Facts and Fears
Page 31
For the next forty days, Snowden and Harrison lived and slept in the no-man’s-land of the Moscow airport, unable to leave or enter Russia, as the world’s diplomats decided their fate. On Tuesday, June 25, Secretary of State John Kerry asked the Russian government to extradite Snowden. On Wednesday, Putin refused. Under pressure from the United States, the government of Ecuador revoked its offer of safe passage and asylum. A host of other nations followed suit, and many more skirted the issue by declaring that he’d have to be present on their soil before they’d consider the matter. On July 3, based on a false tip that Bolivian president Evo Morales was smuggling Snowden out of Moscow, France, Spain, and Portugal refused to let his plane transit their airspace. It landed in Vienna, where it was held overnight for a fruitless and embarrassing twelve-hour search. Several Latin American nations showed their displeasure at this insult by offering Snowden asylum. He instead requested asylum in Russia. Putin responded that before he’d grant it, Snowden would have to stop “harming American interests.” I got the feeling Putin was really enjoying this. Snowden rescinded his appeal. On July 8, the Guardian posted more of Greenwald’s interview with him, during which he predicted that the US government would “say I have committed grave crimes; I have violated the Espionage Act. They are going to say I have aided our enemies.” Finally, on August 1, Snowden was granted temporary asylum by Russia. He walked out of the airport and into his new life in Moscow.
The media reporting on the leaks had continued during Snowden’s time at the airport. The Guardian and the Washington Post published stories claiming, among other things, that the US government had bugged the offices of the European Union in New York, Washington, and Brussels; that we were spying on thirty-eight foreign embassies; and that we were reading millions of emails and text messages of innocent German citizens, at which point the German magazine Der Spiegel joined in printing the leaks. Together, the three media outlets released stories claiming the United States was spying on the citizens of Brazil, Venezuela, Colombia, Argentina, Panama, Ecuador, and Peru. On July 10, the Washington Post published what was purported to be an NSA graphic showing how the agency gained physical access to fiber-optic cables. I couldn’t fathom how this supposed revelation could benefit anyone except adversarial intelligence services. Other stories claimed the intelligence services of Australia, New Zealand, and Germany were complicit in the US crimes, and that the United States paid GCHQ in the United Kingdom to conduct activities that were illegal under US law. On July 20, when UK authorities came to the Guardian offices with a warrant to seize the electronics given to them by Edward Snowden, the paper dramatically destroyed all of its equipment, saying they had copies of all the files safely somewhere outside the UK.
I spent a great deal of time in classified briefings on Capitol Hill and on secure phone lines with my foreign counterparts, refuting many of these claims from the leaks, while Stephanie O’Sullivan continued to focus on the IC workforce. At an event largely attended by IC employees, Stephanie captured what we were all feeling about Snowden:
It’s been clear that neither he—nor the reporters he gave these to—understood what they were looking at. A story early this month claimed that we had collected seventy million French telephone calls in a month. Those seventy million calls were in fact collected by the French intelligence service, outside of France, in furtherance of mutual counterterrorism and force protection concerns, and provided by the French intelligence service to us. But until the truth was leaked to the Wall Street Journal, we couldn’t correct this publicly, because we’d damage sensitive intelligence relationships.
That’s the kind of problem we face. Most of the stories that have sprung from the leaks have focused on our considerable raw-technical capabilities. They lay out our sources and methods; and what the Washington Post reports, al-Qaida knows. It’s gotten to the point where, I pick up the paper in the morning, and I read an article with details that would have horrified me eight months ago. And now, I think, “Well, this isn’t—so—bad.”
By the end of June we’d decided we would respond to the leaks as an integrated community, much as we’d responded to the first round of budget cuts. In doing so we would add a new word to the Intelligence Community lexicon—“transparency.” As someone who had been in or around the intelligence business for the better part of seven decades, transparency felt “genetically antithetical” to me. But we knew we couldn’t continue to counter the narrative just by reflexively saying, “No comment,” or “That’s not true,” particularly because—and this apparently comes as a shock to some people—we did conduct surveillance, both on hardened adversaries and sometimes on our friends. We knew they collected on us too, as that’s what sovereign nations do to protect themselves and their interests.
As the summer wore on, I became fond of quoting Captain Renault from the movie Casablanca, when he walks into the casino and declares, “I’m shocked—shocked—to find that gambling is going on in here!” Yes, we were spying, but we were complying with US law, with the full visibility of all of our oversight entities.
Through July and the first part of August, we worked through how we would be transparent about the matters we could be transparent about, and how we’d protect our sources and methods in a more targeted way. On August 9, President Obama announced at a White House press conference the four steps we were taking “to strike the right balance between protecting our security and preserving our freedoms.” First, he called for “reforms to Section 215 of the Patriot Act,” explaining, “This program is an important tool in our effort to disrupt terrorist plots, and it does not allow the government to listen to any phone calls without a warrant. But given the scale of this program, I understand the concerns of those who would worry that it could be subject to abuse.”
Second, he promised to “work with Congress to improve the public’s confidence in the oversight conducted by the Foreign Intelligence Surveillance Court.” Third, he called for more transparency, saying, “I’ve directed the Intelligence Community to make public as much information about these programs as possible. We’ve already declassified unprecedented information about the NSA, but we can go further.” At the end of this set of initiatives, he noted, “The Intelligence Community is creating a website that will serve as a hub for further transparency. And this will give Americans and the world the ability to learn more about what our Intelligence Community does and what it doesn’t do, how it carries out its mission and why it does so.”
His fourth announcement, “forming a high-level group of outside experts to review our entire intelligence and communications technologies,” went almost unheard in DNI’s public affairs office, as our social media manager, Michael Thomas, realized the president had just announced live on national television the Tumblr site he was in the process of building. He gaped at the TV screen, as Public Affairs Director Shawn Turner patted him on the back, asking, “So, how’s that website coming?”
We launched the Tumblr site, IC on the Record, on August 21, and by the end of September had declassified and published eighteen hundred pages of FISA court opinions. This wasn’t simply a pile of unclassified documents we’d been sitting on, or a collection of improperly overclassified papers, but actual classified court opinions, including requests for surveillance warrants. We knew our adversaries would see them, and that making them public, to some degree, posed a risk to national security. But we judged that if we didn’t take drastic steps like this, national security could be undermined more by the erosion of trust of the American public and its elected representatives.
The site went on to become a clearinghouse for all the agencies to publish declassified documents and to show whatever work they were doing that they could discuss, specifically that of our oversight committees and courts. Much of the success of that website is the result of a decision we made in late June that we weren’t going to release only documents that made us look good. Many of the first court opinions we published were
highly critical of our surveillance requests, forcing the IC to reconsider or significantly revise warrants before they’d issue them. A year and a half later, Tumblr featured the IC’s site as one of a select few “Big in 2014” websites in their annual review. Michael Thomas noted that we were right up there with “Lil Bub,” which led me to publicly observe what an honor it was for me, personally, to share the stage with a famous internet cat: “That’s how you know you’ve arrived.”
On August 21, as we were still scrambling to deal with the intelligence leaks, we obtained evidence that Syrian president Bashar al-Assad’s government had launched rocket shells loaded with the chemical weapon sarin gas into the Damascus suburb of Ghouta, a community where some people had expressed support for the opposition. Hundreds, perhaps thousands of civilians—many of them children—had died horrifically. Assad had learned from the mistakes that led to Gaddafi’s downfall and was keeping dissent in Syria in check with brutal force, in violation of international law and all standards of human decency.
The Intelligence Community’s response reflected lessons we’d learned in the decade since the Iraq WMD national intelligence estimate. We red-teamed the evidence, questioning our assumptions and assessing the limits of our analysis. When we presented our assessment, we clearly stated our confidence levels. We gave alternate explanations and highlighted the things we didn’t know. All the contributing “INTs”—SIGINT, GEOINT, HUMINT, and open-source—were validated and cross-checked.
Our assessment differed from the Iraq WMD report in another significant way. In 2003, the IC seemingly succumbed to pressure from the White House to find evidence of chemical and biological weapons sites. Because President Obama had previously declared that any use of chemical weapons would warrant US military action, in 2013 the White House would much rather we not announce we had proof that Assad and Syria had crossed President Obama’s famous “red line.” National Security Adviser Tom Donilon seemed to keep raising the evidentiary bar we needed to meet before he believed our reports, and we kept meeting each new challenge until I finally told his deputy, Denis McDonough, in a sidebar meeting at a Principals Committee meeting that we could no longer avoid telling Congress about what had become an elephant in the living room.
Everyone—Congress and even the UN—found our evidence to be compelling. Foreign ambassadors who were in attendance at Colin Powell’s 2003 speech on WMDs in Iraq told our analysts that the information the IC made available on Syria, the degree of transparency we afforded the international community, and our candor regarding the limitations of our data far exceeded what was provided in the run-up to Iraq.
At a Friday evening National Security Council meeting, DOD laid out the plans for a Tomahawk Land Attack Missile attack on Syria. When the meeting broke, the president went for a walk around the White House grounds, asking Denis to join him. That evening I got a call that President Obama would not order the attack without congressional authorization. I was surprised, but again, it wasn’t my place to agonize over such policy decisions, which are ultimately the president’s to make. His decision was widely panned by all sides, but cooler heads prevailed, and diplomacy accomplished what a TLAM strike could not.
As the flood of leaks continued I began to worry that sources and methods we might need for the next crisis were being exposed. In Snowden’s initial interviews, he’d said he’d personally reviewed all the documents he was giving to the reporters, and that they would only expose NSA’s abuses of Americans’ civil liberties. He then amended that to extend to the privacy rights of the world’s citizens. He finally acknowledged that the scope of the material he’d leaked went beyond those parameters, but repeated he’d personally reviewed them all to make sure no sources would be revealed that would compromise US security. It says a lot about Snowden that he thought he knew enough about how sources and methods were being used across the community that he could—unilaterally—decide what exposures would or wouldn’t cause damage.
On August 29, the Washington Post published an article and a leaked document that demonstrated Snowden had not, in fact, made an effort to protect intelligence sources. The Post, to their credit, called ahead of publication to inform us that they had the entire 2013 IC Congressional Budget Justification Book. As I’ve explained, the CBJB is the annual report to Congress that describes in detail the full extent of intelligence capabilities, essentially detailing what we’d done with the money that had been allocated to us and justifying our requests for the following year. It went into specifics about many programs—how they worked, what results they produced, and the effect they had on national security. It covered how we protected our forces from insurgent attacks and how we assessed adversarial leaders’ intentions. It explained how we monitored proliferation of weapons of mass destruction, including in Iran, North Korea, and Syria. It contained, in short, the full expanse of how the US conducts intelligence.
The Post contacted my office, they explained, because they intended to publish this document and wanted to confirm that it would not cause grave damage to national security. In the conversations that followed, I learned that the editors at the paper had a very different understanding of “grave damage to national security” than the practitioners of national security did. Their focus was short-term and tactical; ours was long-term and strategic. While they didn’t want to release material that might directly and immediately result in someone’s death, they didn’t seem concerned about exposing programs that would cause us to lose our ability to collect and exploit intelligence over the long term. After a short negotiation, which mostly involved my pleading from the national security perspective, the Post published most of the CBJB. The accompanying article included subheadings including “High-tech surveillance,” “Counterintelligence,” and “Critical gaps”—areas we’d identified to Congress as being where our collection capabilities were lacking and where adversaries could operate with little opposition.
Snowden changed his story yet again, saying that he’d given materials he knew could be damaging to reporters, not to WikiLeaks, because he trusted that as journalists they’d serve as curators and would release only information that related to civil liberties and not that involved security functions. The Post’s publication of the CBJB revealed just how naïve that notion was, if he ever actually believed it. Months later, in January, the New York Times, with which the Guardian had decided to partner, displayed another way in which trusting journalists to protect secrets was naïve. The Times published a story with a highly classified document that they’d redacted to protect the names of human sources in Iraq and the method we used to surveil al-Qaida in Mosul—the group that would become the Islamic State. The problem was that the Times did such an amateurish job of redaction that the internet very quickly figured out the actual names and the technical methods. I can’t reveal what happened to the human sources, but that method of surveillance was gone to us.
There were many losses we never publicly acknowledged, but I want to point out a particularly important one. In February 2014, Glenn Greenwald started his own online publication, The Intercept, to capitalize on the Snowden leaks. That spring The Intercept staff called to say they were working on an article about how the United States was sweeping up every cell-phone call in two nations, the Bahamas and Afghanistan. We asked them not to publish either, but gave them a compelling enough reason to not release the Afghanistan information. On May 19, The Intercept published “Data Pirates of the Caribbean,” which merely mentioned that there was another country in which all cell calls were being collected. Almost immediately Julian Assange and WikiLeaks announced they knew what the other country was and demanded that The Intercept divulge its name. When Greenwald refused, Assange published through WikiLeaks on May 23 that the second country was Afghanistan.
At the time I couldn’t reveal what program we’d lost as a result, but in September 2015, I declassified it and said in a public speech that what they’d exposed was what the US Command
in Afghanistan regarded as “the single most important source of force protection and warning for our people” there. Specifically, I explained that it provided warning of impending IED attacks, and “the day after he wrote about it, the program was shut down by the government of Afghanistan.” Intelligence losses are typically experienced as second- and third-order effects, such as an intelligence gap that didn’t enable us to put two pieces of information together. The loss of the Afghan program had more immediate consequences.
Those first few months of leaks—June through September—were among the most difficult of my career. Not only were we witnessing our intelligence advantage erode and losing valuable sources, but we were also being vilified by the press and experiencing the people we served turn on us. In the meantime sequestration was not only eroding our capabilities but restricting us from using funds in ways that might have helped blunt the damage from Snowden.
At the same time, nations we considered our friends were concerned that we were spying on their citizens—which we weren’t—and our closest intelligence partners were questioning whether we could still be trusted with their secrets, or if more Snowdens were poised to expose their activities to the world. By the end of the summer, the companies we’d relied on for help—particularly in telecommunications—had decided that, no matter how dire the situation was, they had to make a choice between patriotic duty and what would happen to their bottom line if customers believed their data or conversations were no longer secure, an issue some believed impacted the viability of their company.