hit or miss or hoping their suspects were dumb enough to use phones they already knew about.  The answer to this was to use new high-speed computers and specially developed software to outwit modern communications technology.  The solution they came up with was data mining software, which scans through hundreds or thousands of phonecalls and uses keywords or voice recognition to find the phonecall that they need to monitor and then automatically start recording it.

The problem with this technology is that it produces an enormous amount of data, most of which is irrelevant, and it also triggers monitoring of a large number of phonecalls which may not really be part of the actual investigation.  Data mining software can't tell the difference between a terrorist saying he's going to blow up a building using a gas bomb and his neighbor telling his wife that he's bringing home the helium gas to blow up balloons for their kid's birthday party.  All of this data then has to be gone through by a human being.  The erroneous calls are thrown away and only the relevant data is retained as evidence.  The problem is that a whole bunch of calls which were never really part of any investigation were monitored unintentionally in the process.

Digital data mining doesn't work well at all with FISA, which was designed on the assumptions of an analog era.  Under FISA the NSA would have to request a warrant for every single phonecall which was automatically picked up and recorded by their data mining software within 3 days.  Let's say they were monitoring calls in a largely Arab neighborhood in Detroit.  That might mean going through thousands of phonecalls, translating them from Arabic to English and sorting them to find the relevant ones all within that three day limit set by FISA.  Even though they're hiring every Arabic speaking person who can pass a background check, they just don't have the resources to do this in the time frame required.  Even if they did, it would put them in a position where they have to process thousands of irrelevant warrants just to meet the requirements of FISA - a huge paperwork burden to further reduce their efficiency.

Another problem was introduced by the passage of an amendment to FISA in 2003.  This amendment limited monitoring to non-US citizens or people outside of the US, but data mining has no way of determining where participants in a phonecall are or what their nationality is before it automatically initiates monitoring of a phonecall, so since the passage of this amendment data mining operations have almost automatically been in violation of the FISA law.  As a result, starting in 2003 the FISA court began rejecting or modifying a great many warrants which would have been been more or less automatically approved prior to that time.

The Bush response to the FISA court placing more restrictions on warrants was to increasingly operate on the assumption that since new technology like data mining was not addressed specifically in the FISA act, that sort of surveillance operation was not subject to FISA requirements, and they only needed to go through FISA for more conventional wiretaps and had free reign with the newer techniques.  This was a bit of logical and ethical acrobatics, but it was signed off on by the Justice Department, leaders on both sides in the the Senate and several judges who were consulted, all of whom more or less agreed that it was within the president's constitutional authority to carry on national security related surveillance in ways which were not specifically restricted by other laws.

Data mining has real value in fighting terrorism.  The military had actually identified four of the 9/11 suspects including Mohammed Atta a year before the attack by using data mining under a controversial Department of Defense program called Able Danger, unfortunately no action was taken against them prior to the attacks on 9/11.  If used widely it could certainly play a major role in discovering terrorists before they strike.

The problem with data mining is that it may be most effective not at gathering evidence like a traditional wiretap, but rather as a tool to identify potential suspects out of a much larger pool of mostly innocent people.  It certainly can be used effectively to figure out which calls to monitor and which to ignore, but it can also be used to figure out which people to monitor and which to ignore.  That means a great deal of random monitoring of people who are not suspects, not named in warrants, and who are guaranteed a certain level of privacy under the 4th Amendment of the Constitution.  These people ought to be protected in some way from having their privacy randomly invaded in order to identify those people who actually need to be spied on.

The counter-argument is that data mining does no real harm to the innocent - the old "what have you got to hide if you're innocent" argument used by cheesy cops in many a TV show.  The computers sift out and eliminate most of the innocent calls and they are erased before anyone even sees them.  Those calls which do get sorted out by a human aren't retained unless they are relevant to an investigation, so theoretically once the information is fully processed the innocent are eliminated and only information on the guilty is retained.  Nonetheless, the innocent are still exposed to scrutiny and that's a violation of their privacy rights.  This technology also raises the specter of a day when computers might be used to monitor all communications to sort out the good eggs from the bad throughout the entire population, looking not just at terrorism but at every potential minor legal infraction, a big step towards a 'big brother' style high-tech police state, the mechanism for which may already exist in the much feared Project Echelon.

Data mining certainly isn't the only subject for concern in the intelligence gathering arena of the War on Terror, but it's a good example of how difficult it is to draw a clear line between legitimate investigative techniques and innovative but potentially questionable methods demanded by necessity, but not necessarily clearly acceptable under existing law which has likely been written to address very different concerns.  Changes in intelligence needs and technology often leave government agents operating in a gray area and doing whatever they think they have to up until the point where someone in authority specifically tells them they're out of line or Congress catches up and passes a law specifically authorizing their activities.

Should NSA computers be sorting through thousands of innocent phonecalls to find a few suspect conversations?  Certainly not in an ideal world.  Is that small potential violation of privacy a justifiable price to pay for such an effective tool in finding threats to the nation?  In the real world that's certainly a reasonable argument.  What's certain in all of this is that we need clear and up to date laws which express unequivocally what intelligence gathering methods are and are not permissible given contemporary needs and modern technology, and the FISA system is not the answer.