The U.S. National Security Agency has allegedly left its metadata collection system — first exposed by Edward Snowden in 2013 — unused for months, and it could vanish completely in the near future.
An NSA data center in Utah.
The NSA “hasn’t actually been using it for the past six months,” said Luke Murry, an adviser for Republican Rep. Kevin McCarthy of California, the House minority leader. Murry’s comments were made during an episode of the podcast “Lawfare,” noticed by the New York Times.
“I’m actually not certain that the [Trump] administration will want to start that back up,” he added.
Initiated under President George W. Bush in 2001, the program collected phone and text messaging logs from carriers en masse, nominally with the goal of identifying links to terrorism suspects. At first companies like AT&T voluntarily complied with an order by Bush, but by 2006 the Foreign Intelligence Surveillance Court began issuing secret orders making that data mandatory under an interpretation of the Patriot Act. One of those orders, sent to Verizon, was the first of many documents exposed by Snowden and The Guardian.
Snowden and others attacked the program as a potential tool of mass surveillance, and possibly even more damaging than analyzing the actual contents of messages, since metadata can be collated to identify a person’s location and habits. Pressure mounted until the Obama administration helped usher in a scaled-back version of the program under the 2015 Freedom Act.
The modified program kept records in the hands of carriers, though the logs of suspects and their contacts could be rapidly retrieved with a court order. The NSA’s internal records dropped dramatically — as recently as 2017 however, it had 534 million records and just 40 targets.
In 2018 the NSA claimed it deleted its entire database of records created since the Freedom Act system launched, a way of coping with glitches that caused carriers to send logs with both accurate and inaccurate information. That resulted in the NSA collecting data from people unconnected to targets, and it supposedly decided it would be easier to wipe records entirely rather than scrub the people it didn’t have authority to monitor.
The Freedom Act is due to expire at the end of 2019. If the NSA’s system remains unused, the Trump administration may have no incentive to push for renewal, especially since even the pre-2015 program never prevented an attack.
Apple CEO Tim Cook quickly became involved after Snowden’s revelations, meeting with President Obama and putting pressure on Congress. The company eventually began disclosing government data requests, if only in the vague manner allowed by U.S. law.
Less is known about the state of PRISM, an NSA program collecting data from internet-based tech companies. Apple became a participant in 2012, but following the Snowden leaks it insisted that it had “never heard of PRISM” and didn’t “provide any government agency with direct access to our servers,” despite that sort of access being mentioned in NSA briefing documents.