For the past three months, Verizon has handed over information on all telephone calls within its system to the U.S. government. This news, which broke last night thanks to a leaked court document, is a big story, but it isn’t exactly a surprising one.
The Electronic Frontier Foundation, a group dedicated to the protection of fundamental rights online, has long suspected this kind of broad surveillance. Last summer, Senator Ron Wyden (D-Oregon), hinted that the government has broader surveillance powers than people suspect. The agencies doing the surveillance all fall under the executive branch, but congress has the power of oversight. Last December, Congress voted to extend the act granting this broad surveillance power until at least 2017.
What that all means: While the actual Verizon surveillance story is news, it’s hardly unanticipated, and it falls into a much larger pattern of increased governmental surveillance powers post-9/11.
It also means that all of this is legal. The FBI had a warrant for the records it requested from Verizon, and, rather than break the law, Verizon obliged. Not everything was turned over to the government: Phone calls themselves are well protected by legal precedent, and obtaining warrants to listen to a tremendous amount of calls is much harder. Instead, the government asked for phone call metadata, which is kept and maintained by telecommunications companies. The metadata includes the time the call took place, the call origin, the call duration, and the carrier. In cellphones, it also includes the cell towers that transmitted the call, giving a rough approximation of the callers’ physical location.
This information is all vulnerable because of a legal precedent set back in 1979. Phone call records were deemed not part of the protected private information of an individual, but instead the property of the telephone company. This problem resurfaced last month, when the Associated Press reported that the Department of Justice subpoenaed the call records for many of their writers as part of an ongoing leak investigation. It was a perfectly legal way for the government to obtain that information, but gathering metadata from calls is far more revealing now than it was in the 1970s.
NSA Data Center in Bluffdale, Utah
Niraji Chokshi and Matt Berman note:
After analyzing 1.5 million cellphone users over the course of 15 months, the researchers found they could uniquely identify 95 percent of cellphone users based on just four data points—that is, just four instances of where they were and what hour of the day it was just four times in one year. With just two data points, they could identify more than half of the users.
It’s conceivable that the National Security Agency is using this information from Verizon to track and identify every individual from their phone records. But that’s a time- and data-intensive project. The request from Verizon dates to April 19, the date the surviving Boston bomber was arrested in Watertown, Mass. If there is a specific terrorist the NSA is trying to find, plotting the location of every single person by their phone records is the functional equivalent of combining a dozen haystacks into one great big pile with the hope of finding the one needle.
More likely is that this is a collection boon for general big data projects. The NSA has been mining phone records on a large scale since at least 2006, and a data set in the millions provides a tremendous resource for finding and discerning new patterns.
What new patterns? The NSA, by and large, has a mandate to collect intelligence on foreign communications and “foreign signals intelligence,” which for our purposes involves electronic communication. There’s a tremendous amount of information in the communications they regularly intercept, but because their focus is foreign, there’s no clear control group for domestic communications that’s different. The tremendous amount of data contained in the Verizon records gives the NSA a largely domestic data set to work with, and then new information to refine their intelligence collection process. It gives them a baseline.
The Verizon data collection is fascinating tool set for spooks. Though perfectly legal, it’s based on a 1970s understanding of phone record privacy. And the way it’s going to be used is all 21st century.