CISAC Co-Director Amy Zegart and nine other national security and intelligence scholars were recently invited to the headquarters of the National Security Agency in Fort Meade, Md., for unprecedented talks with high-ranking officials. They discussed cybersecurity, the plummeting public trust in the agency, its relationship with Congress and how to rebuild the agency’s reputation and rethink its program operations.
The academics were first taken to the black granite wall carved with the names of 171 military and civilian cryptologists who have died in service. “I think they wanted us to know that this is an organization of people, not some robots trolling through your emails,” said Zegart, author of the book, “Spying Blind,” which examines why U.S. intelligence agencies failed to adapt to the terrorist threat before the 9/11 attacks.
The scholars were then taken to a windowless conference room for several hours of what Zegart called remarkably frank and free-ranging talks about the agency and its tactics.
The NSA is one of the world’s most secret intelligence gathering organizations. Its methods have come under intense scrutiny with a series of damaging leaks about its operations. Former NSA contractor Edward Snowden and national intelligence reporters have revealed tactics that have left many Americans cold and questioning the legality and necessity of the agency’s methods. From monitoring emails and phone calls, to secretly cracking encryption codes that protect personal email as well as financial and medical records and Internet chats – the revelations just keep coming. Civil liberty organizations and Internet privacy advocates here at Stanford are outraged, while some foreign governments are accusing Washington of Big Brother tactics run amok.
Zegart answers questions about those perceptions and her Sept. 23 briefing at NSA headquarters.
Are the accusations that the NSA is Big Brother squared fair?
If you look at the reporting on the NSA so far, there is zero evidence of a widespread, deliberate and nefarious plan by the agency to violate the law and spy on American citizens. This is a policy debate, not a scandal. There’s no question in my mind that the NSA has interpreted its legal authority to the maximum extent of the law possible. They’ve taken what Congress has granted them and they have pushed to the edge – but that’s a very big difference from running amok.
How did this unprecedented meeting come about and why do you think the senior NSA officials – who asked not to be identified – called on social scientists?
In our group, the last time someone went to the NSA was in 1975, which tells you how rare it is for them to invite academics in. The was a sense at senior levels that they need to think more systematically and long-term about education, about being more open to academics coming in and doing research about the NSA and hearing what academics have to say. In part, thought-leaders at universities can play a role in transmitting some of the complexities in which the NSA operates – the tradeoffs the agency is confronting and the constrains under which they are operating.
The other academics invited to the NSA on Monday were William Inboden of the University of Texas, Austin; Michael Desch of Nortre Dame University; Jeffrey Engel and Joshua Rovner of Southern Methodist University; Thomas Mahnken of the U.S. Naval War College; Richard Betts of Columbia University; Benjamin Wittes of The Brookings Institution; Kori Schake of Stanford University; and Robert Chesney of the University of Texas, Austin.
One thing this meeting highlighted for me is that the NSA is not free to respond to the criticism it gets in the press. It’s intertwined with other organizations that have a say in how it responds: the Office of the Director of National Intelligence, the FBI, the Justice Department and the White House. And they have never had to deal with the spotlight before. They gave me this statistic: Last summer, there were 167 legitimate questions from the press; in the summer of 2013 there were 1,900 media requests. That’s a tenfold increase. This is a whole new world for this agency. And to go against secrecy is just totally counter to their culture. This was a bold step for them to have us come in.
Did the NSA officials talk about whether they had broken any laws?
They definitely wanted us to believe that what they are doing is lawful and effective. I believe the lawful part; I’m not so sure about the effective part. I think they haven’t looked hard enough about what effective means. Do they know it when they see it? And who’s to judge?
They were quick to point out that they’re under extensive oversight both by Congress and the Foreign Intelligence Surveillance Act (FISA) court. The question is whether Americans are comfortable with the lines that have been drawn by their own government and if they’re comfortable with the lack of transparency. The NSA is really bad at letting us know what the gains are (from surveillance) and they’ve struggled with how to deal with the public reaction to the Snowden revelations.
This is an intelligence agency and they’re supposed to be stealing information from other governments; that’s what we pay them to do and other governments would use those capabilities in an instant if they had them. That has gotten lost in the debate. When I talk to my parents and friends, they think that the NSA is listening in on their phone calls. That’s just not true. They’re examining phone logs: who called whom and for how long. No one is listening to your conversation with grandma.
The fundamental problem is that the NSA is highly regulated – but nobody trusts the regulatory framework."
Did you discuss former NSA contractor Edward Snowden?
Extensively. It’s the biggest breach in the agency’s history. They’ve been in crisis mode since June. They’ve been putting our fires every day and the arsonist is still out there. NSA officials told us that they know 125 documents have been compromised; they believe Snowden probably has already passed to the press another 50,000 documents and that the entire tranche that he may have taken is bigger than that. But there’s a question about whether that tranche is accessible, that Snowden may have done things to make some of his data hard to read.
They said Snowden didn’t just download documents he himself had access to. He used social engineering, convincing someone else to give him access to additional information to breach security protocols. Meanwhile, Snowden had plenty of avenues for whistleblowing, including five inspectors-general and the members of the congressional intelligence committees, but he availed himself of none.
Have Snowden’s actions endangered national security or international relations?
The standard lines about “irreparable harm” are not convincing to many people because they are so vague, we’ve heard them so often, and the government classifies boatloads of information that shouldn’t be secret. But NSA officials got a little more specific. They said Snowden has hurt national security in three ways: The first is that he revealed government surveillance capabilities. Second, he’s revealed politically embarrassing things that are harming relations with our allies – and they believe there is more to come. (Brazilian President Dilma Rousseff postponed a state visit to Washington, for example, following the release of evidence that the U.S. spied on Brazilian politicians and business leaders.) They said Snowden has a pattern of releasing embarrassing information around big international meetings, such as the G20 summit. The third damaging impact is that Snowden has hurt the NSA’s ability to produce intelligence.
What are some of the challenges and solutions moving forward?
Intelligence is a political loser and so you see a lot of members of Congress who says they are shocked – shocked! – to find out what the NSA is doing when they had full opportunity to be briefed on these programs for a long time. So they’re making political hay out of NSA’s difficulties. Most members of Congress have zero incentive to actually learn anything about the complexities of intelligence because the voters don’t hear about it and they don’t reward them for it.
The near-term challenge is to stop Congress from doing something stupid, such as the wholesale cancelling of NSA programs and capabilities. The medium-term challenge is to figure out what sensible options there are to restoring the public trust and make the NSA more transparent and more targeted in its collection approach. When NSA chief Keith Alexander steps down, we are going to see all of these issues come to a head in a very public way with the confirmation of the next director.
The longer-term challenge is creating better mechanisms to assess whether NSA should do things just because it can technically – to weigh the wisdom and efficacy of programs, not just their legality. The NSA also needs a sustainable education campaign so that when things break in the news, legislators and constituents have an understanding of what this agency does and can put these revelations into perspective.
They definitely wanted us to believe that what they're doing is lawful and effective; I believe the lawful part, I'm just not so sure about the effective part."
What are the strengths of the NSA that the public doesn’t get to see?
The NSA is the organization that’s responsible for information assurance, like if you’re in government on a secure phone line. And most people don’t know the NSA wrote the codes to protect our nuclear arsenal from day one. So the NSA has two, often conflicting missions. One is signals intelligence, which is offense, and the other is the information assurance that is defense. In an era of cyber vulnerabilities, information assurance is huge. They feel like they were doing what they were authorized to do and serving the mission and that they are being characterized as evil for doing what they think is right.
What were your biggest takeaways from this meeting?
I would say one of the things that I did walk away from the meeting hearing – and I think that perhaps this is the big policy question – is that the NSA orientation is to collect now, ask questions later. So the question is: Is that the right operating philosophy; are we comfortable as a democratic society with that collect-now-ask-later approach?