Of the many questions that still surround the National Security Agency’s vast global spying operations, one seems especially pertinent: Do they actually work? That is, have they helped to prevent terrorist attacks against Americans?
In the case of the NSA’s phone-data program -- in which the agency vacuums up information about essentially every call made by Americans -- it’s getting harder and harder for the government to answer yes. The latest evidence comes from a report last week by the Privacy and Civil Liberties Oversight Board, an independent federal agency established on the recommendation of the Sept. 11 Commission to balance the right to liberty against the need to prevent terrorism.
The board -- which had access to classified information -- offered this blunt assessment:
“We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation,” the report says. “Moreover, we are aware of no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.”
In evaluating the NSA’s stunning surveillance capabilities, revealed by former contractor Edward Snowden beginning last June, the question always should be whether the benefits are worth the costs. By now it’s obvious that the oversight of this phone program was insufficient. The benefit of having the records in the first place, however, was always couched in more practical terms by the NSA and its supporters in Congress: It was helping thwart terrorist attacks.
The NSA has asserted that bulk data collection has played some role in disrupting 54 “terrorist events.” Of those, only 12 involved the phone-data program in some capacity. The privacy board examined each in detail. In the only case where the program may have helped the government identify a terrorism suspect -- a San Diego cab driver named Basaaly Moalin, who was sending money to the Somalian terrorist group al-Shabaab -- there was no threat of an attack on the U.S. and no reason to conclude that a bulk data-collection program was necessary to determine the connection.
None of which is to say that the program could never prove useful. The privacy board found that bulk collection has some limited benefits: It can help investigators find leads on existing suspects (almost always by corroborating information they already have), and it can help confirm that a foreign terrorist plot does not have a U.S. connection, thus helping conserve law-enforcement resources. The data could also be useful in investigating an attack after the fact. And there could be benefits that the government hasn’t yet revealed.
But all this comes with clear drawbacks. The program is objectively intrusive, unpopular with the public and legally dubious. The most profound cost, of course, is as abstract as the program’s supposed benefits: The simple act of collecting and storing so much personal information on citizens -- in secret, without probable cause -- erodes the very notion of American liberty.
For all that, if the program were essential for stopping terrorist attacks and saving American lives, it might still be worthwhile.
Yet almost everyone who has looked into the program in detail has concluded that it isn’t an essential tool in preventing terrorist attacks and that it has demonstrated little or nothing of unique investigative value. A review group appointed by the president in August came to roughly the same conclusion as the privacy board on this score. So have two members of the Senate intelligence committee. So did a federal judge. Meanwhile, several attempted terrorist attacks on the U.S. -- notably one by Faisal Shahzad, a U.S. citizen who tried to detonate a car bomb in New York’s Times Square -- have evaded the program’s dragnet.
After seven years of evidence, in other words, the basic premise used to rationalize this program has never been validated. What’s left to justify its costs?
To contact the Bloomberg View editorial board: firstname.lastname@example.org.