National Academies Report on Bulk Signals Intelligence

On January 15, 2015, the National Research Council released a report entitled Bulk Collection of Signals Intelligence: Technical Options. Responding to PPD-28, the document was requested by the Office of the Director of National Intelligence to “assess the feasibility of creating software that would allow the Intelligence Community more easily to conduct targeted information acquisition rather than bulk collection.” In my opinion, the recently released NAS report on bulk surveillance adds a number of important points to the public debate.  (Full disclosure: I was involved with developing early versions of the report.) The report points out that the terminology and conceptual framework used in much of the debate over surveillance is confusing and misleading.  Even the distinction between bulk and targeted surveillance is not particularly helpful, given that “bulk collection” and “targeted collection” appear to exist along a continuum rather than being qualitatively different kinds of collection. The report points out given a policy decision to continue bulk collection, controlling the use of data so collected is a way to protect the privacy interests of affected parties.  Today, the NSA has a variety of strong manual controls for this purpose, but there are opportunities today for NSA to enhance the automated controls it also has in place.  But whether enhancing the present automated controls will be reassuring to the American people is a policy judgment that the report does not address—but that policy makers and the public must. Bulk data (that is, data acquired through bulk collection) is useful for a variety of intelligence uses that go beyond tactical counterterrorism scenarios.  Since the latter has been the focus of most of the public argument about bulk collection (of metadata from domestic telephone calls), understanding that bulk collection is useful in many different ways puts a spin on its potential value that has not been widely heard to date. As new forms of communications technology emerge, it is certain that other kinds of data will become useful—and it is better to start thinking about that now.  For example, the data-metadata distinction distinguishing between the content of a phone call and the calling/called parties may have been useful in 1979, but today’s communications environment cannot be characterized so simply.  The report suggests that with so many modalities and different forms of data being exchanged, the existing policy and legal framework governing surveillance is likely to be inadequate. But beyond all that, perhaps the most important point of the report is what it does not say.  It concludes that giving up bulk surveillance entirely will entail some costs to national security, but it does not say that we should keep or abandon bulk surveillance.  National security is an important national priority and so are civil liberties.  We don’t do EVERYTHING we could do for national security – we accept some national security risks.  And we don’t do everything we could do for civil liberties – we accept some reductions in civil liberties.  Where, when, and under what circumstances we accept either -- that’s the most important policy choice that the American people can make.

***

Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Research Fellow at the Hoover Institution, both at Stanford University.  His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy.  In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University.  Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.