In one jaw-dropping disclosure after another from former NSA contractor Edward Snowden, the Washington Post story describes how the National Security Agency has been collecting entire user Contact Lists of American citizens stored on Gmail, Yahoo Mail, Facebook, and Hotmail service providers as well as ‘buddy lists’ of favorite Instant Messenging Services on any servers located outside the United States. However, NSA officials have acknowledged directly that the information stored on those servers includes contact information for millions of Americans living in the United States! In just one day last year, NSA pulled @700,000 individual contacts books and 500,000 buddy lists. Washington Post: NSA collects personal contact books. Here’s another story from January 16, 2014 about the NSA capturing text messages with user geo-location for 200 million texts for non-US phone numbers or numbers inbound to US phone numbers. Apparently, NSA ‘minimizes’ record review of US text messages. The Guardian: NSA Collecting over 200 million text messages daily outside US. In a February 3rd Wired.com news story, Facebook, Google, Yahoo, and Microsoft disclosed that the NSA snooped on 59,000 user accounts in the first half of 2013. Are there really 59,000 legitimate terrorists or ties to terrorists in the United States that required Foreign Intelligence Services Act Court approval?
Does anyone who values individual liberty and privacy expect to trade this pernicious invasion of privacy of all Americans so the government can easily track and apprehend a few potential terrorists? Even worse, these massive NSA surveillance systems are far from fail safe. Why couldn’t NSA or FBI identify the Boston bombers who had active electronic conversations with people in Chechnya and were clearly radicalizing their beliefs? The government response is always ‘We have stopped many terrorist attempts but can’t tell you who and when because it will compromise methods and sources.’
The current NSA rights are completely upside down. Currently, they have a default power to electronically capture phone, email, personal contact list, instant messenger contact lists, and social media content from telecommunication and media firms for information about Americans or foreigners on servers sitting outside the United States somehow not subject to US privacy laws. They do not seem to have any data analysis and use limitations on this data. They also capture phone records, email communications, and social media account metadata on data residing on servers INSIDE the United States. For inside US data, NSA has to request a review to FISA Court, but this request is not a 1:1 individual request. This request provides NSA a blanket review of ‘persons of interest’ without individual target identification. FISA Court has never denied NDA requests, which means the NSA has a massive database of American confidential information which they can essentially review, analyze, and pursue if they are interested. Wikipedia link on Foreign Intelligence Surveillance Act information. NSA can then take the personal information to pursue a real-time wire tap on all personal electronic communications. The Patriot Act signed after September 11th allows NSA to conduct warrantless wiretap of electronic communications if the person of interest may be engaged in terrorist activities. Though there has been aggressive push back on warrantless wiretaps under Patriot Act, this NSA capability still exists under the Obama Administration.
Proposed Solution: If we seek to live free from government power, government needs to be accountable and subservient to its people. Government needs to explicitly protect privacy for its citizens inside and outside its borders including personal data residing on servers inside and outside the country. The default NSA question is not ‘how much information can the government collect on citizens based on national laws in countries where data is stored? The NSA question should be ‘what is the appropriate information gathering protocol that is most sensitive to individual privacy and balances the need to aggressively pursue terrorists?’
1. Push the data reset button: Immediately stop current meta data collection methods and destroy current data files and all related analyses, except a ‘persons of interest’ list submitted to FISA and subject to Congressional Intelligence Committee review and approval.
2. Identify persons of interest through human intelligence or other non-electronic data gathering methods: NSA can develop foreign persons of interest with factual support and description of likely terrorist intent, and then request a FISA Court approval to commence electronic surveillance if such surveillance is deemed by the Court ‘essential to determine terrorist intent’. The Congressional Committee on Intelligence could review and approve such requests if deemed appropriate or if the target individuals were American citizens.
3. Step by step approval to expanded surveillance: With FISC approval, NSA could activate surveillance of phone records, email communications, and social media content limited to this individual and have search output available to Congressional Intelligence Committee if requested. If the NSA can prove to FISC and Congressional Intelligence Committee (if requested) beyond a reasonable doubt the target individual is engaged in terrorist activity against the United States, the NSA could request real-time surveillance of phone conversations, email communications, social media, and Contact Lists of said individual.
In this way, the burden of proving need to invade individual privacy is on the NSA with clear FISA Court review and approval on case by case basis with immediate Congressional Intelligence Committee oversight if required. This protocol protects individual privacy, establishes a transparent surveillance protocol, ensures NSA power is accountable to the people, and still empowers NSA with all the tools required to aggressively identify and pursue enemies of the United States.
If you believe this protocol is too restrictive on government power, just remember your freedom to live life on your terms is at stake. The current operational latitude of NSA to gather, analyze, and disseminate personal information to those with government authority to take action against individuals is really shocking. America’s founders never envisioned the government by, of, and for the people it enshrined in our Constitution would ever have such police state powers over its citizens.