Your phone records are a threat to national security.
At least, that’s what the National Security Agency contended in denying a journalist’s request for his own records last week.
Ever since the recent leak of a top-secret court order outed the NSA’s massive phone surveillance program, which has been capturing millions of Americans’ phone records for years, the agency has been barraged by questions about its capabilities.
Some of those questions have been answered on the record: Officials have stated that the program is authorized by Section 215 of the Patriot Act and that the agency doesn’t monitor the contents of calls, just Americans’ phone records.
But the type of phone records remains a matter of speculation. The information typically held by phone companies can include something as simple as a phone number or as intimate as a log of a user’s movements.
When a Florida defense attorney asked for location data from his client’s phone from the NSA, the agency denied gathering Americans’ location data. But the NSA phrased its denials in such a way that surveillance experts were left wondering exactly what kind of data the NSA had been secretly scraping from phone companies.
And that ambiguity serves the NSA’s interests, which the agency moved to protect from public records requests last week.
On Tuesday, Jeff Larson, a news application developer for the nonprofit investigative outlet ProPublica, published a Freedom of Information Act response from the NSA that denied his June 14 request for his phone records.
Citing national security, the agency told Larson that it couldn’t even confirm whether his phone records exist.
“Any positive or negative response on a request-by-request basis would allow our adversaries to accumulate information and draw conclusions about NSA’s technical capabilities, sources, and methods,” the agency said in its FOIA response, which was dated June 21.
“Our adversaries are likely to evaluate all public responses related to these programs,” it said. “Were we to provide positive or negative responses to requests such as yours, our adversaries’ compilation of the information provided would reasonably be expected to cause exceptionally grave damage to the national security.”
This sort of response is known as a “Glomar” denial, a colloquial term that gained currency in the courts after the CIA once refused to confirm or deny ties to a Howard Hughes ship called the Glomar Explorer.
For Mark Rumold, staff attorney for the Electronic Frontier Foundation, a privacy advocacy group, denying the existence of Larson’s records is also a peculiar claim given officials’ widely publicized statements about the NSA’s capabilities in recent weeks.
“I can’t imagine how [acknowledging Larson’s request] would threaten to reveal an intelligence source,” Rumold told the Los Angeles Times. “It’s already been confirmed that they’re getting this information and they’ve been getting this information for quite some time.”
But the denial is also representative of the divergent internal pressures facing the NSA, which has tried to push back against claims of overbearing surveillance on American citizens while using secrecy to project an image of omniscience to the country’s foes.
From a national security perspective, federal officials may be concerned that outlining the scope of NSA programs would reveal that the agency was doing too little rather than too much.
“The harm to national security may come not from disclosing from what we are doing, but disclosing what we’re not doing,” Mark Rasch, a former federal cyber-crime prosecutor and the owner of a technology and cyber-law company based in Bethesda, Md., told the Los Angeles Times.
The sophisticated bad guys, Rasch said, “have long assumed that the government is listening in on every phone call and monitoring everyone’s movements, whether that’s true or not. To the extent we reassure the bad guys that we’re not doing that, that would harm national security.”
The government has already ceded ground in the Florida case, in which it told a bank-truck-robbery suspect that it didn’t track cell location data -- a major admission about the limitations of the NSA’s powers.
“You want to keep the bad guys guessing on what you’re doing and what you’re not doing,” Rasch said. “The problem is that it keeps the American public guessing whether this is a legitimate program or an outrageous abuse of public authority.”