Disputed N.S.A. Phone Program Is Shut Down, Aide Says
WASHINGTON — The National Security Agency has quietly shut down a system that analyzes logs of Americans’ domestic calls and texts, according to a senior Republican congressional aide, halting a program that has touched off disputes about privacy and the rule of law since the Sept. 11 attacks.
The agency has not used the system in months, and the Trump administration might not ask Congress to renew its legal authority, which is set to expire at the end of the year, according to the aide, Luke Murry, the House minority leader’s national security adviser.
In a raw assertion of executive power, President George W. Bush’s administration started the program as part of its intense pursuit for Qaeda conspirators in the weeks after the 2001 terrorist attacks, though a court later secretly blessed it. The intelligence contractor Edward J. Snowden disclosed the program’s existence in 2013, jolting the public and contributing to growing awareness of how both governments and private companies harvest and exploit personal data.
Sign Up For the Morning Briefing Newsletter
The way that intelligence analysts have gained access to bulk records of Americans’ phone calls and texts has evolved over time, but the purpose has been the same: They analyze social links between people to hunt for associates of known terrorism suspects.
Intelligence agencies could still use that same technique on data they obtain through other means, like collection from networks abroad, where there are fewer legal limits. But those approaches do not offer the same systematic access to domestic phone records.
Congress ended and replaced the program disclosed by Mr. Snowden under the U.S.A. Freedom Act of 2015, which will expire in December. Security and privacy advocates have been gearing up for a legislative battle this year over whether Congress should extend the current version of the program — and with what changes, if any.
But, speaking on a podcast for the national security website Lawfare, Mr. Murry, who an adviser for Representative Kevin McCarthy of California, raised doubts about whether that debate will be necessary.
Asked about prospects for upcoming national security lawmaking, Mr. Murry brought up the pending expiration of the Freedom Act, but then disclosed that the Trump administration “hasn’t actually been using it for the past six months” and that “I’m actually not certain that the administration will want to start that back up.”
Mr. Murry referenced problems that the National Security Agency disclosed last year. “Technical irregularities” had contaminated the agency’s database with message logs it had no authority to collect, so officials purged hundreds of millions of call and text records gathered from American telecommunications firms.
The agency declined to comment on Monday on whether it has since made the system work practically and legally or whether it has remained offline. Press officials with Mr. McCarthy’s office, the Office of the Director of National Intelligence and the National Security Council did not respond to requests for comment.
In late January, however, Christopher Augustine, an N.S.A. spokesman, had told The New York Times that agency officials were “carefully evaluating all aspects” of the Freedom Act program, and that while “no decision has been made,” the National Security Agency and other agencies were discussing its future.
Mr. Augustine also said that the National Security Agency expected to “provide input” about whether to push for renewed authority to pursue the bulk data collection, but he made clear that the White House would make the final call about whether to ask Congress to extend the Freedom Act. “We expect the administration will announce its decision on reauthorization of these authorities in due course,” he said.
The disclosure that the program has apparently been shut down for months “changes the entire landscape of the debate” over whether to reauthorize the Freedom Act, said Daniel Schuman, the policy director of Demand Progress, an advocacy group that focuses on civil liberties and government accountability.
Since “the sky hasn’t fallen” without the program operating, he said, that shifts the burden to the intelligence community to make the case that reviving it is necessary — if, indeed, the National Security Agency actually thinks it is worth the effort to keep trying to make it work.
The phone records program had never thwarted a terrorist attack, a fact that emerged during the post-Snowden debate.
“If there is an ongoing program, even if we all have doubts about it, that’s a very different political matter than if the program has actually stopped,” Mr. Schuman said. “Then the question becomes, ‘Why restart it?’ rather than whether to turn it off.”
The National Security Agency has used the call detail records — metadata showing who called whom and when, but not the content of what was said — as a map of social networks, analyzing links between people to identify associates of terrorism suspects.
Even without the program, the agency could still use that technique to analyze metadata it obtains through other ways. Among them is the collection of telecommunications data from abroad, which domestic surveillance laws have left largely unregulated. But while overseas-based collection can give some access to Americans’ data, it apparently does not provide the systematic access to purely domestic phone messages.
The phone records program traces back to the aftermath of the Sept. 11 attacks when the Bush administration created the secret Stellarwind surveillance program. One component involved the bulk collection of logs of Americans’ domestic phone calls.
Companies like AT&T and MCI — later part of Verizon — initially turned over their customers’ records in response to a raw assertion of presidential power by Mr. Bush. Starting in 2006, the Foreign Intelligence Surveillance Court began issuing secret orders requiring the companies to participate, based on a secret, novel and later-disputed interpretation of Section 215 of the Patriot Act, which said the F.B.I. may obtain business records “relevant” to a terrorism investigation.
In June 2013, the program came to light after The Guardian published the first revelation from the trove of classified files provided by Mr. Snowden: a top-secret surveillance court order to Verizon to provide its customers’ call records.
The disclosure, one of the most significant by Mr. Snowden, prompted sharp criticism of the government’s theory for why it was purportedly legal: essentially, everyone’s phone records were relevant because the government needed to acquire the haystack so that it could hunt for needles of investigative interest.
While intelligence officials could not point to attacks the program had thwarted, they defended the ability as a useful triaging tool for sifting through potential connections — and suggested that had it been in place before Sept. 11, it might have helped uncover Al Qaeda’s plot. Critics called that argument exaggerated and portrayed it as a legally dubious invasion of privacy that was ripe for abuse.
The Obama administration eventually embraced a plan to end the National Security Agency’s bulk collection of domestic phone data but preserve the old program’s analytical ability, resulting in the Freedom Act of 2015.
Under that law, the bulk records remained in the hands of the phone companies, not the government. But with a judge’s permission, the agency could swiftly retrieve the phone and text logs of particular suspects as well as of all of the people who had been in contact with those suspects, even when they were customers of different phone companies.
Under the replacement system, the number of records about Americans’ communications that the agency collected dropped significantly from the billions per day it had previously been sucking in.
Yet the scale of collection remained huge in absolute terms: The program gathered 151 million records in 2016, despite obtaining court orders to use the system on only 42 terrorism suspects in 2016, along with a few left over from late 2015. In 2017, it obtained orders for 40 targets and collected 534 million records.
Problems with the system emerged last year, when the National Security Agency said it had decided to delete its entire database of records gathered since the Freedom Act system became operational. Glenn S. Gerstell, the agency’s general counsel, said in an interview at the time that because of complex technical glitches, one or more telecom providers — he declined to say which — had responded to court orders for records by sending logs to the agency that included both accurate and inaccurate data.
When the agency then fed those numbers back to the telecoms to get the communications logs of all of the people who had been in contact with its targets, it ended up gathering some data of people unconnected to the targets. The agency had no authority to collect their information, nor a practical way to go through its large database and cull those records it should not have gathered. As a result, it decided to purge them all and start over.
But it had not been clear until Mr. Murry’s comments in the podcast that was posted over the weekend that the problems have continued, even as a legislative battle over the Freedom Act — and the inevitable scrutiny of how the program has functioned — has drawn near.
Follow Charlie Savage on Twitter @charlie_savage.
Source : Link