NSA’s Bulk Data Collection Fail

The Privacy and Civil Liberties Oversight Board‘s just-released report doesn’t detail a single instance of the NSA’s bulk data collection leading to the foiling of a terrorist plot — for the simple reason that this oversight agency couldn’t find any — and yet, the mantra “to keep Americans safe” is incessantly uttered by  the NSA’s defenders whenever the wisdom (not to mention legality) of collecting pretty much every data bit generated by everyone, ever, is questioned.  (Well, once the NSA finally-sort of-almost-maybe admitted that’s what they might be doing — for your own good, of course. See how that one flies with Angela Merkel.)

With this latest report revealing that the NSA’s counter-terrorism claims have been wildly exaggerated, the data stockpile’s potential use for corruption ought also to get a closer look.  Even if 99.9 percent of NSA employees are 99.9 percent pure, a few bad-apple agents with ill intentions could partner with a few  bad-apple politicians or government officials — for the sake of symmetry, let’s pretend there are only a few — and use the available data for blackmail, coercion, or the kind of anonymous leaks that send political enemies scrambling for rehab or other cover.

As for the claim that no NSA agent could improperly access such data without others knowing about it, there is an obvious answer:  Edward Snowden.

Equally absurd is the assumption that the NSA would or could know about all misuse of data — or that the NSA’s assurances that no abuse has occurred are in any way meaningful.  Last time I checked, the reason blackmailers are often successful is that the victim cannot reveal the blackmailer without revealing whatever it was that made the victim blackmailable in the first place.

What?  500 phone calls last month to ‘Bunny’?  Sure,  I can explain that.  Yeah . . . that’s a nickname for my . . . uh . . . accountant.

So perhaps it’s time, despite the president’s assurances about the necessity of bulk data collection,  for the NSA to focus on targeted data-gathering and analysis instead, and to make sure the pertinent results are promptly shared with other law enforcement agencies.  After all, in piling up its mountainous haystack of all cyber data that was, is (and ever shall be, if the NSA prevails against its critics),  the NSA seems to have missed a few needles — in fact, every needle of late.

With more selective data and analysis, the NSA might, for instance,  have come across the Tsarnaev brothers perusing an online magazine for the do-it-yourselfer terrorist, checking out the helpful “How To” page for making pressure-cooker bombs.  Alerted law enforcement agencies might subsequently have flagged their purchases for the “ingredients,” and a pre-Boston Marathon arrest could and should have occurred.

Tragically, no such arrest was made. In today’s uber politically correct climate, it is apparently considered “Islamophobic”  to focus our data-culling on the places where terrorists tend to “hang out” — in both the cyber world and the real world.  Even though the Russians had earlier warned the FBI about the Tsarnaevs’ family ties to Chechen rebels and the elder brother’s six known visits to an Islamic militant in the Russian republic of Dagestan,  that info wasn’t considered compelling enough to tap not only into their particular data stream, but to actually pay attention to where they were swimming in tha stream. Instead, various Tsarnaevs were interviewed by various FBI agents.  The apparent gist:

Are you  terrorists?


Oh.  OK.

How else to explain that shortly thereafter, when the brothers were learning to cook with nails and ball bearings, no one in the we-need-your-data-to-protect-you trade was paying attention?  (And we worry that Snowden has tipped off the bad guys??)

Likewise, our data-gatherers were also spectacularly incurious about  an Air Force major who ordered business cards online that described him as a  “Soldier for Allah,” and was email pals with radical Islamist Anwar al-Awlaki.  Before it became “insensitive” to keep tabs on folks who might, by virtue of behavior, travel patterns and cultural or religious affiliations, have a higher probability of being terrorists than, say,  little old ladies from Milwaukee flying to visit great grandchildren, this sort of behavior, like collecting recipes for pressure cooker bombs,  might have sparked some serious, and prolonged, investigation.

But we don’t have to go back that far to find an example of the bulk data collection FAIL. On Jan. 24, police in Pennsylvania arrested a Russian teenager whose suitcase housed  a “weapon of mass destruction” – a bomb.  The Penn State University student reportedly built it from online purchased parts, but the police weren’t searching through his belongings in response to an NSA tip about his online activity.  They weren’t looking for a bomb at all – they were looking for pot as part of a drug investigation, and serendipitously stumbled across his other hobby.  To the original drug charges, police have added “possessing a weapon of mass destruction, risking a catastrophe, possessing instruments of crime, prohibited offensive weapons, incendiary devices, [and] recklessly endangering another person.”

So here we have another young Russian buying his terrorist wares online, and yet the NSA didn’t flag him or his online purchases.

The question is, within the mega haystack of NSA data, how many other needles have escaped notice?  And why have so many of our politicians and talking heads failed to notice that the NSA hasn’t produced a single instance in which their massive data sweep has led to the prevention of an attack?  It’s time for lawmakers to take the recommendation of the PCLOB and shut down the bulk collection of all Americans’ data, an egregious violation of the Fourth Amendment, and for the NSA to focus its full attention on the sites and behavior patterns common to terrorists.  Sometimes less is more.