More Domestic Spying
WHEN THE New York Times revealed the National Security Agency's domestic wiretapping program late last year, President Bush assured the country that the operation was carefully limited to international calls, targeted only al-Qaeda suspects and did not involve snooping on law-abiding Americans. That turns out to be far from the whole truth. In addition to intercepting certain international calls, USA Today reported yesterday, the NSA after Sept. 11, 2001, began assembling a database of records of domestic calls. It attempted to keep track of all phone calls made in the United States and use them in an elaborate data-mining operation. The agency did not go to any court for approval. Rather, it simply asked several major telecommunications companies to turn over huge volumes of call data. With the exception of Qwest, which balked for legal reasons, the companies did so.
As with the NSA's warrantless wiretapping program, the law here is murky. Although both Mr. Bush and the telephone companies insist they have behaved strictly in accordance with the law, it isn't clear how the companies could have turned over records of more than a trillion calls without violating consumer privacy laws. What is clear is that a surveillance program of enormous magnitude, involving not just al-Qaeda suspects but also the presumptively private data of almost all Americans, appears to have taken place with no public debate, no judicial review and only the slightest congressional oversight. Americans have no understanding of what, if any, controls exist on this information, with its massive potential for abuse. They do not know how the NSA or other government agencies are using it. Consequently, the public -- and Congress -- have no sense of how to measure the program's supposed contributions to the war on terrorism against the very considerable dangers of such an operation.
We don't contend that data-mining is illegitimate. With appropriate controls and oversight, it has a role to play in modern intelligence and law enforcement. But a giant government database detailing which phone numbers called which other phone numbers -- the NSA data, according to USA Today, do not include people's names or addresses or the contents of their communications -- is a massive intrusion on personal privacy. Investigators cannot get such data on individuals suspected of a crime without a subpoena or some other court order. Somehow, however, the NSA is getting all such data, overwhelmingly about people suspected of no offense, on the president's authority. And is that all it's getting? Is there any basis for confidence that telecommunications companies are not also turning over Internet traffic data wholesale?
Congress urgently needs to examine the full range of NSA domestic surveillance. These latest revelations show the error of well-meaning attempts to legislate concerning the NSA's wiretapping program by senators lacking a comprehensive sense of what it is and how it fits into the agency's larger domestic activities. The goal must be to modernize the rules of anti-terrorism surveillance within the United States, allowing for the uses of new technologies unimagined when Congress wrote current law but insisting on proper limits and systemic judicial and legislative oversight. This cannot begin to happen without a sustained congressional effort to find out what the NSA is doing.