NSA Metadata Program Likely Not Cost-Effective, Researchers Say

A pair of academic researchers decided to have a look at whether the NSA–and by extension, the American people–is getting anything worthwhile for the untold millions spent on the metadata program.

While much of the coverage of the surveillance programs revealed by Edward Snowden have focused on the legality and constitutionality of the collection of metadata and Internet traffic in the name of counter-terrorism and national security, the question of whether these programs are actually cost effective has gone largely unexamined. But a pair of academic researchers decided to have a look at whether the NSA–and by extension, the American people–is getting anything worthwhile for the untold millions spent on the metadata program. Their conclusion: probably not.

The metadata program, which was the first surveillance system revealed by Snowden in June, is authorized under Section 215 of the USA PATRIOT Act and enables the NSA to collect and store phone call records under blanket court orders. The agency can store these records for five years, and they include information such as the originating and terminating phone numbers and the length of each call; they don’t include call content. Administration and intelligence officials have said in the wake of the Snowden leaks that collecting this data enables them to “connect the dots” among various disparate pieces of intelligence and suspects in order to conduct terrorist investigations. They also have argued that the disclosure of the Section 215 surveillance program and others in recent months have caused serious damage to American intelligence capabilities.

However, as the authors of the new paper, John Mueller, an adjunct political science professor at Ohio State University, and Mark G. Stewart, Professor and Director, Centre for Infrastructure Performance and Reliability at The University of Newcastle in Australia, note, terrorists have known for decades that the NSA is listening to their electronic communications. The current set of revelations hasn’t given them significantly more information, they argue.

“It is possible that the current revelations will impress the terrorists even further about the extent of the surveillance effort. But even if that is so, the effect would mainly be to make their efforts to communicate even more difficult and inconvenient,” the write in their paper, which was produced for the journal I/S.

“Conceivably, as some maintain, there still exist some exceptionally dim-witted terrorists or would-be terrorists who are oblivious to the fact that their communications are rather less than fully secure. But such supreme knuckle-heads are surely likely to make so many mistakes—like advertising on Facebook or searching there or in chatrooms for co-conspirators—that sophisticated and costly communications data banks are scarcely needed to track them down.”

In their paper, Mueller and Stewart try to determine what the cost of the metadata collection program might be, not just in monetary terms, but also in terms of other lost opportunities and damage to privacy. The budget for the program is classified, but the authors say that the direct costs of it could be relatively low. They caution, however, that the dollar figure the NSA spends on the program isn’t the only one that matters. There is also the cost of following up on whatever leads the metadata program generates, as well as the privacy cost to citizens whose records end up in the database, something that’s difficult to quantify.

Mueller and Stewart also are concerned with the effectiveness of the metadata program, and look closely at the infamous group of 54 terrorist incidents or plots that NSA Director Keith Alexander has cited as being identified or disrupted through the use of the Section 215 surveillance. The list of incidents itself is classified, but NSA officials have testified that 90 percent of them were identified using section 702 surveillance, which is the authority for the so-called PRISM program that collects Internet traffic.

“Thus, the 215 program, in which metadata are accumulated and stored for all telephone calls within the United States, presumably played a role only in around 5 cases over the course of the program. According to General Alexander, only 13 of the 54 cases on the classified list had a ‘homeland nexus,’ the others having occurred in Europe (25), in Asia (11), and in Africa (5),” the paper says.

“Four of the cases, all presumably included in the ‘homeland nexus’ subset, were publicly discussed in Congressional testimony on June 18, 2013, by Alexander and by Sean Joyce, Deputy Director of the FBI. Insofar as NSA surveillance played a role at all in these cases, it seems that it was the 702 program, not the 215 one, that was relevant.”

That one case, the authors say, appears to be one that involved a Somali cab driver living in San Diego who had sent some money to a group in his native country that was fighting Ethiopia. They authors cite comments from Sen. Patrick Leahy that say the cases described by Alexander “weren’t all plots and they weren’t all disrupted.”

“Absent such information, and keeping in mind the impressive record of dissembling that NSA has so far amassed, it does seem to be a reasonable suspicion—supported by the public comments of Senator Leahy—that the four cases discussed represent not a random selection from the list, but the best they could come up with. It that it so, the achievements of 215 do seem to be decidedly underwhelming,” the authors say.

Mueller and Stewart conclude that in order for the metadata program to be cost-effective, the price tag would need to be quite low.

“Although the cost of the 215 program remains classified, it is possible to calculate how much that cost would have to be for the program to be cost-effective. Even making some generous assumptions about its effectiveness, the program would be cost-effective only if its full price tag (including all the cost considerations arrayed above) is less than $33.3 million per year. The full NSA budget, for reference, is about $10 billion,” they conclude.

“It seems likely that ‘on net’ (as the President puts it) the highly-controversial 215 program could also safely be retired for ‘operational and resource reasons’ with little or no negative consequences to security…”

Image from Flickr photos of Christopher Brown

Suggested articles

Cybersecurity for your growing business
Cybersecurity for your growing business