Sunday, May 14, 2006

The CIC Versus Congress / Courts - Deja Vu

Wow. It's déjà vu all over again. More details of another Bush Administration program come to light and claims of executive privilege and constitutional powers of the Commander In Chief immediately crop up. And in another case of déjà vu, a cursory review of the facts involved would seem to point out major flaws in the Bush Administration's practical and legal justifications for its actions.

The Practical Aspects of Call Mining

Let's give the Administration the benefit of the doubt for a moment and put aside the legal merits of mining billions of phone records for patterns of behavior that could unearth a terrorist cell operating within the US. Let's review the mechanics of the process, as best we can given what has been divulged and given what the Administration is still withholding.

According to the Administration, the NSA has been collecting calling/called party phone numbers and call durations for domestic calls from SBC/AT&T, Verizon and BellSouth since 9/11/2001. After a KNOWN terrorist is caught somewhere in the world, his effects (cell phones, computers, documents, land-line phone bills) are scanned for American phone numbers. Those numbers are then searched in this massive database to attempt to identify others with one, two, three or (????) degrees of separation from that original bad guy.

A story in Friday's WSJ quoted a former AT&T engineer in San Francisco describing how the data was likely collected. Even though telcos normally don't generate billing records on local calls, virtually every call (except those between lines served by a single switch) generate messages through SS7 Signal Transfer Points (STPs) to support features like caller ID, etc. The NSA installed equipment in co-location space in many hub phone switching locations then, with cooperation from the phone companies, plugged in traffic analyzer gear in the loop of those STPs to capture the data.

So can a database of nearly every local and long-distance call help catch a terrorist? Logically, of course it can, but practically? Many of the comments from the NSA and Administration indicate it cannot. Their premise is to use this data in reverse to identify a terror network AFTER a terrorist is identified; either through capture or his/her identity becomes obvious as a terrorist after the fact. No one is claiming they have enough artificial intelligence to look at billions of records and "detect" a pattern that means "terrorist about to attack on date X at location Y." So the program is about 99.9% aimed at reverse engineering a terrorist's contacts after the fact. How useful could the data be?

First, mapping a call to a phone number at a date/time doesn't ensure the identity of the person making or receiving that call can be determined. Most carriers offer pre-paid cellular phone services that at best require a credit card for purchase. The ease of obtaining a credit card via a stolen "pre-approved" solicitation or dumpster diving outside a restaurant means having the phone number of the caller or called party cannot guarantee a successful ID.

Second, if you work for a mid-sized or large business that uses a PBX, it is possible that any calls you make at work to numbers outside your company leave your company with a single calling party number. This isn't a state secret either. Your spouse probably already knows this from looking at the number shown on your home phone when you call to ask what's for dinner.

The real problem with the NSA phone call data mining from a "war on terror" perspective is that it assumes a relatively significant amount of communication from within a terrorist cell to its financial and strategic leaders that would "stick out" when the data is viewed in hindsight. From what I've read about those involved in the September 11 attacks, this assumption doesn't match reality. The whole purpose of operating under the "cell" model is to isolate knowledge of details so larger plans and ties cannot be unraveled if part of the cell is compromised. No one really knows for sure but it appears as though only 2 or 3 of the September 11 attackers actually KNEW what the plan was until maybe 3-4 months prior, and only 2-3 knew of the actual TARGET and DATE until maybe 1-2 weeks out. As a result, you won't have a "footprint" of 20 people making international calls getting strategy updates, checking on finances, etc., you might only have 1-3. The rest of the members of the cell not only might not know others in other cells, they might not even know others in the SAME cell until a few weeks or months before their attack date.

Much of the terrorist communication could also take place right out in the open in simple text email messages sent from a rotating set of free email accounts that never get used twice and that identify the next email address to send messages to via obscure (to us...) references to 7th century Islamic mythology / theology. If they wanted to get slightly more complicated, data could be embedded within GIF images that would be virtually impossible to trace. Again, I'm not divulging national security secrets here. Most of the "middle management" of these groups are college educated engineers who have at least passing familiarity with Internet technology that's been around for 6 years.

In short, the entire NSA phone monitoring program is likely flawed due to a fixation on DATA rather than INFORMATION. We probably still have thousands of actual PHONE CALLS still un-transcribed due to a lack of Arabic translators that would yield far more useful information. More cynically, we know the government has a horrendous track record for creating useful databases within a single agency with relatively small amounts of data (witness the FBI's failed modernization program from 2000-2002).

The Legal / Constitutional Issues

The legal and constitutional issues regarding the NSA program boil down to these key debates:

1) Is the collection of the information itself legal under existing intelligence law (FISA in particular)?

2) Has the Administration's operation of the program violated constitutional boundaries by leaving Congress in the dark?

On question #1, supporters of the "program" are quick to state that no names, addresses, or actual call content is being mined by the process. Of course, the names/addresses part of this argument is laughable since the vast majority of land-line telephone numbers are publically listed and searchable on Google. The FISA statute actually provides some cover for collection of this data since it excludes from the statute data used to bill or generate billing data.

Interestingly, the biggest chink in the armor of the legality of the data collection might lie in the refusal of Qwest to provide data to the program. Details are still sketchy but it appears as though former Qwest CEO Joseph Nacchio, when asked to provide data from Qwest, basically refused, asking the NSA "where is your FISA warrant?" According to the USA Today story that broke the whole issue,

The NSA's explanation did little to satisfy Qwest's lawyers. "They told (Qwest) they didn't want to do that because FISA might not agree with them," one person recalled. For similar reasons, this person said, NSA rejected Qwest's suggestion of getting a letter of authorization from the U.S. attorney general's office. A second person confirmed this version of events. -- (#1)

What does that say? The FISA court has only declined a handful (literally, 3-5 maybe) of requests and modified and approved a few hundred others out of THOUSANDS in its entire history since 1978. Had the NSA requested the warrants from the FISA court and had they been approved, they certainly would have been kept secret. It seems the NSA itself had material doubts about whether the program would be approved if permission were requested.

Rather than jeopardizing the entire program by asking FISA for warrants when one telco refused to surrender the data, the NSA kept quiet, used the data from those telcos sloppy enough to provide the data without customary, legal authorization and kept the program off the radar of FISA and Intelligence committees in Congress. The NSA even refused to get some sort of "cover" from another department within the Executive branch when it refused to involve the Justice Department and Attorney General's office. (At this point, I will decline to make the political cheap shot by stating that even an indicted ex-CEO seems to have more legal sense than people in the Bush Administration…SMILE)

What that REALLY says is that this Administration refuses to communicate even within the Administrative branch on matters of national security and constitutional law. Any process that could possibly thwart a plan senior officials have decided to pursue is assiduously avoided, even if the check comes from within what should be "the team." These people all work at the pleasure of the President.

I can't think of anything more damning of this President's leadership and decision-making skills than seeing yet more evidence he doesn't even trust his own Attorney General. We already knew he didn't trust his Secretary of State but this is JOHN ASHCROFT we're talking about. Ashcroft seemed pretty gung ho on the whole War on Terror the last time I checked.

On question #2, the Administration likely faces much greater problems. Supporters of the "program" quickly began making the rounds of the talking head shows on Thursday to state the usual talking points:

* we are harming our national security by even talking about this
* the program has helped nab terror suspects and already justified its existence
* most Americans approve of the plan once they hear the details, so what's the big deal?
* the appropriate members of the House and Senate WERE informed of "the program"

Okay, one at a time.

First, we are not harming national security by talking about this. Anyone familiar with the basics of telecommunications technology and regulation knows the Telecommunications Act of 1996 included regulations requiring all major telcos to implement new wire-tapping mechanisms within their digital switches (typically, Lucent 5ESS, Nortel DMS-100s, DMS-10s, Ericsson AXE-10s, etc.) that allowed digital wire-tapping on a nearly instantaneous basis without requiring actual physical wiretaps. Anyone who knows that had a pretty good idea that that capability was getting a pretty good (justifiable) workout after September 11, 2001. Frankly, I have pretty much assumed that capability was getting used even without warrants on international calls from suspected foreign nationals.

Second, in another example of one of my previously identified fallacies of the "War on Terror and Logic", the argument that this program has already helped thwart terrorist attacks is flawed. The government will never share information about those it has supposedly "identified" as terrorists under this program to PROVE its worth, yet if another terrorist attack occurs, the attack will be used as proof we need more of the same. If nothing bad happens, it succeeded. If something bad happens, we need more. FLAWED LOGIC.

Third, the fact that most Americans might approve of the program after the details are explained does not excuse the Administration from properly informing Congressional authorities about the execution of the plan. Do us average Americans have the "right" to know about the program? Probably not, but we only yield that right by assuming that a subset (not even ALL) of our elected legislative representatives ARE being informed about the actions of the other branches of government. That hasn't happened. (see next point).

Fourth, comments made by Senator Arlen Specter indicate the Administration has NOT fully informed the appropriate House and Senate Committees of the nature and extent of these monitoring programs. They have shared SOME of the information about SOME of the programs with SOME of the majority / minority leaders in the House and Senate. However, the LAW requires these types of programs to be discussed with the FULL membership of the House and Senate Intelligence committees, the bodies designated within the House and Senate to provide the constitutionally required oversight of top-secret processes operated by the Executive branch.

The Administration argues that operation of the NSA program and other intelligence matters fall under the powers provided to the "Commander in Chief" to control "command intelligence" and are outside the purview of the Legislative branch's authority. This argument is flawed. As I mentioned in a prior post (#2)

-----------------

Clarification of Command Intelligence Within the Military -- Supporters of domestic spying believe that it involves identification of military threats to the United States and, as such, constitutes military "command intelligence" and can be authorized by the President via his role as CIC. The super-secret, super-strategic nature of this information leads many to believe the President has no obligation to share either the data gathered or information about the methods used to obtain it with Congress. The CIC function was assigned to the President simply to have a clear decision tree on military matters, not to allow the president to operate the military without Congressional oversight.

The War Powers Act should be amended to EXPLICITLY state that any intelligence categorized as COMINT is still subject to the oversight of Congress, including information gathered via theatre command, NSA, CIA, etc. Few argue the need to conduct domestic spying under certain circumstances, only that all such spying MUST be conducted within the informed oversight of Congress and the courts.

It is absolutely the President's right under the Constitution to make the final call on military tactics and responses but NOTHING in the Constitution allows him to hide from Congress WHAT information he is acting upon and HOW that information was obtained.


------------------

On the May 14 edition of Face the Nation, Arlen Specter specifically stated that one of his reasons for subpoenaing the CEOs of AT&T, Verizon and BellSouth about the NSA program is that they cannot refuse to testify --- "They can't claim executive privilege."

Arlen Specter has shown considerably more independence and principle regarding the conduct of this Administration than most of his colleagues in either party. (I'd be proud if he were Senator for my state.) If he knows the Administration has purposely and repeatedly withheld factual, complete information constitutionally required by Congress to perform its oversight functions, even if the underlying program might have been legal, isn't that reason enough to start playing hardball? I hope more of his colleagues step up and support him on this. Or do Republicans need to lose control of both the House and Senate before they recognize the damage Bush is doing to their party and the country?

=============================

If this particular NSA program were the FIRST and ONLY case in which the issue of executive privilege came into play, a pass might be in order. However, any claim of executive privilege involves conduct that touches upon crucial constitutional boundaries, power and national policy. The fact that executive privilege seems to come up with virtually EVERYTHING this administration touches should be a warning bell to anyone in Congress or in a voting booth.


WTH


#1) http://usatoday.com/news/washington/2006-05-10-nsa_x.htm?imw=Y
#2) http://boards.fool.com/Message.asp?mid=23626816 -- SOTU Alternatives: WAR POWERS