Marc Ambinder doesn’t think we should be too concerned about the National Security Agency’s XKEYSCORE system because it is just an interface, not a collection tool.
Perhaps, but what is certainly worrisome are two reports published yesterday about collection capabilities that haven’t yet been disclosed. One is a thorough analysis by International Business Times’s Pema Levy of Sen. Ron Wyden’s statements about geolocation:
In a speech last week at the Center for American Progress, a liberal think tank, Wyden mentioned cell phone location data enough times that observers felt it could not be coincidence. “Under the classification rules observed by the Senate we are not even allowed to tap the truth out in Morse code,” Wyden said, according to his prepared remarks, explaining how difficult it is to alert the public to the existence of classified programs. “And we tried just about everything else we could think of to warn the American people.”
Wyden then immediately issued another sort of warning. “As you listen to this talk, ponder that most of us have a computer in our pocket that potentially can be used to track and monitor us 24/7,” he said.
Suppose the NSA were constantly monitoring where U.S. citizens are on the theory that the location of a phone when a call is made is a business record. Wyden (who is my senator) wouldn’t be allowed to tell us, but he could drop lots of hints. The fact that he has been dropping hints doesn’t prove that the NSA is keeping records of our locations, but it is concerning. And, as Levy explains, the NSA has the legal authority to do so at any time.
The second report, from CNET, describes how the FBI is pressuring Internet providers to install its interception software, called “port readers,” on their machines:
Carriers are “extra-cautious” and are resisting installation of the FBI’s port reader software, an industry participant in the discussions said, in part because of the privacy and security risks of unknown surveillance technology operating on an sensitive internal network.
It’s “an interception device by definition,” said the industry participant, who spoke on condition of anonymity because court proceedings are sealed. “If magistrates knew more, they would approve less.” It’s unclear whether any carriers have installed port readers, and at least one is actively opposing the installation.
In another time, perhaps, we might have had confidence that this software would be used entirely in accordance with constitutional protections. Yet as an FBI spokesperson made clear to CNET, the bureau believes it has the authority to use the software to collect subscribers’ metadata. Just how extensive that collection is and whether it is constitutional remain open questions.
Industry officials, meanwhile, are worried about the port readers because they are entirely opaque. Technicians don’t know what the readers are doing or whether they pose any other risks to the company’s internal systems. The FBI’s legal theory raises an entirely new kind of question. So far, the debate about surveillance has concerned individual liberties, but do commercial enterprises have an expectation of privacy, too? May the state forcibly install its own software on private computers, instead of simply requesting data from the companies?
This is just one more debate about our legal system that technological change has made necessary. We haven’t had it, though, because of the administration’s decision to continue developing these programs in complete secrecy.
