Imagine a conversation in the kitchen --
"Patrick did you eat the pie I left on the counter this morning?"
"Mom, I did not eat it for breakfast."
"That's not what I asked. Did you eat it anytime?"
"Any other information is in the classified report."
Would that work in your house?
That's essentially what the government has been saying to the public and to Congress for years now, most recently with General Alexander dodging and providing nonanswers in response to questioning from Senator Wyden.
Sunday's New York Times report has caught them at it again. The report, by James Risen and EFF Pioneer Award winner Laura Poitras, is based on documents provided by Edward Snowden that indicate that the government is using "metadata" from a large set of sources to create social graphs of Americans, using 94 "entity types," including phone numbers, e-mail addresses and IP addresses. It also uses: "public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data."
There's much to discuss here, but let's just focus on one: phone records. Curiously, "[T]he agency did say that the large database of Americans' domestic phone call records, which was revealed by Mr. Snowden in June and caused bipartisan alarm in Washington, was excluded," in this latest profile-creating program.
The government is using phone records for these activities, but says it is not using the database it creates under the so-called 215 program or, as EFF calls it in our First Unitarian Church v. NSA lawsuit, the Associational Tracking Program. It thus stands to reason that the government must also be getting and using American phone records some other way. The unnamed former officials confirm this: "But the agency has multiple collection programs and databases, the former officials said, adding that the social networking analyses relied on both domestic and international metadata."
You remember the 215 program, right? It was revealed in June, by the release of a court order. The program requires telephone companies to turn over detailed records showing every call you make, how often you make it, to whom, and for how long; the order covers a three month period but is renewable indefinitely, and the data is reportedly stored for five years.
What were we told? The government finally confirmed, after years of nondenial denials, that it was collecting our phone records in bulk. But we were told that we shouldn't worry because very strict rules were placed on querying it -- rules that required reasonable articulable suspicion and which were only rarely used and never abused. Nothing to worry about, America.
Of course those promises quickly evaporated as the FISA Court orders were revealed showing abuse of the phone records program at a staggering rate. Even after Congress limited secret court oversight to only the most abstract review of protocols and limiting error reporting to only their own confessions, the NSA still couldn't stay within the rules.
But here's the thing: the whole discussion of limits and oversight (or lack thereof) for the 215 program and with it our telephone calling records appears to be just another shell game.
If we believe the agency's statement to the New York Times, then the NSA isn't pulling phone record data from the 215 program for this newly revealed program. The NSA appears also to have custody of our phone records for these "social graph" purposes -- including using phone records for any "foreign intelligence" activity, which reaches far beyond named, targeted terrorist groups. Where do those phone records come from? They could come from the "upstream" fiber optic splitter at issue in our Jewel v. NSA case (which collects content and metadata), or they could come from some other source we haven't yet uncovered. But whatever the source, if they are getting phone records some way other than through the 215 program, it means that all the government's promises of strict limits on what they are doing with your phone records through the 215 program are ultimately empty.
In the Jewel v. NSA hearing on Friday, Judge White signaled that he's not going to fall for those tricks. He has required the government to go back through all of its ex parte, in camera secret declarations and submissions in the case (as well as our sister case called Shubert v. Obama) and file unclassified versions of them by December 20.
The shell game is now well known. The NSA seems to have hidden the various ways it is gathering and using information about and by Americans into so many little cubby holes that no one can find them all. Then it is selectively answering questions to hide the full extent of its collection and use of our data. That's what Representative Loretta Sanchez likely meant when she said that what was in the media in June was just the "tip of the iceberg" of what the NSA is doing.
It's time for a new Church Commission to get to the bottom of it and real legislation to prevent the government from doing mass surveillance of Americans -- content and noncontent -- under any law or any program. Congress knows how to do this -- language like "notwithstanding any other law," is a good start. Send an email to Congress demanding reform and investigations today.
Americans deserve to know what is happening with their data. The government shell game of hiding activities in different programs and then essentially lying about its activities under the thin veil of recasting the questions asked as "under this program" or "not for breakfast" wouldn't pass muster in America's kitchens. And it shouldn't pass as policy.