Before 9/11, there was an individual by the name of Khalid al-Mihdhar, who came to be one of the principal hijackers. He was being tracked by the intelligence agencies in the Far East. They lost track of him. At the same time, the intelligence agencies had identified an al-Qaeda safehouse in Yemen. They understood that that al-Qaeda safehouse had a telephone number, but they could not know who was calling into that particular safehouse.

We came to find out afterwards that the person who had called into that safehouse was al-Mihdhar, who was in the United States in San Diego. If we had had this program in place at the time, we would have been able to identify that particular telephone number in San Diego….[T]he opportunity was not there. If we had had this program that opportunity would have been there.

-- former FBI Director Robert Mueller, testifying before Congress in June 2013 (PDF).

Al-Mihdhar and the Justification for NSA Bulk Collection

The al-Mihdhar example has haunted the debate over the NSA’s call records program since the program’s disclosure in June 2013. As the story goes, had the program been in place before 9/11, the NSA would have known al-Mihdhar was calling the Yemeni safehouse from inside the U.S. and, potentially, could have stopped the attacks on September 11th from happening. As former NSA Director Keith Alexander, also in testimony before Congress, described the problem, the intelligence community “couldn’t connect the dots [before 9/11] because we didn’t have the dots.” (PDF).

There’s only one problem: that's just not true.

The fact is, U.S. intelligence agencies knew of al-Mihdhar long before 9/11 and had the ability find him. In the years, months, and days before 9/11, the NSA already had access to a massive database of Americans’ call records. Analysts—at NSA or CIA—could have easily searched the database for calls made from the U.S. to the safehouse in Yemen. They simply didn't.

      Mueller and Alexander are far from the only government official to invoke al-Mihdhar in an attempt to justify the NSA’s program. For example:

        • Senator and Republican Presidential Candidate, Marco Rubio, in a speech on the Senate floor: “Here is the truth. If this program had existed before 9/11, it is quite possible we would have known that 9/11 hijacker Khalid Al Mihdhar was living in San Diego and was making phone calls to an Al Qaeda safe house in Yemen.”
        • Senator Dianne Feinstein didn't get beyond the headline before invoking al Mihdhar in an editorial in the Wall Street Journal supporting the Program: “If today’s call-records program had been in place before 9/11, the terrorist attacks likely would have been prevented.”
        • Judge Pauley—a federal district  court judge in New York who presided over ACLU’s case challenging the NSA’s program—invoked it on the first page of his decision upholding the constitutionality of the program: “Telephony metadata would have furnished the missing information and might have [informed the government] that al-Mihdhar was calling the Yemeni safe house from inside the United States.” (PDF).

      Others have already questioned the government's claims about al-Mihdhar. They argued that missed opportunities and the failure of agencies to share critical information in the run-up to 9/11, not the absence of a massive metadata repository, resulted in the failure to stop the plot. However, disclosures over the past year have undermined government officials' claims about the call records program even more deeply: the surveillance tool that al-Mihdhar supposedly justifies was already in use before 9/11. And it did nothing to enhance our nation’s security.

      DEA’s Bulk Collection Program and the Involvement of NSA and CIA

      Beginning in 1992, the DEA began collecting—in bulk—records of billions of Americans’ calls to countries around the world. As USA Today reported, while the program began by targeting calls to countries in Latin America, it quickly ballooned to sweep in records of Americans’ calls to 116 countries around the world.

      The DEA’s bulk collection program was no secret within the intelligence community, either. According to USA Today, the program itself was developed with help from the Pentagon and intelligence community, which provided supercomputers and analysts experienced with tracking communications patterns. Documents leaked by Edward Snowden and published in an article by the Intercept shed even more light on this cooperation. One document describes the development of “Project CRISSCROSS”—a program with a strikingly similar history to the program described by USA Today. According to that document, Project CRISSCROSS “began in the early 1990’s when CIA and DEA collaborated on a database and analytical tool suite to perform link analysis and cross-reference lookups against DEA and CIA collected billing records and phone directories.” NSA, too, joined in the program, requesting “the software and database capabilities of CRISSCROSS to enhance SIGINT data.”

      Despite being initiated by DEA and CIA, the records analysis program was not used exclusively for drug investigations or even exclusively by those agencies. For example, the government publicly acknowledged the DEA’s program for the first time in a criminal case—involving alleged violations on export-restrictions to Iran, not drug violations—stemming from a Department of Homeland Security search of the database. USA Today described use of the database “in terrorism cases, including the bombing of a federal building in Oklahoma City that killed 168 people in 1995, helping to rule out theories linking the attack to foreign terrorists.” And, as one internal NSA document reveals, the program’s growth from “Latin America to worldwide . . . enhanced target development efforts across all NSA product lines.”1

      What does all this mean? It means that, before 9/11, both the CIA and NSA had access to a database of Americans’ international call records that, had it been searched, likely would have yielded al-Mihdhar’s calls to the Yemeni safehouse. It means that government officials—aided and abetted by overreaching national security secrecy—yet again, misled Congress, the courts, and the public about the value of the NSA’s program. It means that, for the better part of the last 15 years, we not only had a single privacy-invasive bulk collection program—but we had duplicative ones. And, perhaps most importantly, it means the NSA’s call record program never should have existed in the first place.

      It’s Time to End Bulk Collection, Once and For All

      Contrary to what General Alexander and other government officials have claimed, al-Mihdhar didn't escape suspicion before 9/11 because the government couldn’t connect the dots—he was missed because the government was already drowning in the dots. Of course, the government can be expected to argue that a failure to use a tool does not mean the tool is useless. But now, after two decades and at least two separate bulk call records database, the government has still failed to show even one instance where these databases "made a concrete difference in the outcome of a counterterrorism investigation.”  Why should we allow highly invasive bulk surveillance to continue when all they have is the same tired justification?

      Now is the time to rein in the government’s bulk collection of Americans’ call records. Section 215, the provision of law the NSA relies on to conduct its bulk collection program, expires June 1. In a great decision issued last week, a federal court of appeals weighed in, declaring the program illegal and urging Congress to step in to resolve the dispute. Congress is currently debating reforms, but the absolutely necessary first step is bringing an unequivocal end to the NSA’s call records collection program. Go to Fight215.org to tell Congress that it’s time to end bulk collection under Section 215.

      Meanwhile, EFF is fighting in court to make sure the DEA’s call records program is terminated. In April, EFF filed suit on behalf of Human Rights Watch, challenging the constitutionality of the program. Although DOJ has claimed the program has stopped, EFF intends to ensure that is the case—and to ensure it can never be restarted.

      • 1. NSA’s signals intelligence division uses business jargon to describe its various activities. Its “customers” are other elements of the United States government that rely on its surveillance. Its “products” are broken down by “lines,” like “China & Korea,” “International Security,” “Foreign Counterintelligence,” “Middle East/Africa,” or “International Crime & Narcotics.”

      Related Issues