I’m going to try live blogging the President’s remarks today on NSA. I’ve never done this before, so don’t be surprised if the whole thing comes crashing down in the middle.
11:15: The President gives us a few history lessons and a tour of intelligence policies of the last quarter century.
11:19 The President summarizes the impact of 9/11 and the success of the intelligence community in hunting terrorists. The changes in our intelligence programs has been successful, but the risk of abuse grew too.
11:21 The President trashes the past excesses of the previous administration.
11:24 America’s capabilities are unique, President claims. This is not correct. Lots of governments use big data for intelligence collection.
11:25 President appeals to the left, claiming to have stopped abuses and instituted new restraints, then to the right, by saying that the government, including NSA, has not abused its power and has consistently followed protocols to protect privacy.
11:27 “Now that I’m done with drones, it’s time to reform our intelligence community too” Unfortunately, President suggests, Snowden and his sensationalizing leaks have distorted the debate.
11:30 The basic approach guided by this principle: “We must retain the trust of the American people and people around the world.”
11:32 Basic observations: We do have real enemies and we need intelligence to protect the American people. We can’t unilaterally disarm. We’re targeted even by some of the nations that “feigned surprise” and international critics also recognize our special responsibilities. Second, inteligence community understands the risk of abuse. Third, we can’t rely on just the good intentions of government officials.
So far, this is a pretty good lecture, in the Obama style of rejecting straw men and seeking a middle ground at a high level of abstraction.
11:36 The reforms:
A presidential directive setting policy for intelligence collection, with regular White House review. On a quick look, this is quite unfortunate:
More transparency and declassification of FISC opinions. Annual reviews for future opinions.
President wants a panel of advocates to argue in the FISC. Bad idea, but not as bad as Blumenthal’s bill.
Vague proposal for new restrictions on section 702, the most successful anti-terrorism program in recent years.
NSLs: more transparency. Gag orders will have an end date and ISPs can reveal more data than before about the NSLs they receive. Means more makework for FBI to keep NSLs that should be secret secret.
The 215 program: President makes best argument for 215 — that it responds to a serious gap that contributed to 9/11. But the critics are right that this program needs a debate. “I am therefore ordering a transition that will end the Section 215 bulk metadata program as it currently exists, and establish a mechanism that preserves the capabilities we need without the government holding this bulk meta-data.” But he has no clue how to do this. Instead he announces two limits with nothing to do with the transfer: NSA may only map connections for two hops, not three, and it may conduct no searches without FISC approval in advance (with an emergency exception). This is going to create new work for everyone, without any reason to believe that the third hop has been abused, ever, or that NSA’s determinations of reasonable articulable suspicion, which the FISC can always review, have been made in an inappropriate way. He’s solving problems that don’t exist.
Even worse are proposals to try to satisfy international critics with promises they’ll find vague and unenforceable and unverifiable but that NSA will follow scrupulously and with a lawyerly disregard for practicality.
“We will not monitor the heads of state of our allies” but we will gather information on the intentions of governments. What better way to determine intentions than to monitor the decisions at the top?
High level coordination; promotions at State and a senior official to implement the privacy safeguards.
MLAT reform, maybe: This is a good idea that Justice will fight to the death in the interagency, at great cost to US interests.
Podesta to do a review of big data and privacy, with outreach through OSTP. Podesta is smart on these topics, but don’t expect much from this.
11:57 Back to the high ground and the high abstractions.
Overview: This turned out worse for intelligence than was expected, especially on 215 and the rights of foreigners. The President opened the door to “privatizing” the 215 program without any idea of how to do that, which simply will encourage legislative proposals that make the program unworkable while we’re waiting for the AG to decide how to implement the President’s notion. Meanwhile, he quite arbitrarily decides to eliminate the third hop search of phone networks, no matter what, and to go the the FISC for every search, barring emergencies. This builds in what could be weeks of delay before searches are conducted and adds to the FISC’s workload. All to solve a theoretic risk of abuse.
On foreign protections, it’s even worse. The principles on protecting dissent and avoiding ethnic and religious targeting are written broadly. If applied broadly they would prevent us from monitoring people who think Americans should be killed for religious or ethnic reasons. NSA has a deeply compliant and lawyer-ridden culture. If the directive can be interpreted to prohibit something, NSA employees will not do it, even if the interpretation is damaging to national security. That’s how they’ve behaved over the last thirty years and that culture won”t change. But the limits they observed before were on intelligence practices that touched Americans, where the agency was always hesitant and cautious. At the same time, the agency was encouraged to be aggressive, innovative, and relentless in pursuing foreign targets. Now the President is pushing all that hesitance and caution into the area where NSA has been most effective. It is likely to produce a generation of intelligence failures driven by a risk-averse National Security Agency.
Probably the most troubling are the details of the President’s directive, saying that foreign persons must get the same minimization protections as US persons. If I remember how dissemination limits on US persons work, NSA always deletes the name of a US person, even, say, an American spy in the FBI, and each consumer of the report has to say “I can’t understand this intelligence unless I know the name of the spy.” Then NSA sends it, keeping a record of everyone who asks. So are we now going to treat al-Qaeda terrorists the same way, slowing and complicating efforts to share information about imminent threats?
The limits on retention of personal data of foreigners also make little sense. NSA often collects data that has proven to be valuable in the past, and holds it for later search. It doesn’t have time or resources to evaluate the entire database right away. Now, it seems as though the NSA will have to evaluate all that data right away, not to find actionable intelligence but to scrub out the personal data of any foreign national whose communications might be found there. Now, maybe in time, we’ll find workarounds to avoid dumb results like that, but remember NSA’s culture. No one there is going to say, “This is dumb, the President can’t mean that, so let’s apply his guidance with a leavening of common sense.” They’re going to say, “Until you hear from the lawyers, apply the directive in the strictest possible way, no matter how dumb that seems.”