IN March 2002, John M. Poindexter, a former national security adviser to President Ronald Reagan, sat down with Gen. Michael V. Hayden, the director of the National Security Agency. Mr. Poindexter sketched out a new Pentagon program called Total Information Awareness, that proposed to scan the world’s electronic information — including phone calls, e-mails and financial and travel records — looking for transactions associated with terrorist plots. The N.S.A., the government’s chief eavesdropper, routinely collected and analyzed such signals, so Mr. Poindexter thought the agency was an obvious place to test his ideas.
He never had much of a chance. When T.I.A.’s existence became public, it was denounced as the height of post-9/11 excess and ridiculed for its creepy name. Mr. Poindexter’s notorious role in the Iran-contra affair became a central focus of the debate. He resigned from government, and T.I.A. was dismantled in 2003.
But what Mr. Poindexter didn’t know was that the N.S.A. was already pursuing its own version of the program, and on a scale that he had only imagined. A decade later, the legacy of T.I.A. is quietly thriving at the N.S.A. It is more pervasive than most people think, and it operates with little accountability or restraint.
The foundations of this surveillance apparatus were laid soon after 9/11, when President George W. Bush authorized the N.S.A. to monitor the communications records of Americans who analysts suspected had a “nexus to terrorism.” Acting on dubious legal authority, and without warrants, the N.S.A. began intercepting huge amounts of information.
But the N.S.A. came up with more dead ends than viable leads and put a premium on collecting information rather than making sense of it. The N.S.A. created what one senior Bush administration official later described as a “mirror” of AT&T’s databases, which allowed ready access to the personal communications moving over much of the country’s telecom infrastructure. The N.S.A. fed its bounty into software that created a dizzying social-network diagram of interconnected points and lines. The agency’s software geeks called it “the BAG,” which stood for “big ass graph.”
Today, this global surveillance system continues to grow. It now collects so much digital detritus — e-mails, calls, text messages, cellphone location data and a catalog of computer viruses — that the N.S.A. is building a 1-million-square-foot facility in the Utah desert to store and process it.
What’s missing, however, is a reliable way of keeping track of who sees what, and who watches whom. After T.I.A. was officially shut down in 2003, the N.S.A. adopted many of Mr. Poindexter’s ideas except for two: an application that would “anonymize” data, so that information could be linked to a person only through a court order; and a set of audit logs, which would keep track of whether innocent Americans’ communications were getting caught in a digital net.
The N.S.A. sorely needs such restrictions now. Under current law, it isn’t allowed to monitor the communications of an American citizen or permanent resident without a court order. But it can collect data if one party to a communication is believed to be outside the United States. Recently, the office of the director of national intelligence admitted that on at least one occasion, the procedures that shield citizens’ and legal residents’ private information from spying eyes had been deemed “unreasonable under the Fourth Amendment” by the Foreign Intelligence Surveillance Court, which oversees such monitoring.
Senator Ron Wyden, an Oregon Democrat, has questioned whether “backdoor” monitoring of citizens’ communications is occurring. Intelligence officials told Mr. Wyden that they couldn’t determine how many people inside the United States had their communications collected because checking the N.S.A.’s databases to find out would itself violate the privacy of those people. In other words, the protection of privacy rights is being invoked to cover up possible continuing violations of those same rights.
Why have we not seen the same level of public outrage as in 2003? Many Americans seem willing to give up their digital privacy if it means the government has a better chance of catching terrorists. Consider the revealing intelligence that millions of us give to Facebook — willingly. These days, we are more likely to be outraged by airport screening, and its public inconvenience and indignity, than by unseen monitoring.
Members of Congress rarely object because they don’t want to be seen as obstructing legal surveillance. But whether this surveillance is legal, and verifiably so, is an open question, and depends upon a complex law that even most lawmakers don’t understand. One can’t easily mount an opposition to a confusing statute that governs a secretive process.
The law governing the N.S.A. can accommodate greater oversight, and if the agency thinks otherwise, it should be open to amending the law. Had the agency’s leaders actually listened to everything Mr. Poindexter had to say, they might not find themselves telling the American people: “We’re not spying on you. Trust us.”
Shane Harris, a senior writer at Washingtonian, is the author of “The Watchers: The Rise of America’s Surveillance State.”