Why the NSA's Defense of Mass Data Collection Makes No Sense

The U.S. intelligence community claims it's not spying on citizens until someone actually looks at the data it collects. That argument is deeply flawed.
More
Director of National Intelligence James Clapper told Congress the NSA doesn't collect information on millions of Americans. (Reuters)

The basic government defense of the NSA's bulk-collection programs—whether it be the list of all the telephone calls you made, your email address book and IM buddy list, or the messages you send your friends—is that what the agency is doing is perfectly legal, and doesn’t really count as surveillance, until a human being looks at the data.

It's what Director of National Intelligence James R. Clapper meant when he lied to Congress. When asked, "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" he replied, "No sir, not wittingly." To him, the definition of "collect" requires that a human look at it. So when the NSA collects—using the dictionary definition of the word—data on hundreds of millions of Americans, it’s not really collecting it, because only computers process it.

The NSA maintains that we shouldn't worry about human processing, either, because it has rules about accessing all that data. General Keith Alexander, director of the NSA, said that in a recent New York Times interview: "The agency is under rules preventing it from investigating that so-called haystack of data unless it has a 'reasonable, articulable' justification, involving communications with terrorists abroad, he added."

There are lots of things wrong with this defense.

First, it doesn't match up with U.S. law. Wiretapping is legally defined as acquisition by device, with no requirement that a human look at it. This has been the case since 1968, amended in 1986.

Second, it's unconstitutional. The Fourth Amendment prohibits general warrants: warrants that don’t describe "the place to be searched, and the persons or things to be seized." The sort of indiscriminate search and seizure the NSA is conducting is exactly the sort of general warrant that the Constitution forbids, in addition to it being a search by any reasonable definition of the term. The NSA has tried to secretly redefine the word "search," but it’s forgotten about the seizure part. When it collects data on all of us, it’s seizing it.

Third, this assertion leads to absurd conclusions. Mandatory cameras in bedrooms could become okay, as long as there were rules governing when the government could look at the recordings. Being required to wear a police-issued listening device 24/7 could become okay, as long as those same rules were in place. If you're uncomfortable with these notions, it's because you realize that data collection matters, regardless of whether someone looks at it.

Fourth, creating such an attractive target is reckless. The NSA claims to be one of the biggest victims of foreign hacking attempts, and it’s holding all of this information on us? Yes, the NSA is good at security, but it’s ridiculous to assume it can survive all attacks by foreign governments, criminals, and hackers—especially when a single insider was able to walk out of the door with pretty much all their secrets.

Finally, and most importantly: Even if you are not bothered by the speciousness of the legal justifications, or you are already desensitized to government invasion of your privacy, there is a danger grounded in everything we have learned about how humans respond when put in positions of unchecked power. Assuming the NSA follows its own rules—which even it admits it doesn’t always—rules can change quickly. The NSA says it only looks at such data when investigating terrorism, but the definition of that term has broadened considerably. The NSA is constantly pushing the law to allow more and more surveillance. Even Representative Jim Sensenbrenner, the author of the Patriot Act, says that it doesn’t allow what the NSA claims it allows.

A massive trove of surveillance data on everyone is incredibly tempting for all parts of government to use. Once we have everyone’s data, it’ll be hard to prevent it from being used to solve conventional crimes and for all sorts of things. It’s a totalitarian government's wet dream.

The NSA’s claim that it only looks when it’s investigating terrorism is already false. We already know the NSA passes data to the DEA and IRS with instructions to lie about its origins in court—"parallel construction" is the term being used. What else is done with that data? What else could be?

It doesn't make sense to build systems that could facilitate a future police state.

This sort of surveillance isn't new. We even have a word for it: It's the Panopticon. The Panopticon was a prison design created by 18th-century philosopher Jeremy Bentham, and has been a metaphor for a surveillance state ever since. The basic idea is that prisoners live under the constant threat of surveillance. It's not that they are watched all the time—it's that they never know when they're being watched. It's the basis of Orwell's 1984 dystopia: Winston Smith never knew if he was being watched, but always knew it was a possibility. It's why online surveillance works so well in China to deter behavior; no one knows if and when it will detect their actions online.

Panopticon-like surveillance—intermittent, but always possible—changes human behavior. It makes us more compliant, less individual. It reduces liberty and freedom. Philosopher Michael P. Lynch recently wrote about how it dehumanizes us: “when we lose the very capacity to have privileged access to our psychological information—the capacity for self-knowledge, so to speak, we literally lose our selves .... To the extent we risk the loss of privacy we risk, in a very real sense, the loss of our very status as subjective, autonomous persons.”

George Dyson recently wrote that a system that “is granted (or assumes) the absolute power to protect itself against dangerous ideas will of necessity also be defensive against original and creative thoughts.” That's what living in a Panopticon gets you.

Already, many of us avoid using “dangerous” words and phrases online, even innocuously. Or making nervous jokes about it when we do.

By ceding the NSA the ability to conduct ubiquitous surveillance on everybody, we cede to it an enormous amount of control over our own lives. Once the NSA takes a copy of your data, you no longer control it. You can't delete it. You can't change it. You might not even know when the rules under which it uses your data change. And until Edward Snowden leaked documents that show what the NSA is doing, you didn't even know that the government had taken it.

What else don’t we know that the NSA has or does?

Jump to comments
Presented by

Bruce Schneier is a correspondent for The Atlantic and the chief technology officer of Co3 Systems, a computer-security firm. A security and technology specialist, his latest book is Liars and Outliers: Enabling the Trust That Society Needs to Thrive.

Get Today's Top Stories in Your Inbox (preview)

When Will Robots Take Over the World?

"In a sense, we're already becoming cyborgs."


Elsewhere on the web

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register. blog comments powered by Disqus

Video

Is Wine Healthy?

James Hamblin prepares to impress his date with knowledge about the health benefits of wine.

Video

The World's Largest Balloon Festival

Nine days, more than 700 balloons, and a whole lot of hot air

Video

The Origins of Bungee Jumping

"We had this old potato sack and I filled it up with rocks and dropped it over the side. It just hit the water, split, dropping all the stones. And that was our test."

Video

Is Trading Stocks for Suckers?

If you think you’re smarter than the stock market, you’re probably either cheating or wrong

Video

I Spent Half My Life Making a Video Game

How a childhood hobby became a labor of love

Writers

Up
Down

More in Politics

Just In