I'm planning on spending the rest of today at the AALS Annual Conference across town, but I wanted to touch on a few more issues about the NSA surveillance program before I do:

  1. Based on what I have read from Risen's book, it seems less likely to me than it did before that this is a TIA-like data-mining program. It helps to note a distinction between two different methods that the press (and some commentators) often jumble together: packet-sniffing on a packet-switched network, and data mining. Packet sniffing refers to installing a monitoring device on a steam of traffic that looks for specific sequences of letters, numbers, or symbols. Here is how I explained packet sniffing for Internet traffic in my article, Internet Surveillance Law After the USA Patriot Act:

While the Internet uses packets to send and receive information, the packets are really just digital ones and zeroes that computers use to communicate with each other. The ones and zeroes can be reassembled into text to be read by a human, but computers do not need to do this and generally will not. A computer surveillance tool programmed to look for all emails to the Internet account "bob@aol.com" does not actually look for the text "bob@aol.com." To simplify a bit, the tool instead begins by looking for emails, and when it finds an email, it scans the right place in the email for the digital equivalent of "bob@aol.com," which is 0110001001101111011000100100000001100001. If this exact sequence of ones and zeros appears in the right place, the surveillance tool knows that it has found an email to bob@aol.com and will copy and record the block of ones and zeros that represent the email so that someone can later come back, convert the ones and zeros into text, and read the email. If the tool has an advanced filter and is configured properly, the billions of ones and zeros that do not relate to emails or to the exact sequence of 0s and 1s that represent the target account will pass through the device and be forgotten.

Based on what I have read from Risen's book, it sounds to me like that's what the NSA was doing. For those with criminal law experience, this was basically a large-scale pen regsister/trap-and-trace or wiretap, depending on how the filters are configured. (I'm not sure how different telephone traffic is these days, at least inside the provider switches.)

  This is different from a data-mining program. The term "data-mining" is usually used to mean taking an already-gathered database of information, and then performing analysis on the gathered database in lots of ways to identify patterns and characteristics. As best I can tell, the NSA program was not actually recording domestic Internet traffic, putting it in a database, and then "mining" it for key words and the like. Rather, this was a real-time surveillance program focusing on traffic associated with specific phone numbers and e-mail accounts. This is extra-tentative, of course; I'm basing this from snippets in Risen's book, and I'd be happy to change this analysis if we get new info. (Also, while it is true that Nancy Pelosi's letter expressed concern that the program was like TIA, keep in mind that she wrote that letter without any help from her staff; I don't think Pelosi has any background in this area, so I'm not sure her letter is particularly helpful evidence of the program at this stage.)

  2. I know it's going to annoy Armando, but I'm still not yet entirely sure of what to make of the legal issues. If I were confident that the DOJ letter represented a concession that the program violated FISA, I would be happy to bank on that and move on. As I have said before, I find the AUMF and Article II arguments unconvincing, so if that's the right issue to be focusing on, I'm with Armando. But something seems fishy here. For example, the leakers of the story seem focused on the Fourth Amendment instead of FISA. Further, given the extremely small number of people within the government who know the details of the program, it's not clear that DOJ's Office of Legislative Affairs (the office that sent the letter) was briefed on the details of the program. That is, the DOJ memo may have been written by people who knew less about the monitoring program than we now know thanks to Risen's book. (This may seem odd to you if you have never worked in the federal government; my guess is that it will seem less odd to those who have.) So Armando may be right, but I don't think we know enough to be sure of that.

  3. Finally, and relatedly, the details of the program from Risen's book arguably explains the national security interest in keeping the domestic surveillance program a secret. It's not that terrorists may suddenly realize that they may be monitored; that argument never made much sense, as every member of Al-Qaeda must know that they may be monitored. Rather, I suspect the security issue is twofold. In the short term, terrorist groups now know that they can stand a significantly better chance of hiding their communications from the NSA by chosing communications systems that don't happen to route through the U.S. And in the long term, some countries may react to the disclosures of the program by redesigning their telecommunications networks so less traffic goes through the United States. The more people abroad know that the NSA can easily watch their communications routed through the U.S., the less people will be willing to route their communications through the U.S. Cf. Bruce Hayden's comment. No doubt it was a long-term priority of the NSA to ensure that lots of international communications traffic was routed through the U.S., where the NSA could have much better access to it. Indeed, Risen's book more or less says this. The disclosure of the program presumably helps frustrate that objective.

  Anyway, that's it for now. My apologies to readers who want me to have a much more certain answer. My Internet surveillance antennae aren't yet giving me clear enough clues to know for sure where things are going to land.