Why you should care
Because we might have just lost some security.
The author, deputy director and acting director at the CIA during 2000–04, teaches at the Johns Hopkins School of Advanced International Studies.
The long-running dispute is over: Congress has passed a new incarnation of the Patriot Act. So what has changed in the new version? And what does it say about the place of intelligence in our society, and about the future of counterterrorism?
As most people know by now, the National Security Agency (NSA) has been gathering the metadata of American phone calls — meaning the “externals” of a call: what number called what other number, when the call was made, how long it lasted. Contrary to popular belief, this does not include the content of what people are saying on the calls or the names of people calling. To even get a whiff of this data up close, the NSA needed permission from the Foreign Intelligence Surveillance Court — and that court even had to approve the foreign numbers NSA thought to be terrorist-related. If the NSA got a “hit,” it typically turned that over to the FBI, where they ran through a whole new set of approvals and a separate new court order before being allowed to look deeper. The demonized program was not illegal; its inner workings and scope were merely secret — until Edward Snowden leaked it two years ago. And in all the ink spilled since then, no one has documented abuses in the program.
It will make it harder for intelligence officers to do their work.
So what did Congress change? All of the approvals are still required, but the government can no longer gather or hold metadata — it will now remain with various phone companies. The NSA will have to take its court orders to the phone companies to get access. It’s not yet clear how this will work or even if the companies are legally obliged to keep the data. The new process will be more cumbersome and time consuming. Simply put, it will make it harder for intelligence officers to do their work. We have traded a bit of our security for a bit more privacy — a dubious bargain.
Opponents of the NSA’s work say it didn’t stop any big terrorist plots. But successful intelligence seldom produces big “Hollywood moments” — it’s hard to see what you made not happen. Such a program was just one tool — one crucial tool — that intelligence officers used to build mosaics and unravel various mysteries.
Many of us who were in government in the months just after 9/11 are convinced that, had we had the authority then to do what NSA was later authorized to do, we would have been able to identify and apprehend some al-Qaida operatives in the U.S. In fact, before 9/11, we were hot on the tail of a Middle Eastern telephone number thought to have been associated with al-Qaida. But we had no authority to act.
All this is an old story in the annals of American intelligence: Americans are less willing than most countries to sacrifice a modicum of privacy in favor of safety. In 1929, for example, Secretary of State Henry Stimson declared that “Gentlemen do not read each other’s mail,” as he cut his department’s funding for America’s first cryptanalysis organization — the so-called Black Chamber. Contrast this with countries more accustomed to intelligence such as France, which, in the 16th century, had a “cabinet noir,” an organization housed within the post office that was tasked by the king precisely to read people’s mail. So it’s no surprise that France has recently adopted massively intrusive surveillance measures, with nothing like our judicial oversight, in the wake of the Charlie Hebdo massacre.
But in the U.S., trust in government is a rare commodity, making it exceedingly difficult for many legislators to generate the political will to keep some necessary security measures alive. The NSA controversy broke at a time of unprecedented distrust in government in general in the U.S. Pew surveys show Americans’ trust in government falling from 73 percent in 1960 to as low as 19 in this decade.
It seems that our concern over our own space, though, goes one way: We are more troubled by the government’s handling of our data than the private sector’s. You don’t have to look far to find examples of this: A Senate Commerce Committee report revealed a number of companies gathering information on financially vulnerable people and selling it to firms trying to push financially risky products to low-income consumers. Another firm sells names of rape victims and HIV/AIDS sufferers — $79 for 1,000 names. Still other firms can sell your info to cybercriminals specializing in fraud and identity theft. These companies have little or no regulation, unlike the multiple congressional committees and judicial officials who oversee the NSA. Isn’t this the real scandal?
Shortly after the Snowden furor started, I predicted how it would all shake out. I said we would see a prolonged controversy during which NSA’s activities would be spelled out in graphic detail in public. Eventually, the country would get more comfortable with it, and the basics of the program would be reauthorized under a “more consensus-based” legal regime. That’s about what’s happened. We are all a lot more educated and sophisticated about how our intelligence system works.
But so are the bad guys. And there’s no having it both ways.