Government Has New Rules for Watching You
Terrorist-tracking agency gets more access to records on citizens, travelers. Former officials question whether privacy has been jeopardized.
A new surveillance regime represents a “sea change” in how the U.S. government tries to monitor terrorists, and implicates untold number of innocent citizens in a vast electronic dragnet, according to an important and intriguing new report in the Wall Street Journal.
The change concerns not what information the government is collecting on you, but how long a particular agency can hold onto it before having to permanently delete the information from its records. According to the Journal, the new rules were put in place after a high-level debate over whether they would allow “unprecedented government surveillance of U.S. citizens.”
“The rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.
“Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited. Data about Americans ‘reasonably believed to constitute terrorism information’ may be permanently retained.”
For a few years now, NCTC analysts and their bosses have complained that they don’t have enough time to examine certain kinds of data, because the rules on how long they can hold onto it are set by the agency that gives it to them. There’s an important distinction here: The NCTC doesn’t actually collect information on its own. It’s entirely dependent on the CIA, the FBI, the Homeland Security Department and others to provide it with intelligence reports, visa applications, travel records, and other sources of information. There’s a lot of it; usually NCTC analysts get several thousands new pieces of information every day. It is the NCTC’s responsibility, by law, to fuse all that information together and provide warnings of future terrorist plots.
The issue chronicled in the Journal article was that the rules for retaining the information weren’t uniform. Some agencies allowed NCTC to hang onto their records for several months or years, some as few as 30 days. I’m told that intelligence agencies in particular were concerned about relinquishing control of information that they viewed as hard-won and too precious to share. But officials in other agencies, namely some in the Homeland Security Department, were more inclined to give the NCTC longer-term access. One analyst said recently that the lack of uniformity in the rules was making it harder for the NCTC to do its job.
Supporters of the new rules, which apparently were put in place with no public notice, say it does the NCTC little good to have access to all this material if it can’t hold onto it for a considerable period of time, perhaps several years.
The Journal reports that the disagreements over where to draw the lines became so heated that a deputies-level meeting of national security officials was convened in the White House Situation Room in March.
“Not everyone was on board. ‘This is a sea change in the way that the government interacts with the general public,’ Mary Ellen Callahan, chief privacy officer of the Department of Homeland Security, argued in the meeting, according to people familiar with the discussions.”
Stewart Baker, who was the first assistant secretary for policy at Homeland Security, thinks there was more bureaucratic rivalry at play here than concern over civil liberties. “This is a turf fight dressed up as a privacy dispute,” he says, questioning whether allowing NCTC to hang onto information that other government agencies already possess really limits people’s privacy any further. “How many Americans would agree with this statement: ‘Janet Napolitano [the Homeland Security Secretary] has a record of my flights in and out of the country. I’m fine with that. But if Matt Olsen [the NCTC director] gets those same records, my privacy has been so damaged that it’s a sea change.’?”
Having written extensively about terrorism surveillance and the NCTC, I’m not convinced that giving the center more direct, longer-term access to existing information fundamentally undermines privacy any more than the collection of that information in general. But there’s a real concern that by putting all that information under one roof, so to speak, the temptation to move beyond NCTC’s mandate to track terrorists and start looking for other criminal activity is heightened. The Journal article is clearly driving at that concern, which is apparently shared by the sources who revealed the debate in the first place.
In a blog post, the ACLU’s Chris Calabrese distills the essence of the concern here.
Innocent people can be investigated and their data kept for years. It can be shared with foreign governments. All of this in service of not just terrorism investigations but also investigations of future crimes.
It might seem like a distinction without a difference to say that the data in TIA’s world would stay where it originated. But it underscores how important, both to a bureaucracy and to privacy protection, it can be to keep some data separate. This feature was deliberately designed by TIA’s architect, John Poindexter, to protect both those interests.
Putting aside the rules over who can see what and for how long, there’s still the question of whether NCTC can make sense of the flood of information it receives every day. Back in 2009, when the underwear bomber got onto an airplane, it became clear that there was no systematic way for the center to understand the collective significance of, in that case, intelligence reports, immigration records, and flight manifests. But it was also true that even if the center had the technology to do that, it might never spot the bomber among thousands of other passengers it was tracking.
The failed attack exposed critical weaknesses. Leiter says that things have improved somewhat on that score. “[NCTC] certainly has more to do. But it’s vastly improved. The tools [for searching and analyzing information] are better.”