A Republican-appointed judge and President Obama’s own handpicked Surveillance Review Group both came to the same conclusion last week: The National Security Agency’s controversial phone-records program has been of little real value to American security. Yet its defenders continue to insist that it is necessary, clinging desperately to long-debunked claims about foiled terror plots. Their stubbornness fits a decade-long pattern of fear trumping evidence whenever the word “terrorism” is uttered—a pattern it is time to finally break.
Since the disclosure of the NSA’s massive domestic phone-records database, authorized under a tortured reading of the Patriot Act’s Section 215 authority to obtain business records, intelligence officials and their allies in Congress have claimed it plays a vital role in protecting Americans from “dozens” of terror attacks. But as the expert panel Obama appointed to review the classified facts concluded, in a report released Wednesday, that just isn’t true.
“Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks,” the report found, “and could readily have been obtained in a timely manner using conventional section 215 orders.”
In other words, instead of vacuuming up sensitive information about the call patterns of millions of innocent people, the government could have followed the traditional approach of getting orders for specific suspicious numbers. As for those “dozens” of attacks, the review groups found that the NSA program “generated relevant information in only a small number of cases, and there has been no instance in which NSA could say with confidence that the outcome would have been different without the section 215 telephony meta-data program.”
The report came just days after Judge Richard Leon, appointed in 2001 by President George W. Bush, found the telephony program likely violated the Constitution. Leon found the program’s invasion of privacy especially troubling given the “utter lack of evidence that a terrorist attack has ever been prevented because searching the NSA database was faster than other investigative tactics,” and declared himself unconvinced that the program “has ever truly served the purpose of rapidly identifying terrorists in time-sensitive investigations.”
Leon’s opinion cited a thorough report by ProPublica documenting holes in the intelligence community’s talking points, including a “foiled plot” to bomb the New York Stock Exchange that appears to have been largely imaginary. The suspects in that case were never charged with planning an attack: The real “plot” seems to have been to con an American terror sympathizer out of funds his foreign contacts hoped to use to open an appliance store.
This confirms what informed critics of the program have been saying for some time. In an amicus brief recently filed in support of an ACLU lawsuit, several senators with access to the classified details argue that there is “no evidence that the bulk collection of Americans’ phone records has provided any intelligence of value that could not have been gathered through less intrusive means.”
Even the FBI may not believe its own public rhetoric in support of the program. An exchange reported in Garrett Graff’s book The Threat Matrix quotes former FBI director Robert Mueller describing what appears to be the 215 phone program as a “useless time suck.”
In fact, the very first use of the 215 authority was not to gather up bulk phone records; it was a bit of show for the benefit of Congress. As documented in an exhaustive 2007 report by the Justice Department’s inspector general, the FBI had been relying on another Patriot Act authority to obtain phone records. But by 2003, as one FBI attorney explained to the Inspector General, “there was a recognition that the FBI needed to begin obtaining Section 215 orders because… Congress would be scrutinizing the FBI’s use of the authority in determining whether to renew the authority.” In other words, the power wasn’t used because it was necessary: It was used to convince Congress that it was necessary.
And yet on Thursday, White House Press Secretary Jay Carney stuck to the same discredited talking points, calling the program an “important tool” and falsely claiming that “at least 50 threats that have been averted because of this information, so lives have been saved.”
Unfortunately, Carney’s stubbornness is no aberration, but part of a pattern we’ve seen all too often over the past decade. Just like the NSA, we now have more than enough data to “connect the dots.”
President Bush authorized the NSA to conduct wireless phone wiretaps shortly after September 11 attacks. When The New York Times revealed the program, administration officials insisted it was effective and vitally important. Former NSA Director Michael Hayden claimed that it had “been successful in detecting and preventing attacks inside the United States,” while Vice President Cheney went further, asserting that the program had “saved thousands of lives.”
When the intelligence community’s inspectors general finally published an unclassified report on the program, however, it noted that officials “had difficulty citing specific instances where [the program] had directly contributed to counterterrorism successes.” A senior CIA official told NSA historian Matthew Aid: “We spent a ton on the program but got back very little in the way of solid returns. I don’t think it was worth the money.”
Intelligence officials have hailed “fusion centers”—information-sharing hubs massively funded by the Department of Homeland Security over the past decade—as a “vital, proven tool” and a “centerpiece of our counterterrorism strategy.” Just last year an extensive, bipartisan Senate investigation concluded the centers had produced no useful counterterror intelligence but had risked violating the Privacy Act by generating reports of citizens’ First Amendment protected activities. Various “success stories” invoked to show the usefulness of the centers, the Senate investigation found, did not stand up to scrutiny.
In other cases, rather than claiming bogus success stories, the officials have sought to expand their powers by blaming inadequate surveillance authorities for intelligence failures.
Consider, for example, the “lone wolf” authority approved soon after 9/11, which allows powerful foreign intelligence surveillance tools to be used against terror suspects without any demonstrable link to a foreign group. The need for this never-used power was supposedly illustrated by the case of “20th Hijacker” Zacarias Moussaoui, whose laptop the FBI supposedly failed to search in time to discover the planned attack on the World Trade Center because agents could not show an adequate tie to foreign terrorists.
Yet a very different picture emerged in a scathing 2003 Senate Judiciary Committee report. After the attacks, the report noted, investigators were able to obtain a conventional warrant using the same evidence that had previously been considered inadequate. A warrant hadn’t been obtained earlier because supervisors at FBI Headquarters had failed to link related reports from different field offices, or to pass those reports on to the lawyers tasked with determining when a FISA warrant should be sought, and misunderstood the scope of their own existing legal authorities. "In performing this fairly straightforward task," the report concludes, "FBI headquarters personnel failed miserably."
Then there’s the tale of three captured soldiers in Iraq, invoked in 2007 to show the need for the predecessor to the FISA Amendments Act, basis for the NSA’s PRISM program. The secret Foreign Intelligence Surveillance Court had supposedly ruled that even totally foreign communications could not be intercepted without a warrant if they were picked up as they passed through the United States. As a result, claimed then-Director of National Intelligence Michael McConnell, a time-sensitive effort to wiretap the insurgents believed to be holding the soldiers was delayed for 12 hours.
Only later did it become clear that the delay was due to internal bureaucratic wrangling, not the new court ruling—which had not even taken effect yet, and in any event, would not have required the government to obtain a warrant in such an emergency situation. As James Bamford recounts in his book The Shadow Factory, it turned out that several of the subjects of that wiretap were already under surveillance, but it didn’t matter: The NSA’s primary target was quickly captured by troops in the field, and found to have been uninvolved in the kidnapping.
Perhaps most egregious is the case of Magdy Mahmoud Mostafa el-Nashar, a former acquaintance of the perpetrators of the 2005 London transit-system bombings. Though he was ultimately cleared of any wrongdoing, FBI Director Robert Mueller later told Congress that investigators had been delayed in obtaining the suspect’s education records because they were not covered by the bureau’s National Security Letter authorities—supposedly showing the need for a broader power to demand records without judicial approval. “We should've been able to have a document, an administrative subpoena that we took to the university and got those records immediately,” Mueller testified.
Yet it later came out that an FBI agent had quickly obtained the records under a traditional grand-jury subpoena—then, with the documents in hand, been ordered over the phone to return them and try again with an NSL, even though NSLs clearly didn’t apply to education records. The FBI had, in other words, created its own unnecessary delay, then used the story to claim it needed more power.
While we may sometimes have to trade a bit of privacy for greater security, the Review Group rightly argues that we must demand evidence that we are really getting that security, relying on rigorous cost-benefit analysis rather than dramatic anecdotes. After a decade of bogus claims that intrusive programs are necessary to keep us safe, it is high time for Americans and lawmakers to stop being played for suckers.
We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.