Stewart Baker Deploys Shakiest Analogy Yet To Defend The NSA's Collection And Storage Of Non-Targeted Communications

from the so-bad-I-think-it-gave-me-cancer dept

Stewart Baker, once again defending the poor, downtrodden NSA from the latest leak, has given us reason to add another post to the long list of "Stuff Stewart Would Like Google To Forget."

Baker addresses the latest leak -- the one published by the Washington Post that shows the NSA is harvesting communications from non-targets at a 9-to-1 ratio to actual targets. According to Baker, this is all no big deal because any fishing expedition targeted NSA collection is going to necessarily collect tons of irrelevant information.
The story* is built around the implied claim that 90% of NSA intercept data is about innocent people. I think the statistic is a phony. Especially in an article that later holds up US law enforcement practice as a superior model.
*I've add a link to the actual story Baker's complaining about because he clearly can't be arsed. Apparently, this is how certain bloggers subtweet.

In his explanation of how Sturgeon's Law relates to the NSA's national security aims, Baker gives the example of an unnamed law enforcement agency poking into his email account during an investigation.
Suppose I become the target of a government investigation. The government gets a warrant [ed. note: lol] and seizes a year’s worth of my email. Looking at my email patterns, that’s about 3500 messages. About twenty percent – say 750 –are one-off messages that I can handle with a short reply (or by ignoring the message). Either way, I’ll never hear from that person again. And maybe a quarter are from about 50 people I hear from at least once a week. The remainder are a mix — people I trade emails with for a while and then stop, or infrequent correspondents that can show up any time. Conservatively, let’s say that about 200 people are responsible for the portion of my annual correspondence that falls into that category. In sum, the total number of correspondents in my stored email is 750+200+50 = 1000. So the criminal investigators who seized and stored my messages from me, their investigative target, and 1000 people who aren’t targets.
So, in this example 99.9% of everything was irrelevant, but the agency doesn't know that until it's looked through all of it. Fair enough. But what does law enforcement do with the irrelevant information? (Don't answer that.) In a perfect world, the government/law enforcement agency disposes of the irrelevant data. That's what the laws governing search warrants and the minimization provisions governing the NSA's collections direct these agencies to do. But what does the NSA actually do with this 90% irrelevant information?

Back to Gellman's article:
Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.

[...]

The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency’s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another.
Even the "searching my email" analogy doesn't hold up. The NSA searches a ton of proverbial email inboxes -- without a warrant -- simultaneously.
If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply “lurked,” reading passively what other people wrote.

“1 target, 38 others on there,” one analyst wrote. She collected data on them all.

In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people.
And, unlike the targeted search Baker alludes to, nothing is regarded as irrelevant because the agency can't even determine what might or might not be worth keeping. In a targeted, warranted search, law enforcement generally has an idea of what it's looking for. With the NSA, it's "collect it all" because something might prove to be relevant later and besides, look at our shiny new storage space!

The NSA's deliberate collection of non-targeted communications is more analogous to law enforcement grabbing Baker's friends' and family's email as well --- even though they're not listed on the warrant -- simply because these all intersect with his account at some point -- and then holding onto it for x number of years simply because one analyst says it might be relevant to the investigation at some undetermined point.

The government can actually get in trouble for doing exactly the thing Baker claims is no big deal (and built on "phony statistics"). Just last month, the Second Circuit Court ruled that the feds held onto data unrelated to their stated investigation for too long, violating the plaintiff's Fourth Amendment rights. When the NSA does this to American citizens not currently targeted by counterterrorism investigations, it's doing the same thing. Only in the NSA's case, it does this on a massive scale, unimpeded by the limitations of specific warrants. One order nets the NSA nearly 90,000 targets and, apparently, the communications of nearly 800,000 others, if the ratio holds.

Baker's analogy doesn't stand up to the slightest scrutiny, and he willfully ignores the NSA's long-term storage of irrelevant communications to make his point. He claims Barton Gellman's being dishonest, but who's really applying the most spin here?

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 8 Jul 2014 @ 5:26am

    I can't imagine an average crime having a 1000 people involved in email searches. That's what puts all this so out of whack. We have a national agency, one among many evidently doing all this collecting. No need for it, can't be all these people terrorists unless the that is one of those redefined words.

    But you know, in talking about these amounts of people, there is one thing they've dropped and conveniently failed to mention. The example here was 1 target in a chat room with 38 others. Now I seem to recall Obama was going to have the NSA reduce the number of hops by one. Even with just two hops, this is a jaw dropper in the amount of unnecessary and unrelated people who have had their privacy invaded in the process. Now multiply this by one year and 90,000 hits sounds really, really, shy by a multiple figure if not more on the amount of unrelated to terrorism people that have been spied on.

    It's another number snow job.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.