Critics question whether NSA data collection is effective

The mass collection of data overwhelms investigators with information, critics at privacy conference say

The recently revealed mass collection of phone records and other communications by the U.S. National Security Agency may not be effective in preventing terrorism, according to some critics.

The data collection programs, as revealed by former NSA contractor Edward Snowden, is giving government agencies information overload, critics said during the Computers, Freedom and Privacy Conference in Washington, D.C.

"In knowing a lot about a lot of different people [the data collection] is great for that," said Mike German, a former U.S. Federal Bureau of Investigation special agent whose policy counsel for national security at the American Civil Liberties Union. "In actually finding the very few bad actors that are out there, not so good."

The mass collection of data from innocent people "won't tell you how guilty people act," German added. The problem with catching terrorism suspects has never been the inability to collect information, but to analyze the "oceans" of information collected, he said.

Mass data collection is "like trying to look for needles by building bigger haystacks," added Wendy Grossman, a freelance technology writer who helped organize the conference.

But Timothy Edgar, a former civil liberties watchdog in the Obama White House and at the Office of Director of National Intelligence, partly defended the NSA collection programs, noting that U.S. intelligence officials attribute the surveillance programs with preventing more than 50 terrorist actions. Some critics have disputed those assertions.

Edgar criticized President Barack Obama's administration for keeping the NSA programs secret. He also said it was "ridiculous" for Obama to suggest that U.S. residents shouldn't be concerned about privacy because the NSA is collecting phone metadata and not the content of phone calls. Information about who people call and when they call is sensitive, he said.

But Edgar, now a visiting fellow at the Watson Institute for International Studies at Brown University, also said that Congress, the Foreign Intelligence Surveillance Court and internal auditors provide some oversight of the data collection programs, with more checks on data collection in place in the U.S. than in many other countries. Analysts can query the phone records database only if they see a connection to terrorism, he said.

The U.S. has some safeguards that are "meaningful and substantive, although I'm sure many in this room ... and maybe even me, if I think about it long enough, might think they're not good enough," Edgar said.

While German noted that the NSA has reported multiple instances of unauthorized access by employees to the antiterrorism databases, Edgar defended the self-reporting. "It's an indication of a compliance system that's actually meaningful and working," he said. "If you had a compliance system that said there was no violation, there were never any mistakes, there was never any improper targeting that took place ... that would an indication of a compliance regime that was completely meaningless."

The mass data collection combined with better data analysis tools translates into an "arms race" where intelligence officials try to find new connections with the data they collect, said Ashkan Soltani, a technology and privacy consultant. New data analysis tools lead intelligence officials to believe they can find more links to terrorism if they just have "enough data," but that belief is "too much sci fi," he said.

"This is the difficult part, if you're saying that if we have enough data we'll be able to predict the future," the ACLU's German said.

Many U.S. intelligence officials are suspect of tech vendor claims about predictive analysis, Edgar countered. However, link analysis -- the tracking of suspects through communications with other known criminals or terrorists -- is a "very powerful tool," he said. It may be possible to use sophisticated cryptographic techniques to do that kind of analysis without the bulk collection of phone records, he said.

"The [internal] compliance regime is not the best answer for privacy," Edgar said. "The best answer is not to take the data in the first place, then you don't have to worry about compliance."

The ACLU has concerns about link analysis, because it creates a massive list of suspicious people that overwhelms investigators, German said. "What link analysis creates is suspicion upon the people that suspicious people are linked to," he said. "That growing cloud of suspicion can never been cleared."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Bureau of InvestigationtelecommunicationMike GermanU.S. National Security AgencyU.S. Office of Director of National IntelligenceBarack ObamainternetprivacyAshkan SoltaniBrown UniversityAmerican Civil Liberties UnionsecurityEdward SnowdenTimothy EdgarlegalWendy Grossmangovernment

More about Federal Bureau of InvestigationIDGNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place