PJ Media

Congress Told That NSA Can't Count Number of Americans in Its Data Grab

WASHINGTON – Obama administration officials told lawmakers that while they support providing more information about surveillance programs to the public, they object to legislative proposals that could undermine national security and divert intelligence resources at the expense of greater transparency.

A subcommittee of the Senate Judiciary Committee debated last Wednesday legislation that would force the government to release statistics on how many Americans have had their data collected under various surveillance programs.

The legislation proposed by Sen. Al Franken (D-Minn.) would require the National Security Agency (NSA) to disclose publicly how many people targeted were Americans, and allow companies to report more information about the surveillance requests they receive and the number of users whose information is turned over.

The Surveillance Transparency Act would also require the government to annually report on the number of Foreign Intelligence Surveillance Court orders issued under various surveillance laws, the general categories of information collected, the number of U.S. persons whose information was collected under the categories, and the number of U.S. citizens whose information was actually reviewed by government agents.

The legislation comes at a time a divided Congress is considering whether to ban practices like the wholesale collection of data on Americans’ telephone calls or to implement limited changes that would effectively put some of the data collection on a stronger legal footing.

Recently, the Senate Intelligence Committee sent to the full Senate a measure, sponsored by chairwoman Dianne Feinstein (D-Calif.), that would strengthen the legal authority of the NSA’s bulk collection of domestic telephone data.

“What we’re trying to do is create a framework where people have a little bit more confidence and understanding,” Franken said at the hearing. “Or can decide for themselves whether they should have confidence.”

Robert Litt, general counsel for the Office of the Director of National Intelligence, said it is possible to reveal information on the number of targets of collection activities, but there is no reliable method to find out the number of U.S. people whose data is actually collected, even if they are not the target.

“Counting the number of persons or of U.S. persons whose communications are actually collected, even if they’re not the target, is operationally very difficult,” he told the Judiciary Committee’s privacy subcommittee. “This kind of information simply cannot be reasonably obtained.”

Litt said it took six NSA analysts over two months to determine how many Americans’ communications were swept up in an NSA collection mistake in 2011. Compiling these statistics on a larger scale would be time consuming, if not impossible, and take resources away from NSA’s mission of uncovering terrorist plots.

“[NSA] mathematicians have other things that they can be doing in protecting the nation…rather than trying to go through and count U.S. persons,” Litt said, referring to published statements that NSA is the nation’s largest employer of math experts.

He added that determining the exact number of Americans whose data is collected would actually be a larger invasion of privacy than any that might already be happening because it would require NSA analysts to look further into the data than they normally would.

“If you impose upon them some sort of obligation to identify U.S. persons, they’re going to take an email address that may be, you know, Joe at hotmail.com. And they’re going to have to dig down and say, ‘what else can we find out about Joe at hotmail.com?’” he said. “And that’s going to require learning more about that person than NSA otherwise would learn.”

“We are very much in support of transparency, but we wanna do so in a way that’s consistent with our national security needs,” said Deputy Assistant Attorney General Brad Wiegmann, another witness at the hearing. He said terrorists could notice a rise in requests to a particular provider or targeting a new technology that would allow them to glean whether the government has the capability to collect information on a specific technology.

Litt also argued that allowing U.S. companies to disclose how many requests they receive would give terrorists an advantage.

“The more detail we provide out there, and the more we break this down by authorities and companies, the more easy it becomes for our adversaries to know where to talk and where not to talk,” he said.

Litt’s argument was challenged by Richard Salgado, Google’s law enforcement and information security director, who said allowing businesses to share this information is the only way to have a reasonable discussion about the regulation of intelligence gathering.

“The current lack of transparency about the nature of government surveillance in democratic countries … undermines the freedoms most citizens cherish,” Salgado said. “It also has a negative impact on our economic growth and security and on the ultimate promise of the Internet as a platform for openness and free expression.”

The fallout from the NSA leaks could result in greater Internet restrictions that could hurt U.S. economic interests and some proposals could even create a “splinter net” by erecting Internet barriers, he said.

He said governments around the world are considering ways to limit the impact of U.S. government and other governments’ surveillance on their citizens. For example, he noted, the Brazilian government is considering legislation that would require data of both domestic and international companies to be stored in Brazil.

A group of 72 tech companies and advocacy groups, including Google, Facebook, and Apple, has asked Congress to move quickly on surveillance reform bills that would allow companies to tell their users how often they hand over data to the government.

The group endorsed two pieces of legislation: Franken’s bill and a House bill sponsored by Rep. Zoe Lofgren (D-Calif.). The Surveillance Order Reporting Act would allow Internet firms and telecoms to report the number of surveillance requests they receive every three months.