Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
The U.S. government has tried to reassure critics of its massive phone surveillance program by pointing to “minimization” procedures that are supposed to restrict spying to a handful of bad guys. Those reassurances now carry little credibility after a federal judge explained how the process actually works.
In a decision this week that paints the phone spying process as unconstitutional and “Orwellian,” the judge used Domino’s Pizza, the Beatles and other plain English examples to show how a “3 hop” rule used by the the National Security Agency’s makes “minimization” almost meaningless.
One “seed” and three “hops” = 1 million records
Under the National Surveillance Agency’s surveillance program, disclosed in a series of leaks by former NSA contractor Edward Snowden, the agency works with phone carriers like Verizon(s vz) to maintain a single database of what likely includes every phone call in the country. The database, which is updated on a daily basis, is supposed to help the government monitor communications among terrorists.
The database has so far passed constitutional muster before America’s secret FISA spy court on the grounds that the government is collecting “metadata” — like phone numbers and time of day — rather than listening to individual phone calls.
The agency does, however, dive into individuals’ data from time to time — though it only does so when someone at the NSA has a “reasonable, articulable suspicion.” According to the NSA, the “minimization” procedure creates a legally acceptable way for it to keep a five-year database of phone calls. To support this position, the government noted that in 2012, it made fewer than 300 individual queries of the giant database.
This might be okay — except for the fact that each one of those 300 or so queries can in turn let the NSA suck in 1 million other phone records.
The multiplier effect happens because each time an NSA agent probes the database for a record, the query is a “seed,” which can be expanded “three hops” beyond the original record. Here’s how U.S. District Judge Richard Leon explained the process in a watershed decision this week (I’ve added the bold):
… if a search starts with telephone number (123) 456-7890 as the “seed,” the first hop will include all the phone numbers that (123) 456-7890 has called or received calls from in the last five years (say, 100 numbers), the second hop will include all the phone numbers that each of those 100 numbers has called or received calls from in the last five years (say, 100 numbers for each of the “first hop” numbers or 10,000 total), and the third hop will include all the phone numbers that each of those 10,000 numbers has called or received calls from in the last five years (say, 100 numbers for each of the 10,000 “second hop” numbers, or 1,000,000 total).”
From Domino’s Pizza to the NSA
Judge Leon’s description came as part of a remarkable 68-page decision in which he ordered the federal government to stop collecting data on two Verizon customers and destroy the data it has collected during the last five years (the order is suspended pending an appeal).
The ruling is the biggest legal slap yet to the NSA, and is also significant because it pulls the constitutional debate out of the shadows of secret spy court — where the media are excluded and most decisions are secret — and into the light of day. And, unlike many court rulings, the ruling from Judge Leon takes care to relate the legal issue to real-world situations.
Here some excerpts from one footnote where the judge refers to Domino’s Pizza to suggest the phone surveillance has spread too far (bold added):
But it’s also easy to imagine the spider-web like reach of the three-hop search growing exponentially and capturing even higher numbers of phone numbers. Suppose, for instance, that there is a person living in New York City … (who) is approved as a “seed.” And suppose this person who may or may not be actually associated with any terrorist organization, calls or receives calls from 100 unique numbers. But now suppose that one of the numbers he calls is his neighborhood Domino’s Pizza shop. The court won’t hazard a guess as to how many different phone numbers might dial a given Domino’s Pizza outlet in New York City outlet in New York City in a five-year period, but to take a page from the Government’s book of understatement, it’s “substantially larger” than the 100 in the second hop of my example
It is this dragnet situation, in which the government doesn’t need a warrant to prowl through the phone records of anyone who knows someone who’s called Domino’s Pizza in the last five years, that appears to have led the judge — a Republican appointee with a conservative record — to declare enough is enough.
In his ruling, Leon concluded that the government can no longer justify its actions based on Smith v Maryland, a Supreme Court case from 1979 that involved the temporary collecting of call records from a man’s home phone.
“When do present-day circumstances … become so thoroughly unlike those considered by the Supreme Court thirty-four years ago? The answer, unfortunately for the Government, is now,” wrote the judge.
Leon’s ruling also mocks the government’s refusal to say whether or not certain big phone carriers are included in the data base, noting that that “omitting Verizon Wireless, AT&T and Sprint from the collection would be like omitting John, Paul and George from a historical analysis of the Beatles. A Ringo-only database doesn’t make sense..”
Lying about location
Some of those still defending the NSA phone surveillance say that cell phone metadata isn’t really so different from traditional phone data. The Volokh Conspiracy, for instance, asked: just because our phones now do other things like take pictures or act as flashlights, aren’t the phone company records — that show who we called — essentially the same as ever?
This view seems optimistic. For starters, the NSA can now comb everyone’s phone records instantly at any moment. And, more seriously, the phones in our pockets are also tracking devices that the NSA (or Apple) can use to see where we are and where we’ve been.
The government has tried to brush off tracking allegations by saying that it only experimented with location surveillance and that it stopped this in 2011. New leaks about “tower dumps,” however, make it pretty plain that the government was lying. Meanwhile, Judge Leon’s decision, which the New Yorker characterizes as “angry,” suggests that the judge doesn’t know what to make of the location claims, but that overall he is not sure the government has been truthful:
“I have no idea how location data has been handled in the past,” he wrote, adding that the overall process has led him “to wonder whether the Government’s briefs are entirely forthcoming about the full scope of the Bulk Telephony metadata program.”
And this, finally, is the most troublesome dimension of the entire surveillance program. Even if the government was abiding by its own minimization rules (which it isn’t) and even if those rules created effective limits (which they don’t), it’s become apparent that even this wouldn’t be helpful since it’s apparent that no one — even the judiciary — believes what the government is saying in the first place.
All this helped produce a final damning conclusion by Leon:
“I cannot imagine a more “indiscriminate” and “arbitrary invasion” that this systemic and high-tech collection and retention of personal data on virtually every single citizen for the purposes of querying and analyzing it without prior judicial approval … [James] Madison would be aghast.”
[protected-iframe id=”78afc37ee02d3b085ca64cf3b72324cf-14960843-34118173″ info=”//www.scribd.com/embeds/191892040/content?start_page=1&view_mode=scroll&show_recommendations=true” width=”100%” height=”600″ frameborder=”0″ scrolling=”no”]