James Clapper Admits Phone Dragnet Data Retention Is about Discerning Patterns

In the Q&A portion of a James Clapper chat at Council on Foreign Relations yesterday, he was asked about the phone dragnet and Section 215 (this starts after 48:00).

He made news for the way he warned Congress that if they take away Section 215 (he didn’t specify whether he was talking about just the phone dragnet or Section 215 and the roughly 175 other orders authorized under it) and something untoward happens as a result, they better be prepared to take some of the blame.

Q: In recent days the government reauthorized the telephone metadata collection program through June 1st, when there’s the Sunset date, obviously, of Section 215 of the PATRIOT Act. What do you want to see happen after that?

Clapper: Well, what we have agreed to, Attorney General Eric Holder and I, last September, signed a letter saying that we supported the notion of moving the retention of the data to providers in a bill that was — actually came out of the Senate from Senator Leahy, so we signed up to that. I think that’s the only thing that’s realistic if we’re going to have this at all. In the end, the Congress giveth and the Congress taketh away. So if the Congress in its wisdom decides that the candle isn’t worth the flame, the juice isn’t worth the squeeze, whatever metaphor you want to use, that’s fine. And the Intelligence Community will do all we can within the law to do what we can to protect the country. But, I have to say that every time we lose another tool in our toolkit, you know? It raises the risk. And so if we have — if that tool is taken away from us, 215, and some untoward incident happens which could have been thwarted had we had it I just hope that everyone involved in that decision assumes responsibility. And it not be blamed if we have another failure exclusively on the intelligence community.

At one level, I’m absolutely sympathetic with Clapper’s worries about getting blamed if there’s another attack (or something else untoward). In some cases (particularly in the aftermath of the 2009 Nidal Hasan and Umar Farouk Abdulmutallab attacks), politicians have raised hell about the Intelligence Community missing a potential attack. But that really did not happen after the Boston Marathon; contemporaneous polls even said most people accepted that you couldn’t prevent every attack. Moreover, in that case, NSA — the entity running the phone dragnet — was excluded from more intensive Inspector General review, as NSA has repeatedly been in the past (including, to a significant extent, the 9/11 attack), even though it had collected data on one or both of the Tsarnaev brothers but not accessed it until after the attack. In other words, NSA tends not to be held responsible even when it is.

Clapper’s fear-mongering has gotten most of the attention from that Q&A, even more than Clapper’s admission elsewhere that “moderate” in Syria — he used scare quotes — means “anyone who’s not affiliated w/I-S-I-L.”

But on the phone dragnet, I found this a far more intriguing exchange.

Q: And just to be clear, with the private providers maintaining that data, do you feel you’ve lost an important tool?

Clapper: Not necessarily. It will depend though, for one, retention period. I think, given the attitude today of the providers, they will probably do all they can to minimize the retention period. Which of course, from our standpoint, lessens the utility of the data, because you do need some — and we can prove this statistically — you do need some historical data in order to, if you’re gonna discern a pattern. And again, 215 to me, is much like my fire insurance policy. You know, my house has never burned down but every year I buy fire insurance just in case.

In general, discussions about why the NSA needs 5 years of phone dragnet have used a sleeper argument: a suspect might have spoken to someone of interest 4 years ago, which would be an important connection to identify and pursue. But that’s not what Clapper says here. They need years and years of our phone records not to find calls we might have made 5 years ago, but to “discern patterns.”

Well, that changes things a bit, and may even suggest how they’re actually using the phone dragnet.

While we know they have, at times, imputed some kind of meaning to the lengths of calls — for a while they believed calls under 2 minutes were especially suspicious until they realized calls to the pizza joint also tend to be under 2 minutes — there’s another application where pattern analysis is even more important: matching burner phones. You need a certain volume of past calls to establish a pattern of a person’s calls so as to be able to identify another unrelated handset that makes the same pattern of calls as the same person.

Connection chaining, not contact chaining.

Clapper’s revelation that they need years of retention for pattern analysis, not for contact chaining, seems consistent with the language describing the chaining process under USA Freedom Act.

(I) using the specific selection term that satisfies the standard required under subsection (b)(2)(C)(ii) as the basis for production; and

(II) using call detail records with a direct connection to such specific selection term as the basis for production of a second set of call detail records;

That is, they’d be getting all the calls the target had made, as well as all the calls an identifiable target’s associate or additional phone had made.

And remember, one of the NSA’s two greatest “successes” with the phone dragnet — when they found that Adis Medunjanin, whom they already knew to be associated with Najibullah Zazi, had a phone they hadn’t known about — involves burner matching. That match took place at an important moment, too, when the NSA had turned off its automatic correlation process (which uses a dedicated database to identify the other known identities of a person in a chain), and when its queries were as closely controlled as they ever have been in the wake of the massive violations in 2009. At a time when they were running a bare bones phone dragnet, they were still doing burner matching, and considered that a success.

Now, let me be clear: matching the burner phones of real suspects is a reasonable use for a phone dragnet, though the government ought to provide more clarity about whether they’re matching solely on call patterns or on patterns of handset use, including on the Internet. It’d also be nice if anyone caught in this fashion had some access to the accuracy claims the government has made and the basis used to make those accuracy claims (for one incarnation of the Hemisphere dragnet, DEA was claiming 94% accuracy, based of 10 years of data and, apparently, multiple providers). And this points to the importance of retaining FISC review of the targets, because people for whom there is not reasonable articulable suspicion of ties to terrorism ought to be able to use burner phones.

James Clapper’s office has gone to great lengths to try to hide any mention of pattern analysis in declassified discussions of the phone dragnet. Apparently, Clapper doesn’t think that detail needs to be classified anymore.

image_print
3 replies
  1. rosalind says:

    Clapper was also on Charlie Rose for the hour last night. He has diff. takeaway from the public polling:
    .
    “A common theme of every one of those critiques has been that the government should have been more intrusive,” said Clapper. “It was true of the Christmas bomber, it was true in Fort Hood, and it’s true in the Boston Marathon.” Clapper says he interprets those criticisms as meaning that the intelligence community should “do more intensive surveillance of people who live in this country.”
    .
    His freakout when Charlie asks if he shares info with Iran is one for the ages.
    .
    http://www.cbsnews.com/news/james-clapper-post-attack-critiques-show-desire-for-more-intrusion/

  2. DannyD says:

    I think that he’s just underestimated the amount of pattern matching thats going on in relation to any tidbit of info that he produces around this topic.

    Not making the claim that it shouldn’t be the case, just noting how even he has patterns of language that might slip out during a seemingly friendly Q&A session. I expect that he’s used terms very similar when having classified discussions too; with much greater detail and information though.

  3. Harry says:

    Regarding pattern analysis, i have often wondered whether the NSA takes ALL the phone number links collected by ongoing chain analysis of ALL RAS-qualified foreign numbers and placing them ALL into a separate database (call it R) and examining ALL of the communication links in R for patterns. If a pattern emerges — and it might make sense that a pattern would emerge since terrorists are undoubtedly trained in communications security — then the NSA could identify in the R database all patterns of communications links that resemble the terrorist-pattern archetype. In addition, once this pattern is identified, it would be technically possible — wouldn’t it? — for the NSA to search the entire telephone metadata database for patterns on the theory that the foreign linked phone number establishes RAS. In other words, under the existing rules, would a FISA judge accept the view that a pattern of communications is enough to justify RAS and authorize a search of the comprehensive database? i think it might. Of course all the communications links collected under this search of the comprehensive database would flow into R and the process would repeat itself.

Comments are closed.