The Great War of Our Time: The CIA's Fight Against Terrorism--From Al Qa'ida to ISIS
Page 30
To be clear, I was much less concerned about the loss of trust on the part of our allies than I was in the other two issues. Governments typically act in their own interests, and I was confident that the citizens of friendly nations would get over the temporary insult and that their governments were realistic enough to know that they too collect intelligence on friend and foe alike. Spying is the world’s second-oldest profession and most of our allies have been at it since long before our nation was formed. A little harrumphing would be necessary for domestic political consumption—but this was not a major hurdle. From my time at the Agency, I am not aware of a single spying scandal that has had a long-term impact on a bilateral relationship, and I was convinced that the Snowden disclosures would not do so either.
The Review Group offered forty-six recommendations. Because of the strong public reaction to the Snowden leaks, I became convinced that our panel would have to make a number of strong recommendations if the country was to begin taking the first steps toward restoring public support for our government. If we had conducted a comprehensive review of NSA programs prior to the wholesale dumping out of intelligence secrets, I would have been in favor of just a few changes to the way the NSA was doing business. But in light of the public outcry, modest steps would never work now. We would have to make some dramatic proposals if we were to have any hope of regaining lost support.
Two recommendations stood out to me as much more important than the rest—and I believe we would have made these recommendations with or without Snowden. The first was the group’s recommendation about the 215 metadata program—that the government no longer hold the data and that it be required to obtain a court order prior to querying the data each time, as opposed to the then-current situation in which the NSA was holding the data and could query it at will under a broad court order. This recommendation, and the president’s acceptance of it, was absolutely necessary, I thought, to winning back the trust of the American people and keeping the program alive. Without winning back that trust, I was concerned that Congress would kill the entire program—in essence throwing the baby out with the bathwater.
And it also made sense. While the NSA did nothing illegal and committed no abuses under the 215 program, the group’s law professors, particularly Geof Stone, convinced me that such power in the hands of the government creates the potential for abuse, and that we therefore had to recommend steps that would make it much harder for future administrations—or even rogue elements within administrations—to overstep their bounds.
The second recommendation that made great sense to me was to put in the hands of senior policy-makers decisions on what intelligence to collect and how to collect it—particularly for collection that carries significant political, economic, or foreign policy risks. The NSA had largely been collecting information because it could, not necessarily in all cases because it should. To be sure, some oversight was already in place, but it was not broad enough to cover all the collection activities that carried special risks, and it rarely dealt with the question of how intelligence would be collected. The best example of such risky activity, of course, is spying on the senior leadership of allies. Only senior policy-makers looking at all the benefits and risks can make decisions on what to collect and how. At the end of the day, only senior policy-makers can decide on the “should.”
There was also a set of recommendations that I thought absolutely critical—not for winning back trust but for making sure that another Edward Snowden does not happen. These recommendations—outlined in a chapter of our report called “Protecting Data”—received no media coverage. In this chapter we recommended two fundamental changes—that the government move from assessing the security risks of its employees every five years to doing it continuously, and that classified computer networks have state-of-the-art security software. It turns out that the best network security is not in the intelligence community—it is on Wall Street. This, of course, should not be surprising, as Wall Street is protecting something very important—your money.
But this chapter also called for another change—a revolutionary change that is not likely to see the light of day. Our Review Group felt that the tightest security practices should apply not only to intelligence community employees and networks but also to any government employees with access to secrets—including political appointees in the White House and elsewhere—and any computer networks that contain classified information. After all, Private Chelsea Manning was not an IC employee and was not operating on an IC computer network when she stole information and passed it to WikiLeaks. All of these steps are necessary in order to ensure that another Snowden or Manning affair does not happen. And they are essential to ensure that secrets stay secrets. If our recommended changes are not implemented, I fear it will happen again.
I worked hard when we were crafting our recommendations to see that there was language attached that would permit reasonable accommodation for the business of intelligence, albeit generally with more oversight. My colleagues were very supportive of this. After all, the balance we were trying to strike was in winning back trust—and advancing privacy and civil liberties—without doing damage to the intelligence community’s ability to do its critically important job.
The Review Group was surprisingly unified in its recommendations. Very little argument, very little drama.
In the end the president was supportive of a large majority of the Review Group’s recommendations. He accepted 70 percent of the recommendations—including the two that I saw as the most important; he agreed to study 15 percent; and he rejected 15 percent. The ones he rejected had to do with the organizational structure of the NSA. And while I did not disagree with these recommendations, I did not see them as integral to the effort to win back trust. How many of our recommendations ultimately get adopted and the extent to which they help restore public confidence in the NSA, intelligence community, and government remains to be seen.
In the aftermath of the public release of the report, I felt that the media generally mischaracterized both the breadth of the report and our key recommendations regarding the 215 program. A number of media outlets were calling the recommendations “sweeping reforms of the intelligence community,” and they were saying that the Review Group had recommended an end to the 215 program. Neither was true.
While our recommendations were many, they were not sweeping. Where we suggested change, it was most often a recommendation to add layers of scrutiny and review—making certain kinds of operations more cumbersome, but not impossible.
The 215 program was the best example. We saw real value in the program and we recommended to the president a change in approach, not a wholesale rejection of the program. We recommended that the 215 database should be taken out of the hands of the government and each query should require an individual court order.
Although we did not discuss it as a group, I also thought the database should actually be expanded to include all calls made in the United States and should include e-mails as well. Today the database does not contain the metadata from all calls and does not contain the metadata from any e-mails. It should. Imagine a scenario in which AQAP in Yemen sends multiple operatives to the United States to conduct attacks, and the intelligence community learns of the plot and runs a search of Yemen-based phone numbers against the 215 database. But the search is a dry hole—because AQAP is using a phone system outside the 215 program. Imagine the outrage of the American public when these facts became public following a successful attack.
* * *
Two final thoughts—one on the damage done by Snowden and the other on Snowden as an individual. I believe that the Snowden disclosures will go down in history as the greatest compromise of classified information ever. Period. Full stop. The damage done has already been significant and it will continue to grow. While great attention and angst have been devoted to the loss he created by exposing the 215 telephony metadata program, Snowden damaged a much more important program involving the collection of e-
mail information from foreign-based terrorists, the 702 program mentioned earlier.
Within weeks of the leaks, terrorist organizations around the world were already starting to modify their actions in light of what Snowden disclosed. Communication sources dried up, tactics were changed. Terrorists moved to more secure communication platforms, they are using encryption, and they are avoiding electronic communications altogether. ISIS was one of the terrorist groups that learned from Snowden, and it is clear his actions played a role in the rise of ISIS. In short, Snowden has made the United States and our allies considerably less safe. I do not say this lightly: Americans may well die at the hands of terrorists because of Edward Snowden’s actions.
The damage caused by Snowden is not limited to terrorists’ adjusting their tactics. Foreign intelligence services have been studying the tremendous amount of intelligence data now available to them in the media and deriving work-arounds to thwart US collection efforts. You can bet that outfits like the Iranian MOIS—Iran’s CIA—have cells of smart young people studying the news articles and working on countermeasures. What is more, we know that foreign intelligence services will export their lessons learned. Outfits like the Russians and Chinese will study our tactics and then go to other, less sophisticated foreign intelligence services and offer tips about how to frustrate the American collection effort. In return they will be given access and influence that will only add to our woes.
One of the most troublesome leaks in this regard was the publication in the Washington Post of the intelligence community’s Congressional Budget Justification Book (CBJB) for Fiscal Year 2013. This is the IC’s so-called black budget. It lists where we are putting our priorities, where we think we are having our greatest intelligence successes, and where we still need to do more work. For our enemies, having it is like having the playbook of the opposing NFL team. I guarantee you that the SVR, the Russian foreign intelligence service, would have paid millions of dollars for such a document. Instead they didn’t even have to invest $1.25, the cover price of the Washington Post, since the document is available free online. To its credit, the Washington Post, at the request of the DNI, did not publish the document in its entirety—protecting the most sensitive secrets—but still the damage was enormous.
This just refers to the material that has been disclosed. We don’t know what other documents Snowden and his media allies have in their possession that they will publish at some point. It is a good bet that there is more to come—and therefore more damage (material from the Snowden leaks was still being published at the writing of this book—in early 2015—eighteen months after Snowden walked away from the United States). And we do not know what information foreign intelligence services have already acquired of what was stolen but not yet disclosed.
One more word about damage and that relates to the earlier point about a loss of trust on the part of foreigners in American products. As a result of that lack of trust, US information technology companies have lost hundreds of millions of dollars in sales overseas. People now shy away from US IT products over a concern that the US government is using those products to collect intelligence. This will be the hardest loss of trust to restore. Apple’s move in the fall of 2014 to encrypt all data on its products so even Apple can’t get at it is a response to that loss of trust. We can only hope, for the sake of the American economy, that US firms will win that trust back.
What were Snowden’s motives? One thing I am sure of is that he was not acting out of a simple desire to protect the privacy and civil liberties of Americans or even citizens overseas. And this takes any idea that he was a whistle-blower off the table. The vast amount of information he stole and disclosed to journalists had nothing to do with privacy. Legitimate arguments can be had about how far our intelligence community should go in collecting information that potentially could touch US citizens. I would suggest, however, that the appropriate place for those discussions to occur is before the congressional oversight committees. Every one of the hundreds of thousands of people who have access to classified information cannot be allowed to individually decide to disclose information just because they do not like a particular program. If Snowden felt that privacy rights were being trampled, there were avenues available for him to make his concerns known to our elected representatives of Congress. If he didn’t trust congressional overseers, departmental ombudsmen, and inspectors general to act, he could have easily taken one or two documents that solely addressed the privacy issue, put them in a plain brown envelope, and mailed them to the Washington Post (an action I am in no way endorsing, by the way). Instead he backed up a virtual tractor trailer and emptied a warehouse full of documents—the vast majority of which he could not possibly have read and few of which he would likely understand. Then he delivered the documents to a variety of international news organizations and God only knows who else.
So if is his primary motivation was not the protection of privacy and civil liberties, what was it? I don’t know for sure, but I strongly suspect that his actions were all about his favorite subject: Edward J. Snowden. It is clear that Snowden has an enormous ego—one that had to be quite large for him to convince himself that he knew better than two presidents (of different parties), the intelligence committees of multiple congresses, the Justice Department of two administrations, and tens of FISA court judges appointed by the chief justice of the Supreme Court. That is arrogance.
A full answer to the question of why he did what he did would require that he sit down for months with counterintelligence debriefers and top-notch psychologists. But my hunch is that Snowden is someone who felt underappreciated and insufficiently recognized for his self-perceived brilliance while working for CIA and the NSA, a feeling that left a huge chip on his shoulder. This is a classic attitude that intelligence officers try to exploit among the enemy. You find someone working for the other side and tell him that he is not receiving the recognition, pay, and honors due him, and you provide those in return for the individual’s betrayal of his country. This was the psychology that led Aldrich Ames and Robert Hanssen to commit espionage. Let me stress that I am not suggesting here that Snowden was encouraged by a foreign intelligence service to act as he did—only that the same psychological dynamic can motivate someone to act alone and still do as much damage. In short, I think he wanted to show the world how smart he was by crippling the agencies that did not recognize his brilliance.
As big as his ego was in June 2013, it must have grown exponentially since. The media and international organizations have relentlessly pumped hot air into his inflated self-esteem. Institutions ranging from the European Union to politicians musing about putting him forward for the Nobel Peace Prize have undoubtedly added to his sense of worth. Some news organizations have awarded him icon status. I recall seeing one media outlet seek his wisdom on what foreign intelligence targets would be appropriate for the United States to collect against. The absurdity of this is stunning. It would be like going to the equipment manager for the Dallas Cowboys and asking him what plays the team should run on Sunday.
* * *
On June 21, 2013, the US Department of Justice charged Edward Snowden with espionage. If I could have a conversation with Snowden, I would ask him only one question. That question would be, “Edward, you had enough trust in the American people that you thought they could and should judge for themselves the right balance between liberty and security. If you really believe that, then surely you must believe that those same Americans could and should judge your behavior with regard to the disclosures you made possible. So why don’t you come home and be judged before a jury of your peers?”
I know some readers will think, “Of course you say bad things about Snowden because he exposed systemic wrongdoing by the intelligence community, a place you worked for thirty-three years.” My answer is that the programs he disclosed were legal and approved at the highest levels of the US government and that the damage he did was huge. As someone who was uniquely positioned to evaluate tha
t damage, I can tell you that the costs of Snowden’s actions will be enormous. If he truly thought his actions were those of civil disobedience, the honorable approach would have been to take his stand and then accept the consequences.
* * *
Throughout this entire affair, the people I have worried most about are the men and women of the National Security Agency. The media and some politicians have demonized the organization for which they work and, to an extent, the officers of the NSA themselves. They do not deserve this. They go to work every day for a government salary, they work long hours for no public acclaim, and they execute tasks that keep the country safe and that literally save lives. They are talented, professional, and dedicated.
In collecting intelligence, the NSA and its officers in no way did anything wrong. The NSA never undertook a program without the approval of the executive branch and the oversight of the congressional intelligence committees or the courts. The NSA never broke the law and never abused the power that it had been given in the 215 program. In short, the NSA and its officers were doing the job that they had been asked to do.
NSA officers are patriots. Edward Snowden is a traitor.
CHAPTER 13
The Long War Ahead
On the morning of September 11, 2001, the chaplain of the New York City Fire Department, Father Mychal Judge, was told that a plane had just crashed into the World Trade Center. He changed from his Franciscan habit into his chaplain’s uniform, donned his fire helmet, and joined the rush of brave men and women to the Twin Towers. When he arrived, Mayor Rudolph Giuliani saw him. The mayor grabbed Father Mychal by the arm and asked him to pray for the city. Father Mychal looked at the mayor with his usual big grin and said, “I always do.” Only moments later, as Father Mychal was heading straight into danger to minister to his firemen, falling debris from the collapsing South Tower struck him down. An iconic photograph captured the moment when firemen and first responders carried Father Mychal’s limp body from the debris. Father Mychal was the first victim recovered at the scene, making him the city’s first officially recorded fatality of the attacks.