Since I think the death of privacy is inevitable anyway the idea of computer programs looking for patterns in huge numbers of phone call records does not bother me much and it seems preferable to human spying.
What has not been publicly acknowledged is that N.S.A. technicians, besides actually eavesdropping on specific conversations, have combed through large volumes of phone and Internet traffic in search of patterns that might point to terrorism suspects. Some officials describe the program as a large data-mining operation.
Officials in the government and the telecommunications industry who have knowledge of parts of the program say the N.S.A. has sought to analyze communications patterns to glean clues from details like who is calling whom, how long a phone call lasts and what time of day it is made, and the origins and destinations of phone calls and e-mail messages. Calls to and from Afghanistan, for instance, are known to have been of particular interest to the N.S.A. since the Sept. 11 attacks, the officials said.
If a computer program analyzes tens or hundreds of billions of call records and some dozens of those records are from calls you made do you feel like your privacy has been invaded? I don't. Statistical analysis of massive gobs of data doesn't make me feel like I'm being watched. It just isn't personal enough. I like the idea that such impersonal means of analysis of data can lead to the identification of circles of friends and associates around terrorists.
If intelligence agencies were restricted to using conventional wiretapping court orders aimed at watching specific individuals there'd be no way for data mining computer programs to analyse to look for useful patterns. The whole idea of the approach is to try to find the needle in a haystack by rapidly comparing very large numbers of objects. Each object gets a very limited examination and few of the objects get looked at by real humans.
What it is about privacy invasion that most bothers you? Do you simply not like the idea of people watching you? Or is the objection more along the lines of specific harms incurred as a result? Are you afraid someone who watches you will use the information thus gleaned to blackmail or otherwise harm you?
Also, if someone is going to watch you would you prefer it is employees of an intelligence agency or local police or your neighbor?
I'd rather have governments discover the identity of terrorists by doing statistical analysis of large numbers of phone calls or credit card transactions or flight reservations rather than by, say, planting bugs to listen to conversations of people with ties to the Middle East. Computer analyses seem less invasive because human minds are not finding out intimate details of lives.
The use of computers seems preferable to having law enforcement personnel going around questioning lots of people about the personal lives of other people they know. The questioning can quite unfairly hurt a person's reputation. Whereas a computer program comparing billions of records in databases does not make your neighbors or employers or co-workers or friends think you might be involved in nefarious activities.
Update: When I present the choice as computers or people watching us I think this is an accurate representation of the truth. Intelligence agencies are searching for the terrorist needle in the human haystack. Either they use automation to find the terrorists or they employ much larger (orders of magnitude larger in all likelihood) numbers of people to sit in cars watching who comes to whose apartment, who has lunch with whom, or where someone goes when they fly out of the country and so on.
See Heather MacDonald's City Journal article where Heather explains how the TIA project could have linked all the al-Qaeda operatives together before 9/11.
Why DARPA’s interest in commercial repositories? Because that is where the terror tracks are. Even if members of sleeper cells are not in government intelligence databases, they are almost certainly in commercial databases. Acxiom, for example, the country’s largest data aggregator, has 20 billion customer records covering 96 percent of U.S. households. After 9/11, it discovered 11 of the 19 hijackers in its databases, Fortune magazine reports. The remaining eight were undoubtedly in other commercial banks: data aggregator Seisint, for example, found five of the terrorists in its repository.
Had a system been in place in 2001 for rapidly accessing commercial and government data, the FBI’s intelligence investigators could have located every single one of the 9/11 team once it learned in August 2001 that al-Qaida operatives Khalid al-Midhar and Nawaq al-Hazmi, two of the 9/11 suicide pilots, were in the country. By using a process known as link analysis (simpler than data mining), investigators would have come up with the following picture: al-Midhar’s and al-Hazmi’s San Diego addresses were listed in the phone book under their own names, and they had shared those addresses with Mohamed Atta and Marwan al-Shehi (who flew United 175 into the South Tower of the World Trade Center). A fifth hijacker, Majed Moqed, shared a frequent-flier number with al-Midhar. Five other hijackers used the same phone number Atta had used to book his flight reservations to book theirs. The rest of the hijackers (who crashed in Pennsylvania) could have been tracked down from addresses and phones shared with hijacker Ahmed Alghamdi, a visa violator—had the INS bothered to locate him before the flight by running his name on its overstayer watch list.
Data mining can find the needle in the haystack. It can do this without listening on phone conversations. Of course, there is a third choice: let terrorist attacks happen.
Also see my posts "Privacy Concerns Block Response To Terrorist Threat" (which includes a discussion of science fiction writer David Brin's argument that the death of privacy really is inevitable), "Heather Mac Donald on US Senate TIA Ban", and my favorite on the absurd: "Heather Mac Donald: Government Panel Opposes Google Searches By Spies".