In Defense of PRISM

PRISM has just provided a glimpse through the looking glass. Revelations about this monitoring system suggest that living in and moving through the world, even for the most private among us, can be observed closely and for protracted periods by the cold, shy minds of the intelligence community. The reason for this sustained, widespread scrutiny is that, in the long fight against terrorist networks, this is one of the ways in which their cells can sometimes be caught while communicating, their plans disrupted, and, on occasion, their locations determined.

The price of the increment of security so provided is the loss of a bit of privacy, despite best efforts of intelligence overseers to make sure that the focus is on "metadata" like the time, date, and originating and terminating points of communications — rather than on specific content. The belief, and the hope, of both the operators of the system and their supervisors — including watchdogs maintaining oversight from their perches in Congress — is that some loss of individual privacy will make for significant gains in national security. As an observer and sometime participant in efforts to ferret out the intentions and locations of the terrorists over more than a decade, I believe that the benefits of this endeavor have clearly outweighed the costs and risks.

My timeframe for making this judgment goes back well before the reported start of the PRISM program seven years ago. Indeed, it was just a few months after 9/11 that Adm. John Poindexter, then at the Defense Advanced Research Projects Agency (DARPA), proposed a "total information awareness" initiative that was to use some of the methods now being reported. But TIA, as it was called, had a vaguely Orwellian cast, and Adm. Poindexter’s past role in the dark dealings of the Iran-Contra affair didn’t help — he had been Ronald Reagan’s national security advisor when the secret arms swap caper came to light. Very soon, the "T" was changed from "Total" to "Terrorism," but the re-branding didn’t help and Congress defunded the initiative. Still, parts of it lived on — with congressional oversight — under new code names like "Genoa" and "TopSail." These should be seen as some of the antecedents of PRISM, helping to hone the methods that have now become the principal "mining tools" of the big data offensive mounted against the globally dispersed cells of terrorist networks.

Prior to TIA, and well before 9/11, there were other ancestors of our current big data efforts. At the National Security Agency, and in other parts of the extensive American intelligence community, search systems known by such evocative names as "Echelon" and "Semantic Forests," among others, were in use, striving relentlessly to detect patterns of communication that might open up golden seams of information from the most secret caches of the world’s various malefactors. Often enough, these and other tracking tools did distinguish the pattern from the noise, and national security was well served.

And in the early days of the war against al Qaeda, the enemy was still using means of communication that American intelligence had the ability to monitor — including satellite phones and such — leading to several counterterror coups and high-level captures. But the network learned quickly and adjusted, becoming far more elusive, more dispersed, its cells increasingly attuned to operating independently, its nodes and links ever less visible. It was against this shift that something like PRISM had to be mobilized to improve our ability to find the foe whose best, and only real defense against us is his capacity for concealment.

Thus, the tantalizing prospect of PRISM, and of the whole "finding effort," is to deny the terrorists the virtual haven that they enjoy throughout the world’s telecommunications spaces — indeed, throughout the whole of the "infosphere," which includes cyberspace. The piercing of this veil would mark a true turning point in the war on terror, for al Qaeda and other networks simply cannot function with any kind of cohesion, or at any sort of reasonable operational tempo if their communications become insecure. Cells and nodes would be ripped up, operatives killed or captured, and each loss would no doubt yield information that imperiled the network further. Even if al Qaeda resorted to the drastic measure of moving messages, training, and financial information by courier, operations would be so slowed as to cripple the organization. And even couriers can be flagged on "no fly" lists or caught boarding tramp steamers and such.

So for all the furor caused by the PRISM revelations, my simple recommendation is to take a deep breath before crying out in protest. Think first about how the hider/finder dynamic in the war on terror has driven those responsible for our security to bring to bear the big guns of big data on the problem at hand. Think also about whether a willingness to allow some incursions into our privacy might lead to an improved ability to provide for our security, and where that equilibrium point between privacy and security might be. And last, think about the world as it might be without such a sustained effort to find the hidden — to detect, track, and disrupt the terrorists. That would be a world in which they stay on their feet and fighting, and in which they remain secure enough, for long enough, to acquire true weapons of mass destruction. Those of us in the national security business, who know that networks so armed will be far harder to deter than nations ever were, believe that big data approaches like PRISM and its forebears, have been and remain essential elements in the unrelenting and increasingly urgent effort to find the hidden.