by Fred Kaplan
Clarke’s critics, whose numbers were legion, scoffed that he was just drumming up publicity. His new book, Against All Enemies: Inside America’s War on Terror, had hit the bins the previous Friday, trumpeted by a segment on CBS TV’s 60 Minutes the Sunday night between the release date and the hearing. When it soared to the top of the best-seller charts, critics challenged his claims that, in the months leading up to 9/11, Bush’s top officials ignored warnings (including Clarke’s) of an impending al Qaeda attack and that, the day after the Twin Towers fell, Bush himself pressed Clarke to find evidence pinning the blame on Saddam Hussein to justify the coming war on Iraq. But Clarke, always a scrappy bureaucratic fighter, would never have opened himself to such easy pummeling; he knew the documents would back him up, and, as they trickled to the light of day, they did.
All along, though, Clarke retained his passion for cyber issues, and six years later, he wrote a book called Cyber War: The Next Threat to National Security and What to Do About It. Published in April 2010, it was derided by many as overwrought—legitimately in some particulars (he imputed cyber attacks as the possible cause of a few major power outages that had been convincingly diagnosed as freak accidents or maintenance mishaps), but unfairly in the broad scheme of things. Some critics, especially those who knew the author, viewed the book as simply self-aggrandizing: Clarke was now chairman of a cyber-risk-management firm called Good Harbor; thus, they saw Cyber War as a propaganda pamphlet to drum up business.
But the main reason for the dismissive response was that the book’s scenarios and warnings seemed so unlikely, so sci-fi. The opening of a (generally favorable) review in The Washington Post caricatured the skepticism: “Cyber-war, cyber-this, cyber-that: What is it about the word that makes the eyes roll? . . . How authentic can a war be when things don’t blow up?”
It had been more than forty years since Willis Ware’s paper on the vulnerability of computer networks, nearly thirty years since Ronald Reagan’s NSDD-145, and more than a decade since Eligible Receiver, the Marsh Report, Solar Sunrise, and Moonlight Maze—touchstone events in the lives of those immersed in cyberspace, but forgotten, if ever known, to almost everyone else. Even the Aurora Generator Test, just six years earlier, and the offensive cyber operations in Syria, Estonia, South Ossetia, and Iraq—which had taken place more recently still—made little dent on the public consciousness.
Not until a few years after Clarke’s book—with the revelations about Stuxnet, the Mandiant report on China’s Unit 61398, and finally Edward Snowden’s massive leak of NSA documents—did cyber espionage and cyber war become the stuff of headline news and everyday conversation. Cyber was suddenly riding high, and when Obama responded to the ruckus by forming a presidential commission, it was only natural that Clarke, the avatar of cyber fright, would be among its appointees.
* * *
On August 27, the five panelists—christened, that same day, as the President’s Review Group on Intelligence and Communications Technologies—met in the White House Situation Room with the president, Susan Rice, and the heads of the intelligence agencies. The session was brief. Obama gave the group’s members the deadline for their report—December 15—and assured them that they’d have access to everything they wanted. Three of the panelists were lawyers, so he made it clear that he did not want a legal analysis. Assume that we can do this sort of surveillance on legal grounds, he said; your job is to tell me if we should be doing it as policy and, if we shouldn’t, to come up with something better.
Obama added that he was inclined to follow whatever suggestions they offered, with one caveat: he would not accept any proposal that might impede his ability to stop a terrorist attack.
Through the next four months, the group would meet at least two days a week, sometimes as many as four, often for twelve hours a day or longer, interviewing officials, attending briefings, examining documents, and discussing the implications.
On the first day, shortly before their session with the president, the five met one another, some of them for the first time, in a suite of offices that had been leased for their use. The initial plan had been for them to work inside the national intelligence director’s headquarters in Tysons Corner, Virginia, just off the Beltway, ten miles from downtown Washington. But Clarke suggested that they use a more nearby SCIF—a “sensitive compartmented information facility,” professionally guarded and structurally shielded to block intruders, electronic and otherwise, from stealing documents or eavesdropping on conversations. Clarke pointed, in particular, to a SCIF on K Street: it would keep the panelists just a few blocks from the White House, and it would preserve their independence, physically and otherwise, from the intelligence community. But Clarke’s real motive, which his colleagues realized later, was that this SCIF was located across the street from his consulting firm’s office; he preferred not to drive out to the suburbs every day amid the thick rush-hour traffic.
Inside the SCIF that first day, they also met the nine intelligence officers, on loan from various agencies, who would serve as the group’s staff. The staffers, one of them explained, would do the administrative work, set the group’s appointments, organize its notes, and, at the end, under the group’s direction of course, write the report.
The Review Group members looked at one another and smiled; a few laughed. Four of them—Clarke, Stone, Sunstein, and Swire—had written, among them, nearly sixty books, and they had every intention of writing this one, too. This was not going to be the usual presidential commission.
The next morning, they were driven to Fort Meade. Only Clarke and Morell had ever before been inside the place. Clarke’s view of the agency was more skeptical than some assumed. In Cyber War, he’d criticized the fusion of NSA and Cyber Command under a single four-star general, fearing that the move placed too much power in one person’s hands and too much emphasis on cyber offensive operations, at the expense of cyber security for critical infrastructure.
Swire, the Internet privacy scholar, had dealt with NSA officers during the Clipper Chip debate, and he remembered them as smart and professional, but that was fifteen years ago; he didn’t know what to expect now. From his study of the FISA Court, he knew about the rulings that let the NSA invoke its foreign intelligence authorities to monitor domestic phone calls; but Edward Snowden’s documents, suggesting that the agency was using its powers as an excuse to collect all calls, startled him. If this was true, it was way out of line. He was curious to hear the NSA’s response.
Stone, the constitutional lawyer and the one member of the group who’d never had contact with the intelligence world, expected to find an agency gone rogue. Stone was no admirer of Snowden: he valued certain whistleblowers who selectively leaked secret information in the interest of the public good; but Snowden’s wholesale pilfering of so many documents, of such a highly classified nature, struck him as untenable. Maybe Snowden was right and the government was wrong—he didn’t know—but he thought no national security apparatus could function if some junior employee decided which secrets to preserve and which to let fly. Still, the secrets that had come out so far, revealing the vast extent of domestic surveillance, appalled him. Stone had written a prize-winning book about the U.S. government’s tendency, throughout history, to overreact in the face of national security threats—from the Sedition Act to the McCarthy era to the surveillance of activists against the Vietnam War—and some of Snowden’s documents suggested that the reaction to 9/11 might be another case in point. Stone was already mulling ways to tighten checks and balances.
Upon arrival at Fort Meade, they were taken to a conference room and greeted by a half dozen top NSA officials, including General Alexander and his deputy, John C. “Chris” Inglis. A former Air Force pilot with graduate degrees in computer science, Inglis had spent his entire adult life in the agency, both in its defensive annex and in SIGINT operations; and he’d been among the few dozen bright young men that Ken Minihan and Mike Hayden promoted ahead of schedule as part of the agency’s pos
t–Cold War reforms.
After some opening remarks, Alexander made his exit, returning periodically through the day, leaving Inglis in charge. Over the next five hours, Inglis and the other officials gave rotating briefings on the controversial surveillance programs, delving deeply into the details.
The most controversial program was the bulk collection of telephone metadata, as authorized by Section 215 of the Patriot Act. According to the Snowden documents, this allowed the NSA to collect and store the records of all phone calls inside the United States—not the contents of those calls, but the phone numbers of those talking, as well as the dates, times, and durations of the conversations, which could reveal quite a lot of information on their own.
Inglis told the group that, in fact, this was not how the program really operated. In the FISA Court’s ruling on Section 215, the NSA could delve into this metadata, looking for connections among various phone numbers, only for the purpose of finding associates of three specific foreign terrorist organizations, including al Qaeda.
Clarke interrupted him. You’ve gone to all the trouble of setting up this program, he said, and you’re looking for connections to just three organizations?
That’s all we have the authority to do, Inglis replied. Moreover, if the metadata revealed that someone inside the United States had called, or been called by, a suspected terrorist, just twenty-two people in the entire NSA—twenty line personnel and two supervisors—were able to request and examine more data about that phone number. And before that data could be probed, two of those twenty personnel and at least one of the supervisors had to agree, independently, that an expanded search was worthwhile. Finally, the authority to search that person’s phone records would expire after 180 days.
If something suspicious showed up in one of those numbers, the NSA analysts could take a second hop; in other words, they could extract a list of all the calls that those numbers had made and received. But if the analysts wanted to expand the search to a third hop, looking at the numbers called to or from those phones, they would have to go through the same procedure all over again, obtaining permission from a supervisor and from the NSA general counsel. (The analysts usually did take a second hop, but almost never a third.)
From the looks that they exchanged across the table, all five members of the Review Group seemed satisfied that the Section 215 program was on the up-and-up (assuming this portion of the briefing was confirmed in a probe of agency files): it was authorized by Congress, approved by the FISA Court, limited in scope, and monitored more fastidiously than any of them had imagined. But President Obama had told them that he didn’t want a legal opinion of the programs; he wanted a broad judgment of whether they were worthwhile.
So the members asked about the results of this surveillance: How many times had the NSA queried the database, and how many terrorist plots were stopped as a result?
One of the other senior officials had the precise numbers at hand. For all of 2012, the NSA queried the database for 288 U.S. phone numbers. As a result of those queries, the agency passed on twelve “tips” to the FBI. If the FBI found the tips intriguing, it could request a court order to intercept the calls to and from that phone number—to listen in on the calls—using NSA technology, if necessary.
So, one of the commissioners asked, how many of those twelve tips led to the halting of a plot or the capture of a terrorist?
The answer was zero. None of the tips had led to anything worth pursuing further; none of the suspicions had panned out.
Geof Stone was floored. “Uh, hello?” he thought. “What are we doing here?” The much-vaunted metadata program (a) seemed to be tightly controlled, (b) did not track every phone call in America, and, now it turned out, (c) had not unearthed a single terrorist.
Clarke asked the unspoken question: Why do you still have this program if it hasn’t produced any results?
Inglis replied that the program had hastened the speed with which the FBI captured at least one terrorist. And, he added, it might point toward a plot sometime in the future. The metadata, after all, exist; the phone companies collect it routinely, as “business records,” and would continue to do so, with or without the NSA or Section 215. Since it’s there, why not use it? If someone in the United States phoned a known terrorist, wasn’t it possible that a plot was in the works? As long as proper safeguards were taken to protect Americans’ privacy, why not look into it?
The skeptics remained tentatively unconvinced. This was something to examine more deeply.
Inglis moved on to what he and his colleagues considered a far more important and damaging Snowden leak. It concerned the program known as PRISM, in which the NSA and FBI tapped into the central servers of nine leading American Internet companies—mainly Microsoft, Yahoo, and Google, but also Facebook, AOL, Skype, YouTube, Apple, and Paltalk—extracting email, documents, photos, audio and video files, and connection logs. The news stories about PRISM acknowledged that the purpose of the intercepts was to track down exclusively foreign targets, but the stories also noted that ordinary Americans’ emails and cellular phone calls got scooped up in the process as well.
The NSA had released a statement, right after the first news stories, calling PRISM “the most significant tool in the NSA’s arsenal for the detection, identification, and disruption of terrorist threats to the US and around the world.” General Alexander had publicly claimed that the data gathered from PRISM had helped discover and disrupt the planning of fifty-four terrorist attacks—a claim that Inglis now repeated, offering to share all the case files with the Review Group.
Whatever the ambiguities about the telephone metadata program, he stated, PRISM had demonstrably saved lives.
Did Americans’ calls and email get caught up in the sweep? Yes, but that was an unavoidable by-product of the technology. The NSA briefers explained to the Review Group what Mike McConnell had explained, back in 2007, to anyone who’d listen: that digital communications traveled in packets, flowing along the most efficient path; and, because most of the world’s bandwidth was concentrated in the United States, pieces of almost every email and cell phone conversation in the world flowed, at some point, through a line of American-based fiber optics.
In the age of landlines and microwave transmissions, if a terrorist in Pakistan called a terrorist in Yemen, the NSA could intercept their conversation without restraint; now, though, if the same two people, in the same overseas locations, were talking on a cell phone, and if NSA analysts wanted to latch on to a packet containing a piece of that conversation while it flowed inside the United States, they would have to get a warrant from the Foreign Intelligence Surveillance Court. It made no sense.
That’s why McConnell pushed for a revision in the law, and that’s what led to the Protect America Act of 2007 and to the FISA Amended Act of 2008, especially Section 702, which allowed the government to conduct electronic surveillance inside the United States—“with the assistance of a communications service provider,” in the words of that law—as long as the people communicating were “reasonably believed” to be outside the United States.
The nine Internet companies, which were named in the news stories, had either complied with NSA requests to tap into their servers or been ordered by the FISA Court to let the NSA in. Either way, the companies had long known what was going on.
Much of this was clear to the Review Group, but some of the procedures that Inglis and the others described were baffling. What did it mean that callers were “reasonably believed” to be on foreign soil? How did the NSA analysts make that assessment?
The briefers went through a list of “selectors”—key-word searches and other signposts—that indicated possible “foreignness.” As more selectors were checked off, the likelihood increased. The intercept could legally get under way, once there was a 52 percent probability that both parties to the call or the email were foreign-based.
Some on the Review Group commented that this seemed an iffy calculation and that, in any case, 52
percent marked a very low bar. The briefers conceded the point. Therefore, they went on, if it turned out, once the intercept began, that the parties were inside the United States, the operation had be shut down immediately and all the data thus far retrieved had to be destroyed.
The briefers also noted that, even though a court order wasn’t required for these Section 702 intercepts, the NSA couldn’t go hunting for just anything. Each year, the agency’s director and the U.S. attorney general had to certify, in a list approved by the FISA Court, the categories of intelligence targets that could be intercepted under Section 702. Then, every fifteen days, after the start of a new intercept, a special panel inside the Justice Department reviewed the operation, making sure it conformed to that list. Finally, every six months, the attorney general reviewed all the start-ups and submitted them to the congressional intelligence committees.
But there was a problem in all this. To get at the surveillance target, the NSA operators had to scoop up the entire packet that carried the pertinent communication. This packet was interwoven with other packets, which carried pieces of other communications, many of them no doubt involving Americans. What happened to all of those pieces? How did the agency make sure that some analyst didn’t read those emails or listen to those cell phone conversations?
The briefers raised these questions on their own, because, just one week earlier, President Obama had declassified a ruling, back in October 2011, by a FISA Court judge named John Bates, excoriating the NSA for the Section 702 intercepts generally. The fact that domestic communications were caught up in these “upstream collections,” as they were called, was no accident, Bates wrote in his ruling; it was an inherent part of the program, an inherent part of packet-switching technology. Unavoidably, then, the NSA was collecting “tens of thousands of wholly domestic communications” each year, and, as such, this constituted a blatant violation of the Fourth Amendment.