Tag Archives: nsa

Evil Or Incompetent, NSA Edition

The Heartbleed bug, best explained by XKCD, has been in the news the last few days, and the NSA has been accused of exploiting it for years. They’ve issued their standard denial, which led me to make this comment:

This is worth elaborating upon: the NSA is either evil or incompetent. There is no other choice. The options are:

  • the NSA knew about the bug and let it exist for years, exposing the private data of millions of citizens and risking far more damage than they could have possibly prevented.
  • the NSA, which snoops on most of the world’s web traffic and has a budget in the billions, could not locate this bug or even hear any criminals discussing it among all the data it collects.

I, for one, hope for the latter. It’s hard to fear totalitarian control by an entity so freaking inept.

Fantasy League Can’t Believe Government Employee Friend Winning Again

Arlington, VA – Multiple participants in the Pitt Stops fantasy league expressed disbelief this week that Damian Scott, manager of the Spygated Communities, was cruising to his ninth consecutive league title.

“It’s unbelievable,” said Mike Donovan, 28, league commissioner and owner of The Ball Handlers. “It doesn’t even matter what sport it is. Football, baseball, now basketball. He’s unstoppable.”

The Pitt Stops league features 12 former graduates of the University of Pittsburgh class of 2008, who have stayed in touch while playing fantasy baseball, fantasy football, and starting with the 2013-2014 season, fantasy basketball.

“I mean, we started doing basketball just to see if there’s something where Marcus wouldn’t dominate, and he’s still crushing everybody.”

“It’s incredible,” added league member R.J. Benjamin, 28, of the C***-Punters. “He’s gotta be the luckiest fantasy player ever. Picking up second-stringers right before they’re made starters. Finding injury replacements before the news even breaks. He’s got a magic touch.”

“Scott is a douche! He ruinns [sic] the league!” commented league member Dustin Pannell, 27, (I Pitt The Fool) via email from his home in St. Louis. “I had a trade lined up for Kevin Love, and right before it was acceppted [sic] he made Shawn a better offer!” Shawn Jackson, 28, (Thanks Obama!) the counterparty to the alleged trade, acknowledged that he would have consummated the trade with Pannell had Scott not contacted him with a different offer. “Not sure how he knew I had decided to rebuild, but he came in at the right time.”

“We’re gonna have to do something about his dominance. Maybe dock the winner a first-round pick or something,” mused Donovan. “I don’t even understand how he can stay on top of all the player news, with the 16-hour days he puts in. This government job really keeps him busy.”

At press time, Scott could not be reached for comment, as he had taken the day off from his job at the NSA to take Donovan’s girlfriend to a hotel where she thanked him for a birthday present she had desired since childhood.

Follow-Up On The Costs Of The NSA

Following my post this morning on the cost the NSA imposes on America and the deaths caused by such costs, Charles Hooper’s article on the costs and benefits of NSA surveillance was posted at the Library of Economics & Liberty. The piece is worth reading, but here’s a quick summary:

For every true terrorist uncovered, the NSA would incorrectly flag 475,500 innocent American residents. With the NSA budget of $5 million per terrorist ($5 billion divided by 1,000) and a follow-up cost of $30,000 per accused, the marginal cost per real terrorist is over $14 billion, which is far above the marginal value per terrorist of $100 million. Notice that even if one assumes a zero budget for the NSA, the marginal cost per real terrorist is still over $14 billion. The big driver of costs is not the NSA budget, but the cost of incorrectly flagging 475,500 innocent American residents for every true terrorist.

Hooper doesn’t go into the fact that these extra costs could have been used to save other lives instead, but he doesn’t have to. The huge and pointless costs of NSA surveillance are apparent either way.

Has The NSA Killed Thousands Of Americans?

See update below for a different approach.

This isn’t about the assassination of American citizens without due process, which we do already. This also isn’t about Americans killed in the secretive drone campaign, although I’m sure that happens, too. I’m talking about economics. I’ve previously addressed in this space how many people were killed to make everyone feel good about Bat Boy. Here, I’ll apply the same principle to the NSA, whose insanely intrusive tactics have basically abolished privacy.

The NSA’s budget is believed to be around $10.8 billion, though I imagine no one would be surprised if they had much more than that in undisclosed funds. The federal government, in its various regulations, uses a statistical value of life of between $6-8 million. We’ll use the upper bound here, to give the NSA the benefit of the doubt. Thus, to justify a budget of $10.8 billion, the NSA would have to save ~1350 lives* every single year. If it doesn’t, we should be using those moneys for programs that do save lives.

*If one wanted to, one could calculate the maximum number of lives $10.8 billion could save by using the most cost-effective interventions. However, since those numbers are often unreliable, and most programs cannot be scaled indefinitely (there’s only so many people you can save from malaria, for example), I will use the average American value here. This benefits the NSA in this calculation. More importantly, American politics rarely cares about the lives of non-Americans, even when Americans clearly do.

Here are the numbers of American terrorism deaths since 1985, cobbled together from State Department data, the Johnston Archive, and Wikipedia (all numbers through 2012, limited to private citizens).

Year Deaths Injuries
1985 2 4
1986 2 110
1987 0 1
1988 0 0
1989 2 16
1990 2 3
1991 1 0
1992 1 0
1993 15 1,063
1994 7 9
1995 171 677
1996 25 510
1997 6 21
1998 12 11
1999 5 6
2000 23 47
2001 2,978 8,000
2002 27 37
2003 35 29
2004 33 33
2005 30 36
2006 28 39
2007 19 17
2008 15 18
2009 9 19
2010 15 19
2011 17 17
2012 10 5

If you’re not familiar with this area, you might be surprised to see how incredibly low death rates from terrorism are. Obviously any violent death is one too many, but even with the 9/11 attacks, terrorism averages just 125 deaths a year – roughly the same as deaths caused by peanut allergies. Since 2002, the average is merely 22, and under Obama it’s ~13. These are within range of the pre-9/11 average of 17-18. Let’s say that the NSA’s current abominations were installed in 2009: this means they should have saved approximately 5,400 lives by now. This means preventing a new 9/11 approximately every 2 years and 2 months. Considering that 9/11-type attacks weren’t occurring that frequently long before the NSA existed, it strains credulity that such attacks would be occurring regularly the past five years.

Perhaps you think the NSA crimes have in fact been preventing such huge attacks the past five years. To quote my role model Dave Barry, “perhaps you are an idiot.” Assuming you’re not, please explain how there were no such attacks between 9/11 and the institution of the invasive NSA programs. You’d also have to explain what the NSA is doing on top of the CIA, FBI, and military intelligence to save these lives, since we’re not taking the activities or budgets of these other entities into account. What is the NSA doing that they could not have?

Reading the data in the way most generous to the NSA, they’ve saved approximately 14 lives per year, at a cost of approximately $771 million per life saved. Considering that we’ve stipulated that lives can be saved for $8 million, the NSA has actually caused the deaths of 1336 Americans each of the last 5 years. Ironically, this would make it the most effective anti-American terrorist organization in the world.

Yes, you could argue that the NSA saves these additional lives with just a tiny portion of their budget, so that the actual financial cost per life saved I’d much smaller. I’d like to see some evidence of that, but it’s at least possible. You’re still left explaining why civil liberties are worth nothing, and how we can exercise oversight without knowing any of this.

UPDATE: In researching this article, I ran across a paper by John Mueller and Mark G. Stewart, published this week, called “Secret without Reason and Costly without Accomplishment: Questioning the National Security Agency’s Metadata Program.” It doesn’t do the cost/benefit analysis the way I do, but it arrives at the conclusion that the NSA’s metadata programs is not cost-effective even without taking into account the loss of civil liberties. Worth a read as it goes over the ways the NSA has admitted the low benefits of the metadata program.

The Fourth Amendment And The Status Quo

In my piece about the recent NSA decision I said the following before concluding that current Fourth Amendment jurisprudence probably permits the NSA’s sweeping metadata collection:

The more important question is not what the law is – although this matters for reasons elucidated below – but what the law should be.

It appears I then didn’t properly elucidate the reasons why the status of the law matters. I offered two possibilities to deal with the NSA’s intrusion in personal lives of innocent people:

  • The Supreme Court could overturn much of their precedent regarding the third party doctrine under the Fourth Amendment, and interpret the Fourth Amendment consistent with new principles that properly protect privacy in information voluntarily shared with others in the ordinary course of life. Not likely.
  • Congress could step in and enact legislation subjecting more information to protection from NSA/government collection. … There is no reason that statutes can’t be written to further extend such protections to phone metadata, internet searches, and various other types of information. This is slightly more likely than the Supreme Court helping us, but I’d predict that any such changes would be riddled with loopholes (like the ones being used to justify current NSA overreach) and otherwise insufficient to deal with what’s happening.

I omitted a third possibility: a constitutional amendment that provides additional privacy protections for data shared with third parties. I consider that to be basically a non-starter, as it would be difficult to draft and virtually impossible to pass, for the same reason that statutes expanding privacy are unlikely. Thus, I’m pessimistic that we’ll get to a better state of law as regards personal privacy.

The reason the status quo matters is that getting to that better state is difficult from where we are now, but isn’t necessarily difficult in the abstract. If we were drafting a Fourth Amendment equivalent today, we might very likely include additional protections for data shared with others  in the ordinary course of life. It would not be nearly as controversial if there were a blank slate without the history of the Fourth Amendment. Now, to get there from here, we must make major changes to existing laws, which means fighting special interests opposed to such laws and mobilizing common people who have better things to do to feel and then express outrage at the ballot box. (Try mobilizing a retiree who doesn’t have a laptop or a smartphone to feel his privacy was invaded when his congressman tells him that terrorists are at the door with these newfangled computers.)

Thus, my conclusion is that we can’t get there from here. (Similar to my thoughts about guns and gun control.) I hope to be wrong.

The Fourth Amendment In The Electronic World

After an initial victory in which a federal judge enjoined NSA data collection and determined that its mass collection of phone records is likely unconstitutional, the common people (like you and me) suffered a setback today. Reason explains:

Today a  federal judge in New York rejected the American Civil Liberties Union’s challenge to the National Security Agency’s routine collection of information about every telephone call placed in the United States. U.S. District Judge William H. Pauley conceded that “such a program, if unchecked, imperils the civil liberties of every citizen,” since “such data can reveal a rich profile of every individual as well as a comprehensive record of people’s associations with one another.” But he said he was bound by the Supreme Court’s ruling in the 1979 case Smith v. Maryland, which held that the Fourth Amendment does not apply to telephone metadata indicating who calls whom, when, and for how long. “This Court consistently has held,” the justices said in Smith, “that a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Under this precedent, Pauley said, no one has a Fourth Amendment right to stop the government from examining his telephone records, which are not really even his:

“The ACLU’s pleading reveals a fundamental misapprehension about ownership of telephony metadata…. The business records created by Verizon are not “Plaintiffs’ call records.” Those records are created and maintained by the telecommunications provider, not the ACLU. Under the Constitution, that distinction is critical because when a person voluntarily conveys information to a third party, he forfeits his right to privacy in the information….

The collection of breathtaking amounts of information unprotected by the Fourth Amendment does not transform that sweep into a Fourth Amendment search.”

Judge Pauley is probably right under current law. It’s established that a person doesn’t have Fourth Amendment protection when he/she gives items or information to another person – this is why your roommate may let the police into the house, and why your employer can turn over your personnel file. This has given rise to Fourth Amendment jurisprudence that focuses on the “expectation of privacy,” the crucial factor in deciding whether a Fourth Amendment search has occurred.

The more important question is not what the law is – although this matters for reasons elucidated below – but what the law should be. It’s apparent to me that Fourth Amendment jurisprudence, which began in the 1700s, is not an appropriate regulatory framework for the present day in which electronic communications are essential to everyday life. It is now routine to give up information to third parties without giving up an expectation of privacy in such information: my Gmail account is on Google servers and they can probably access it if they want,* but that doesn’t mean I consider my emails public information. Same certainly goes for cellphone provider (mine’s Verizon) records at issue in the NSA lawsuits. Can a constitutional amendment that never contemplated an email, a Google search, or a GPS govern these items? Well, obviously it can – it’s doing so now. It’s just not the best way to do it.

*I’m pretty sure this doesn’t matter in current Fourth Amendment analysis, but Google and Verizon and I have agreements in place that limit what they can do with my data. (I think. No one reads those things.) If they’re prevented by our agreement from public disclosure of my information, should that not affect whether the government can gather such information at will? Under present law, it doesn’t matter at all.

Because we’re stuck with the history of the Fourth Amendment as it is, we’re left with a couple of options to get us out of the mess* that we’re in now:

  • The Supreme Court could overturn much of their precedent regarding the third party doctrine under the Fourth Amendment, and interpret the Fourth Amendment consistent with new principles that properly protect privacy in information voluntarily shared with others in the ordinary course of life. Not likely.
  • Congress could step in and enact legislation subjecting more information to protection from NSA/government collection. Doctor-patient and journalist-source protection, for example, are privileges created by law, though they can be overcome in certain situations. There is no reason that statutes can’t be written to further extend such protections to phone metadata, internet searches, and various other types of information. This is slightly more likely than the Supreme Court helping us, but I’d predict that any such changes would be riddled with loopholes (like the ones being used to justify current NSA overreach) and otherwise insufficient to deal with what’s happening.

So basically, we’re screwed. I hate to be so gloomy, but despite some public outrage, we still have too many powerful people with vested interest in maintaining the surveillance state. Their interests are concentrated, and the people’s are diffuse, which is why they generally win. Which is why we have bank bailouts and the sugar tariff.

*I hate the surveillance state and Edward Snowden is a hero, in case this wasn’t readily apparent.

Addendum: I hate to leave on a pessimistic note, so I’ll give one reason for hope: journalists. I’m not very impressed with the press (they’re biased and they don’t care) as protectors of “truth” and “democracy” but they have a mighty sway over public discourse and they are, at least in important parts, annoyed by the surveillance state. Of course, with few exceptions (Glenn Greenwald is amazing), it’s only because they get snooped on, too. It’s not much, but it’s something.