Tinkering with the Nuts and Bolts of Electronic Surveillance
Three things amaze me most about the description, including the screen capture images, of the NSA data-mining software revealed by Edward Snowden to Glenn Greenwald, which you can read about in some detail in tonight’s story which I found linked at memeorandum. The most detailed description is of a search engine called XKeyscore.
First, the software looks pretty easy to use; indeed, it seems almost banal for someone of greater-than-average intelligence. XKeyscore seems driven by a fairly simple pull-down menu driven windowed interface, only one step up from something you could write yourself in Microsoft Access. And because the software is actually quite simple — a URL, IP address, e-mail address, or nearly anything else can quickly be cross-searched — it would seem that because of this, even information about who has accessed Deep Web locations, and from where, is available readily and quickly.
Second, the content of exchanged messages is reviewable, in most cases for at least 30 days after it has been made. I’d thought before this that metadata was the bulk of the information being mined, and that was a problematic enough notion. Moreover, there seems to be no way for this software to prevent the data mining data from capturing communications from one American citizen to another, particularly if the server routes through a non-US locus. Communications between American sites or American users and foreign sites or foreign users are stored in the same database as what are apparently foreign-to-foreign communications.
Third, the obtaining of a warrant, whether regular or FISA, appears relatively rare for the typical analyst. Oversight seems mostly internal, and mostly of the CYA variety:
Some searches conducted by NSA analysts are periodically reviewed by their supervisors within the NSA. “It’s very rare to be questioned on our searches,” Snowden told the Guardian in June, “and even when we are, it’s usually along the lines of: ‘let’s bulk up the justification’.”
In a letter this week to senator Ron Wyden, director of national intelligence James Clapper acknowledged that NSA analysts have exceeded even legal limits as interpreted by the NSA in domestic surveillance.
Acknowledging what he called “a number of compliance problems”, Clapper attributed them to “human error” or “highly sophisticated technology issues” rather than “bad faith”.
Given the apparent ease with which many searches by many analysts can be done daily, and the depth of information available with a few mouse clicks to drill down through the data, the potential for abuse is enormous.
The obvious oversight and cautionary restraint mechanism for this would be auditing the searches actually performed by the analysts, on both a random and an algorithmically targeted basis. To that point, the NSA issued a statement in its own defense, quoted by Greenwald:
Allegations of widespread, unchecked analyst access to NSA collection data are simply not true. Access to XKeyscore, as well as all of NSA’s analytic tools, is limited to only those personnel who require access for their assigned tasks … In addition, there are multiple technical, manual and supervisory checks and balances within the system to prevent deliberate misuse from occurring.
Every search by an NSA analyst is fully auditable, to ensure that they are proper and within the law.
“Auditable” does not mean “audited,” but in fact auditing appears to be actually occurring. That auditing, however, is internal to NSA, with little if any judicial oversight and based on Greenwald’s article, information given to Congressional overseers comes with miserly reluctance and liberal use of coy generalizations, and even that only after the actual reviews of actual data have been put through a process of post facto rationalizations.
We can either believe Director Clapper or not when he defends the good faith and professionalism of the people who work for the NSA and have access to this information. Such charity of belief is beside the point, though — what makes the American constitutional system work is various branches of government exerting checks and balances against one another, and that appears to be absent from this process. The typical check against a governmental (that is to say, executive) search of private information is the advance requirement of a search warrant — the executive must justify itself to the judicial branch before it conducts a search. That’s not happening, and that’s a problem.
Here’s my idea, then. Just an idea, not one I’m 100% sure I endorse yet, but I am warm to it right now as I write. In comments, feel free to workshop changes to my proposed process.
Bear in mind that we are talking about privacy and reasonable restraints to prevent overreaching and abuse of governmental power. The Fourth and Fifth Amendments are significant concerns, but they aren’t the exclusive ones. So whether particular information would be admissible as evidence in court is not the end of the examination.
Congress is good at setting up rules about whether and how something is supposed to happen in the future. Courts are good at deciding if rules have been followed in the past. The FISA system sets up a mostly reasonable regime that could allow for nimble executive action provided that there is prompt post facto review of a search. And in order for a court to work best, it needs evidence and opposing advocates arguing before a neutral finder of fact independent of pressure or influence from either side.
NSA’s searches must be performed on government-issued computers which track and record keystrokes, mouse movements, and screen images. This is simple enough technology; some of my employer clients use it already to monitor their own employees’ use of computers. The usage-capture data will record the working habits of all the NSA analysts, and randomly-sampled data will be sent to audit. Those audits will be done by a review board independent of the NSA, on a relatively constant basis.
That review board should consist of at least three auditors, designated by Congress, who hold the security clearances necessary to review the substantive searches done. The review board will look, on a daily basis, on sampled searches from NSA search engines, which may include anything up to a level of detail including the screen captures of the computers used by the analysts. That review board can issue three evaluations of the searches it reviews: “Justified,” “Questionable,” and “Problematic.” My guess is that most audits would result in unanimous findings that a particular search was justified; that is the result we would expect if we credit Director Clapper’s remarks about the professionalism of NSA analysts, remarks which we have no objective cause to doubt.
But there may be individual searches that do not produce such results. So, two votes for “Questionable” or one vote for “Problematic” will then refer the matter to the FISA court. In that body, a U.S. Attorney will argue in favor of the validity of the search and a public privacy advocate will argue against it. The FISA court’s rulings about the validity of the audited search would then be treated with substantially the same sort of criteria as would a warrant application under existing law — either approved or not, and apparently “not approved” searches include an opinion detailing why a particular dimension of the search is troublesome.
Analysts whose searches are found questionable or problematic too frequently, or worse, whose searches are found to have overstepped safeguards by the FISA court, will have escalating consequences; trends of the kinds of searches that give rise to problems will then inform further in-house training within the NSA. Over time, a body of laws and principles from accumulated decisions will grow and become familiar to the attorneys who practice in the surveillance system, either as public advocates or representatives of the government.
Greenwald’s article, based on Snowden’s information, is certainly scary, even if we assume that each and every person who has access to this software and the data that the software mines operates in 100% good faith all the time. It’s simply too much power to concentrate in one place without some kind of inter-branch check and balance. That’s what our system of government is all about. I hope my proposal would keep the NSA nimble enough to pursue information it needs to in order to stay on top of the bad guys; but I also hope that it would create a meaningful system by which the government’s power can be reined in according to Constitutional principles.
This is just a working proposal, and I’m not going to suffer a wound to my ego if some of you commenters come up with better ideas than this, or refine it, or poke big holes in it. All I ask is that you remember that our goal is to have both security and liberty — because as it stands, it looks to me like there isn’t enough liberty in the mix.
Burt Likko is the pseudonym of an attorney in Southern California. His interests include Constitutional law with a special interest in law relating to the concept of separation of church and state, cooking, good wine, and bad science fiction movies. Follow his sporadic Tweets at @burtlikko, and his Flipboard at Burt Likko.