The president delivered his National Security Agency speech today, which turned out to be better than expected for the intelligence community and all Americans desirous of protection against terrorism. I’ll start with three main takeaways and then get to some specifics.
First, this was the best defense of the NSA President Obama has given to date. He reiterated that “legal safeguards that restrict surveillance against U.S. persons without a warrant do not apply to foreign persons overseas. This is not unique to America; few, if any, spy agencies around the world constrain their activities beyond their own borders. And the whole point of intelligence is to obtain information that is not publicly available.” Even more pleasing to defenders of the NSA is Obama’s confirmation (emphasis added):
[N]othing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens.
To the contrary, in an extraordinarily difficult job, one in which actions are second-guessed, success is unreported, and failure can be catastrophic, the men and women of the intelligence community, including the NSA, consistently follow protocols designed to protect the privacy of ordinary people. They are not abusing authorities in order to listen to your private phone calls, or read your emails. When mistakes are made — which is inevitable in any large and complicated human enterprise — they correct those mistakes. . . .
In sum, the program does not involve the NSA examining the phone records of ordinary Americans. Rather, it consolidates these records into a database that the government can query if it has a specific lead — phone records that the companies already retain for business purposes. The review group turned up no indication that this database has been intentionally abused. And I believe it is important that the capability that this program is designed to meet is preserved.
That brings me to the second take: If all this is true there is no justification for tampering with the NSA at all. This is of course the giant contradiction at the heart of this issue. The president doesn’t want his administration to be blamed for preventing collection of the “dots,” in case of a terror attack (“if another 9/11 or massive cyber-attack occurs, they will be asked, by Congress and the media, why they failed to connect the dots”). However, he has to throw a sop to the left. He therefore embarks on changes in a program that actually doesn’t need much change at all. Moreover, his reiteration of the danger of terrorism makes a mockery of his insistence that he has ended wars. We are engaged whether we have troops on the ground in an ongoing war against jihadist terrorists, and he can’t wish that away. He is a wartime president, whether he takes that role seriously or not.
Third, as a former senior intelligence official previously told me, the intelligence community wants to collect as much data as possible and, if need be, put transparency, oversight, etc. on the backend. That is generally what the president did, although there is one obvious and stupid exception. He tells terrorists how to in effect launder their calls: “Because of the challenges involved, I’ve ordered that the transition away from the existing program will proceed in two steps. Effective immediately, we will only pursue phone calls that are two steps removed from a number associated with a terrorist organization instead of three.” Well, get ready for three-step terrorist communications. Really, was it necessary to spell that out?
Now let’s look at some specific concerns about the changes Obama did make.
Some proposals are innocuous. Making NSA court opinions available after the fact and with appropriate redaction really is no problem, for example. Others are more problematic. A former national security official explains, “Requiring prior FISA court approval for individual queries of the telephone metadata, which would severely hobble the flexibility and effectiveness of a program the president says is important for national security, fully lawful, and has not been abused.” In the past, security letters were sufficient, now there will be an additional judicial hoop to go through. Moreover, the judges aren’t really qualified to assess the security significance. This is why experts in the NSA, subject to after-the-fact reviews, are charged with plucking out data that need individual inspection.
What will get the most press no doubt is the effort to store bulk data with a third party, instead of leaving it in government hands. But before we get too excited, understand the president at this stage only wants to investigate what could be done. In fact, he sounds pretty skeptical:
Relying solely on the records of multiple providers, for example, could require companies to alter their procedures in ways that raise new privacy concerns. On the other hand, any third party maintaining a single, consolidated data-base would be carrying out what is essentially a government function with more expense, more legal ambiguity, and a doubtful impact on public confidence that their privacy is being protected.
During the review process, some suggested that we may also be able to preserve the capabilities we need through a combination of existing authorities, better information sharing, and recent technological advances. But more work needs to be done to determine exactly how this system might work.
Therefore, the step to be taken here is “more work.” Here, Congress can step in to statutorily confirm that bulk data should not be sent out to third parties but kept by the government where it can easily be accessible in the future. A real shift to sending all this material outside the government, I agree with the president, would raise more troubles than it solves.
The next concern includes extending some privacy protection to foreigners. Here again, Obama is contradicting himself (“safeguards that restrict surveillance against U.S. persons without a warrant do not apply to foreign persons overseas”). So why are we extending protections to the people who don’t legally have them and pose the greatest threat? You got me. The language is maddeningly vague on this point: “I have taken the unprecedented step of extending certain protections that we have for the American people to people overseas. I have directed the DNI [Director of National Intelligence], in consultation with the attorney general, to develop these safeguards, which will limit the duration that we can hold personal information, while also restricting the use of this information.” I’ve got no idea what that means, but giving foreigners any additional shield from surveillance is both unnecessary, as the president said, and unwise. The former national security official with whom I spoke told me, the president may be “threatening to cripple our intelligence capabilities by . . . [e]xtending the privacy protections governing U.S.-person information to non-U.S.-person information, wherever in the world it is acquired (including restrictions on retaining and disseminating information about foreign persons, including possible terrorists, and restrictions on acquiring information overseas about non-U.S. persons based on ethnic and religious considerations, etc.).”
To sum up then, the radical anti-NSA crowd got very little here, but because there are a lot of “work on it” and things needing further review, it is hard to see how some of this will pan out. Is Obama simply stringing the civil liberties crowd along or is he really going to tie these programs up in knots down the road? The good news is two-fold. First, very little changes immediately. And, second, because of that Congress has time to act, formalizing oversight after the fact but making certain we don’t needlessly ship bulk data around to third parties and/or give foreigners a blanket of protection that is unneeded and dangerous.