Deutsche Welle - Feature Story - NSA and Digital Privacy - Whistleblowers

Who or what can stop the NSA?

Snowden’s latest revelations show that the National Security Agency has the capacity to store 100 percent of a given nation’s phone calls and store them for a month. Is there no other way of preventing terrorist attacks?

Read it in Deutsche Welle

Perhaps some official at NSA headquarters loves playing fantasy role-playing games. The latest spy program to be uncovered by the agency’s disgraced and exiled former contractor Edward Snowden is called MYSTIC, and the cover slide to the leaked documents features a colorful image of a malevolent blue-hatted, white-bearded wizard. His left hand is playing with a ball of magic energy, while his right is gripping a staff – with a cell phone perched on the end of it.

This particular sorcerer seems to be more powerful than all the NSA’s programs uncovered so far, at least in terms of data capacity. According to the Washington Post, which published the documents last week, MYSTIC (and its associated tool RETRO) is a “voice interception program” that can record “100 percent” of a country’s telephone calls, and store them for analysis for a month.

In a sign that he may have decided enough is enough, President Barack Obama has hinted at proposals that could put an end to this data collection frenzy. According to the New York Times on Tuesday, the administration along with the intelligence community have drawn up a plan that would oblige the “NSA to end its systematic collection of data about Americans’ calling habits.” Under the proposal, which could be presented this Friday, the NSA would need permission from a judge to gain access to specific records.

Notwithstanding Obama’s latest crisis management, the MYSTIC program is, by any standards, a gargantuan effort in data collection. “This story is pretty frightening,” Privacy International spokesman Mike Rispoli told DW. “It’s extremely remarkable just from a technical standpoint that they have it.” On top of this, given that MYSTIC was launched in 2009 and according to the Post “reached full capacity against the first target nation in 2011,” we can only guess at the program’s reach and power now. “This is news from a few years ago,” Rispoli pointed out. “We don’t know where they’re at right now in terms of capacity.”

New dimension of bulk collection

Though the NSA’s analysts only actually listen to a fraction of one percent of the calls, the complete numbers are still very high. “We’re talking about millions of people who are having their rights violated as a result of the MYSTIC program,” said Rispoli.

But Nigel Inkster, director of “Transnational Threats and Political Risk” at the International Institute for Strategic Studies – who spent over 30 years in the British Secret Intelligence Service – questions this claim. “Is there really [a privacy issue]?” he told DW. “The computer’s not reading the communications, it’s simply trawling through the communications looking for some very specific things, and if it doesn’t find them it’s not going to look at anything else.”

But MYSTIC seems to re-define the nature of “bulk collection.” As Rispoli put it, “There’s no way that 100 percent could ever be proportionate.”

Efficacy and abuse

Inkster admits that there is a potential for a violating rights, and that questions should be asked, but adds, “I think some of these advocacy groups are overdoing the extent of their indignation. At the end of the day, everything boils down to the purpose and process. Why are you looking for this information and what measures have you got in place to guard against abuse?”

So far the NSA has failed to present evidence that bulk data collection has prevented any terrorist attack, though that is part of its policy of blanket silence on the Snowden revelation. How effective this scale of collection is remains speculation. Another NSA whistleblower, William Binney, has claimed that he was working on a more targeted program for the agency, which would have stood a better chance of preventing the attacks on London and Madrid. This was scrapped in favor of the programs that Snowden has revealed.

But Inkster thinks that some form of mass data collection is necessary. “The fact is in today’s world you do need to be able to trawl through big data sets to find items of relevance,” said Inkster. “If you’re investigating what you think might be a terrorist plot, one of the things you’re going to want to do is establish the connectivity of people involved. The ability in those circumstances to retrospectively access any calls that were made could be potentially very useful. They could establish a missing link within a group.”

John Pike, director of GlobalSecurity.org, sums up the legal dilemma facing Washington: “This is why it has twisted DC into such circles,” he told DW in an email. “It seems to work, there have been no notable abuses (I am surprised by this), and yet it is impossible to reconcile this with ‘no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.‘ ” (the Fourth Amendment of the US Constitution – the ed.)

But Rispoli argues that even with the security advantages of data trawling, US Congress needs to have a much tighter rein on NSA activities: “At the moment, oversight is terribly ineffective,” he said. “One of the great things about democracy is that we get to keep every branch of government in check. But with the NSA there is no mechanism in place to constrain them – the only thing constraining them is their technical capability.”