TRAVELING IN Germany on Wednesday, President Obama promised to try to declassify more about two electronic surveillance programs at the center of a renewed national debate on security and privacy. He should. Over the past week, that debate has been enriched by congressional hearings and the slow release of new information, clarifying how these programs operate.
For one thing, the so-called PRISM program appears to describe the exercise of authority duly granted the executive branch under Section 702 of the Foreign Intelligence Surveillance Act — not a totally unexpected electronic dragnet. Under court supervision, the government can target foreigners for surveillance. When it wants to examine the communications of U.S. citizens, it needs a warrant. Though it’s hard to know what would have happened if the government’s authorities had been more limited, FBI Deputy Director Sean Joyce testified Tuesday that this sort of surveillance helped to unravel a plot to bomb the New York Stock Exchange.
Meanwhile, the government collection of Americans’ phone metadata — which numbers are calling which others and when — remains surprising in the vast amount of information that is sopped up. But the National Security Agency (NSA) claims that it is using only a tiny fraction of the information, querying the database for links to fewer than 300 numbers last year. If so, that raises two questions.
First, couldn’t the public have known about the data collection before? No terrorist would have been surprised that the U.S. government is looking for and tracking a limited set of suspect phone numbers.
Second, does the government even need to maintain its own vast database of phone records? In response to a question from Rep. Adam Schiff (D-Calif.), Gen. Keith B. Alexander, the NSA director, indicated Tuesday that it might be possible for the agency to run its phone metadata program while leaving records in the hands of telecommunications companies. In fact, relevant government agencies are evaluating the program. Could the program work about as well with telecommunications firms keeping the data? If so, why didn’t the NSA work with Congress to pursue that policy in the first place? Though there’s no guarantee that these companies will be strong advocates for their customers when proceedings are secret, at least there would be some opportunity for outside pushback against any overly broad or otherwise unjustified data demands.
We don’t see an argument for anti-government hysteria in these considerations. We do, however, want as informed a debate as possible about how the government is balancing security and privacy.