Charlie Savage Responds to My Critique

Charlie Savage of the New York Times writes in response to my post this morning critiquing his story yesterday:

Dear Ben:

Thank you for letting me respond to your critique on Lawfare. I’d like to make three points that show, I think, why your analysis of our article (“embarrassing blunder” “not careful” and “not good work”) boomerangs upon your own post.

You purport to describe this story as “breathlessly” presenting as “a scandal” the news that the Obama administration has secretly expanded the N.S.A.’s warrantless surveillance program for cyber targeting of foreign government hackers. This purported framing is the premise upon which most of your sarcasm hangs. It is a false premise.

The real-world article does not say or imply anywhere that the NSA’s activities are illegal or an abuse. It does not quote anyone saying they are outrageous or scandalous.

The article instead frames this news via a transparency critique—from its opening clause, to its only quote by an analyst, to its closing quote from Obama. Indeed, it brings up the context of the “unprecedented cyberattacks on American financial institutions, businesses and government agencies,” while showing that the expansion of the program to combat such threats raises certain policy dilemmas about what the rules should be (especially for access to hacker victim data—fair game for querying or off limits) that merit public debate in a democracy.

In short, your snark depends upon a straw man and a distortion.

Noting that the phrase “FISA Amendments Act” does not appear until the 14th paragraph, you contend that readers will think, through the 13th paragraph, the following: “Wow. Yet ANOTHER warrantless wiretapping program DIRECTED AT AMERICANS.” (emphasis added). The first part of this analysis is unpersuasive, and the second part is indefensibly false.

Will readers not understand this is 702 until the words “FISA Amendments Act” appear? Will they think it is “another” program? No.

Starting with the first sentence in the story, we describe this as an expansion of the NSA activity that readers already know exists: the extremely famous program which sifts through one-end-domestic, one-end-foreign communications traffic, on U.S. soil and without warrants.

One can write jargon terms like “the 702 program” or “the FISA Amendments Act of 2008” high in a post on Lawfare because your readers are specialists. In a general-readership publication like The New York Times or ProPublica, we say the NSA’s “warrantless surveillance program” or “warrantless wiretapping program.” This descriptive moniker means only the FISA Amendments Act Section 702 program (or, if an earlier time frame, the StellarWind content basket). One would never call, for example, 12333 surveillance activities abroad “the NSA’s warrantless wiretapping program,” even though they also do not involve warrants.

So, no, no reasonable reader will think this is “another” program rather than an expansion of the one they’ve been reading about for almost a decade, any more than if they read “the Afghanistan war” rather than “Operation Enduring Freedom,” they would think there must be some whole other war going on.

Will readers think this program is “directed at Americans?”

That would be remarkable because we emphasize no fewer than five times before graph 14 (which does it again) that this is directed at foreigners:

• graph 2 (“hunting…. for data linked to computer intrusions originating abroad”);
• graph 3 (IP addresses and cyber signatures “that it could tie to foreign governments”);
• graph 6 (“shield Americans from the increasingly aggressive activities of foreign governments”);
• graph 11 (quoting ODNI spokesman saying “targeting overseas individuals”); and
• graph 12 (“the N.S.A.’s warrantless surveillance program, which allows the government to intercept Americans’ cross-border communications if the target is a foreigner abroad”).

Sincere question: can your articulate any defense for your claim that the story implies that the cyber surveillance is directed at Americans through the 13th graph?

Finally, you ho-hum the implications for this expansion on the existing debate over backdoor search rules. Specifically, you state that the privacy implications of using 702 for cyber turns out to involve “nothing more than incidental collection of the type that always takes place when NSA collects against foreigners abroad.” You are wrong.

The type of incidental USP collection the public has debated until now in the context of 702 has consisted almost exclusively of singular communications intercepted when an American talks to or about a targeted foreigner. But hacker victim incidental collection instead routinely involve gigabytes of USP private data looted from an American computer at a shot, copied as it flows back to the hacker’s IP address. It is, moreover, the information of Americans who have no link whatsoever to a foreigner who has been targeted for intelligence collection.

For example, had the NSA or FBI been targeting the Chinese hackers who apparently downloaded from OPM the personnel files of 4 million current and former government employees, that one single hack would have resulted in all those personnel files now also being queryable for unrelated foreign intelligence (NSA) and law enforcement (FBI) investigations for the next five years, under their standard rules for 702 upstream (NSA) and FISA Title I (FBI) minimization—rules that were not written with cyber-oriented surveillance in mind.

When you get around to doing your own analysis of the documents, as you acknowledge not yet having done at the end of your piece, I would suggest that you spend some time considering in particular the spotting of this very issue, with concern, by the NSA’s own office of general counsel. The OGC chose not to make its recommendation into a rule. Should it be one? Perhaps this is not a question to be answered, in a democracy, behind closed doors.

Thank you for letting me respond to your critique here.

Charlie

I will respond to this in detail in the days to come.