On November 29, the NSA will formally end the practice of collecting bulk metadata – records of calls between people but not the actual contents of those calls. Instead, the agency will rely on phone companies to keep the data for use by the NSA upon presentation of a court order. On that day, Americans will become less safe, argued Adm. Michael Rogers, the director of the NSA and U.S. Cyber Command, before the Senate Intelligence Committee. It was Rogers’s first appearance before the committee since the passage of the USA Freedom Act in May. Rogers has said little about the bill publicly. On Thursday, Rogers was able to paint the change in law as dire, not only for intelligence gathering, but the safety of the American people.
Sen. Dan Coats, R-Ind., asked Rogers to imagine this: a plane takes off in Boston and turns south toward New York when it was scheduled to go to Montreal. The plane will enter New York airspace in 15 minutes. Theoretically, one of the passengers may have recently been in phone contact with a known terrorist, a clear warning signal. The question Coates put to Rogers: would he be able to get information about the passengers or other suspects in time to act?
“Under the previous framework, I, as the head of the NSA, was delegated the authority and the responsibility in emergency situations to authorize access to the data. I then had to go to the [FISA] court and to the attorney general and put into writing why I did it, what I did, and what the basis for that decision was,” Rogers answered. “Now as we transition to the new law, which we have to have firmly in place by November the 29th, I have lost that authority. It has now been raised to the attorney general and I will have to approach the attorney general for why she needs to authorize emergency access.”
When asked if that would add time to the process, he answered, “It is probably going to be longer. I suspect we’ll find out.”
Is that enough time to get the necessary data to stop the runaway plane?
“Not in minutes,” he answered. “Probably can’t do it in minutes.”
It’s a dramatic scenario, but hardly a common one. Rogers said that he used such emergency authorities in just a handful of cases. In those circumstances, “we were getting ready to pursue tactical action somewhere in the world that I was afraid was going to precipitate a reaction from ISIL and other groups, and as a result I authorized access to the data and then informed the court and the attorney general.” In other words, American troops’ lives were at stake. The process of getting data in such an emergency would typically take less than 24 hours, he said, and declined to guess how long it would take under the new law.
The Obama administration pushed hard for the end of metadata collection, so Rogers’s testimony marks a rare moment of discord with the president.
When asked by Sen. Ron Wyden, D-Ore., the most outspoken privacy advocate on the committee, whether ending the collection of metadata would harm intelligence gathering, Rogers answered: “Yes.” He then referred to last year’s National Academy of Sciences publication, Bulk Collection of Signals Intelligence: Technical Options. The report says, “There is no software technique that will fully substitute for bulk collection where it is relied on to answer queries about the past after new targets become known.”
But Rogers also rejected the notion that passage of the act was a good thing for the former. Under the previous system, he said, no more than 30 NSA employees had access to sensitive personal metadata. “We monitor every keystroke they use to access that data,” he said.
Under the new system, unknown numbers of telephone company employees would do what a handful of carefully-monitored NSA employees used to do. (Those telephone company employees, of course, would be limited by law in terms of what they could do with it.) When asked by Sen. Susan Collins, R-Maine, whether that new arrangement didn’t present far greater privacy concerns, Rogers said, coyly, “I would respectfully submit that’s for others to describe.”
But it was in answer to a question by Florida republican senator and presidential contender Marco Rubio where Rogers was his most eloquent. When asked to compare China’s approach to data, privacy, and intellectual property to that of the United States, Rogers answered: “They believe that access to communications and data is a sovereign right. We reject that notion.”
Access to data is a privilege—one that he doesn’t want to give up.