National Review‘s Stephen Spruiell takes issue with a pair of posts earlier this week that mentioned his recent article on the NSA’s sweeping phone records data mining program. We had a quick e-mail exchange, and I figured I might as well post a bit of that here.

Spruiell’s problem with the first post, I think, is just a function of a minor misunderstanding. He took it to be a critique of his article’s contention that under existing Supreme Court precedent, the kinds of records the NSA has been collecting don’t have Fourth Amendment protection. But I agree that’s what the precedent says. My first post mentioned his article, but wasn’t intended primarily as a response to it. My point wasn’t to deny what the precedent clearly does say, but to argue that the arguments on which it was based no longer make sense in light of current technology (if they ever did).

The second post was a response to his piece, though, so let me run through that. Sez he:

[The] the federal statutes that govern electronic privacy, like the Stored Communications Act, were written with individualized investigations in mind. The government is legally entitled to these phone records once it has a suspect — all it usually takes is a subpoena. But what if the NSA needs hundreds of millions of phone records just to identify the suspect? It’s difficult to imagine that in 1986 Congress could even imagine this scenario, let alone intend to proscribe it. On the contrary, the SCA includes a section that permits the phone companies to share these types of records as long as they are authorized by the attorney general, and AT&T has already indicated that it was.

I don’t think that follows. There are many kinds of searches that involve technology that the Founders could never have conceived. That doesn’t mean the Fourth Amendment doesn’t apply to them, any more than it means the Second Amendment doesn’t cover automatic weapons. But the key point here, which was beind the “level of scorn” I displayed for that argument, is that it would make no sense to prohibit the first kind of information gathering but allow the second, since that would render the first prohibition effectively moot. You can always extract the targeted information from the bulk info later. It’s like banning individual murder but allowing mass bombing. And my understanding was that the provisions allowing information gathering pursuant to authorization by the attorney general are supposed to involve emergencies—stuff of the “find the kindapper before he moves or kills his victim” stripe. I guess now we’re supposed to let them drive a truck through that exemption on the grounds that the War on Terror is a permanent emergency, and anyone might be a terrorist?

Spruiell’s other main beef is with my use of hypotheticals, which he sees as an unfair attempt to substitute imaginary abuses for criticsm of the actual NSA program (insofar as we know about it, anyway). So here’s what we hashed out over e-mail. I’ll intersperse a slightly edited version of my argument with his responses in quote-box:

I still find this argument against hypotheticals puzzling. The program is going to remain secret, so the general public won’t know whether it’s being abused unless something happens to leak out. So it seems like the relevant question is: Should we at least have some kind of judicial oversight process, so that someone not at the agency is paying attention to whether people’s privacy is being invaded? And I’d think that depends on how we answer the question: Could people with access to this data uncover information most people would reasonably want to keep private? Which is, of course, a hypothetical question. The Supreme Court’s privacy jurisprudence is full of questions like that when they’re trying to decide what sorts of searches require a judge to sign off on them in advance: The Kyllo decision on thermal imaging involves a hypothetical about officers discovering what time the “lady of the house takes her bath.” Does that make Scalia an alarmist crackpot? Isn’t every similar question about whether oversight is necessary going to involve some variant on “can we think of ways this might plausibly be abused in the absence of oversight”? I just don’t see what other standard you’d use: If it’s a new program, and the majority of us are never get to see how it’s being used in any detail anyway, hypotheticals are the only thing we’ve got.

To which Spruiell replies:

My point about the hypothetical abuses in this case is that they are so improbable as to mislead people about what the program actually is. First of all, as for what we don’t know about the program, it is not true that there is no oversight at all. We don’t know what the NSA does when the program identifies a suspicious number — i.e. what kind of judicial oversight applies. But there is congressional oversight — members of both parties were and are regularly briefed on the program. So there is some oversight to prevent the more imaginative abuses I’ve heard critics propose.
As for what we do know about the program, it is just highly unlikely that it is invading anyone’s privacy. The records are stripped of identifying information and fed into a computer that looks for links and patterns. As the computers look for these links and patterns, they’re not looking for information that most people reasonably want to keep private, even if you threw Smith out the window. They’re looking for links to numbers connected to terrorism, not phone calls to mistresses or bookies or any of the other many examples I’ve heard. I mean, anything’s possible, but at some point you have to draw the line and say, is it reasonable to think that this is what the NSA is doing? Digging through millions of Americans’ personal lives, creating dossiers on everyone they’re calling, etc.? If nothing else, what a colossal waste of time and resources. How would they have time for anything else? I guess my problem with the hypothetical arguments is that they’re frustrating to deal with. Any abuse is possible if the NSA were to reconfigure the entire program to, say, search for people’s links to hookers, or Kevin Bacon, or any number of things that it’s not designed to look for. But why should we think they would do that?

My reply: I’m puzzled that you think some kind of tinfoil beanie’s required to have qualms about what might be done with this information once they’ve got it on record. Am I *actually* worried they’re checking how often I order pizza? Well, not so much. Am I worried they might decide that what’s good enough for terrorists is dandy for drug dealers or people who gamble online (which Washington state seems poised to make a felony on the bet-placing end)? It would scarcely be a first. The DoD’s own “Report from the Field” on the PATRIOT Act was chock full of stories about how helpful it proved in tracking down E traffickers and a “cyberterrorist” (i.e. some snotty hacker kid). Am I worried they’ll decide it’s silly to bother with court orders for targeted information requests when they can just extract that information from the database they’ve already got? That with records of who activists or candidates or elected offices are calling (without names, but easily enough linked to them) on hand, such information might be “collected and disseminated in order to serve the purely political interests of an intelligence agency or the administration, and to influence social policy and political action”? That’s verbatim from the Church Committee’s findings in 1976, so if it’s a “colossal waste of time and resources,” it wouldn’t be a novel one. We don’t know they’re going to do that, but I can’t see what historical warrant there is for adopting the default position that they’re going to play it Queensbury without some more robust checks than are in place now.

I’ll give him the final word:

I don’t think it’s loony to imagine the abuses you describe. I agree it would be preferable to know more about the program, and I have written on my site about the need for the administration to end this ridiculous “It’s a legal program! But we can’t confirm its existence” two-step.

On the other hand, these fears that the program could be abused must be considered in light of the clear threat we face from international terrorism, and the government’s responsibility to protect us from catastrophic attacks that these days can come from within our own borders. Technology has changed not just our view of the Fourth Amendment but also the nature of the existential threats which we have created government to protect us from. And, your analysis of the Smith decision notwithstanding, the type of information in question here carries such a minimal expectation of privacy — are we prepared to say, “Let’s scrap the program” in order to prevent government from accessing records that can be purchased on the internet for $90?

Perhaps we can agree on the need for more information about the program, so we can determine exactly what kind of safeguards NSA has put into place to prevent abuse. But until then, my position is to give the administration the benefit of the doubt on this, just because from what we’ve learned about the program, it appears to have a clear and legitimate purpose that has nothing to do with spying on average Americans.

OK, I lied… I’ll give myself the (very brief) final word: All well and good. But if this is really Kosher, why not let a panel of, say, tech savvy folk with security clearances and FISA judges, monitor what’s being done with that information, say on a quarterly basis, and be authorized to put a stop to it if they do overstep their bounds. As conservatives sometimes like to say: If they’re not guilty, they should have nothing to worry about, right?