How to Reform the NSA Without Compromising American Security
Editor's note: these are the prepared remarks of former Sen. Kyl at his address to the Pumpkin Papers Irregulars on October 31, 2013.
Good evening, everyone.
Let me start by thanking the Pumpkin Papers Irregulars for allowing me the distinct privilege of addressing this illustrious group during our annual Halloween Dinner.
In view of the deadly serious evolving threat to U.S. intelligence collection, the order of the day - to combine humor with a discussion of today’s intelligence concerns - presents a challenge. So, I’ll just start with my thesis, which is how a friend described the difference between a pessimist and an optimist. The pessimist says: “Things are so bad, they can’t get any worse.” The optimist replies with a smile, “Sure they can!”
As a natural optimist, I don’t know how else to analyze the past and sure to be future leaks of Edward Snowden’s trove of classified information.
This has been a horrible year for the national security of the United States. From a national security perspective, it seems that things just keep getting worse.
Unfortunately, much of this damage has been self-inflicted by our government’s inability or unwillingness to secure some of our nation’s most sensitive secrets.
It is compounded by the fact that the American people have much less trust in their government than in years past. Fast and Furious, the IRS scandal, the misrepresentations about and poor handling of the Benghazi terrorist attacks, the misperceptions about the AP and Rosen subpoenas, and other Administration missteps have all set the stage for significant skepticism on the part of the public - all of which has spilled over to the NSA.
It’s against this backdrop that the Guardian and others are carrying out what General Keith Alexander calls a deliberate attack on the United States to harm us as much as any other enemy ever has.
Our Next Alger Hiss
Edward Snowden appears to be this generation’s Alger Hiss. As with Hiss, many in the public seem to be confused about whether Snowden is a “hero” or a “traitor,” with many, especially young people, more worried about the National Security Agency than Edward Snowden. Much of this confusion is the fault of the same media that is reaping large financial windfalls from publishing highly damaging news articles and stories.
The fact is, Snowden may be one of the worst traitors in the history of our nation. Heroes and whistleblowers don’t admittedly steal thousands of classified documents about some of NSA’s most sensitive collection activities, give copies of them to the media, flee to that bastion of personal and political freedom, the People’s Republic of China, and, in an irony to end all ironies, seek political asylum in Russia.
According to Snowden, he did this because he wanted to “inform the public as to that which is done in their name and that which is done against them.” Fortunately, thinking people don’t need any Pumpkin Papers to demonstrate that Snowden’s twisted justification is horribly wrong.
The Classified Programs
The classified programs that Snowden has willfully disclosed have been keeping us all safe for many years. These programs are legal and have been subjected to some of the closest legislative, executive, and judicial branch scrutiny of any intelligence program in our nation’s history.
If some of these programs had been in existence before 9/11, the attacks of that day may well have never happened. The foreign intelligence information from these programs has been used to disrupt terrorist plots against the United States and our allies.
We’ve all heard the concern that Section 215 of the PATRIOT Act, which amended the business records section in FISA, has been abused by permitting the bulk data collection of phone call data in the possession of third party telecommunications carriers.
In effect, what the Intelligence Community has been collecting is the haystack—all of this call data—so they can find the needles—the calls made by terrorists. The data collected are just phone numbers and time of calls - there is no content whatsoever. This means that if you were to fish out a few of these numbers, they would be useless to you, because, without using some other legal process, you won’t even know who was using those numbers.
My data is in there, your data is in there, and the terrorists’ data is there—along with billions of other bits of call data. I’m not bothered by having my data in there, because I don’t talk to terrorists and, as far as I know, I’m not talking to other people who may be talking to terrorists. Which means no one will ever look at my data.
Moreover, I’m not bothered about my data being in there, because the Supreme Court has correctly held that I don’t have any expectation of privacy in these non-content records that were generated by the phone companies.
So it doesn’t matter if the NSA has hundreds, thousands, millions, or even trillions of these records, because infinity multiplied by zero is still zero. Ironically, the more data there is in this particular database, the more anonymous my data becomes.
Something has to be done
But here’s where the lack of trust in the government comes back into play. People are concerned that if this data is in the government’s hands, it could be abused just as the IRS abused its authority. These skeptics have not been satisfied by the fact that there are key safeguards to detect and prevent that sort of abuse.
This has led to a consensus on Capitol Hill that “something” has to be done about FISA to restore confidence in the system (and get angry constituents off their back.)
Although this system isn’t broken, from a political standpoint, these worried Congressmen may be right. We may have to do “something.” The question then becomes, “what should that ‘something’ be?”
Bills have now been introduced and mark ups will proceed, so let’s discuss at least some of the concepts.
THE BAD IDEAS
Let’s start with some of the bad ideas.
Repeal or Prohibit 215 from Being Used to Collect Bulk Data
Some in Congress propose we repeal Section 215 or modify it so that it can no longer be used to conduct these necessary bulk data collections. That would deprive the Intelligence Community of an important tool necessary to help identify terrorist networks or corroborate information about those networks from other intelligence sources. And, by the way, the usefulness of intelligence gathered is not limited to thwarting terrorists.
While there are a lot of emotional and purely hypothetical concerns about this bulk data collection, the fact is, there is no infringement of my privacy or the privacy of anybody else arising out of this program.
What I have noticed, however, is that when my wife does a little bit of Internet shopping, she is deluged with advertisements for many of those same or similar products when she moves on to visit other websites. That is content collection by the private sector being acted upon, yet no one seems to be getting too upset about it.
I think it would be very unwise to cancel a program that permits the government to collect non-content data that can be used to protect us from terrorist attacks. People seem to have forgotten that, during World War II, the government routinely screened the content of letters to and from our soldiers overseas in an effort to protect sensitive information about U.S. operations overseas. Canceling this program would be a huge boon for our enemies, and I’m just talking here about our terrorist enemies.
Make the Carriers Keep the Data
For a while, some were proposing that it might be a good idea to require the carriers to keep the data—haystack—and then permit the government to submit its queries to each of the carriers.
This idea appears to have lost steam as the costs and risks of this approach have become much clearer upon closer examination. And there does not seem to be any real gain in terms of privacy.
First off, the carriers don’t want this responsibility. Second, it will cost the taxpayers much more money (possibly billions of dollars over several years) to pay for the additional storage at the carrier facilities. Third, it would have a significant impact on operational effectiveness as analysts wait for the various carriers to respond to their queries. Fourth, it would place the Intelligence Community’s investigative and collection efforts at greater risk of operational compromise by needlessly expanding the number of private sector individuals who would have access to the data being used to make these highly sensitive queries. Finally, it will make these carriers an even greater target for cyber attacks.
I think these reasons are enough to take this idea off the table.
Make FISA an Adversarial Process
One of the more disturbing ideas is to make the FISA process more adversarial. Astonishingly, this concept has been endorsed by the President in a public speech.
This is a solution in search of a non-existent problem. Start with the proposition that some, including myself, believe Article III judges should not be involved in the operations of NSA at all. But, since they are, what about the claim that a kind of “public ombudsman” should be created because the Foreign Intelligence Surveillance Court just is a “rubber stamp” of the Justice Department and that few applications have ever been denied.
When you look at the facts, this claim does not hold up. If you ask an FBI agent whether he thinks it is easy to get a FISA court order for electronic surveillance or physical search from the “rubber stamp” FISA Court, he’ll probably laugh at you.
The reality is that, except in a limited number of emergency situations, these court orders can take months (and sometimes years) for the FBI to obtain. They take so long because DoJ and the FBI painstaking seek to ensure that only those applications that have the highest chance of success are presented to the FISC for approval. After all this work, read copies are presented to the FISC and if any of them receive pushback from the Court or the Court’s legal advisors, they are pulled back and either discarded or reworked until the Court’s reservations have been overcome—all before a final application is ever submitted to the Court. So, from the FBI’s perspective, the current FISA process is quite adversarial. The high success rate is the result of an enormous amount of work to satisfy the Court.
Getting a FISA order should not be more difficult than getting a wiretap or search warrant in an ordinary criminal case. Probable cause is probable cause—and we don’t want to turn investigative steps into mini-trials. But that’s what would happen if the FISC or another entity is allowed to designate a special advocate who would argue against particular applications at this stage of the investigation.
Are we going to start letting criminal suspects have special advocates who will be permitted to argue against a criminal wiretap or before a grand jury? That would seem inevitable if we are foolish enough to step on to this particularly slippery slope. What seems to be lost on some is that this is not gathering evidence for a prosecution in court; this is gathering intelligence to thwart attacks by an enemy.
This process is not broken. In cases in which the FISA Court has thought it could benefit from outside perspective, it has invited non-party groups to submit amicus briefs on specified issues. Anything more adversarial than this current practice adds no real value at the expense of even more operational delay.
Elevation of Simple Data Queries to the Status of Physical Searches
Another bad idea I’ve seen proposed is to require the government to seek a probable cause warrant from the Court before it checks to see if there are any “hits” in the database against the phone number of a known US person suspect.
This may sound nice in theory, but information that has been lawfully collected by the government may be used for lawful purposes. One of the first things that an FBI agent or an Intelligence Community analyst will likely do when facing a possible national security threat or allegation of wrongdoing is to begin checking government records to determine if there is any adverse information on the subject.
This investigative technique is at the absolute bottom of the investigative pyramid. It is one of the least intrusive investigative techniques, and is often used simply to rule out a potential subject and move on to more productive leads.
To require probable cause, a standard that is reserved for our most intrusive investigative techniques like electronic surveillance and physical searches, would turn the investigative pyramid on its head and prevent Intelligence Community agencies from identifying and neutralizing threats to our national security.
THE OTHER IDEAS
Having looked at some of the worst ideas, let’s look at some of the other ideas for possible legislative fixes for our unbroken FISA process.
One idea that may work is to create some additional procedures in section 215 for obtaining FISA business record court orders that involve bulk data collection. An advantage to this approach is that it recognizes that the current statute does, in fact, authorize certain bulk data collections.
It also has the advantage of putting into statute a number of the current procedures and safeguards that are used to protect our privacy interests, which would hopefully increase the public’s confidence in the use of the technique. A good example is the “reasonable articulable suspicion” standard that has been used to limit the number of queries that can be made in certain FISA databases.
Restrictions on Content Data Queries
Another proposal would impose additional procedural requirements when the Intelligence Community conducts certain queries about a known U.S. person. This is a significant improvement from the bad idea I just spoke about that would require probable cause, because it would permit the continued use of these necessary queries while ensuring that the management and oversight of this process is enhanced. For example, ensuring that an adequate written record is made of each query will prevent frivolous queries and allow effective oversight by the IC, DoJ, Congress, and the FISA Court.
Confirmation of the NSA Director
The NSA Director has always been an important leader in the Intelligence Community. However, since this position is typically held by a General or Flag Officer, it has not been subject to the same advice and consent process used for other IC leaders like the DNI, Director of the CIA, and the Director of the FBI.
While I would vote against this idea if put to me in the Senate, given the renewed public interest in NSA’s intelligence activities, it may be time to have future NSA Directors go through the same confirmation process.
Consolidation and Improvement of FISA Reporting Requirements
Finally, Congress may want to re-examine the complicated web of congressional reporting requirements in the FISA statute. As FISA has been amended over the years, overlapping and redundant reporting requirements have been placed on the Executive branch. Much of this reporting is appropriately classified.
However, there may be a way to streamline these reporting requirements so they are less burdensome on the Executive branch, but also permit some level of public disclosure that would provide useful insight into the FISA process without causing damage to our national security.
I’ll leave the debate about the specifics of such possible modifications to the accommodation process between the Congress and the Executive branch.
While I’m sure that there are other ideas out there that will be considered as possible legislation, some good and some bad, I think the ones that I’ve just mentioned may actually do some good without causing any harm. I am reminded of the great line: “Reform? Sir, don’t talk of reform. Things are bad enough already!”
Let me conclude by sharing with you some of the yardsticks that I will be using to assess the relative merits of any new FISA proposals.
First, would the idea make it harder for our intelligence professionals to gather or share information than it would for an ordinary criminal investigator? If it does, then the idea is likely a throwback to the pre-9/11 mentality and restrictions that made it very difficult for our intelligence professionals to protect us. If that is the case, I would suggest that the idea be discarded.
Second, would the idea, under the banner of “the public interest,” give our enemies better insight into our intelligence sources and methods so they could take countermeasures against us? If so, it needs to be modified or discarded.
Third, would the idea slow down the operational effectiveness of our intelligence professionals to the point where their ability to help prevent future acts of terrorism is significantly hampered? If so, the idea needs to be modified or rejected.
This is serious business; so I hope you’ll excuse my departure from the tradition from invoking much humor in this annual message. I don’t know whether I’m more dismayed by our failure to protect national secrets, the despicable actions of Snowden and Grenwald or the naivety of many Americans and even leaders in their reaction to the disclosures. My hope is that we will be blessed with leaders with the uncommon courage of Whittaker Chambers; leaders who can help us bring Edward Snowden, our modern-day Alger Hiss, to justice. For as much harm as Hiss did to our country and to patriots like Chambers, we are just beginning to understand the breadth and depth of damage Snowden and his cohorts have done and are doing to our country. Our work is to testify that this is wrong and it must not be made worse by taking the easier political course.
This is, in T. Roosevel’s words, “work worth doing.”