The administration’s nominee to become the next director of the National Security Agency said he backs President Obama’s call to move the mass gathering of Americans’ phone records out of the government’s hands but would oppose an end to the bulk collection of such data.
“I support the president’s decision to shift that from the National Security Agency,” Vice Adm. Michael S. Rogers told the Senate Armed Services Committee at a confirmation hearing Tuesday.
But, he said, some form of bulk collection can be preserved “that ensures the protection of our citizens while also providing us insights that generate value” in finding clues to terrorist plots and networks.
Rogers, 54, also pledged to be as transparent as possible in explaining to the nation what the NSA is doing and why as it penetrates foreign networks and gathers vast amounts of electronic communications — including from U.S. companies — to obtain foreign intelligence.
The agency is undergoing its worst crisis of confidence after nine months of disclosures by former NSA contractor Edward Snowden about its surveillance activities. Restoring trust in the six-decade-old agency is Rogers’s first task, he said.
“One of my challenges as the director, if confirmed, is how do we engage the American people, and, by extension, their representatives, in a dialogue in which they have a level of comfort as to what we are doing and why?” he said. “That is no insignificant challenge for those of us with an intelligence background.”
He suggested that the best compromise is to address “how we do things and the specifics” in classified sessions but to speak publicly “in broad terms in a way that most people can understand” about the why.
“I would try to ensure a sense of accountability in what the National Security Agency does,” he said. “It’s a mission that involves a tension in our society, given the fact that the fundamental rights of the individual are so foundational to our very concept of a nation.”
But, he said, “we should never forget that there’s a threat out there that aims to do us harm.”
One of the most significant steps the administration is taking to rebuild trust involves the NSA collection of phone records, a program that gathers and analyses data on phone calls such as date and time but not content. Rogers said any alternative should accommodate the need for “speed, the ability to query the data in a way that both protects the rights of the individual but also enables us to get answers in a quick, reasonable time period.”
Regardless of whether the phone companies or a third party holds the data, he said, referring to the two main options, “we could make either scenario work.”
In written responses to committee questions, he said that the third-party option would probably incur “greater expense” and that the phone-company option might require a data-retention mandate.
Rogers, who heads the Navy’s Fleet Cyber Command, has also been nominated to head U.S. Cyber Command, the Pentagon’s cyberwarfare arm, which shares headquarters space with the NSA at Fort Meade, Md.
The Navy officer, whose career spans more than 30 years, acknowledged that the unclassified Navy computer network was penetrated last year on his watch. The intrusion was carried out by an Iranian actor, Navy officials have said privately. Although no information was stolen and no hardware or data destroyed, the hacker was able to remain in the system for several months, officials said.
Rogers called the intrusion “significant” and said he used it as an opportunity to “drive change” by undertaking a comprehensive effort to improve Navy network security.
The outgoing NSA director, Gen. Keith B. Alexander, said in a hearing last month that a cyberattack that destroyed a government network or affected the government’s ability to operate “crossed that line” into an act of war. Rogers said he agreed with Alexander’s characterization but did not believe that line had been breached in U.S. networks.
He also stressed that policy-makers are still working through such issues and that defining an act of war depends on the circumstances of each case. One clear tenet, he said, is that international law applies in cyberspace and guides the military’s actions.
Rogers said cyber legislation to enable exchanges of threat data between the private sector and government, as well as to set standards for critical industry systems, was necessary. “It’s only a matter of time, I believe, before we start to see more destructive activity,” he said. “And that, perhaps, is the greatest concern of all to me.”
Rogers also said that cyber-
operations were taking place in Ukraine, where news reports last week described Russian forces as jamming cellphones and disrupting Internet connections. But he did not comment on which government was responsible.
Rather, he said, “cyber will be an element of almost any crisis we’re going to see in the future.”