Would a Comprehensive Phone Record Database Have Stopped 9/11?



Two weeks ago, when U.S. District Judge Richard Leon issued a preliminary injunction against the National Security Agency's mass collection of telephone records, he was skeptical of the government's claim that the program has been instrumental in preventing terrorist attacks. "The Government does not cite a single instance in which analysis of the NSA's bulk metadata collection actually stopped an imminent attack," he wrote, "or otherwise aided the Government in achieving any objective that was time-sensitive in nature." By contrast, U.S. District Judge William Pauley, who on Friday rejected a Fourth Amendment challenge to the NSA's phone record dragnet, says "the effectiveness of bulk telephony metadata collection cannot be seriously disputed." But Pauley's most powerful example is a debatable counterfactual, while the other cases he cites do not actually show that the NSA's database has been crucial in stopping attacks.

Pauley opens his opinion by arguing that if the telephone metadata program had existed in 2001 it might have helped prevent Al Qaeda's attacks on the World Trade Center and the Pentagon:

Prior to the September 11th attacks, the [NSA] intercepted seven calls made by hijacker Khalid al-Mihdhar, who was living in San Diego, California, to an al-Qaeda safe house in Yemen. The NSA intercepted those calls using overseas signals intelligence capabilities that could not capture al-Mihdhar's telephone number identifier. Without that identifier, NSA analysts concluded mistakenly that al-Mihdhar was overseas and not in the United States. Telephony metadata would have furnished the missing information and might have permitted the NSA to notify the [FBI] of the fact that al-Mihdhar was calling the Yemeni safe house from inside the United States.

The government has trotted out this hypothetical many times before, presumably because it is easier to speculate about plots that might have been thwarted by the routine collection of every American's phone records than it is to cite any that actually were. But as ProPublica's Justin Elliott pointed out last June, "U.S. intelligence agencies knew the identity of the hijacker in question, Saudi national Khalid al Mihdhar, long before 9/11 and had the ability find him, but they failed to do so." Furthermore, it is not clear why the NSA, having eavesdropped on seven calls between al-Mihdhar and the Al Qaeda safe house in Yemen, needed a database containing everyone's phone records to identify the source of those calls. The Justice Department "could have asked the FISA Court for a warrant to all phone companies to show all calls from the U.S. which went to the Yemen number,"  former counterterrorism official Richard Clarke told ProPublica. "Since they had one end of the calls (the Yemen number), all they had to do was ask for any call connecting to it."

The three other examples cited by Pauley likewise do not show that the comprehensive phone record database has been necessary to stop attacks, as Leon noted:

None of the three "recent episodes" cited by the Government that supposedly "illustrate the role that telephony metadata analysis can play in preventing and protecting against terrorist attack" involved any apparent urgency. In the first example, the FBI learned of a terrorist plot still "in its early stages" and investigated that plot before turning to the metadata "to ensure that all potential connections were identified." Assistant [FBI] Director [Robert] Holley does not say that the metadata revealed any new information-much less time-sensitive information that had not already come to light in the investigation up to that point. In the second example, it appears that the metadata analysis was used only after the terrorist was arrested "to establish [his] foreign ties and put them in context with his U.S. based planning efforts." And in the third, the metadata analysis "revealed a previously unknown number for [a] co-conspirator…and corroborated his connection to [the target of the investigation] as well as to other U.S.-based extremists." Again, there is  no indication that these revelations were immediately useful or that they prevented an impending attack.

Pauley does not actually claim the phone record database is necessary to thwart terrorism—only that it has been useful in gathering intelligence. Could a less sweeping approach, such as specific warrants seeking information about calls to or from particular targets, have been equally effective? Pauley deems that question irrelevant:

The ACLU also argues that "[t]here are a number of ways in which the Government could perform three-hop analysis without first building its own database of every American's call records." That has no traction. At bottom, it is little more than an assertion that less intrusive means to collect and analyze telephony metadata could be employed. But the Supreme Court has "repeatedly refused to declare that only the 'least intrusive' search practicable can be reasonable under the Fourth Amendment."

In any case, as I noted on Friday, the effectiveness of the NSA's snooping is not ultimately relevant to Pauley's analysis. Since he concludes that the Fourth Amendment does not apply to phone records (or any other information held by third parties), there is no search to justify. 

NEXT: The Mike Bloomberg Legacy: 12 Years of Little Tyrannies in 2 Minutes!

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Freddy Mercury converted to Islam? It all makes sense now!

    1. Uhhh....I think Freddy Mercury was born in UK....to iranian parents.
      OK, not everyone from Iran is muslim....but since about 98% of them are....I'd say there's a good chance Freddy Mercury grew up in a muslim household...

  2. If every person in America were locked in prison, nobody would have been flying those planes on September 11th, and nobody would have been in the buildings they hit. The solution is clear!

  3. They knew who at least some of them were and knew they were dangerous. But they didn't bother to pick up the phone and call INS and have them deported. Moreover, the FBI knew about Mousoui sitting in INS custody and knew he had been in flight training only learning how to take off. Yet, the FBI never shared the information and never launched any kind of coordinated effort to see if any of Mousoi's friends or contacts were doing the same thing. Had the FBI gotten their heads out of their ass and done basic investigative work in response to having a raving lunatic in custody who was learning how to take off but not land, the plot would have almost certainly been foiled.

    The point is that the government had enough information to stop 911 and through negligence and incompetence failed to do so. Given them more information doesn't fix the negligence or incompetence. If anything, giving them more information makes it more likely they will miss the important information.

    1. Agree completely, John. I have been thinking the same thing. When a person or organization struggles with basic competence, adding complexity only serves to reduce their competence further.

      Dilution of basic and important information by vast quantities of (at best)"potentially" valuable information makes for decreased effectiveness.

      1. Nice Niven handle.

        1. I'm assuming by "Niven" you mean "Heinlein"? (both are quite good, afterall)

          Funny story, I was ecstatic to get the license plate TAN$TAFL ($ doesnt count as a digit), but was shocked to discover the "vanity" plate charge was a recurring yearly fee rather than a 1 time fee. Was well worth $60, not sure it is worth $300 over the last 5 years. Sadly, I recognize the irony. Still pisses me off. DMV vampires!

          1. We only get 7 spaces here in AZ. Best I could do is TNSTAFL, and I'm not sure that really works.

            1. so do we in NC, they just don't count symbols and we can have up to 2 of those plus 7 letters/numbers. See if you can get it using the dollar sign or some other symbol that conveys one of the letters.

              eventhough my plate looks like this "TAN$TAFL", on my registration, it actually says TANTAFL.

    2. What sucks is that as a result of the government's incompetence, they ended up with more power. We rewarded their failure by reducing our freedom.

    3. The real conceit is that these agencies are capable of doing anything even remotely competent. As long as mostly everyone keeps on pretending that the alphabet agencies aren't as terminally incompetent as the rest of the government, you're still going to get these finger-pointing distractions over "whether 9/11 could have been prevented" or whatnot. And the sole purpose of that is to try and shill for more powers, money, and overreach, and not to actually become competent in any way. Because they can't.

      1. What's appalling is that it would be wrong to trade liberty for increased security if these agencies knew what they were doing. The fact that they are incompetent and have motives that often have nothing to do with security (e.g., politics) just makes the decision all the easier to make to not give them extraconstitutional powers. Yet we do it anyway.

        1. Who is "we", Mick Man? Seriously, though, you can say "we" gave them these powers, but "we" didn't. They gave them to themselves. Yes, enough voters voted for politicians who then gave themselves and the agencies these powers, but collectively faulting all Americans is absurd. Many, many of us didn't vote for any of these scum.

          Governments will always grow, they will always seek (and succeed) to increase their powers until it grows too much and becomes opressive. It is a fundamental feature of government, and one that cannot be contained. It is the ultimate reason why government is not the solution.

          1. I have a theory that everything would work just fine if you simply had never existed.

        2. Yet we do it anyway.

          We don't give them powers. They take them. And we can't do a damn thing about it.

          1. I agree with this (and Episiarch's similar remark), of course, but the voters of this country have sat by and have watched this happen without so much as a whimper of protest. I'm just being polite saying "we," as I, too, have voted and otherwise opposed this nonsense for decades now.

    4. giving them more information makes it more likely they will miss the important information.

      Even worse, it gives them a better opportunity to present a fabricated reality to the public.

  4. it is easier to speculate about plots that might have been thwarted by the routine collection of every American's phone records denial of visas to Saudis than it is to cite any that actually were.

    1. denial of visas to Saudis


  5. Why is the Judge even commenting on the effectiveness of the technique? Arent his ruling supposed to be made solely on the basis of "lawfulness" and independent of effectiveness?

    This is a huge red flag that he had to justify the decision and was unable to do it without going outside his scope.

    1. This.

      If the Supremes do the same, that'll be a -- dare I say it -- Hugeman red flag.

    2. He's citing it because it goes to the Effectiveness Exemption of the Fourth Amendment.

      1. You have the right to be secure in your person, possessions, and papers if and only if curtailing such is ineffective at preventing the State from examining your person, possessions, and papers For Your Own Good.

        1. I really need to get a copy of the Teacher's Edition of the Constitution of the USA.

  6. So, who's going to be the first telecom that gives customers their phone records so that they cannot be searched?

    1. I don't think there's anything they can do to circumvent the third-party doctrine, since a contract that says "we super pinky swear never to share this data with anyone" wouldn't mean shit. You have to never have shared the info with a third party to begin with to retain your 4A protection.

      1. They could have a policy of not collecting the information though, right? Or immediately deleting it. Then I guess the Government would have to pass a law mandating collection.

        1. a contract that says "we super pinky swear never to share this data with anyone" wouldn't mean shit.

          The NSA can't even prove how much of the information is legit. Live long enough and you will eventually get a bill that has to be disputed on the basis in incorrect information. There is no reason to believe that every single piece of information given about phone calls made is 100% accurate.

          No reason to think the phone company would not add bogus phone calls at the NSA's request/purchase.

  7. "Would a Comprehensive Phone Record Database Have Stopped 9/11?"


    Because no matter how unlimited your raw intelligence resource, you still need limited (in number, intellectual capability, imagination, willpower, etc) analysts and investigators to peruse and sift through all that data and actually know *what* they're looking for.

    The 9/11 conundrum is that most of the people most capable and convinced of an imminent Terrorist attack on US soil were most frequently pushed aside in favor of analysts and investigators and intelligence personnel interested in delivering the intelligence the Government *wanted* at the time, which was, "A Good Excuse to Attack Iraq". People like Richard Clarke, John O'Neil, etc. could have laid out the entire 9/11 plot on a platter for the intelligence community, phone taps and all, and I doubt anyone would have acted on it.

    If anything, this bullshit "What If" rationale is simply used to excuse any and all exercise of intelligence gathering and bureaucratic power-grabbing. Because anything less than "Doing Everything" is letting the terrorists win.

    I call this the Shark Net rationale for intelligence capabilities.

  8. You have the right to be secure in your person, possessions, and papers if and only if curtailing such is ineffective at preventing the State from examining your person, possessions, and papers For Your Own Good.

  9. (contd)

    The "Shark Net" is basically the idea that, 'shark attacks are BAD! ERGO = we will build a gigantic Shark Net around the entire coastline of the united states, which will (in theory) reduce the chance of shark attacks by 99%!"

    That is quickly downgraded to "80%" as it becomes clear that a limitless number of monkeys would be needed to maintain the Shark Net at full effectiveness.

    When you still have the same occasional shark attacks every year, the response will simply be, "we need more money to service The Net". "the net needs to be electrified". "Other Nation's Net Technologies are outpacing ours"

    The issue quickly goes entirely past what the Shark Net was actually for, or what it is capable of in reality. The net now exists, and entire govt agencies exist to service the net. There is no longer any question as to the existential purpose of the net.

    NSA is our shark-net. Asking whether NSA should be limited in any way is tantamount to feeding your children to sharks.

    1. Look, we're a country that can assume an infinite amount of money to spend, so why not an infinite number of monkeys?

      1. Because the number of members of Congress is limited. And there's only one President and one Vice President. It can't be infinite.

      2. "so why not an infinite number of monkeys?"

        I should have caveated: Well-Trained, Water-Breathing, Shark-Proof monkeys.

        Frankly, we just don't have the monkey infrastructure to support the long-term Shark Net design purposes.

        I believe there will be a similar inflection point in the data-collection game when they realize that even their gigantic data-mining operations are of decreasing utility for practical anti-terrorism intelligence applications. At this point they will of course turn their attention to how to use all that data on civilian behavior into something to empower politicians.

        1. Gilmore, I suspect the NSA is already quite aware that their data-collection program contributes to preventing terrorist attacks about as well as a bicycle contributes to piscine mobility.

          Preventing attacks requires real-time surveillance of the suspect/target. Bulk data collection is only useful for post-facto data mining. You don't need bulk data collection for real-time surveillance.

    2. NSA = Netting of Sharks Administration?

  10. Would a Comprehensive Phone Record Database Have Stopped 9/11?

    Given that it prevented the Boston Marathon bombing, I'm gonna say yes.

    1. +1 pressure cooker.

    2. Why tap the Russian's phone lines?
      When they call you up directly and specifically tell you, "Hey, those Chechen Bros......keep an close eye on them....they are up to something."

  11. Two words: Coleen Rowley.

  12. The real problem here is, as everyone knows, the "third-party doctrine".*

    What the feds are getting is records created by the phone companies and ISPs as part of your electronic activity. Because those records are created by these "third parties", they aren't yours. Pretty much the same reason why medical records are the property of the physician or hospital who created them, not the property of the patient.

    The quick and dirty fix is to deem these records to be your property, which the creating company has a license to use only for very limited purposes. Not including disclosure to any jackboot wearing goon who walks in the door and starts cracking his knuckles.

    *Well, not really, because even without the third-party doctrine our government has shown time and again that it is perfectly willing to violate the law, but you know what I mean.

    1. The quick and dirty fix is to deem these records to be your property,

      Make a generalized HIPPA.

      1. HIPAA does not give patients any property rights in their medical records.

        It does, however, kinda by accident negate the third party doctrine for medical records. That said, it added little to nothing to pre-existing state laws providing an evidentiary privilege against disclosure of medical rjecords.

  13. Phone records might not have done much, but enforcing immigration laws on 20 holders of expired visas might have helped.

    But libertarians don't like immigration laws. OOOOPEN BOARDERZ.

  14. The real answer to 911?
    If the "leadership" in WashDC hadnt sat around with their thumbs up their butts, obsessed with re-election, and actually READ the intelligence reports from the FBI field agents..........
    Most of these Saudis were well known to be in country with expired Visas.
    the Average working Americans had the 911 problem solved before it happened.
    The "Leadership" simply ignored the solutions and let it happen.
    If there's a conspiracy.....its a conspiracy of cowardice.

Please to post comments

Comments are closed.