Telephony Metadata and the Rights of U.S. Citizens
The following post was submitted by students enrolled in LIS2407 – Metadata at the University of Pittsburgh School of Information Sciences. For more information on the series, see the introductory post.
By Leah Geibel and Erin Scrimger
Many U.S. Citizens do not realize that telephony metadata is available to the government through the Patriot and Freedom Acts. The legality of this bulk collection is questionable, however, and its continuation is suspicious. The Foreign Intelligence Surveillance Act (FISA) of 1978 requires that telephony metadata only be made available if records being sought are relevant to an investigation, a subpoena is obtained, and pen registers are used to trap and trace devices. The Patriot and Freedom Acts run contrary to these stipulations and the government has given themselves the right to access telephony metadata carte blanche. FISA has not been updated to include new technologies, so metadata collection is often a loophole that is ultimately unconstitutional. Definitions concerning the difference between foreign affairs and foreign intelligence must be articulated, and limits about what can be collected must be enforced in order to ensure the privacy of U.S. Citizens (Donohue, 2014). Absent these limitations, the government is free to extract information without any legal cause or acknowledgement.
We might not like the idea of governments collecting our private information, and in fact it may not even be legal, but that doesn’t mean it’s going to stop anytime soon. The National Academy of Science (NAS) recently issued a report titled Bulk Collection of Signals Intelligence: Technical Options which determined that “refraining entirely from bulk data collection will reduce the nation’s intelligence capabilities” and that controlled usage of data collected in bulk can be a way to protect privacy (2015). There are two ways to control usage: manually and automatically. The NAS study suggests a heavier shift toward the automatic by using software to determine if queries from intelligence analysts are allowed. However, this raises the question of how do we know what we don’t know? If analysts aren’t provided access to the broader picture, in this case bulk metadata, then how can they gain the context from which to derive the right kinds of queries? Can an algorithm determine as well as a human what is relevant?
Before continuing, it should be made clear that the authors do not pretend to know or understand the finer workings of signals intelligence (SIGINT) or the systems and algorithms used to interpret it. What follows is merely thoughts that have arisen from contemplating the implications of moving toward a more strictly controlled automatic system of data analysis and how metadata standards could in some small way play a part in personal privacy.
The NAS report points toward a shift from bulk collection to targeted collection, where collection is defined as having happened only after information is moved and stored by the government (as opposed to remaining on corporate servers). If we are moving toward a system of algorithms that assess queries, then we should consider the use of controlled vocabularies (Tucker, 2015). At some point there would be no need for manual control, which is what most people are concerned about after all. Intelligence collection is necessary, but I don’t want someone listening to my phone calls or reading my email. To answer the “how do we know what we don’t know” question, we might not need to know. Presumably analysts are searching for different things, sometimes similar, and through searches they might find different pieces that together provide important information (Tucker, 2015). If software can be programmed to digest speech or text in real time and identify key phrases or words from a controlled vocabulary, it could lump those data sets together and assign subject tags. This, in a way, would be performing targeted collection. From these sets of data, analysts could only view relevant information on designated targets. The example given by the NAS report is a specific phone number.
This brings up two further points relating to controlled vocabularies. First, there would be the need for a committee whose sole purpose would be to create and update this list of controlled subject terms and make it available to analysts as new intelligence is gathered. This committee would be responsible for defining the subject tags that the software would place on data sets and also those terms that would be flagged as holding possible information. Second, systems and practices of intelligence gathering must have ethical checks and balances, and this is where manual (or human) usage control factors in. There would need to be some kind of elected advisory council that would review these controlled vocabularies before entering them into the algorithms to ensure that our rights and privacy as citizens were being upheld. For example, vocabularies dedicated to political or social issues should never be created for the purpose of tracking and monitoring the free speech of citizens, as was done during the Civil Rights Movement. Fear is often bred out of mistrust and the unknown. We should not fear our government, and this is why transparency in SIGNIT is so important. With tightly controlled and supervised usage, transparent targeted collection of metadata for the purpose of intelligence should not interfere with the privacy of our daily lives.
Donohue, Laura K., “Bulk Metadata Collection: Statutory and Constitutional Considerations”. Georgetown Law Faculty Publications and Other Works. Paper 1350. (2014). http://scholarship.law.georgetown.edu/facpub/1350
National Academy of Science. Bulk Collection of Signals Intelligence: Technical Options. 60. Washington, D.C.: The National Academies Press, 2015.
Tucker, Patrick. “What the End of Bulk Metadata Collection Would Mean for Intelligence Collection.” May 13, 2015. http://www.defenseone.com/technology/2015/05/what-end-bulk-metadata-collection-would-mean-intelligence-collection/112519/