This is, hands down, the scariest part of the NSA revelations

Forget PRISM, the National Security Agency's system to help extract data from Google, Facebook, and the like. The more frightening secret program unearthed by the NSA leaks is the gathering and storing of millions of phone records and phone-location information of U.S. citizens.

According to current and former intelligence agency employees who have used the huge collection of metadata obtained from the country's largest telecom carriers, the information is widely available across the intelligence community from analysts' desktop computers.

The data is used to connect known or suspected terrorists to people in the United States, and to help locate them. It has also been used in foreign criminal investigations and to assist military forces overseas. But the laws that govern the collection of this information and its use are not as clear. Nor are they as strong as those associated with PRISM, the system the NSA is using to collate information from the servers of America's tech giants.

Metadata is not protected by the Fourth Amendment. Content of emails and instant messages -- what PRISM helps gather -- is. An order issued to Verizon by the Foreign Intelligence Surveillance Court instructs the company to supply records of all its telephony metadata "on an ongoing, daily basis." Although legal experts say this kind of broad collection of metadata may be legal, it's also "remarkably overbroad and quite likely unwise," according to Paul Rosenzweig, a Bush administration policy official in the Homeland Security Department. "It is difficult to imagine a set of facts that would justify collecting all telephony meta-data in America. While we do live in a changed world after 9/11, one would hope it has not that much changed."

By comparison, PRISM appears more tightly constrained and operates on a more solid legal foundation. Current and former officials who have experience using huge sets of data available to intelligence analysts said that PRISM is used for precisely the kinds of intelligence gathering that Congress and the administration intended when the Foreign Intelligence Surveillance Act was amended in 2008. Officials wanted to allow intelligence agencies to target and intercept foreigners' communications when they travel across networks inside the United States.

The surveillance law prohibits targeting a U.S. citizen or legal resident without a warrant, which must establish a reasonable basis to suspect the individual of ties to terrorism or being an agent of a foreign power. In defending PRISM, administration officials have said repeatedly in recent days that the FISA Court oversees the collection program to ensure that it's reasonably designed to target foreign entities, and that any incidental collection of Americans' data is expunged. They've also said that press reports describing the system as allowing "direct access" to corporate servers is wrong. Separately, a U.S. intelligence official also said that the system cannot directly query an Internet company's data.

But the administration has not explained why broadly and indiscriminately collecting the metadata records of millions of U.S. citizens and legal residents comports with a law designed to protect innocent people from having their personal information revealed to intelligence analysts. Nor have officials explained why the NSA needs ongoing, daily access to all this information and for so many years, particularly since specific information can be obtained on an as-needed basis from the companies with a subpoena.

Here's why the metadata of phone records could be more invasive and a bigger threat to privacy and civil liberties than the PRISM system:

1.  Metadata is often more revealing than contents of a communication, which is what's being collected with PRISM. A study in the journal Nature found that as few as four "spatio-temporal points," such as the location and time a phone call was placed, is enough to determine the identity of the caller 95 percent of the time.

2.  The Wall Street Journal reports that in addition to phone metadata, the NSA also is collecting metadata on emails, website visits, and credit card transactions (although it's unclear whether those collection efforts are ongoing). If that information were combined with the phone metadata, the collective power could not only reveal someone's identity, but also provide an illustration of his entire social network, his financial transactions, and his movements.

3.  Administration officials have said that intelligence analysts aren't indiscriminately searching this phone metadata. According to two intelligence employees who've used the data in counterterrorism investigations, it contains no names, and when a number that appears to be based in the United States shows up, it is blocked out with an "X" mark. 

But these controls, said a former intelligence employee, are internal agency rules, and it's not clear that the FISA Court has anything to say about them. In this employee's experience, if he wanted to see the phone number associated with that X mark, he had to ask permission from his agency's general counsel. That permission was often obtained, but he wasn't aware of the legal process involved in securing it, or if the request was taken back to the FISA court.

4.  The metadatabase is widely available across the intelligence community on analysts' desktops, increasing the potential for misuse.

5.  The metadata has the potential for mission creep. It's not only used for dissecting potential homegrown terror plots, as some lawmakers have said. The metadata is also used to help military forces overseas target terrorist and insurgent networks. And it is used in foreign criminal investigations, including ones involving suspected weapons traffickers.

For all these reasons, and probably more yet to emerge, it's the metadata that's of bigger concern. By comparison, PRISM is a cool name, a lame PowerPoint presentation -- and business as usual.

Justin Sullivan/Getty Images

National Security

The risky legal strategy behind Edward Snowden's flight to Hong Kong

With his decision to flee to Hong Kong, Edward Snowden, the whistleblower behind the bombshell leak that exposed a highly classified U.S. intelligence program, has taken a serious legal risk, one that may very well result in his extradition to the United States to face charges.

Though formally under Chinese sovereignty, Hong Kong maintains its own extradition agreement with the United States. And if Snowden is to avoid being sent back to the United States (Republican lawmakers are already calling for his extradition), he may have to convince a judge that he is being persecuted for his political beliefs.

In doing so, he is taking a huge gamble. In 1997, the British government handed over sovereign control of Hong Kong to China, and just prior to the transfer the Clinton administration negotiated -- with the consent of Beijing -- an updated extradition treaty with Hong Kong. That agreement includes a provision allowing either side to deny an extradition "if the offence of which that person is accused or was convicted is an offence of a political character." 

Crucially, the agreement between the United States and Hong Kong does not define what constitutes a political crime, and according to Julian Ku, a professor of international law at Hofstra University, there is scant precedent in Hong Kong to indicate how its courts would rule on the question of whether Snowden's prosecution would be "of a political nature."

"Obviously, he's in a better position than if he had committed murder, but [the legal strategy] is not necessarily a winner for him," Ku says.

The United States and Hong Kong have a long-standing and successful relationship in exchanging suspects. If U.S. prosecutors and diplomats are able to cast his indictment as an ordinary criminal prosecution, the courts are likely to approve his extradition.

The Snowden leaks have now been referred to the Justice Department, and U.S. prosecutors have several options available to them. According to Ku, prosecutors may avoid charging Snowden under the Espionage Act -- which could be considered a political prosecution by courts in Hong Kong -- and indict him under a different statute.

Among the crimes listed on the U.S.-Hong Kong agreement as within the bounds of extradition, one offense in particular stands out: "the unlawful use of computers." 

"My best guess is that if the U.S. government makes the request and they're smart about it, the courts have a hard time finding it as a political offense," Ku says.

In short, Snowden's legal strategy depends on convincing a judge that he is the victim of political persecution, a legal strategy that has little precedent in Hong Kong (Reuters, which notes that Hong Kong authorities can hold Snowden for 60 days while U.S. officials prepare a formal extradition request, reports that Snowden could also argue that his alleged criminal act is not considered a crime in both countries). Taken together with the fact that Snowden could have fled to a country without an extradition treaty with the United States -- or followed in the footsteps of Julian Assange and sought asylum in Ecuador -- Snowden's decision is extremely perplexing. 

Snowden's flight to Hong Kong has added a geopolitical dimension to his case and sparked speculation in the media that his fate will be decided by Beijing. Unfortunately, this speculation may be based on a misreading of the extradition agreement. While the treaty includes language that allows both Hong Kong and the United States to decline extradition for reasons relating to "the defence, foreign affairs or essential public interest or policy" of China and the United States, it appears to state that this exception only applies to the extradition of American citizens to Hong Kong and Chinese citizens to the United States (see Article 3). 

This language has been used to imply that China has the ability to bulldoze Hong Kong's court system, but the island's judiciary has consistently demonstrated a remarkable degree of independence, even after China's assumption of sovereignty over the territory. Not only is Hong Kong's judicial system modeled on the British system, but many of its judges are British holdovers.

The Clinton administration also expressly negotiated a new treaty with Hong Kong prior to the handover in order to maintain an important operational aspect of the island's sovereignty. In a letter to the Senate introducing the treaty, then-Secretary of State Madeleine Albright explained that extradition decisions would be made by Hong Kong's courts, not Beijing.

According to Ku, that promise has largely been delivered on, and there has been very little if any interference from Beijing on issues relating to extradition. Still, the temptation to interpret Snowden's potential extradition as a great power standoff in the making remains. Here's Josh Marshall with a nice summary of that argument:

[T]he decision to go to China inevitably colors his decision and sets up what could be a very uncomfortable diplomatic stand-off. I've seen people linking to the current US-Hong Kong extradition treaty. Call me naive but I think this is going to come down to how Beijing wants to play this. If they don't want a fight over this, Snowden's toast. If they like the optics of it, I don't think it matters what that extradition treaty says. China's a big enough player and the US has enough other fish to fry with the Chinese, that the US is not going to put the bilateral relationship on the line over this guy. And the Chinese might relish granting asylum to an American running from the claws of US ‘state repression'.

But before we get ahead of ourselves, consider a recent instance of China getting involved in Hong Kong's affairs. Late last year, Hong Kong's supreme court referred a case to Beijing involving a dispute over whether domestic workers should have residency rights there, launching a hail of criticism from liberals in Hong Kong. (Note also that China did not choose to get involved in the case but that it was referred to authorities in Beijing -- another unlikely step that, according to Ku, would probably have to be taken in order for Chinese officials to get involved in the Snowden case.)

Just as China is trying to repair relations with the United States, would it really want to poke Washington in the eye? Doing so could also provoke anger in Hong Kong -- and all in exchange for what might ultimately prove a hollow diplomatic victory and a stale source of information. That doesn't sound like smart politics.

Update: Snowden has said that he would like to seek asylum in Iceland, but according to Johannes Tomasson, a spokesperson for the Icelandic interior ministry, Snowden has not submitted an application for asylum there. Meanwhile, John McAtee, the senior information officer at the Hong Kong Economic and Trade Office in Washington, said in an email only that Hong Kong continues to monitor the story but would not comment on an individual case. 

The Guardian via Getty Images