A Three-Post Reaction to the Surveillance Review Group Report

Over the past week and a half, writers on this site have provided comprehensive and detailed summaries of the surveillance review group report, along with some observations and assessments, as well as sharper critiques. Today, Lawfare is running the first of three posts summarizing my reaction to and observations about various aspects of the report. The first post, below, focuses on the review group’s missed opportunity to provide information about its methodology and process, calling into question its credibility and reliability. The next post will focus on a few of the major themes of the report. And the third post will focus on what may be the report’s most valuable takeaway. (Teaser: it may not be what you expect). Part I: Is the Surveillance Review Group Report Credible? Probably yes, but the review group did next to nothing to demonstrate why anyone, let alone the President, would make important national security policy decisions based upon its recommendations. In these types of reviews, there is some sort of process by which the review takes place. Often, reviews follow general practices similar to that of an investigation: records and briefings are received, documents are reviewed, interviews are conducted. Then, the reports are drafted, commented on, re-drafted, and finalized. In investigations conducted more formally by Inspectors General, for example, the agency or entity subject to the review is provided a draft of the report for comment and response. Other times, review groups may include dissenting written views of one or more of the members, or indicate whether recommendations were arrived at unanimously or by majority. In the case of this review, however, the report provides little in the way of informing the reader or recipient of the report what the review group did in order to inform its decision-making process. The review group makes a number of substantive recommendations that could have dramatic consequences for national security policymaking and foreign intelligence collection. I found myself searching for answers to a variety of process-related questions, such as: what types of intelligence or internal agency reports did the group review? How many? How many briefings did they receive? How much time did they spend at the agencies? Did they review how minimization works? Did they observe any oversight sessions? Did they meet with leadership or mid-level and/or working level operators? How did the group members deliberate? Were there dissenting views on the recommendations or were they unanimous in all 46 recommendations? In short, what was their process, and was it sound? The issue of how the review group conducted its assessment was lightly flagged in a December 19th Washington Post article that stated, “[a]s part of their initial research, members of the review panel spent a day at NSA headquarters in Fort Meade, Md.” [emphasis added]. I was so stunned that the group reviewing NSA surveillance activities spent only one day at NSA during the course of its review, that I thought it could not possibly be true. So I checked. According to the Executive Secretariat of the Review Group:

“The Review Group spent one full day at NSA. It also met multiple times, with a range of NSA personnel, over the span of three months at its secure facility in Washington. NSA and other agencies supplied staff to support Review Group efforts. The Review Group sent multiple requests for information to NSA and NSA responded to all these requests in a timely fashion.”

Based on this response, it sounds as if, basically, the NSA provided the review group with whatever information it wanted. But it would have been helpful to know more about what fact-finding the group did do. And it still leaves me with a nagging feeling that the group did not get as good a sense of NSA as it could have by spending more time on site. As far as I can tell, the only indication of the review group’s process is provided in Appendix F: Review Group Briefings and Meetings. This, too, provides an indication that the review group may not have conducted as informed a fact-gathering process as it could have. Although all of the relevant current government stakeholders appear to be represented, I would have thought the group might have wanted to hear from former Intelligence Community agency heads who may have been able to provide important insight into the last decade of counterterrorism and intelligence reform efforts; views that could have been more freely shared now that those officials are no longer in government. For example, although the report makes serious and consequential recommendations to chop NSA into parts, including decoupling the role of NSA Director and leading Cyber Command, no former NSA director was interviewed. Nor were any of the three prior DNIs. Or former Defense Secretaries. Neither of the former FBI Directors were interviewed either; which may have been useful given the report’s odd detour into national security letter authorities (which are not surveillance laws at all). Although the report makes recommendations about the appointment of FISC judges, only one former judge of the FISC was interviewed. Given the consideration of the FISC’s role, adding a public advocate, and the Chief Justice’s selection process, it may have been useful to hear from additional voices from the judicial branch, including more former FISC judges, other former federal judges, and/or a representative from the Administrative Office of the United States Courts. Any one of these omissions could matter; all of them together may raise the appearance of a flawed process. Mr. Morell’s Washington Post op-ed this past Sunday unfortunately only casts further doubt on the review group’s deliberative process. How could it be, that despite the report’s statement (at p.119) that, “[w]e recommend that this program should be terminated as soon as reasonably practicable,” one of the five members “would expand the Section 215 program,” and held the view that the 215 bulk telephony metadata program “would likely have prevented 9/11,” and “has the potential to prevent the next 9/11,” and yet, apparently, the group never discussed these ideas or his views? In short, process matters, and, although I believe the review group did its job with seriousness of purpose and in good faith, the group missed a huge opportunity to support its findings with a record demonstrating thorough review. Absent a summary of its process, the group opens itself up to criticism that its recommendations are less the result of a rigorous review, and more the interesting intellectual observations of a few smart guys who were reasonably well informed.