In an earlier post, I proposed some analytic tools for evaluating the effectiveness of the NSA’s telephony metadata program – in light of recommendations by the President’s Review Group to revise the program.
One reason for this program’s lack of an impressive record of thwarting terrorist attacks is due to its specific focus on terrorist activities that involve (particular types of) foreign-domestic links. It is understandable that the record of the program’s effectiveness will be sparse if there have been only a few such terrorist plots in the past several years. And its performance record will also be limited if such plots have been identified and prevented by other means. Under those conditions, the program’s effectiveness arguably has not been fully tested. We are then in the world of theory – could the program have theoretically helped prevent 9/11 and could the program theoretically prevent a future 9/11-style plot?
The public debate on those questions has recently been joined by reasoned analysis and specific claims – instead of general and unsubstantiated assertions. On one side is Judge William Pauley’s recent opinion (ACLU v. Clapper), which contends that the program could have helped to prevent 9/11. In response, Lawrence Wright, author of the Pulitzer Prize winning book, The Looming Tower: Al-Qaeda and the Road to 9/11, wrote an essay in the New Yorker challenging Pauley’s reasoning. Their disagreement helps to illuminate the relevant tradeoffs in maintaining, revising, terminating, or expanding the metadata program.
The key paragraph from Pauley’s opinion states that the metadata program could have potentially averted 9/11 by capturing the phone records of hijacker Khalid al-Mihdhar:
Prior to the September 11th attacks, the National Security Agency (“NSA”) intercepted seven calls made by hijacker Khalid al-Mihdhar, who was living in San Diego, California, to an al-Qaeda safe house in Yemen. The NSA intercepted those calls using overseas signals intelligence capabilities that could not capture al-Mihdhar’s telephone number identifier. Without that identifier, NSA analysts concluded mistakenly that al-Mihdhar was overseas and not in the United States. Telephony metadata would have furnished the missing information and might have permitted the NSA to notify the Federal Bureau of Investigation (“FBI”) of the fact that al-Mihdhar was calling the Yemeni safe house from inside the United States.
Notably, Judge Pauley’s opinion tracks, almost verbatim, the Declaration by NSA’s SIGINT Director Teresa Shea (see para 11 of the Declaration). [As an aside: Judge Pauley cites the 9/11 Commission Report, and some of the most important passages in the Report on this topic are pp. 181-82; 268-69.]
Wright admits that “If [Judge Pauley] is right, advocates of extensive monitoring by the government have a strong case.” Wright’s critique of Judge Pauley’s opinion (and, by implication, of the Shea Declaration) boils down to three points:
Point 1: The wall between the intelligence agencies and the F.B.I. in the pre-/11 system was the key flaw in preventing the attack — and that defect would have presumably scuttled the delivery of information generated by the metadata program;
Point 2: The C.I.A. already had crucial information on Mihdhar — as well as knowledge that al-Qaeda operatives including Mihdhar’s associate and another future hijacker Nawaf al-Hazmi were in the United States;
Point 3: The F.B.I. had sufficient legal authority to conduct surveillance of Al Qaeda operatives in the United States including reading their email, tapping their phones, and requiring telephone companies to turn over all of the individuals’ call records with “no need for a metadata-collection program.”
What to make of this debate? This post offers a few observations.
A major thrust of Wright’s essay is his first point, but it is not clear how much that addresses our concerns here. (Wright’s essay is also written in service of a separate objective – his thesis that the CIA should be held accountable for the pre-9/11 lapses.) Surely, to answer our question about the value of the metadata program, the first point is not highly relevant. The question, for example, can be easily revised: if the metadata program had existed and US agencies had employed the post-9/11 system of information sharing, could the attack have been prevented? More precisely, how much more likely would it have been for the government to prevent the attack with the metadata program and information sharing systems in place? That’s the key question.
Wright’s second and third points are directly relevant to answering that type of question. His account suggests that the metadata program would have been redundant. And there are other reasons, in addition to those Wright identifies, to reach that conclusion. Recall that Judge Pauley wrote, “The NSA intercepted those calls [with the safe house in Yemen] using overseas signals intelligence capabilities that could not capture al-Mihdhar’s telephone number identifier.” However, according to a Declaration by Edward Felten, Professor of Computer Science and Public Affairs at Princeton University and former Chief Technologist at the US Federal Trade Commission, at the time the government could have directly obtained all call records between the Yemen safe house and the United States:
There is absolutely no need for a database of every American’s call records to perform this sort of one-hop analysis. In al-Mihdar’s case, the government could easily have obtained from the telephone companies (using any number of legal authorities) the call records of any American in communication with the al Qaeda safehouse.
That said, as I explain in my earlier post, redundancy is not a sufficient reason to reject such a program. Indeed, redundancy is often a wise institutional design choice across a range of systems (from sports to flood protection). In the case of counterterrorism, having multiple paths to gaining the crucial information about a plot is surely valuable. For example, what if our government had not yet identified the safe house? That said, the benefits of redundancy involve a much more modest claim than the inflated rhetoric expressed by some of the program’s proponents.
The bottom line is that the value of the metadata program in preventing 9/11 attacks is far greater than Wright’s account of the program’s unimportance suggests. At the same time, the utility of the program is also much less convincing than Judge Pauley’s opinion and others assert.
In the final analysis, these discussions help to put the relevant tradeoffs in better perspective in two respects.
First, an important issue is whether (a) an additional layer of redundancy and any increase in effectiveness is worth (b) the costs to protecting privacy and personal freedoms and restoring the public trust in the NSA programs.
Second, the proposal by the President’s Review Group is to reform (not retire) the program. The proposal would keep the program, but require the metadata to be held by private companies rather than the NSA and require prior judicial approval for release of information (with an exception for emergencies). If those recommendations are adopted, an important cost for counterterrorism purposes may be the extra time it would take to obtain the information. I say “may” because it is unclear whether the recommendation for private companies to hold the data would impose such costs. Professor Felten, for instance, contends that “a simple electronic interface” between the NSA and telephone companies “could perform the government’s three-hop analysis essentially instantaneously—in a matter of seconds or less.” The judicial proceedings, however, would presumably exact a cost in terms of speed of information retrieval (hence the need for an exception for cases of emergency). The question is whether (a) the loss of time and flexibility, if any, is worth (b) the benefits of instilling public confidence and protecting individuals’ privacy. At least those are some of the lines along which principled and well-justified arguments can take place.