NSA phone record collection does little to prevent terrorist attacks, group says

One of the key issues raised by Snowden is whether all this surveillance works. The Washington Post has a story from a year ago reporting that NSA phone record collection does little to prevent terrorist attacks, group says. This story is based on a report:

On page 2 they summarize their findings,

Surveillance of American phone metadata has had no discernible impact on preventing acts of terrorism and only the most marginal of impacts on preventing terrorist- related activity, such as fundraising for a terrorist group.

New America also has an interactive where you can burrow down on their evidence. This report goes further than the White House commissioned report, Liberty and Security in a Changing World. In that report they conclude,

Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional section 215 orders. (p. 104)

 Why bother then?

If massive data gathering doesn’t help predict and prevent terrorist attacks, why do our intelligence agencies and government persist in defending the expensive practice? I can think of a number of reasons:

  • Many agencies feel it is too early to tell. A major terrorist attack might be foiled in the future that redeems the whole thing.
  • The project is an exciting experiment in SIGINT (signals intelligence) that shouldn’t be cut until it has run its course. The algorithms could get better, new uses of the systems could be found, and it is always useful to know what could be done.
  • Politicians are reluctant to cut programs that seem modern (computers to catch terrorists) as compared to messy human intelligence programs.
  • Politicians are worried that they will be blamed if a program is cut and then there is a massive attack that it appears could have been prevented. No one wants to be blamed for being weak on terrorism.
  • The intelligence community and the businesses that have grown up around data intelligence don’t want to their funding as it would mean cutbacks and loss of importance. For businesses, it could mean loss of very profitable contracts. It could be argued that there is a semi-secret military-intelligence-industrial complex that now has a life of its own and will protect its turf (using the surveillance tools themselves which, while they may not work to predict, can work well when you know your target.)
  • In the case of 5 Eyes intelligence organizations outside of the USA, there is evidence that they are getting funding from the USA. Organizations like the CSE (Communication Security Establishment (of Canada)) are indebted to and deeply embedded in the NSA led 5 Eyes network. Why would they endanger their membership in the club just because data gathering didn’t catch terrorists?
  • The intelligence community has found other uses for the systems that they do find useful. The system can help in retrospective analysis where you try to figure out a suspects social network after you have been alerted to him by other means.
  • More importantly, I think, the system is useful for spying on known targets, especially economic and political ones. That is why the CSE(C) slides demonstrated the use of Olympia for spying on the Brazilian Ministry of Mines and Energy. That is why Angela Merkel’s cell phone number was on an NSA slide. The system may not work to predict, but it is great for checking out people you are interested in for other reasons – it is fast and can be used over a network. Counter-terrorism was the justification, but other types of intelligence activities provide the ongoing reason to keep investing.
  • Most importantly, cybersecurity has become more and more important as we get more and more evidence of criminal hacking and aggressive state hacking. Governments and intelligence agencies are loath to scale back on large well-funded projects that could be useful in a possible new world of cold cyber-war.