The facts about the metadata ‘menace’


Los Angeles Times

President Obama has announced several significant changes to U.S. counter-terrorism intelligence-collection programs, including an overhaul of the way the National Security Agency stores and accesses telephone metadata. But what has sometimes been overlooked in the firestorm created by Edward Snowden’s leaks about the program is a clear definition of what metadata is, and what it is not.

On the eve of the president’s announcement, I took part in a daylong session of briefings, discussion and debate at the NSA. The session, arranged by Carnegie Mellon University professor Kiron Skinner and Emily Goldman of the Pentagon’s Cyber Command, involved a small group of computer scientists and other researchers and the top leadership of the NSA. The meetings were spectacular for their clarity and candor.

Much of what Snowden leaked has proved controversial, but probably nothing more so than the metadata program authorized by the Patriot Act. This program permits the collection and — under limited circumstances — analysis of metadata on American phone numbers and thus American citizens for counter-terrorism purposes.

Metadata from a phone call include information such as the direction (who called whom), length, date and time. The program does not record the location or the name associated with a call. No one is listening to the call and no content is recorded. And the metadata are segregated and stored separately from all the other signals data the NSA collects.

Here’s a typical way the metadata are used: An intelligence community client, say the FBI, will send the NSA an official request for investigation of a certain phone number that it believes might be associated with suspected terrorists. In order to examine the metadata associated with a phone number, the NSA has to “make RAS” — that is, to show “reasonably articulable suspicion.”

For a phone number that meets the RAS standard, the NSA can examine metadata two hops, or two call generations, away from the original number. Think of a phone bill that displays calls made and received. It can look at metadata for every phone number on the original bill, plus the phone numbers on the bills for the numbers that show up on the bill of the original number. That’s two hops. Among the reforms unveiled by Obama was the reduction in the number of permitted hops from three to two.

What prevents the NSA from relentlessly hopping from one “interesting” number to the next? There are a number of checks: Subsequent generations of metadata and phone numbers cannot be investigated without making RAS on them, which means new review and new approvals; only 22 NSA managers are authorized to approve examination of metadata; the Justice Department audits the program every 90 days; and the program has to undergo reauthorization with the Foreign Intelligence Surveillance Court every quarter. That means at least 15 different federal judges have looked at — and approved — the program since its inception.

What is not happening with the metadata? There’s no freewheeling data-mining, no Facebook-style graphing of social networks and no unrestricted exploratory data analysis.

The president has proposed a number of reforms, including requiring judicial approval before the NSA can access metadata. He also proposed a transition that would shift storage of the metadata from NSA to a third party, possibly the telephone companies.

Judicial review of metadata use is already occurring, albeit after the fact in quarterly court reviews. Integrating judicial review into each explicit accessing of the metadata is a prudent and reasonable step, though it has the potential to slow investigations.

At first glance, shifting data-retention responsibilities to a third party might appear to keep Americans’ metadata one additional step removed from prying NSA eyes. But there are potential risks associated with this move. Private retention could be technically complex and could slow investigations. Even with the NSA providing storage standards and guidance, the data may be less secure simply because they are spread across more organizations and locations.

The reforms sought by the administration may or may not ease the privacy concerns many Americans have about the metadata collection program. Understanding what metadata is, and isn’t, might.

Jack Riley is vice president of the nonpartisan, nonprofit Rand Corp. and director of the Rand National Security Research Division. He wrote this for the Los Angeles Times.

©2014 Los Angeles Times

Read more From Our Inbox stories from the Miami Herald

  • Why I let my children walk to the corner store — and why other parents should, too

    Of all the adventures my lucky children had this summer — swimming in two oceans, hanging out on their bearded uncle’s commercial salmon fishing boat, endless popsicles — the biggest one, they told me, was just 495 feet away in their own Washington, D.C., neighborhood.

  • Censoring Islamic State on Twitter Is useless

    When a powerful denial-of-service attack brought down Sony’s PlayStation Network on Sunday, a group that claimed responsibility said it had acted on behalf of the Islamic State, the rapidly growing terrorist organization in the Middle East. Even if the “Lizard Squad” had nothing to do with it, the story was just another example of Islamic State’s devilish skill at promoting itself on social networks.

  • I demonstrated as an angry mob destroyed the U.S. embassy. I’m sorry.

    On Dec. 19, 1998, U.S. embassies across the Arab world felt the ire of residents outraged by U.S.-British airstrikes on Iraq. The most violent demonstrations occurred in Syria, where protesters stormed the U.S. and British embassies in Damascus. Protesters also destroyed the residence of U.S. Ambassador to Syria Ryan Crocker, who lodged vigorous objections with the Syrian government in response. I was among those protesters.

Miami Herald

Join the

The Miami Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

The Miami Herald uses Facebook's commenting system. You need to log in with a Facebook account in order to comment. If you have questions about commenting with your Facebook account, click here.

Have a news tip? You can send it anonymously. Click here to send us your tip - or - consider joining the Public Insight Network and become a source for The Miami Herald and el Nuevo Herald.

Hide Comments

This affects comments on all stories.

Cancel OK

  • Marketplace

Today's Circulars

  • Quick Job Search

Enter Keyword(s) Enter City Select a State Select a Category