Transcript for A New Look at the NSA - Susan Landau

Jim Fleming: To help us understand what the recent leaks about the program have revealed, Anne Strainchamps called Susan Landau. She is an independent scholar and computer scientist who has written about cybersecurity, privacy, and public policy.

 

Anne Strainchamps: Susan, one of the things I keep wondering about lately is why, when stories about federal surveillance have been popping up for the past decade or so, why people seem to be so much more concerned now than they have been in the past. What’s different about these documents that have been leaked by Edward Snowden?

 

Susan Landau: Well, the striking thing to me is the first set of documents, the documents about the metadata. We had no idea that the telephone companies were handing over that metadata to the government daily. And that is something that should have been discussed. What we had is a secret interpretation of the law, and that’s tantamount to a secret law. But then the question comes, why is the metadata so important? And the answer is that with cell phones, we leak where we are and what we do every hour of the day. So you call from an oncologist’s office, and depending on the kind of location device in your cell phone, it may be visible that you are actually calling from the oncologist’s office. Or you’re calling from the mammogram unit at the hospital. Or you call from the church on the evening when they have an Alcoholics Anonymous meeting. Or when Sun Microsystems was being acquired by Oracle, that weekend, the set of calls between the CEO of Oracle, the CEO of Sun, and their chief lawyers, and then back between them and so on and so forth; if all you knew was the pattern of the calls and you didn’t know anything else, you didn’t know the content, you would still know by Sunday evening that an acquisition was happening.

 

Strainchamps: I’m trying to put together a picture of what the government can know about us simply from having this cell phone metadata. They can tell where we are physically and in time. What else?

 

Landau: They can tell what we’re doing. The example I gave you of the CEOs of Oracle and Sun. So, metadata reveals what you do as opposed to what you say. And what you do is often much more revelatory.

 

Strainchamps: Do we have any idea how the government is assessing and using this information? Because some of the examples that you gave, the government probably doesn’t really care.

 

Landau: No, we don’t, and that’s one of the problems. In standard Title III wiretaps, that is, the wiretaps for criminal cases, there’s something called minimization. Where what you are allowed to do - you have a court order for wiretapping, but if it is not the target on the call - so this is in the model of the old telephone, the old family telephone - if it’s not the target on the call but in fact one of their kids, the law enforcement officer has to shut off the tap. She can turn it back on a few minutes later. If it’s the target talking but the target is talking about going out and buying flowers for his wife, unless you think that’s code for something else, you have to actually shut off the tap again. And you can turn it on a few minutes later. That process is known as minimization. Now what we don’t know are the minimization rules that the government has used on the metadata. And that’s quite troubling. The director of the NSA has said we can’t reveal that information, because to do so would expose our sources and methods, would allow the terrorists to do other kinds of behavior and thwart us, and so on. But it’s not exactly true that that information can’t be revealed. We can learn general rules without learning specific rules. So for example, would it be acceptable if the NSA realized that terrorist cells had a certain calling pattern? A very small group with one person calling back to Pakistan, say, once a month or once every two months, or at irregular intervals. Does that mean that they could search the database for that kind of group? I’m not asking for the particular rules, but I’m asking for a general overview of the rules. What we’ve gotten into is a situation in which we had a secret interpretation of the law, and we have no idea what collection is actually happening. 

 

Strainchamps: I guess I’m wondering if some potential payoff in terms of catching possible terrorists isn’t worth annoying people because - I don’t know - their Amazon purchases can be seen.

 

Landau: The question often comes up that Google and Amazon and Facebook already have this information. What’s the problem if the government gets it? And there are two different sets of problems. The first one is, of course, that Amazon and Google and Facebook can’t throw you in jail and the government can. And we don’t know if the government will really limit the investigations to terrorist cases. We have a situation where we’ve had no oversight. It’s clear that a number of members of Congress are somewhat surprised by the data collection that has been happening. Certainly the American public, at least some parts of the American public, are surprised by it. So we don’t have oversight, and we don’t have guarantees that we won’t have a slippery slope where this information won’t be used for other things.

 

Strainchamps: Can you think of any situations in which an innocent person could actually be harmed in some way by the kind of federal surveillance we’re talking about?

 

Landau: Do we know of people who have been followed or arrested because of the wiretaps? No, we don’t. But we don’t know what drives the suspicions of the government. We have a huge number of people on watchlists. And it’s hard to imagine that the FBI can do a good job investigating when they have so many people to watch. What we need is more targeted surveillance rather than the broad scale.

 

Strainchamps: Has the legality of collecting this kind of metadata been established? Because one reason this issue blew up, I think, is that something has become routine practice without there having been a whole lot of public discussion or input. You referred to this as a secret interpretation of the law. How did this happen?

 

Landau: [laughs] Beats me. How did it happen? Section 215 of the Patriot Act allowed the government to collect business records. Under the secret interpretation, the FISA court, the Foreign Intelligence Surveillance court, [6:58]on FBI application that the Verizon business networks and presumably other telcos hand over their metadata on a daily basis. And the FISA court so ordered and the companies did so. And of course the companies were not allowed to reveal that this was going on.

 

Senator Wyden and one other senator demanded two years ago, to no avail, that this secret interpretation be made public. But without Snowden’s release of the documents, that couldn’t happen. And so there was no public discussion. I don’t understand how you can have a secret interpretation of a law within a democracy. So that’s how it happened, and now what we have to have are two different discussions, it seems to me, on this issue. One is how could we have a secret interpretation of a law? And that seems to me to call for a Church Committee type investigation. Church Committee was the committee back in the 1970s that was chartered originally as a result of the Nixon wiretapping, but whose charter was actually to investigate government surveillance. The Church Committee investigation discovered all sorts of illegal things the government had been doing. It framed a set of proposals that eventually became our Foreign Intelligence Surveillance Act.

 

The second thing is we need to have a public discussion of whether or not we’d want that metadata handed over to the government sans subpoena. And I think for that the scientists and engineers are going to have to be somewhat involved, because most people don’t think about how easily they [sic] what that information gives.

 

Strainchamps: To that issue, whether or not we need computer scientists much more involved, it’s interesting. When we talked with Julian Assange, he said that the next generation of whistleblowers will have to be computer scientists. Is that really what we’re going to need to protect our privacy rights? Have we gotten to the point where ordinary people will have a hard time even figuring out the issues?

 

Landau: It’s not so much that. I think the fact that it’s so hard to do anything in secret in the modern world. So one thing you could do is try to shut off your cell phone. But that doesn’t always work. The French police, for example, use the following technique in doing investigations. When they’re checking who might have used a stolen credit card, the criminal of course knows to not have his cell phone on at the time that he is using the card, and so he shuts it off some time before. But the French police do one step better. They actually get the records of which phones were shut off in an area physically close to the use of the stolen card for some time before the card was used. So shutting off your cell phone may not actually provide you the privacy you think. Now, if you’re using a stolen credit card, that’s one thing. But if you’re a journalist trying to meet a source, it’s a very different thing. And I think it’s gotten quite hard.

 

Strainchamps: Don’t you think that our expectation of personal privacy has changed over the past decade to the point that I wonder whether people really care any more?

 

Landau: We have changed in a number of ways. I expect us to use cell phones and lose the privacy of where we are, at least the cell phone provider will know. Depending on what we decide, maybe the government will only be able to get that information under subpoena. Maybe it will be able to get it more readily. But what I’m hearing from some of my colleagues who work in online social networks is that there is a slow but clear interest of the young people to not give as much information over to Facebook. And I think that we’re in the very early stage of the social networks. I think we’ll find people changing some from where they were five years ago. Which is not to say that we will go back to where we were 30 years ago. I don’t expect that. But I think where we were in the last five, seven years is not going to be the steady point. I think we will move to somewhat more privacy.

 

Strainchamps: You mentioned that you think that we need to have another Church Committee investigation. What are some of the top questions you’d want on the agenda?

 

Landau: I would certainly want to know how there could be a secret interpretation of the law. That’s to me a Constitutional issue. And I want to understand what oversight was going on. My understanding that one of the problems on conducting oversight of NSA and other agencies is that on the very delicate stuff the senators, the congress people, are only allowed in by themselves - no paper, no notes, no written questions by their staff. The result is when you’re talking about stuff that’s highly technical, often the people who are conducting the oversight don’t have the ability to ask exactly the right question. And I think that we both potentially have a problem that when you get read into the top secret issue, you have a tendency not to ask questions. But I think of our senators and our congress people as generally trying to do the right job. But the more worrisome problem is that there are highly technical issues and yet they’re not accompanied by the people who help them ask those questions. So, understanding what the oversight is, has been, and what it needs to be.

 

Then I want to know about how was this data handled. What were the checks and balances? Also, there’s the issue of the whole surveillance industrial complex. I know a lot of people from NSA, a lot of ex-NSA people, and I have a lot of respect for them. I have a lot of respect for the work they do and for their integrity. And I know that they are sworn in their job to uphold the Constitution. It’s something that they’re told very clearly. I don’t know and I don’t understand the surveillance industrial complex nearly as well. I don’t know what the motivations are. And I don’t think we have necessarily the people doing the job with the same dedication as is done at the NSA. Now I’m saying that at the same time that I’m complaining about a secret interpretation of the law and the work done by NSA. But those are separate issues.

 

Strainchamps: Right. One thing we could point out, on the other hand, is that the intelligence agencies are trying to do their job. They’re trying to get intelligence about possible threats to American citizens. And historically when intelligence services, as they do, get a little over-enthusiastic, we look to elected officials and to civil rights groups to keep them in check. How is that historic counter-balance working right now?

 

Landau: (laughs) Well, we’ve already discussed the elected officials. As for the civil liberties groups, you can’t litigate what you’re not allowed to know about. And the ACLU, the Electronic Frontier Foundation, these groups have been repeatedly told they don’t have standing. They can’t point to a particular person who was harmed because they are not allowed to know whose data was taken, whose data was viewed, sans subpoena, sans warrant. They’ve been trying very hard, but they simply haven’t had standing, and have had minimal successes in all of this. So we haven’t had the checks and balances that we ought to have had. That’s part of the reason that I and others are asking for a Church-style committee investigation. When the news broke I was at the Privacy Legal Scholars conference, so there were a large number of people interested in the issue. And to a one, everybody I spoke to said Church-style committee hearing. Because it’s Congress that can get at the data in a way that civil liberties groups and investigative reporters don’t have the same capability.

 

[out-music]

 

Jim Fleming: Susan Landau is a former Sun Microsystems engineer and has held visiting posts at Harvard, Cornell, and Yale. Her latest book is called Surveillance Security: The risks posed by new wiretapping technologies. You can hear an extended version of Anne’s conversation with her on our website, TTBOOK.org. I’m Jim Fleming. It’s To the Best of Our Knowledge from Wisconsin Public Radio and PRI, Public Radio International.

Comments for this interview