by Fred Kaplan
“The government,” Bates concluded, “has failed to demonstrate that it has struck a reasonable balance between its foreign intelligence needs and the requirement that information concerning U.S. persons be protected.” As a result, he ordered a shutdown of the entire Section 702 program, until the NSA devised a remedy that did strike such a balance, and he ordered the agency to delete all upstream files that had been collected to date.
This was a serious legal problem, the briefers acknowledged, but, they emphasized, it had been brought to the court’s attention by the NSA; there was no cover-up of wrongdoing. After Bates’s ruling, the NSA changed the architecture of the collection system in a way that would minimize future violations. The new system was put in place a month before the Review Group was formed; Judge Bates declared himself satisfied that it solved the problem.
All in all, the first day of the Review Group’s work was productive. The NSA officials around the table had answered every question, taken up every challenge with what seemed to be genuine candor, even an interest in discussing the issues. They’d rarely discussed these matters with outsiders—until then, no outsider had been cleared to discuss them—and they seemed to relish the opportunity. Geoffrey Stone in particular was impressed; the tenor seemed more like a university seminar than a briefing inside the most cloistered American intelligence agency.
It also seemed clear—if the officials were telling the truth (an assumption the Review Group would soon examine)—that, in one sense, the Snowden documents had been overblown. Stone’s premise going into the day—that the NSA had morphed into a rogue agency—seemed invalid: the programs that Snowden uncovered (again, assuming the briefings were accurate) had been authorized, approved, and pretty closely monitored. Most of the checks and balances that Stone had thought about proposing, it turned out, were already in place.
But to some of the panelists, certainly to Stone, Swire, and Clarke, the briefings had not dispelled a larger set of concerns that the Snowden leaks had raised. These NSA officials, who’d been briefing them all day long, seemed like decent people; the safeguards put in place, the standards of restraint, were impressive; clearly, this was like neither the NSA of the 1960s nor an intelligence agency of any other country. But what if the United States experienced a few more terrorist attacks? Or what if a different sort of president, or a truly roguish NSA director, came to power? Those restraints had been put up from the inside, and they could be taken down from the inside as well. Clearly, the agency’s technical prowess was staggering: its analysts could penetrate every network, server, phone call, or email they wished. The law might bar them from looking at, or listening to, the contents of those exchanges, but if the law were changed or ignored, there would be no physical obstacles; if the software were reprogrammed to track down political dissidents instead of terrorists, there would be no problem compiling vast databases on those kinds of targets.
In short, there was enormous potential for abuse. Stone, who’d written a book about the suppression of dissent in American history, shivered at the thought of what President Richard Nixon or FBI director J. Edgar Hoover might have done if they’d had this technology at their fingertips. And who could say, especially in the age of terror, that Americans would never again see the likes of Nixon or Hoover in the upper echelons of power?
* * *
Stone nurtured an unexpected convert to this view in Mike Morell, the recently retired spy on the Review Group. The two shared an office in the SCIF on K Street, and Stone, a charismatic lecturer, laid out the many paths to potential abuse as well as the incidents of actual abuse in recent times, a history of which Morell claimed he knew little, despite his three decades in the CIA. (During the Church hearings, Morell was in high school, oblivious to global affairs; his posture at Langley, where he went to work straight out of college, was that of a nose-to-the-grindstone Company Man.)
Over the next four months, the group returned to Fort Meade a few times, and delegations from Fort Meade visited the group at its office a few times, as well. The more files that the group and its staff examined, the more they felt confirmed in their impressions from the first briefing.
Morell was the one who pored through the NSA case files, including the raw data from all fifty-four terrorist plots that Alexander and Inglis claimed were derailed because of the PRISM program under Section 702 of the FISA Act, as well as a few plots that they were now claiming, belatedly, had been unearthed because of the bulk collection of telephone metadata, authorized by Section 215 of the Patriot Act. Morell and the staff, who also reviewed the files, concluded that the PRISM intercepts did play a role in halting fifty-three of those fifty-four plots—a remarkable validation of the NSA’s central counterterrorist program. However, in none of those fifty-three files did they find evidence that metadata played a substantial role. Nor were they persuaded by the few new cases that Alexander had sent to the group: yes, in those cases, a terrorist’s phone number showed up in the metadata, but it showed up in several other intercepts, too. Had there never been a Section 215, had metadata never been collected in bulk, the NSA or the FBI would still have uncovered those plots.
This conclusion came as a surprise. Morell was inclined to assume that highly touted intelligence programs produced results. His findings to the contrary led Clarke, Stone, and Swire to recommend killing the metadata program outright. Morell wasn’t prepared to go that far; neither was Sunstein. Both bought the argument that, even if it hadn’t stopped any plots so far, it might do so in the future. Morell went further still, arguing that the absence of results suggested that the program should be intensified. For a while, the group’s members thought they’d have to issue a split verdict on this issue.
Then, during one of the meetings at Fort Meade, General Alexander told the group that he could live with an arrangement in which the telecom companies held on to the metadata and the NSA could gain access to specified bits of it only through a FISA Court order. It might take a little longer to obtain the data, but not by much, a few hours maybe; and the new rule, Alexander suggested, could provide for exceptions, allowing access, with a post-facto court order, in case of an emergency.
Alexander also revealed that the NSA once had an Internet metadata program, but it proved very expensive and yielded no results, so, in 2011, he’d terminated it.
To the skeptics on the Review Group, this bit of news deepened their suspicions about Section 215 and the worth of metadata generally. The NSA had a multibillion-dollar budget; if Internet metadata had produced anything of promise, Alexander could have spent more money to expand its reach. The fact that he didn’t, the fact that he killed the program rather than double down on the investment, splashed doubts on the concept’s value.
Even Morell and Sunstein seemed to soften their positions: if Alexander was fine with storing metadata outside the NSA, that might be a compromise the entire group could get behind. Morell embraced the notion with particular enthusiasm: metadata would still exist; but removing it from NSA headquarters would prevent some future rogue director from examining the data at will—would minimize the potential for abuse that Stone had convinced him was a serious issue.
The brief dispute over metadata—whether to kill the program or expand it—had sparked one of the few fits of rancor within the group. This fact had been another source of surprise: given their disparate backgrounds and beliefs, the members had expected to be at each other’s throats routinely. From early on, though, the atmosphere was harmonious.
This camaraderie took hold on the second day of their work when the five went to the J. Edgar Hoover Building—FBI headquarters—in downtown Washington. The group’s staff had requested detailed briefings on the bureau’s relationship with the NSA and on its own version of metadata collection, known as National Security Letters, which, under Section 505 of the Patriot Act, allowed access to Americans’ phone records and other transactions that were deemed “relevant” to investigations into terrorism or clandestine intelligence activities. Un
like the NSA’s metadata program, the FBI’s had no restrictions at all: the letters required no court order; any field officer could issue one, with the director’s authorization; and the recipients of a letter were prohibited from ever revealing that they’d received it. (Until a 2006 revision, they couldn’t even inform their lawyer.) Not merely the potential for abuse, but actual instances of abuses, seemed very likely.
When the five arrived at the bureau’s headquarters, they were met not by the director, nor by his deputy, but by the third-ranking official, who took leave after escorting them to a conference room, where twenty FBI officials sat around a table, prepared to drone through canned presentations, describing their jobs, one by one, for the hour that the group had been allotted.
Ten minutes into this dog-and-pony show, Clarke asked about the briefings that they’d requested. Specifically, he wanted to know how many National Security Letters the FBI issued each year and how the bureau measured their effectiveness. One of the officials responded that only the regional bureaus had those numbers, no one had collated them nationally; and no one had devised any measure of effectiveness.
The canned briefings resumed, but after a few more minutes, Clarke stood up and exclaimed, “This is bullshit. We’re out of here.” He walked out of the room; the other four sheepishly followed, while the FBI officials sat in shock. At first, Clarke’s colleagues were a bit mortified, too; they’d heard about his antics and wondered if this was going to be standard procedure.
But by the next day, it was clear that Clarke had known exactly what he was doing: word quickly spread about “the bullshit briefing,” and from that point on, no federal agency dared to insult the group with condescending show-and-tell; only a few agencies proved to be very useful, but they all at least tried to be substantive, and the FBI even called back for a second chance.
Clarke’s act emboldened his colleagues to press more firmly for answers to their questions. The nature of their work reinforced this solidarity. They were the first group of outsiders to investigate this subject with the president’s backing, and they derived an esprit de corps from the distinction. More than that, they found themselves agreeing on almost everything, because most of the facts seemed so clear. Peter Swire, who’d been nervous about reigniting fifteen-year-old tensions with Clarke, found himself getting along grandly with his former rival and gaining confidence in his own judgments, the more they aligned with his.
As the air lightened from cordiality to jollity, they started calling themselves the “five guys,” after the name of a local hamburger joint, and referring to the big book they’d soon be writing as “The Five Guys Report.”
Their esprit intensified with the realization that they were pretty much the only serious monitors in town. They met on Capitol Hill with the select intelligence committees, and came away concluding that their members had neither the time nor the resources for deep oversight. They spoke with a few former FISA Court judges and found them too conciliatory by nature.
Good thing, they concluded, that the NSA had an inside army of lawyers to assure compliance with the rules, because if it didn’t, no one on the outside would have any way of knowing whether the agency was or wasn’t a den of lawlessness. The five guys agreed that their task, above all else, was to come up with ways to strengthen external controls.
They divvied up the writing chores, each drafting a section or two and inserting ideas on how to fix the problems they’d diagnosed. Cut, pasted, and edited, the sections added up to a 303-page report, with forty-six recommendations for reform.
One of the key recommendations grew out of the group’s conversation with General Alexander: all metadata should be removed from Fort Meade and held by the private telecom companies or some other third party, with the NSA allowed access only through a FISA Court order. The group was particularly firm on this point. Even Mike Morell had come to view this recommendation as the report’s centerpiece: if the president rejected it, he felt, the whole exercise will have been pointless.
Another proposal was to bar the FBI from issuing National Security Letters without a FISA Court order and, in any case, letting recipients disclose that they’d received such a letter after 180 days, unless a judge extended the term of secrecy for specific national security reasons. The point of both recommendations was, as the report put it, to “reduce the risk, both actual and perceived, of government abuse.”
The group also wrote that the FISA Court should include a public interest advocate, that NSA directors should be confirmed by the Senate, that they should not take on the additional post of U.S. cyber commander (on the grounds that dual-heading CyberCom and the NSA gave too much power to one person), and that the Information Assurance Directorate—the cyber security side of Fort Meade—should be split off from the NSA and turned into a separate agency of the Defense Department.
Another recommendation was to bar the government from doing anything to “subvert, undermine, weaken, or make vulnerable generally available commercial software.” Specifically, if NSA analysts discovered a zero-day exploit—a vulnerability that no one had yet discovered—they should be required to patch the hole at once, except in “rare instances,” when the government could “briefly authorize” using zero-days “for high-priority intelligence collection,” though, even then, they could do so only after approval by a “senior interagency review involving all appropriate departments.”
This was one of the group’s more esoteric, but also radical, recommendations. Zero-day vulnerabilities were the gemstones of modern SIGINT, prized commodities that the agency trained its top sleuths—and sometimes paid private hackers—to unearth and exploit. The proposal was meant, in part, to placate American software executives, who worried that the foreign market would dry up if prospective customers assumed the NSA had carved back doors into their products. But it was also intended to make computer networks less vulnerable; it was a declaration that the needs of cyber security should supersede those of cyber offensive warfare.
Finally, lest anyone interpret the report as an apologia for Edward Snowden (whose name appeared nowhere in the text), ten of the forty-six recommendations dealt with ways to tighten the security of highly classified information inside the intelligence community, including procedures to prevent system administrators—which had been Snowden’s job at the NSA facility in Oahu—from gaining access to documents unrelated to their work.
It was a wide-ranging set of proposals. Now what to do with them? When the five had first met, back in late August, they’d started to discuss how to handle the many disagreements that they anticipated. Should the report contain dissenting footnotes, majority and minority chapters, or what? They’d never finished that conversation, and now, here they were, with the mid-December deadline looming.
One of the staffers suggested listing the forty-six recommendations on an Excel spreadsheet, with the letters Y and N (for Yes and No) beside each one, and giving a copy of the sheet to each of the five members, who would mark it up, indicating whether they agreed or disagreed with each recommendation. The staffer would then tabulate the results.
After counting the votes, the staffer looked up and said, “You won’t believe this.” The five guys had agreed, unanimously, on all forty-six.
* * *
On December 13, two days before deadline, the members of the Review Group turned in their report, titled Liberty and Security in a Changing World. To their minds, they fulfilled their main task—as their report put it, “to promote public trust, while also allowing the Intelligence Community to do what must be done to respond to genuine threats”—but also exceeded that narrow mandate, outlining truly substantial reforms to the intelligence collection system.
Their language was forthright in ways bound to irritate all sides of the debate, which had only intensified in the six months since the onslaught of Snowden-leaked documents. “Although recent disclosures and commentary have created the impression, in some quarters, that NSA surveillance is indiscriminate and pervasiv
e across the globe,” the report stated, “that is not the case.” However, it went on, the Review Group did find “serious and persistent instances of noncompliance in the Intelligence Community’s implementation of its authorities,” which, “even if unintentional,” raised “serious concerns” about its “capacity to manage” its powers “in an effective, lawful manner.”
To put it another way (and the point was made several times, throughout the report), while the group found “no evidence of illegality or other abuse of authority for the purpose of targeting domestic political activities,” there was, always present, “the lurking danger of abuse.” In a passage that might have come straight out of Geoffrey Stone’s book, the report stated, “We cannot discount the risk, in light of the lessons of our own history, that at some point in the future, high-level government officials will decide that this massive database of extraordinarily sensitive private information is there for the plucking.”
On December 18, at eleven a.m., President Obama met with the group again in the Situation Room. He’d read the outlines of the report and planned to peruse it during Christmas break at his vacation home in Hawaii.
A month later, on January 17, 2014, in a speech at the Justice Department, Obama announced a set of new policies prompted by the report. The first half of his speech dwelled on the importance of intelligence throughout American history: Paul Revere’s ride, warning that the British were coming; reconnaissance balloons floated by the Union army to gauge the size of Confederate regiments; the vital role of code-breakers in defeating Nazi Germany and Imperial Japan. Similarly, today, he said, “We cannot prevent terrorist attacks or cyber threats without some capability to penetrate digital communications.”
The message had percolated throughout the national security bureaucracy, and Obama had absorbed it as well: that, in the cyber world, offense and defense stemmed from the same tools and techniques. (In a interview several months later with an IT webzine, Obama, the renown hoops enthusiast, likened cyber conflict to basketball, “in the sense that there’s no clear line between offense and defense, things are going back and forth all the time.”) And so, the president ignored the Review Group’s proposals to split the NSA from Cyber Command or to place the defensive side of NSA in a separate agency.