Does Big Data Make It Legal?

06/13/2013 11:38 am ET Updated Aug 12, 2013

Edward Snowden, 29-year-old techie with a GED who was smart enough to work for the CIA and NSA for the last ten years, has turned the US Intel community inside out with revelations about domestic and foreign data-mining and digital-spying so vast and complex, pundits and politicians have stopped calling it 'Orwellian.'

Talking to the Guardian and The Washington Post, Snowden claims to have selectively released information about what he calls "an architecture of oppression." So far, he has revealed three top secret intelligence-gathering initiatives: the collection of millions of U.S. telephone subscribers' "telephony metadata" under a Foreign Intelligence Surveillance Act (FISA) order directed to Verizon (other sources have disclosed that AT&T and Sprint-Nextel have received similar orders and Senator Feinstein told reporters this has been going on since 2009); the ongoing acquisition of emails, videos, photos, stored data, files, chats, conferences, and Special Requests from major ISP's and social media sites by the NSA on an as-needed basis in another FISA-authorized program called PRISM; and Boundless Informant, a big data interactive fractal map showing how many pieces of information were collected around the world during March 2013.

Boundless Informant, which superficially looks like the least alarming disclosure, suggests an even more dramatic specter of all-encompassing digital spying upon closer look. The Boundless Informant map for March 2013 shows that approximately 98 billion pieces of digital network information, known as DNI, which is the kind of info obtained through PRISM, and 124 billion pieces of dial number recognition, known as DNR, which is the type of information encompassed by the Verizon Order, were harvested by the NSA. Approximately 13 billion DNI's were acquired from Iran, Pakistan, and Jordan apiece; 7 billion DNI's each from Egypt and India; and the United States wasn't far behind with 3 billion DNI's. What is more startling than the volume of Internet data collected within the US, is that, according to the map, 504 SIGADS were used to collect this information. PRISM is only one SIGAD. If PRISM is only one of 504 sources of information, what electronic sources are being mined by the other 503 SIGADs?

Snowden's leaks are generating the public discussion and outcry he wanted but what they really demonstrate, according to Director of National Intelligence James Clapper, is how far the government has to go to fight terrorism in the digital age. And isn't that what we want them to do?

President Obama and Clapper insist these intelligence programs are legal because they were ordered by the Foreign Intelligence Surveillance Court (FISC), which administers FISA. But is a FISA order enough? In these post-9/11 days we forget that FISA originally was introduced by Senator Ted Kennedy to outlaw the domestic spying that pockmarked Richard Nixon's presidency. The original Foreign Intelligence Surveillance Act clearly outlawed intelligence gathering related to or surveillance of U.S. citizens. And then came 9/11 and the Patriot Act.

Most sections of the Patriot Act ratified FISA in the context of counter-terrorism. It emphasized that the threshold showing for any interception or collection of data was probable cause to believe the information sought related to a foreign power or its agents, and not the Fourth Amendment probable cause to believe a crime had been committed. The only real changes to pre-9/11 law were, as Attorney General Alberto Gonzalez explained to Congress in 2005, lengthening periods for wiretapping and Internet searches; streamlining the pen register and trap and trace (which was the old-school way of aggregating "telephony metadata") process; and allowing intelligence officials to share information obtained through FISA orders with everyday federal law enforcement authorities. Bringing down the wall between foreign intelligence gathering and domestic law enforcement, has been one of the most hotly debated provisions of the Patriot Act during all of its various iterations because disclosing FISA information, not obtained in keeping with constitutional safeguards, for use in U.S. criminal proceedings, looks like the re-opening of the backdoor to constitutional disregard FISA was designed to shut.

At least, the PRISM program makes sense against this legal backdrop. But there is nothing contained anywhere within FISA or the Patriot Act that seems to justify the blanket taking and review of telephone information belonging to U.S. citizens.

Back in the day of rotary phones, pen registers and trap and trace devices looked like miniature adding machines and were attached to the actual telephone lines. The Supreme Court held that pen/traps did not quality for Fourth Amendment or privacy protection, but telephone companies refused to turn the information over without a court order or subpoena. Federal laws were enacted enabling federal officials to obtain pen/trap orders by simply certifying that the information sought was relevant to an ongoing criminal investigation. They didn't even have to argue that the owner of the phone was involved in possible criminal conduct; just that the caller information might be pertinent. Under FISA this certification was replaced with the requirement that the pen/trap information sought related to foreign intelligence not involving US "persons" or was relevant to on "ongoing investigation to protect against international terrorism or clandestine intelligence activities."

The Verizon Order describes the information it is seeking as "tangible objects," but it sure looks like 21st century pen/trap information. The legal requirements for acquisition of tangible objects under FISA isn't much different from what is required for pen/trap reports. Whether "telephony metadata" are "tangible objects" or "pen/trap" information, it seems clear that the information sought has to be directly related to the collection of foreign intelligence, spying, or terrorism and not focus on the activities of US citizens, even inadvertently.

So, what are the President and Clapper saying when they assure us these efforts are legal?

Clapper was quick to point out that PRISM, unlike the Verizon project, is not a big data-mining enterprise, as if how the data is sorted makes its collection any less odious. But big data mining appears to be the hook upon which Clapper is relying to justify the Verizon Order as a foreign intelligence gathering operation. He all but said as much last week, "The collection is broad in scope because more narrow collection would limit our ability to screen for and identify terrorism-related communications," Clapper said. "Acquiring this information allows us to make connections related to terrorist activities over time."

The use of big data software analytics by private or government investigators rapidly is becoming the norm. Big data platforms index and process trillions of data-points in minutes, a task that would have required hundreds of thousands of hours of human effort or weeks of main-frame computing in the past. Had Department of Homeland Security investigators been using big data software earlier this year, for example, to collate the location and identities of calls around the same time as and within the same vicinity as the purchase of multiple timing devices from a neighborhood hobby shop, they might have identified the Tsarnaev Brothers as possible terrorists before the Boston Marathon. Big-data computing could have done that, with the right data-feeds, in real time.

Perhaps since pen/trap orders are so easy to obtain and the information returned so helpful in identifying hidden patterns and dangerous associations using enhanced data-mining techniques, the Department of Justice may already be obtaining thousands or millions of them annually and this incursion by the NSA is just the logical extension of an already robust domestic crime-fighting trend. Hardly. In a response to a FOIA request by the ACLU the Department of Justice revealed that in 2011, 19,068 pen registers relating to the investigation of 43,576 individuals and 18,548 trap and trace devices relating to the investigation of 46,565 people were issued. More than one million Apple iPhone 4's, which are serviced only by Verizon and AT&T, two of the three telecommunication companies we now know are providing information to the NSA, were sold in twenty- four hours in October 2011. Something is wrong with this picture.

The efficacy of big-data mining in the fight against terrorism cannot be understated. And President Obama has made it clear that he will take every step legally available to him to stop the loss of American lives or resources. But does big data's ability to identify potential threats justify what amounts to a blanket certification by the Attorney General that telephone calls made by hundreds of millions of Americans are "relevant to ongoing investigations to protect against international terrorism or clandestine intelligence activities?" Edward Snowden, in the most dramatic way possible, said no.

And what about that constitutional wall between the intelligence community and law enforcement that no longer exists? What will the NSA do when they find possible drug dealers, human traffickers, racketeers, and inside traders, as well as terrorists? Will their collection of telephone records became the mother-lode of investigative leads?

No one knows, but until last week, none of the approximate 147 million iPhone owners living in the United States knew their phone records were being turned over to the NSA on a regular basis. Finally, iPhone owners have something to complain about.