Surveillance & security

The 9/11 attacks killed nearly 3,000 people and produced a policy response of staggering scope: two wars (~$8 trillion in direct costs across both), the creation of the Department of Homeland Security, expansion of intelligence community personnel and budgets several-fold, and the construction of a legal architecture for surveillance, detention, and intervention that has outlasted every political alignment since.

This lesson tries to describe what got built and what it does, with neither the triumphalism that defenders of the apparatus sometimes adopt nor the dystopian framing that critics sometimes adopt. Both have elements of truth; neither captures the full picture. The intelligence services have prevented attacks (the public record is partial and the success cases are usually classified, but multiple cases have been declassified). They have also engaged in mass collection, illegal targeting of US citizens, lying to Congress, and torturing detainees. Both are true. The question is what to do with that knowledge.

The legal architecture

What the capabilities actually are

The Snowden disclosures (2013) and subsequent declassifications give a reasonably detailed picture of what the US intelligence community can do. Key capabilities:

Bulk collection of metadata. Phone records (who called whom, when, for how long), email metadata, internet traffic patterns, location data from cell towers and apps. Originally authorized by the Patriot Act §215, declared illegal by a federal appeals court in 2015 as conducted, partially reformed by the USA FREEDOM Act of 2015 (which restricted to "specific selection terms" but allowed continued query of phone records held by carriers).

Content collection via FISA §702. Compels major US tech and telecom companies to provide content (emails, messages, files) for non-US persons "reasonably believed" to be outside the US. US persons get "incidentally" collected and that data is searchable by federal agencies — the so-called "backdoor search" loophole. Reauthorized through 2026 with limited reforms.

Tactical SIGINT (signals intelligence). Real-time interception of communications, including via undersea cable tapping (documented; Snowden disclosures), tower spoofing (stingrays, IMSI catchers), and direct platform queries. Multi-agency operation; capacity is enormous.

HUMINT and operations. Classical intelligence operations: agents, sources, covert action. The CIA's expanded post-9/11 paramilitary role under the Counterterrorism Center and the "kinetic" expansion of agency capabilities is well-documented.

Financial intelligence. FinCEN, OFAC, and Treasury more broadly built out a financial surveillance apparatus that tracks transactions through the global banking system. The sanctions regime that disabled Iran (2012) and most of the Russian banking system (2022) was built on this. SWIFT and dollar correspondent banking flows are visible to US authorities in ways that no other country's currency offers.

Open-source intelligence. Social media monitoring, commercial data broker aggregation, satellite imagery (commercial, increasingly real-time and high-resolution), and increasingly AI-assisted pattern recognition across all of it. This domain has been transformed by the explosion of commercial data and computational tools available; the modern intelligence community is more open-source-dependent than at any point in its history.

Five Eyes and the international architecture

The US doesn't operate alone. The Five Eyes alliance (US, UK, Canada, Australia, New Zealand) is a deep intelligence-sharing arrangement dating from WWII. Each member can collect on the others' citizens in ways the others can't legally collect on their own — a structural arrangement that critics have noted essentially constitutes mutual jurisdictional arbitrage on civil liberties. The arrangement has expanded over time; "Nine Eyes" and "Fourteen Eyes" extensions include various European allies.

The CLOUD Act (2018) further extended US legal reach: US providers can be required to provide data held abroad, and the US can negotiate executive agreements for reciprocal access with allied countries. The result is that any major US tech provider operating globally is, in important respects, an instrument of US intelligence whether they want to be or not.

What it has caught

The honest answer is: less than the cost would suggest, and more than zero. The intelligence community's own internal reviews (the Privacy and Civil Liberties Oversight Board reports, the 2014 NSA reform commission report) found that bulk metadata collection had not been essential to any specific successful terror prevention. Defenders cite specific cases — Najibullah Zazi (NYC subway plot), the 2013 Boston bombing investigation downstream identification — where signals intelligence contributed. Critics note that traditional investigative techniques would have plausibly produced the same results in those cases.

The most honest formulation: the apparatus has produced real intelligence value for state actors competing with the US (foreign intelligence services, weapons programs, leadership decisions) and substantial value in some terror investigations. Whether the marginal benefit on terror specifically justifies the scope and the legal innovations is genuinely contested in serious analytical circles.

What it has been used for that wasn't authorized

This is the part that critics emphasize, and the record is real:

— NSA analysts using surveillance tools to spy on romantic partners ("LOVEINT"; multiple internal disciplinary cases).

— FBI mass collection of phone records from journalists during leak investigations (multiple cases under multiple administrations).

— Surveillance of US persons that the FISA Court found "improper" in declassified opinions — the FISA Court declassified a 2019 opinion finding the FBI had conducted 3.4 million queries of §702 data, including thousands tied to political donors, protesters, and elected officials.

— Use of national security letters (NSLs) — which don't require judicial approval — to acquire records on tens of thousands of US persons annually, often with permanent gag orders preventing the targets from knowing.

— Use of the watchlisting system (the Terrorist Screening Database, the "no-fly list") that has affected thousands of US persons, often without due process or clear means of contesting placement.

None of this is contested in the way "is climate change real" is contested. The documents exist, the cases were litigated, the reforms (partial) followed.

The encryption / Apple-FBI battle

The most concrete current fight is about end-to-end encryption. Strong encryption protects privacy and security against governments and criminals alike. It also prevents law enforcement from accessing communications even with a warrant. Apple, Signal, WhatsApp, and most major messaging services have committed to E2E encryption. The FBI, multiple administrations, and several foreign governments (UK, Australia, India, China) have pushed back, demanding either backdoors or "lawful access" mechanisms.

The technical reality: there is no way to provide "lawful access" that only the good guys can use. Any backdoor is a backdoor that adversaries will find and exploit. Computer scientists are essentially unanimous on this. The policy debate has continued anyway, because the trade-off is real: with strong encryption, some crimes will go uninvestigated; without it, everyone's communications are more vulnerable.

This fight has been going on for 25+ years and will continue. The technology side has been winning so far, but each new generation of legislative attempts is a real test.

The framing question

The question that every citizen of a country with significant intelligence capabilities has to think through, honestly: given that this apparatus exists, given that it will be used by whoever is in power, what level of oversight is enough, and what tradeoffs are acceptable?

People come down differently on this question. Some emphasize the real attacks that have been prevented and the real adversary intelligence services that justify maintained capacity. Some emphasize the documented abuses and the structural risks of any society that builds tools this powerful. Both views are defensible. The position that "we should just trust whoever is in power" is not defensible by either side over a long enough time horizon, because power changes hands and tools persist.