Privacy SOS

Three hops: from a suspect to the pizza place to you

One of the most incredible admissions government officials have made in the wake of Edward Snowden’s whistleblowing was initially received as an off-hand remark during a congressional hearing. The Atlantic describes what happened on July 17, 2013:

Chris Inglis, the [NSA’s] deputy director, was one of several government representatives—including from the FBI and the office of the Director of National Intelligence—testifying before the House Judiciary Committee this morning. Most of the testimony largely echoed previous testimony by the agencies on the topic of the government's surveillance, including a retread of the same offered examples for how the Patriot Act and Foreign Intelligence Surveillance Act had stopped terror events.

But Inglis' statement was new. Analysts look "two or three hops" from terror suspects when evaluating terror activity, Inglis revealed. Previously, the limit of how surveillance was extended had been described as two hops. This meant that if the NSA were following a phone metadata or web trail from a terror suspect, it could also look at the calls from the people that suspect has spoken with—one hop. And then, the calls that second person had also spoken with—two hops. Terror suspect to person two to person three. Two hops. And now: A third hop.

Think of it this way. Let's say the government suspects you are a terrorist and it has access to your Facebook account. If you're an American citizen, it can't do that currently (with certain exceptions)—but for the sake of argument. So all of your friends, that's one hop. Your friends' friends, whether you know them or not—two hops. Your friends' friends' friends, whoever they happen to be, are that third hop. That's a massive group of people that the NSA apparently considers fair game.

What does that mean in terms of how many people are ultimately ensnared in a surveillance dragnet?

Let’s say the NSA is investigating me, and I have forty contacts on my phone, and those forty contacts have another forty contacts. The "three hop" analysis means the NSA thinks it can, under Section 215 of the USA Patriot Act, legally query the phone records of 2.5 million people when it is investigating only one person.

The NSA says it queried the phone records database 300 times last year. We don’t really know what they mean by that, but if the agency is talking about 300 suspects, then the phone records of 700 million people could have been examined last year, and that would be totally kosher persuant to NSA rules.

What does that kind of dragnet surveillance look like? The ACLU has created this nifty graphic to show you. If you don’t like what you see, take action.

© 2021 ACLU of Massachusetts.