Senior national security officials, from President Barack Obama on down, have made light of the National Security Agency’s intrusive monitoring of the public by saying “only” metadata about communications, not the content of those communications, are collected. One might ask, then, why is it that intelligence and law enforcement officials much prefer this metadata approach?
For one, analysts can determine a great deal about a person – any person – by following the electronic crumbs that people inevitably leave behind in the course of their daily routines. And this data-byte-crunching analysis is much less time-consuming than monitoring each phone call or reading each e-mail.
So, the distinction between listening in on conversations and “just” collecting phone numbers called and the duration of the conversations is a red herring. The truth is that persistent, bulk collection of metadata in support of analysis is – not can be – more revealing over time than content, the latter prohibited from collection unless probable cause criteria have been met in the eyes of a court.
Metadata collection can answer all but one of the five “W’s” of journalism: the Who, What, Where and When. Given time, it can even respond to “Why” someone interfaces with digital information systems the way they do. It can do this because it is possible to discern patterns of behavior in metadata.
A very simple example: You go to work via a toll road, taking essentially the same route five days a week, for about 48 weeks a year. A license plate scanner produces information about where your car was when it was scanned – and at what time. Your passive transponder (e.g., E-Z Pass) records your entrance onto the toll road at which ramp, and when you were there. The same transponder reports when and where you got off the toll road.
You stopped to get gas. Your credit card records where you were and when you bought the gas. You arrive at work and turn on your computer. Your Internet service provider (ISP) records when an IP address was given to your computer and what time it was provided. The IP address is associated with a server at a location with a specific address and is associated with your name.
So it is possible to know when you arrived at work. Or perhaps you called your wife to tell her you arrived safely. Your phone has locational information and the time of the call is recorded. Of course, the phone is associated with your account/name.
Similarly, any deviation from these patterns – for whatever reason – would also be apparent. A consistent deviation might reveal a significant change in your personal life (e. g. job trouble, health problems, marital difficulties).
While this ability to construct a mosaic of your life may not be understood by those inclined to believe what they hear on the evening “news” – that the metadata is no real threat to your privacy – this reality is eminently understandable to those familiar with the technological power of the various NSA programs. MIT graduate students, for example, have produced a video, based largely on personal experience as well as research, that makes it very clear.
A caveat here: I have not seen everything that has been released by former NSA contractor Edward Snowden so far, but I have seen most. Even taken together, these documents listing the names of the programs – like PRISM, XKEYSCORE and UPSTREAM – and the various diagrams depicting data flows on charts would not tell much to someone unfamiliar with the technological capabilities of these programs.
Kirk Wiebe is a retired National Security Agency senior analyst and recipient of that Agency’s second highest award – the Meritorious Civilian Service Award. As an employee of NSA, he has sworn to uphold the U.S. Constitution against all enemies, foreign and domestic. He has worked with colleagues Bill Binney, Ed Loomis, Tom Drake and Diane Roark to oppose NSA corruption and over-surveillance since 2001.