There are better ways for NSA to root out terrorists.
The question of how efficient the Mass Warrantless Surveillance Network (MWSN) is, or how well its technologies work, can be understood in terms of how accurate it is, which, in this context, means what percentage of the time it correctly identifies someone as a terrorist. However, for every such "true positive" the system returns, there also are a vast number of "false positives"--that is, numerous cases of falsely identifying someone as a terrorist. This is the problem of false positives, and it permeates the entire MWSN.
One salient instance of the situation is the use of pattern-matching searches with upstream programs to identify terrorists. This particular type of search involves construction of algorithms that look for behavior patterns associated with a specific target group. In commercial advertising, this means creating a profile of prospective consumers who are most likely to be interested in a product that is being marketed.
For instance, a magazine about hunting would attempt to target a demographic population that most likely would be interested in going hunting. Thus, according to a report of the Fishing and Wildlife Service, the most likely hunters would be white males between the ages of 55 and 64, living in rural regions of the Southeast, with annual incomes between $50,000 and $100,000. Given that 5.7% of the U.S. population hunts, targeting this group would make it more likely to reach prospective subscribers--but, even so, such bulk behavioral advertising tends to have a relatively low, single-digit positive response rate. This means that the false positives occur in the 90% range.
However, it is not as easy to create a demographic of prospective terrorists as it is of prospective hunters. Indeed, in contrast to individuals who go hunting, there have been relatively few terrorist attacks on the U.S. that enable construction of a terrorist demographic. Consequently, the pattern searches for prospective terrorists typically take an indirect approach. This involves looking for anomalous Internet communication patterns; that is, cyber behavior that does not match the cyber behavior of average Internet users--for example, atypical Internet searches, site visits, e-mail exchanges, and credit card purchases.
The assumption that an unusual set of behaviors makes one a prospective terrorist is a questionable one. On the contrary, it appears that conventional means of investigating possible terrorist attacks--such as the use of informants, community tips, routine law enforcement, suspicious activity reports, and other non-NSA intelligence--have been the most fruitful means of preventing such attacks.
A 2014 report ("Do NSA's Bulk Surveillance Programs Stop Terrorists?) prepared by the New American Foundation, a nonprofit, nonpartisan, public policy institute, maintains that the majority of the terrorism cases that occurred after Sept. 11, 2001, have been identified by these more conventional modes of investigation. Moreover, the contributions made by NSA's MWSN toward identifying terrorist plots before they occur have been "minimal." Further, the report states, "Our review of the government's claims about the role that NSA 'bulk' surveillance of phone and e-mail communications records has had in keeping the U.S. safe from terrorism shows that these claims are overblown and even misleading."
Based on its investigation of 225 individuals charged in the U.S. with terrorism since Sept. 11,2001, the report concludes that NSA's bulk telephone metadata program, operating pursuant to Section 215 of the U.S. Patriot Act, played an identifiable role in initiating no more than 1.8% of such cases, and that its other surveillance programs operating pursuant to Section 702 of the Foreign Intelligence Surveillance (FISA) Amendments Act, played some role in 4.8% of these cases. The report states that 60% of the cases were initiated by conventional investigative methods, such as undercover informants, family member tips, traditional law enforcement methods, or CIA or FBI intelligence. In five percent of the cases, a violent incident preceded prevention and, in 28%, the methods used to initiate the investigation could not be determined from available court or public records.
The report does not mention the millions of false positives that probably were generated by using MWSN in order to identify (or help to identify) the relatively small number of true positives the government attributes to this bulk surveillance network. Consider just the Section 702 investigations, which are supposed to target only non-U.S. persons outside of the U.S. In order to identify the said 4.8% of the 225 terrorists, the system had to search through a database containing the documents of millions of nonterrorists.
According to the Foreign Intelligence Surveillance (FIS) Court, "NSA acquires more than two hundred fifty million Internet communications each year pursuant to Section 702." Since the minimization standards used by NSA permits records to be kept up to five years, it is not unreasonable to suppose that the Section 702 database has had considerably more than 250,000,000 records in the years 2009-12, the span of time in which the cases used by the government to justify its Section 702 program occurred. So, it is safe to assume that it has had at least 250,000,000 communications at any time during this period.
The New American Foundation report says there were 12 plots that were "not prevented prior to incident." Five of these involved six non-U.S. persons who would have been subject to Section 702 surveillance. The remaining plots appear to have involved "homegrown" terrorist attacks, which excludes them from Section 702 pursuant to the 2008 FISA Amendments Act. This suggests there were 17 true terrorists that Section 702 surveillance programs might have identified. Since the U.S. government has claimed that these programs identified 11 of the 17 terrorists, it will be assumed here that they had an accuracy rate of 65% (and therefore an inaccuracy rate of 35%). Thus, there were presumably 17 true terrorists in the Section 702 databases, six of which the filters did not catch. This, in turn, means the system must have generated at least 87,500,000 false positives (250,000,000 minus the 17 true terrorists, multiplied by 35%). This means that at least 87,500,000 people (including U.S. and non-U.S. persons) falsely were identified as terrorists. To be clear, this estimate has been constructed from data that may be incomplete, so it is an estimate only, although a modest one. Given the extremely high rate of false positives, the results generated by MWSN cannot be regarded as actionable intelligence.
In fact, the at least 87,500,000 false positives (plus the 11 true positives) all have presented as veridical, leaving it to the analysts to sort out the false positives from the 11 true positives. Finding this proverbial "needle in a haystack" requires more data. Inasmuch as MWSN has played some role in identifying a mere seven percent of the 225 terrorists identified since 9/11, it is reasonable to think that more conventional methods of investigation helped to screen out these needles from the haystack.
An example is the 2009 foiled plot by Najibullah Zazi and two co-conspirators to bomb the New York subway system. While the government has claimed the case as an NSA bulk surveillance success, conventional means of investigation supported the use of bulk surveillance. Allegedly, the case was initiated by British intelligence, which used a conventional targeted investigation to obtain an e-mail address of an Al Qaeda operative in Pakistan with whom Zazi was communicating. British intelligence, in turn, shared the address with U.S. intelligence, which then chose to use this e-mail address as a selector in the NSA Section 702 surveillance system to conduct warrantless surveillance of Zazi's e-mail exchanges.
Hence, it was due to a conventional investigation that NSA was able, in the first place, to use MWSN to thwart a potential terrorist plot. However, as the New American Report makes clear, U.S. intelligence also could have chosen to use conventional means of investigation, such as an individual FISA or criminal warrant, to place Zazi's e-mail exchanges under surveillance.
The old computer adage, "junk in, junk out" seems relevant here. That is, ordinarily, to construct an intelligent inquiry, information is needed that typically is gleaned from sources outside MWSN. Algorithms used to look for terrorist plots are not much help because they produce too many false positives. Useful queries more often are driven by metadata, such as phone numbers, e-mail addresses, names, and other "strong selectors" but, in order to know what specific metadata to enter, an analyst already must have some outside leads. So, in order for MSNW to be of any genuine use as an adjunct in terrorism investigations, more conventional investigative means ordinarily need to be employed first. Otherwise, in conducting pattern-matching searches based on anomalous behavior patterns encapsulated in complex algorithms, analysts are inundated with false positives and are left without a reliable way of distinguishing the true from the false positives.
So, what value, if any, does MWSN have? Clearly, it is capable of using "strong selectors" to find corroborative evidence after a conventional investigation turns up some data that may be used as selectors. Having such a massive system of data, along with its search engines on hand, may be more expedient in the sense that it is likely to be faster than going forward using only conventional investigative means.
The question of justifying the existence and use of such technology is whether the expedience of gaining access to information more quickly is worth the investment of billions of dollars and the cost to human privacy. The affirmative response is that time is of the essence when it comes to the possibility of thwarting potential terrorist attacks, but this does not preclude requiring that the Attorney General or his or her designee go before the FIS Court--with the preliminary data gleaned by conventional investigative means--to get a warrant to search this system when the names, e-mail addresses, phone numbers, or other metadata of U.S. persons is being used in the search.
If an emergency exists, then the petitioner always can file the authorization within 24 hours of implementing the search pursuant to the 1978 FISA, or within seven days according to the 2008 FISA Amendments Act. Herein lies the strong argument for requiring search warrants based on probable cause, pursuant to the Fourth Amendment, before such a massive data system can be searched. If the system is useful only when strong indicators are utilized, then standard search warrants still can be employed, thus assuring judicial oversight without defeating any useful function of the system. ?
Elliot D. Cohen is cofounder and executive director of the National Philosophical Counseling Association; president of the Institute of Critical Thinking: National Center for Logic-Based Therapy; founder and editor of the International Journal of Applied Philosophy and International Journal of Philosophical Practice; ethics editor of Free Inquiry Magazine; and author of 25 books, the latest being, Technology of Oppression: Preserving Dignity and Freedom in an Age of Mass, Warrantless Surveillance, from which this article is adapted.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||National Security Agency's Mass Warrantless Surveillance Network; National Affairs|
|Author:||Cohen, Elliot D.|
|Publication:||USA Today (Magazine)|
|Date:||Sep 1, 2015|
|Previous Article:||The last goodbye.|
|Next Article:||Brides of ISIS.|