The facts about the metadata ‘menace’


Los Angeles Times

President Obama has announced several significant changes to U.S. counter-terrorism intelligence-collection programs, including an overhaul of the way the National Security Agency stores and accesses telephone metadata. But what has sometimes been overlooked in the firestorm created by Edward Snowden’s leaks about the program is a clear definition of what metadata is, and what it is not.

On the eve of the president’s announcement, I took part in a daylong session of briefings, discussion and debate at the NSA. The session, arranged by Carnegie Mellon University professor Kiron Skinner and Emily Goldman of the Pentagon’s Cyber Command, involved a small group of computer scientists and other researchers and the top leadership of the NSA. The meetings were spectacular for their clarity and candor.

Much of what Snowden leaked has proved controversial, but probably nothing more so than the metadata program authorized by the Patriot Act. This program permits the collection and — under limited circumstances — analysis of metadata on American phone numbers and thus American citizens for counter-terrorism purposes.

Metadata from a phone call include information such as the direction (who called whom), length, date and time. The program does not record the location or the name associated with a call. No one is listening to the call and no content is recorded. And the metadata are segregated and stored separately from all the other signals data the NSA collects.

Here’s a typical way the metadata are used: An intelligence community client, say the FBI, will send the NSA an official request for investigation of a certain phone number that it believes might be associated with suspected terrorists. In order to examine the metadata associated with a phone number, the NSA has to “make RAS” — that is, to show “reasonably articulable suspicion.”

For a phone number that meets the RAS standard, the NSA can examine metadata two hops, or two call generations, away from the original number. Think of a phone bill that displays calls made and received. It can look at metadata for every phone number on the original bill, plus the phone numbers on the bills for the numbers that show up on the bill of the original number. That’s two hops. Among the reforms unveiled by Obama was the reduction in the number of permitted hops from three to two.

What prevents the NSA from relentlessly hopping from one “interesting” number to the next? There are a number of checks: Subsequent generations of metadata and phone numbers cannot be investigated without making RAS on them, which means new review and new approvals; only 22 NSA managers are authorized to approve examination of metadata; the Justice Department audits the program every 90 days; and the program has to undergo reauthorization with the Foreign Intelligence Surveillance Court every quarter. That means at least 15 different federal judges have looked at — and approved — the program since its inception.

What is not happening with the metadata? There’s no freewheeling data-mining, no Facebook-style graphing of social networks and no unrestricted exploratory data analysis.

The president has proposed a number of reforms, including requiring judicial approval before the NSA can access metadata. He also proposed a transition that would shift storage of the metadata from NSA to a third party, possibly the telephone companies.

Judicial review of metadata use is already occurring, albeit after the fact in quarterly court reviews. Integrating judicial review into each explicit accessing of the metadata is a prudent and reasonable step, though it has the potential to slow investigations.

At first glance, shifting data-retention responsibilities to a third party might appear to keep Americans’ metadata one additional step removed from prying NSA eyes. But there are potential risks associated with this move. Private retention could be technically complex and could slow investigations. Even with the NSA providing storage standards and guidance, the data may be less secure simply because they are spread across more organizations and locations.

The reforms sought by the administration may or may not ease the privacy concerns many Americans have about the metadata collection program. Understanding what metadata is, and isn’t, might.

Jack Riley is vice president of the nonpartisan, nonprofit Rand Corp. and director of the Rand National Security Research Division. He wrote this for the Los Angeles Times.

©2014 Los Angeles Times

Read more From Our Inbox stories from the Miami Herald

  • French food on a slippery slope

    Before my first visit to France, around 45 years ago, I was told that you couldn’t find bad food there if you tried. I was of limited experience, so even a hot dog jammed into a baguette bore witness to that “fact.”

  • Even when the VA does act, it still fails our veterans

    Jymm’s preferred attire is a skin-tight Minnie Mouse T-shirt with bright pink windbreaker pants. Even when not sporting his outfit of choice, he dons short shorts and shirts with holes in them, because that’s what he finds most comfortable. His Santa Monica apartment was furnished with broken chairs and tables he dug out of dumpsters. He held onto his favorite old drinking glass long after it broke. Jymm is a Vietnam veteran (who holds two Purple Hearts), and he’s definitely a character. But he’s never hurt himself or anyone else.

  • Blue-state disgrace

    Immigration is a complex problem. So is the long-term question of how the United States should handle the influx of tens of thousands of children from Central America. Beyond the legal mandates, we owe them basic human decency. On the other hand, to say that they should all simply stay here for good begs big questions about encouraging more children to make this journey, and the rights of all the people abroad who are waiting their turn in line. Unless you believe in open borders, it’s all thorny. What seems right for an individual child can seem wrong systemwide.

Miami Herald

Join the

The Miami Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

The Miami Herald uses Facebook's commenting system. You need to log in with a Facebook account in order to comment. If you have questions about commenting with your Facebook account, click here.

Have a news tip? You can send it anonymously. Click here to send us your tip - or - consider joining the Public Insight Network and become a source for The Miami Herald and el Nuevo Herald.

Hide Comments

This affects comments on all stories.

Cancel OK

  • Marketplace

Today's Circulars

  • Quick Job Search

Enter Keyword(s) Enter City Select a State Select a Category