Here’s How Metadata on Billions of Phone Calls Predicts terrorist Attacks
Yesterday, when NSA Director General Keith Alexander testified before the House Committee on Intelligence, he declared that the NSA’s surveillance programs have provided “critical leads to help prevent over 50 potential terrorist events.” FBI Deputy Director Sean Boyce elaborated by describing four instances when the NSA’s surveillance programs have had an impact: (1) when an intercepted email from a terrorist in Pakistan led to foiling a plan to bomb of the New York subway system; (2) when NSA’s programs helped prevent a plot to bomb the New York Stock Exchange; (3) when intelligence led to the arrest of a U.S. citizen who planned to bomb the Danish Newspaper office that published cartoon depictions of the Prophet Muhammad; and (4) when the NSA’s programs triggered reopening the 9/11 investigation.
So what are the practical applications of internet and phone records gathered from two NSA programs? And how can “metadata” actually prevent terrorist attacks?
Metadata does not give the NSA and intelligence community access to the content of internet and phone communications. Instead, metadata is more like the transactional information cell phone customers would normally see on their billing statements—metadata can indicate when a call, email, or online chat began and how long the communication lasted. Section 215 of the Patriot Act provides the legal authority to obtain “business records” from phone companies. Meanwhile, the NSA uses Section 702 of the Foreign Intelligence Surveillance Act to authorize its PRISM program. According the figures provided by Gen. Alexander, intelligence gathered based on Section 702 authority contributed in over 90% of the 50 cases.
One of major benefits of metadata is that it provides hindsight—it gives intelligence analysts a retrospective view of a sequence of events. As Deputy Director Boyce discussed, the ability to analyze previous communications allowed the FBI to reopen the 9/11 investigation and determine who was linked to that attack. It is important to recognize that terrorist attacks are not orchestrated overnight; they take months or years to plan. Therefore, if the intelligence community only catches wind of an attack halfway into the terrorists’ planning cycle, or even after a terrorist attack has taken place, metadata might be the only source of information that captures the sequence of events leading up to an attack. Once a terrorist suspect has been identified or once an attack has taken place, intelligence analysts can use powerful software to sift through metadata to determine which numbers, IP addresses, or individuals are associated with the suspect. Moreover, phone numbers and IP addresses sometimes serve as a proxy for the general location of where the planning has taken place. This ability to narrow down the location of terrorists can help determine whether the intelligence community is dealing with a domestic or international threat.
Even more useful than hindsight is a crystal ball that gives the intelligence community a look into the future. Simply knowing how many individuals are in a chat room, how many individuals have contacted a particular phone user, or how many individuals are on an email chain could serve as an indicator of how many terrorists are involved in a plot. Furthermore, knowing when a suspect communicates can help identify his patterns of behavior. For instance, metadata can help establish whether a suspect communicates sporadically or on a set pattern (e.g., making a call every Saturday at 2 p.m.). Any deviation from that pattern could indicate that the plan changed at a certain point; any phone number or email address used consistently and then not at all could indicate that a suspect has stopped communicating with an associate. Additionally, a rapid increase in communication could indicate that an attack is about to happen.
Metadata can provide all of this information without ever exposing the content of a phone call or email. If the metadata reveals the suspect is engaged in terrorist activities, then obtaining a warrant would allow intelligence officials to actually monitor the content of the suspect’s communication.
In Gen. Alexander’s words, “These programs have protected our country and allies . . . [t]hese programs have been approved by the administration, Congress, and the courts.” Now, Americans will have to decide whether they agree.
Pierre Hines is a Defense Council Member. This article originally appeared on Quartz.