Republican presidential candidate Marco Rubio tried to score national security points off his rivals Tuesday night over their support for ending the government’s bulk collection of phone metadata, suggesting that the country lost “a valuable tool” in its fight against terrorism.
But the legislation that ended the National Security Agency’s mass storage of phone records did not leave counterterrorism officials in the lurch.
In fact, during Tuesday night’s GOP debate, as Rubio was attacking Sen. Ted Cruz of Texas over his vote for the USA Freedom Act, NSA Director Michael Rogers was telling a group of industry and intelligence officials that the new program “is working well so far.”
So what did the legislation change?
Rather than the NSA gathering from phone companies each day millions of records about Americans’ phone calls — the vast majority of whom are not suspected of terrorism activity — the agency must now obtain a court’s permission to obtain data on each phone number it suspects of links to a terrorist group.
Whether the new program, which is only three weeks old, will work better than the old is an open question. A presidentially appointed commission and an independent executive-branch privacy watchdog concluded that the bulk collection program did not thwart a single terrorist plot.
Still, the GOP debate revealed a split in the party over government surveillance tools.
Rubio suggested that his colleagues’ votes for the legislation at a time of increased threat by the Islamic State was irresponsible. “This bill did . . . take away a valuable tool that allowed the National Security Agency and other . . . intelligence agencies to quickly and rapidly access phone records and match them up with other phone records to see who terrorists have been calling.”
“I think Marco gets it completely wrong,” responded Sen. Rand Paul (Ky.), who voted for the USA Freedom Act. “We are not any safer through the bulk collection of all Americans’ records. In fact, I think we’re less safe.”
The once-classified bulk collection program was officially acknowledged by the U.S. government in June 2013, after a leak by former NSA contractor Edward Snowden. The program gathered metadata, or data on numbers dialed, call times and call durations.
But Cruz noted that the changes called for by the legislation increase potential coverage for counterterrorism analysts. That’s because, for technical and other reasons, the NSA had been collecting only a percentage of call records from phone companies — as of 2013, officials said, it was between 20 and 30 percent, which contradicts the common perception that the government had collected virtually all domestic phone data. Some large cellphone carriers, such as Verizon Wireless and T-Mobile, were not participating.
Today, though, the government could serve a court order for metadata records on those companies. “The new program covers nearly 100 percent” of phone numbers, Cruz asserted. “That gives us greater ability to stop acts of terrorism, and [Rubio] knows that’s the case.”
The legislation also enabled the agency to obtain up to two “hops” of records with one court order. The first hop are numbers in direct contact with a target’s number. Those numbers may then be sent by the NSA to phone companies to obtain second-hop records, expanding further the number obtained. And it permits the attorney general in emergencies to approve the use of a specific number as a query to phone companies as long as the agency follows up with the court for final approval.
Rogers on Tuesday said that the NSA is working with the initial set of providers, such as AT&T and Verizon Business Network Services. “We’ll . . . look to add additional providers over time,” he said at a dinner hosted by the Intelligence and National Security Alliance.
“It’s not an insignificant challenge for our privacy company teammates, because we’re asking them to do something we haven’t done before,” he said. But, he said, “they’re working hard to try to make this work.”
Rogers noted that each has a different policy about how long to retain data and a different process to provide it to the government.
“The biggest thing I think we need to assess over time . . . is we need to get a sense of timeliness,” he said. “What is the implication of this new structure in terms of our ability to get timely insights?”
There are other limits to the usefulness of the data gathered, which applied to the old program as well as the new. One is that wireless companies are increasingly moving to fixed-rate plans in which they do not bill by the call, so they have no business need to keep records on numbers dialed and call durations. A second limit arises from the rise of apps on smartphones that make calls over the Internet, such as Skype and FaceTime. The phone companies would not have data on those calls.