The FISA Court Order Flap: Take a Deep Breath

There may be a lot less to the NSA “scandal” than meets the eye.  In an article for Foreign Policy, I explain why I am quite confident that the program underlying the FISA court order is lawful:

Tapped phone

[T]his is not some warrantless or extra-statutory surveillance program.  The government had to persuade up to a dozen life-tenured members of the federal judiciary that the order is lawful. You may not like the legal interpretation that produced this order, but you can’t say it’s lawless.

In fact, it’s a near certainty that the underlying program has been carefully examined by all three branches of government and by both parties.  As the Guardian story makes clear, Senator Ron Wyden has been agitating for years about what he called an interpretation of national security law that seems goes beyond anything the American people understood or would support.  He could easily have been talking about orders like this. So it’s  highly likely that the law behind this order was carefully vetted by both intelligence committees, Democrat-led in the Senate and Republican-led in the House. (Indeed, today the leaders of both committees gave interviews defending the order.) And in the executive branch, any legal interpretations adopted by the Bush administration would have been carefully scrubbed by President Obama’s Justice Department.

The two other questions about the program are why such a sweeping collection and how can something that broad be lawful.  Here’s my guess about answers to the first question:

Imagine that the United States is intercepting al Qaeda communications in Yemen.  Its leader there calls his weapons expert and says, “Our agent in the U.S. needs technical assistance constructing a weapon for an imminent operation.  I’ve told him to use a throw-away cell phone to call you tomorrow at 11 a.m. on your throw-away phone.  When you answer, he’ll give you the number of a second phone. You will buy a phone in the bazaar, and call him back on the second number at 2 p.m.”

Now, this is pretty good improvised tradecraft, and it would leave the government with no idea where or who the U.S.-based operative is or what phone numbers to monitor. It doesn’t have probable cause to investigate any particular American.  But it surely does have probable cause to investigate any American who makes a call to Yemen at 11 a.m., Sanaa time, hangs up after a few seconds, and then gets a call from a different Yemeni number three hours later. Finding that person, however, isn’t easy, because the government can only identify the suspect by his calling patterns, not by his name.

So how does the NSA go about finding the one person in the United States whose calling pattern matches the terrorists’ plan?  Well, it could ask every carrier to develop the capability to store all of their calls and to search them for patterns like this. But that would be very expensive, and its effectiveness is really only as good as the weakest, least cooperative carrier.  And even then it wouldn’t work without massive, real-time information sharing — any reasonably intelligent U.S.-based terrorist would just buy his first throwaway phone from one carrier and his second phone from a different carrier.

The only way to make the system work, and the only way to identify and monitor the one American who is plotting with al Qaeda’s operatives in Yemen, is to pool all the carriers’ data on U.S. calls to and from Yemen and to search it all together — and for the costs to be borne by all of us, not by the carriers.

In short, the government has to do it.

And here’s my guess about how to answer the second question:

The technique that squares that circle is minimization.  As long as the minimization rules require that all searches of the collected data must be justified by probable cause, Americans are protected from arbitrary searches.  In the standard law enforcement model that we’re all familiar with, , privacy is protected because the government doesn’t get access to the information until it presents evidence to the court sufficient to identify the suspects. In the alternative model,  the government gets possession of the data but but is prohibited by the court and the minimization rules from searching it until it has enough evidence to identify terror suspects based on their patterns of behavior.

That’s a real difference. Plenty of people will say that they don’t trust the government with such a large amount of data, that there’s too much risk that it will break the rules, even reules enforced by a two-party, three-branch system of checks and balances. Even I, when I first read the order, had a moment of chagrin and disbelief at its sweep. 

But for those who don’t like the alternative model, the real question is “compared to what?”   Those who want to push the government back into the standard law enforcement approach will have to explain how it will allow us to catch terrorists who use half-way decent tradecraft — or why sticking with the standard approach is  so fundamentally important that we should do so even if it means more acts of terror at home.