Basaaly Moalin was convicted of financing Somali extremists, in the only case where the N.S.A.’s phone-records program was decisive. Illustration by Brian Stauffer

Almost every major terrorist attack on Western soil in the past fifteen years has been committed by people who were already known to law enforcement. One of the gunmen in the attack on Charlie Hebdo, in Paris, had been sent to prison for recruiting jihadist fighters. The other had reportedly studied in Yemen with Umar Farouk Abdulmutallab, the underwear bomber, who was arrested and interrogated by the F.B.I. in 2009. The leader of the 7/7 London suicide bombings, in 2005, had been observed by British intelligence meeting with a suspected terrorist, though MI5 later said that the bombers were “not on our radar.” The men who planned the Mumbai attacks, in 2008, were under electronic surveillance by the United States, the United Kingdom, and India, and one had been an informant for the Drug Enforcement Administration. One of the brothers accused of bombing the Boston Marathon was the subject of an F.B.I. threat assessment and a warning from Russian intelligence.

In each of these cases, the authorities were not wanting for data. What they failed to do was appreciate the significance of the data they already had. Nevertheless, since 9/11, the National Security Agency has sought to acquire every possible scrap of digital information—what General Keith Alexander, the agency’s former head, has called “the whole haystack.” The size of the haystack was revealed in June, 2013, by Edward Snowden. The N.S.A. vacuums up Internet searches, social-media content, and, most controversially, the records (known as metadata) of United States phone calls—who called whom, for how long, and from where. The agency stores the metadata for five years, possibly longer.

The metadata program remains the point of greatest apparent friction between the N.S.A. and the Constitution. It is carried out under Section 215 of the Patriot Act, which allows the government to collect “books, records, papers, documents, and other items” that are “relevant” to “an authorized investigation.” While debating the Patriot Act in 2001, Senator Russ Feingold worried about the government’s powers to collect “the personal records of anyone—perhaps someone who worked with, or lived next door to . . . the target of the investigation.” Snowden revealed that the N.S.A. goes much further. Metadata for every domestic phone call from Verizon and other carriers, hundreds of billions of records in all, are considered “relevant” under Section 215. The N.S.A. collects them on an “ongoing, daily basis.”

The N.S.A. asserts that it uses the metadata to learn whether anyone inside the U.S. is in contact with high-priority terrorism suspects, colloquially referred to as “known bad guys.” Michael Hayden, the former C.I.A. and N.S.A. director, has said, “We kill people based on metadata.” He then added, “But that’s not what we do with this metadata,” referring to Section 215.

Soon after Snowden’s revelations, Alexander said that the N.S.A.’s surveillance programs have stopped “fifty-four different terrorist-related activities.” Most of these were “terrorist plots.” Thirteen involved the United States. Credit for foiling these plots, he continued, was partly due to the metadata program, intended to “find the terrorist that walks among us.”

President Obama also quantified the benefits of the metadata program. That June, in a press conference with Angela Merkel, the German Chancellor, Obama said, “We know of at least fifty threats that have been averted because of this information.” He continued, “Lives have been saved.”

Section 215 is just one of many legal authorities that govern U.S. spy programs. These authorities are jumbled together in a way that makes it difficult to separate their individual efficacy. Early in the metadata debate, the fifty-four cases were sometimes attributed to Section 215, and sometimes to other sections of other laws. At a Senate Judiciary Committee hearing in October, 2013, Senator Patrick Leahy, of Vermont, called the fifty-four-plots statistic “plainly wrong . . . these weren’t all plots, and they weren’t all thwarted.” He cited a statement by Alexander’s deputy that “there’s only really one example of a case where, but for the use of Section 215 bulk phone-records collection, terrorist activity was stopped.” “He’s right,” Alexander said.

“You’ve got one of my dresses on again.” Facebook

Twitter

Email

Shopping

The case was that of Basaaly Moalin, a Somali-born U.S. citizen living in San Diego. In July, 2013, Sean Joyce, the F.B.I.’s deputy director at the time, said in Senate-committee testimony that Moalin’s phone number had been in contact with an “Al Qaeda East Africa member” in Somalia. The N.S.A., Joyce said, was able to make this connection and notify the F.B.I. thanks to Section 215. That February, Moalin was found guilty of sending eighty-five hundred dollars to the Shabaab, an extremist Somali militia with ties to Al Qaeda. “Moalin and three other individuals have been convicted,” Joyce continued. “I go back to what we need to remember, what happened in 9/11.” At the same hearing, Senator Dianne Feinstein, of California, talked about “how little information we had” before 9/11. “I support this program,” she said, referring to Section 215. “They will come after us, and I think we need to prevent an attack wherever we can.”

In the thirteen years that have passed since 9/11, the N.S.A. has used Section 215 of the Patriot Act to take in records from hundreds of billions of domestic phone calls. Congress was explicit about why it passed the Patriot Act—despite concerns about potential effects on civil liberties, it believed that the law was necessary to prevent another attack on the scale of 9/11. The government has not shown any instance besides Moalin’s in which the law’s metadata provision has directly led to a conviction in a terrorism case. Is it worth it?

Before 9/11, the intelligence community was already struggling to evolve. The technology of surveillance was changing, from satellites to fibre-optic cable. The targets were also changing, from the embassies and nuclear arsenals of the Cold War era to scattered networks of violent extremists. The law still drew lines between foreign and domestic surveillance, but the increasingly global nature of communications was complicating this distinction.

In Washington, many people blamed 9/11 on a “wall” between intelligence gathering and criminal investigations. In a report on pre-9/11 failures, the Department of Justice criticized the F.B.I.’s San Diego field office for not making counterterrorism a higher priority. Two of the hijackers—Nawaf al-Hazmi and Khalid al-Mihdhar—took flying lessons in San Diego and attended a mosque where the imam, Anwar al-Awlaki, had been the target of an F.B.I. investigation. They lived for a time in an apartment that they rented from an F.B.I. informant, and Mihdhar made phone calls to a known Al Qaeda safe house in Yemen. But the F.B.I. wasn’t solely at fault. The C.I.A. knew that Mihdhar had a visa to travel to the U.S., and that Hazmi had arrived in Los Angeles in January, 2000. The agency failed to forward this information to the F.B.I.

Three years after 9/11, the size of San Diego’s Joint Terrorism Task Force had tripled. In California, hundreds of local police became “terrorism liaison officers,” trained to observe anomalous activity that could presage an attack. The San Diego “fusion center” spent hundreds of thousands of dollars on computers and monitors, including fifty-five flat-screen televisions, which officials said were for “watching the news.” This was one of seventy-seven such centers nationwide, at a cost of several hundred million dollars. The F.B.I. office established a “field-intelligence group,” a special unit that gathered information about domestic terrorism threats.