Computers Can't Eavesdrop

Computers can’t spy. They can’t violate your privacy, because they don’t know that you exist. They are the solution to Americans’ hyperactive privacy paranoia, not its nightmare confirmation.

The furor over the National Security Agency’s al Qaeda phone-tracking program has been inflamed by conflating computer scanning with human spying. Administration critics and the media have thrown around the phrases “domestic surveillance” and “warrantless eavesdropping” to refer to what appears to be computer analysis of vast amounts of communications traffic.

In only the most minute fraction of cases has a human mind attended to the results — at which point, the term “eavesdropping” may become appropriate. Most of the time, however, the data passed through NSA’s supercomputers without any sentient being learning what the data were.

Anyone who feels violated by the possibility that his international phone calls or e-mails joined the flood of zeros and ones that feed the NSA’s machines - only to be passed by, undeciphered - must believe that his individuality can spark interest even in silicon chips.

But although the program did not in the vast majority of cases violate privacy, it probably did violate the Foreign Intelligence Surveillance Act. That should be a warning: National-security law needs reform if we want to deploy one of our greatest assets — computer technology — against terrorists.

The facts about the NSA program remain unknown: Administration accounts and media reports are conflicting and incomplete. Assuming some truth in what’s come out, it seems that when U.S. soldiers and operatives abroad seize phones and computers from al Qaeda suspects, NSA computers start tracking communications to and from the phone numbers and e-mail addresses so acquired - including communications with people in America.

Some of that mechanized tracking, it appears, simply follows calling or e-mailing patterns to and from the intercepted numbers and Web addresses — looking solely at phone numbers and e-mail addresses, without analyzing content. Other aspects of the program may search for key phrases. And, perhaps in a small percentage of cases, an NSA agent may monitor the content of highly suspicious communications between al Qaeda operatives and U.S. residents.

Under FISA, all of those methods require a court order if any of the tracked numbers or addresses belong to U.S. citizens or legal residents.

Yet using a computer to follow phone numbers called and email addresses contacted, or to search for key words in conversations is (assuming no followup government action) a privacy-protecting measure. As a computer scans millions of conversations, it has no sensitivivity to meaning - no more than the calculator you use to figure out your taxes is privy to your income and debt levels.

Moreover, the Supreme Court has held that there is no Fourth Amendment privacy interest in the numbers you dial from or receive into your phone. Phone companies already use that information to (among other things) pitch new calling plans to subscribers.

Yet FISA’s warrant requirement remains.

The barriers to using our computer capacity grow even more daunting when the government wants to use computers to find Jihadist language in communications. Remember: A computer can’t eavesdrop on a conversation because it doesn’t “know” what anyone is saying, and a key-word detection program would exclude from computer analysis all conversations and all parts of conversations that don’t use suspicious language. Nevertheless, such an insensate tracking becomes “surveillance” for FISA purposes.

Thus, to put a computer to work sifting through thousands of phone conversations or e-mail messages a day, the NSA must convince the FISA court that there is probable cause to believe that every U.S. resident whose conversations will be dumbly scanned is an agent of a foreign power knowingly and illegally gathering intelligence or planning terrorism.

That requirement is both unworkable and unnecessary. It is wrong to consider computer analysis a constitutional “search” of data that haven’t been selected for further inspection. Only when authorities order a followup investigation on selected results should a probable-cause standard come into play.

FISA’s probable-cause standard is a belated encroachment on national defense that contravened centuries of constitutional thinking. The Fourth Amendment’s probable-cause requirement governs criminal prosecution — to ensure that the government’s police powers are correctly targeted and do not unreasonably invade privacy.

But judges and criminal evidentiary standards should be irrelevant when the government is gathering intelligence to prevent an attack on the country. A federal judge has no expertise in evaluating the need for and significance of foreign intelligence information. And the standard for gathering intelligence on our enemies should be lower than that for bringing the government’s penal powers to bear on citizens.

At the very least, we should not make matters worse by equating computer interception of large-scale data with “surveillance” under FISA. Requiring probable cause for computer analysis of intelligence data would knock out our technological capacity in the War on Terror almost as effectively as a Jihadist strike against NSA’s computers.