Surveillance Law Leaves Data-Mining Program Intact

The domestic spying measure approved by Congress last week will impose new rules on government wiretapping. But it will leave largely untouched what some experts say is the most sweeping part of the secret surveillance activities ordered by President Bush after 9/11: the National Security Agency's collection of phone records and other personal data on millions of U.S. citizens. The NSA's massive "data mining" program—in which the agency's computers look for call patterns that might point to suspicious behavior—has never been publicly confirmed by the Bush administration. But industry and government officials, who asked not to be identified talking about classified matters, say the practice is a big part of what the telecoms did for the spy agency, and a key reason the companies fought so hard for the immunity from lawsuits granted by the new bill.

After 9/11, the White House asked MCI (now Verizon), AT&T, Sprint and Qwest for help obtaining call records on U.S. numbers found in laptops and cell phones captured in Qaeda hideouts. Normally such data is easy to come by for law enforcement, but in the post-9/11 world, the premium was on speed. So the White House bypassed the established legal protocols. Qwest balked, but the other three carriers went along—because, as one industry official put it, "nobody wanted to be responsible for the next terrorist attack."

Over time, requests for call records grew into the thousands—often two or three calls removed from the original targets. And, without court oversight, the demands for these and other personal data ultimately sparked fierce protests from inside the Justice Department itself.

Congressional and industry sources say the effort was subsequently put on firmer legal footing, with requests approved through still-secret court procedures. But data mining has continued—and even expanded—with little oversight or debate. Thanks to other secret post-9/11 orders, the NSA's computers have access to—and crunch—wire transfers, bank transactions and reams of other personal financial data collected by the Treasury Department, says a former top official. (An NSA spokeswoman did not respond to requests for comment.) But regardless of the legal standards used to collect the information, privacy experts say there are still troubling questions about the government's accumulation of so much personal data. "This affects far more people—and has a lot more risk of sweeping in innocent contacts—than the actual interception of phone calls," says Jim Dempsey, vice president of the Center for Democracy and Technology, a privacy group. "It's bizarre that this has not been discussed more." Or addressed in the hotly debated new law.