Remember when, about five years ago, a program called Total Information Awareness (TIA) came to light. TIA was a plan to create a massive government database of personal information which would then be data mined. The program led to a public outcry, with William Safire writing a blistering op-ed in the New York Times attacking TIA. In 2003, Congress voted to deny it funding.
According to the Wall Street Journal, something very similar to TIA is now being done by the NSA:
The National Security Agency, once confined to foreign surveillance, has been building essentially the same system.
The central role the NSA has come to occupy in domestic intelligence gathering has never been publicly disclosed. But an inquiry reveals that its efforts have evolved to reach more broadly into data about people’s communications, travel and finances in the U.S. than the domestic surveillance programs brought to light since the 2001 terrorist attacks. . . .
Largely missing from the public discussion is the role of the highly secretive NSA in analyzing that data, collected through little-known arrangements that can blur the lines between domestic and foreign intelligence gathering. Supporters say the NSA is serving as a key bulwark against foreign terrorists and that it would be reckless to constrain the agency’s mission. The NSA says it is scrupulously following all applicable laws and that it keeps Congress fully informed of its activities.
According to current and former intelligence officials, the spy agency now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records. The NSA receives this so-called “transactional” data from other agencies or private companies, and its sophisticated software programs analyze the various transactions for suspicious patterns. Then they spit out leads to be explored by counterterrorism programs across the U.S. government, such as the NSA’s own Terrorist Surveillance Program, formed to intercept phone calls and emails between the U.S. and overseas without a judge’s approval when a link to al Qaeda is suspected.
The article continues, discussing how the debate over the Foreign Intelligence Surveillance Act (FISA) and immunity for telecommunications companies is only getting at the tip of the iceberg:
It isn’t clear how many of the different kinds of data are combined and analyzed together in one database by the NSA. An intelligence official said the agency’s work links to about a dozen antiterror programs in all.
A number of NSA employees have expressed concerns that the agency may be overstepping its authority by veering into domestic surveillance. And the constitutional question of whether the government can examine such a large array of information without violating an individual’s reasonable expectation of privacy “has never really been resolved,” said Suzanne Spaulding, a national-security lawyer who has worked for both parties on Capitol Hill.
NSA officials say the agency’s own investigations remain focused only on foreign threats, but it’s increasingly difficult to distinguish between domestic and international communications in a digital era, so they need to sweep up more information.
All this occurs with little to no oversight. Congress seems unwilling to perform much of an oversight role. The courts are not all that excited about it either. The Supreme Court has already limited the reach of the Fourth Amendment, making it possible for the government to collect records from businesses with no oversight and few limits. The courts today are finding many ways to dismiss lawsuits challenging the NSA surveillance — through an expansive application of the state secrets doctrine or through uncharitable views of plaintiffs’ standing to bring a challenge. The Executive Branch, it seems, can do whatever it wants. All of this strikes me as a tremendous failure of our political system.
Originally Posted at Concurring Opinions
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.