Power, Secrecy, and Intelligence Oversight

Americans deeply distrust power and secrecy and are right to do so.  Intelligence agencies are powerful and secret---but necessary. Reconciling these propositions is a fundamental task in a democracy. We accomplish it only when the rules under which the agencies operate are approved by the Congress after public debate, when the operational details are kept secret, and when we have a robust oversight apparatus to give us comfort that the rules are being followed. So how are we doing? We have supposedly learned three things in recent days. First, that the National Security Agency, under orders of the Foreign Intelligence Surveillance Court, systematically collects call records in the country.  Second, that NSA, under orders of the same court, also collects the contents and records of foreigners’ communications touching the U.S. And third, that our military actually makes contingency plans to fight a cyber war if push came to shove. Let’s dispose of this last item first.  It is the military’s job to be prepared.  If they were not preparing for a cyber war contingency, they’d be derelict.  Few military issues have had a more vigorous public airing recently.  The only news here is that a low-level contract employee saw fit to release top-secret military planning documents.  Only the perpetually dyspeptic will regard this crime as a public service. As for intelligence collection, members of the public who haven’t been paying attention now know two things that those who were paying attention have known for some time:  First, that telephone companies keep call records, that the government has the legal ability to obtain and store those records and does so, and that those records are not protected under the Fourth Amendment’s warrant requirement.  Call records show such things as whom you called, when and for how long.  Unlike contents of a call or letter, they’re not constitutionally protected because they are like the information on the outside of an envelope, which lots of people can see and are thus not private. What may be genuinely surprising in some quarters, however, is that this collection can occur under the Foreign Intelligence Surveillance Act.  For that to happen, at least one, and probably several, federal judges had to approve the arrangement, and so did the House and Senate intelligence committees.  That’s because even though NSA can collect the data, it cannot review it without FISA approval, based on a specific need. Why is this necessary?  Because if we find someone associated with a terrorist network operating in this country, we cannot roll up that network without knowing whom that person has already been talking to.  Hence the need to examine historical data.  At that point, the Justice Department (not the NSA) goes to the FISA Court, explains the situation, and gets a specific approval. The second thing we supposedly learned about intelligence collection is that NSA collects foreign communications from U.S. carriers even if the communications involve Americans---but only if the FISA court approves how it’s done.  (Americans cannot be targeted without specific approval.)  Previously there was no disagreement that NSA could collect information that touched our shores if NSA collected it overseas, but it was forbidden to collect it here.  This rule did not protect privacy.  It simply governed the place where collection could be done.  We were telling NSA, you can collect these communications if you do it the hard way---overseas.  But you can’t do it the easy way, here at home.  Not to mince words, this was idiotic.  That’s why Congress changed the rule after vigorous debate when it reauthorized FISA in 2008. The President has welcomed a public debate on these arrangements, but let’s not kid ourselves that they are news. And let’s not kid ourselves about something else:  Given the current danger, no President and no Congress will fail to operate programs like these. They have been effective. And after a bomb goes off, no President and no Congress will be able to explain why such programs were halted. A large majority of Americans understands this. This brings us to the last question:  Are the rules being followed?  If we want to actually do something to limit governmental intrusion in our lives, this is the rub. The United States has the most expensive, elaborate, and multi-tiered intelligence oversight apparatus of any nation on Earth.  We have well staffed intelligence committees in the House and Senate.  The National Security Division of the Justice Department rides herd on the intelligence agencies.  The FISA Court gets detailed reports of collection under its orders.  NSA has a robust compliance organization.  It also has an inspector general with wide powers operating outside the chain of command.  None of our European allies controls intelligence activities with comparable rigor. When I became NSA inspector general in 2002, my office had been examining collection rules and the training program for collectors and analysts.  It assumed that if the rules were compliant with law and if the training was good, the rules were being followed.  I rejected that approach, and my office began to audit actual collection practices.  This practice---and only this practice---can assure the public that the law is obeyed, and it should be designed into every sensitive collection program.