Stewart Baker Deploys Shakiest Analogy Yet To Defend The NSA's Collection And Storage Of Non-Targeted Communications
from the so-bad-I-think-it-gave-me-cancer dept
Baker addresses the latest leak — the one published by the Washington Post that shows the NSA is harvesting communications from non-targets at a 9-to-1 ratio to actual targets. According to Baker, this is all no big deal because any
fishing expedition targeted NSA collection is going to necessarily collect tons of irrelevant information.
The story* is built around the implied claim that 90% of NSA intercept data is about innocent people. I think the statistic is a phony. Especially in an article that later holds up US law enforcement practice as a superior model.
*I’ve add a link to the actual story Baker’s complaining about because he clearly can’t be arsed. Apparently, this is how certain bloggers subtweet.
In his explanation of how Sturgeon’s Law relates to the NSA’s national security aims, Baker gives the example of an unnamed law enforcement agency poking into his email account during an investigation.
Suppose I become the target of a government investigation. The government gets a warrant [ed. note: lol] and seizes a year’s worth of my email. Looking at my email patterns, that’s about 3500 messages. About twenty percent – say 750 –are one-off messages that I can handle with a short reply (or by ignoring the message). Either way, I’ll never hear from that person again. And maybe a quarter are from about 50 people I hear from at least once a week. The remainder are a mix — people I trade emails with for a while and then stop, or infrequent correspondents that can show up any time. Conservatively, let’s say that about 200 people are responsible for the portion of my annual correspondence that falls into that category. In sum, the total number of correspondents in my stored email is 750+200+50 = 1000. So the criminal investigators who seized and stored my messages from me, their investigative target, and 1000 people who aren’t targets.
So, in this example 99.9% of everything was irrelevant, but the agency doesn’t know that until it’s looked through all of it. Fair enough. But what does law enforcement do with the irrelevant information? (Don’t answer that.) In a perfect world, the government/law enforcement agency disposes of the irrelevant data. That’s what the laws governing search warrants and the minimization provisions governing the NSA’s collections direct these agencies to do. But what does the NSA actually do with this 90% irrelevant information?
Back to Gellman’s article:
Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.
The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency’s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another.
Even the “searching my email” analogy doesn’t hold up. The NSA searches a ton of proverbial email inboxes — without a warrant — simultaneously.
If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply “lurked,” reading passively what other people wrote.
“1 target, 38 others on there,” one analyst wrote. She collected data on them all.
In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people.
And, unlike the targeted search Baker alludes to, nothing is regarded as irrelevant because the agency can’t even determine what might or might not be worth keeping. In a targeted, warranted search, law enforcement generally has an idea of what it’s looking for. With the NSA, it’s “collect it all” because something might prove to be relevant later and besides, look at our shiny new storage space!
The NSA’s deliberate collection of non-targeted communications is more analogous to law enforcement grabbing Baker’s friends’ and family’s email as well — even though they’re not listed on the warrant — simply because these all intersect with his account at some point — and then holding onto it for x number of years simply because one analyst says it might be relevant to the investigation at some undetermined point.
The government can actually get in trouble for doing exactly the thing Baker claims is no big deal (and built on “phony statistics”). Just last month, the Second Circuit Court ruled that the feds held onto data unrelated to their stated investigation for too long, violating the plaintiff’s Fourth Amendment rights. When the NSA does this to American citizens not currently targeted by counterterrorism investigations, it’s doing the same thing. Only in the NSA’s case, it does this on a massive scale, unimpeded by the limitations of specific warrants. One order nets the NSA nearly 90,000 targets and, apparently, the communications of nearly 800,000 others, if the ratio holds.
Baker’s analogy doesn’t stand up to the slightest scrutiny, and he willfully ignores the NSA’s long-term storage of irrelevant communications to make his point. He claims Barton Gellman’s being dishonest, but who’s really applying the most spin here?