Winter 2015 News

December 20, 2015 | Posted in Air Force, Author, Blog, Classified, Classified Information, Congress, Cyber attack, Department of Defense, E.O. 12333, FISA, Intelligence, Law Enforcement, Leaks, NSA, PPD-28, President Obama, Privacy, Snowden, U.S. Code Title 10, U.S. Code Title 50, Writing | By

Hello Everyone,

I hope you’ve had a great summer and fall, and are enjoying the holiday season. I’d like to extend my thanks for being fans of my work, and wish you happy holidays and a bright new year.

I’ve been busy crafting my next novel, a project I’ve named ROGUE SENTINEL, and I will finish the manuscript shortly after the New Year. ROGUE SENTINEL will see Shane Mathews take on a solo mission to Jordan to find and capture an Islamic State mission planner known only as ‘Al-Amriki’ – The American.
Up next, I’ll be resuming work on SWIFT JUSTICE, the third and concluding novel of the ‘Aziz Trilogy’ that started with THE INHERITOR and AUTUMN FIRE, with main characters Shane Mathews and Emily Thompson.

During the year I’ve written a few Op-Eds on current issues that have been published in the Baltimore Sun and in The Hill’s Congress Blog. Here’s a list so you can look at them if you’re interested.

‘The NSA data collection program isn’t criminal; ending it is’ –

‘Open Letter from a cyber terrorist’ –

‘Stand with our watchers’ –

‘Access to encrypted communication, a balancing act’ –

‘Clinton E-mails: Who else was involved?’ –

‘The country is vulnerable without CISPA’ –

Thanks again for being fans of my stories, and feel free make them presents for the fiction reader on your holiday list – they can be purchased from Amazon or Barnes & Nobel as e-books or hardcopies in trade paperback. You can even contact me via for a signed copy if you like.
Take care and Happy Holidays!

Tom Wither

Read More →

Op-Ed in the Baltimore Sun

April 5, 2014 | Posted in 4th Amendment, Department of Defense, E.O. 12333, FISA, FISC, Leaks, NSA, PPD-28, U.S. Code Title 10, U.S. Code Title 18, U.S. Code Title 50 | By

NSA Complex, Fort Meade, MD.

NSA Complex, Fort Meade, MD.

When you get a chance, please read my Op-Ed in the Baltimore Sun.

NSA Has Better Things to Do Than Read Your E-Mail.

Please feel free to contact me with your comments using the e-mail address in the tag line at the end of the piece.  We live in a free society and I respect any point of view that you may have, so long as you express it in a civil manner.

Thanks to all who have already sent me comments.  I’ve enjoyed reading them, and I am doing my best to respond to all of them individually.  Also, I’d like to thank Tricia Bishop and the other members of the Sun’s Editorial Board who thought my Op-Ed was worth publishing.


Read More →

Obama’s Speech, Privacy Protections, and Bulk Data

White House Logo

January 18, 2014 | Posted in 4th Amendment, 9/11, E.O. 12333, Leaks, PPD-28, Snowden, U.S. Code Title 10, U.S. Code Title 50 | By

White House Logo

White House Logo

As I’m sure you’re aware, President Obama gave a speech Friday to describe the ‘reforms’ he was directing NSA to implement to restore the American public’s confidence in NSA’s activities, and reassure the citizens of our foreign partners and allies that NSA’s capabilities were not being used against them.

These confidence building measures (I won’t call them reforms again) were well thought out, and articulated well.  Based on the news reports after the President’s speech, many commentators, pundits, politicians, and newspaper editors believe the President outlined some good ‘first steps’ but did not believe he went far enough.  It seems to me that Obama the President, as opposed to Obama the Candidate for President, has a much firmer grasp and understanding now, not just about what the U.S. Intelligence Community is capable of doing, and under which legal and other oversight authorities they do it, but also the extreme value of their intelligence products in the maintenance of national security, the development of foreign policy, and the conduct of diplomacy.  He also has a great appreciation and respect for the hard work and sacrifices of the intelligence professionals at NSA (none of the NSA’s leaders are political appointees) and throughout the intelligence community.


Let me highlight some of the lines from his speech and talk about them a little.

“…the folks at NSA and other intelligence agencies are our neighbors. They’re our friends and family.”  – Yes they are.  They are civilian employees and members of the United States military who have sworn their lives to defend our nation.  They are also people just like you and I, and they have taken the extra step of surrendering some of their personal privacy for the protection of their fellow citizens by permitting the government to conduct background checks to be sure they are people of good character.  The aren’t required to be perfect people, just people of good character, as are the majority of our fellow citizens.  Friends and colleagues were interviewed and vouched for them.  They were looked at to determine if they had criminal pasts or any associations with any foreign government or groups advocating the violent overthrow of the U.S. government.  Their citizenship, places of residence, and education were all verified.  For senior leaders, they have also exposed their personal financial situation to examination to be sure undue monetary influences, foreign or domestic were not present.  All of them are strapped to a polygraph machine on a recurring basis so their suitability for a position of trust could be confirmed.  How many of you would allow that kind of intrusive look at your lives?

“If any individual who objects to government policy can take it into their own hands to publicly disclose classified information, then we will not be able to keep our people safe, or conduct foreign policy.”  &  “…revealing methods to our adversaries that could impact our operations in ways that we may not fully understand for years to come.” –  These two items speak to Mr. Snowden’s alleged criminal activities.  If you are hoping Mr. Snowden will be welcomed home a hero, or should be given credit for fomenting the debate in this country about personal privacy, I suggest you reconsider.   The President is obviously unimpressed with his actions, as are all of the Senators and Representatives I’ve heard speak on the issue.  Congressmen Rogers and Ruppersberger, the Chair and Minority Leader of the House Permanent Select Committee on Intelligence, both spoke last week about the serious damage Mr. Snowden has done to U.S. national security after reading the Defense Department’s initial damage assessment.  According to them, that assessment spoke to the tens of thousands of documents related to military operations and activities across all the services taken by Mr. Snowden and leaked to the media as well.  Congressman Rogers has also stated previously that Al-Qaeda affiliated terrorist organizations are changing their communications methods as a result of the leaks.  If you know someone who is, or have a family member serving in the armed forces at home or abroad, Mr. Snowden didn’t do them any favors.

“…nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens.”  &  “…the men and women of the intelligence community, including the NSA, consistently follow protocols designed to protect the privacy of ordinary people.”  – These two statements clearly affirm that NSA is not a ‘rogue agency’ as some media outlets would prefer to characterize it, ‘spying on Americans’.  Moreover, members of both parties on the intelligence and judiciary committees in both houses of congress have taken great care to laud the professionalism and sacrifices of the men and women in the intelligence community during the hearings that have been held since the unauthorized disclosures began in June.  Additionally, since the declassification of USSID 18, we can clearly see that U.S. person privacy protections were in place since at least as early as 1993 within NSA, something Mr. Snowden, in his egotistical rush to steal what he could and run to China and then Russia (where privacy protections are so obviously the norm), chose to ignore.


The changes to bulk data collection the President proposes are modest, and the President has called on Congress to fulfill its role as the legislative authority.  The President obviously feels that the bulk data collection of telephone call records under FISA 215 is a tool he wants the intelligence community to have, but given the public’s concerns about the privacy implications, he has ordered that another FISA Court warrant will be needed to query the collected records, and that the Attorney General and Director of National Intelligence report back to him on a way to have the data held outside of the government, but still available.  (I’m sure they will examine the issue as the President has directed, but the phone companies don’t want to hold it, so we’ll need to see what happens.)   Also, the NSA will not be able to retrieve records from a query beyond two ‘hops’ from the seed telephone number.  This will limit the number of returned call records, and reduce the number of U.S. person phone records reviewed by a professional analyst.

Congress will now need to perform its role in debating and amending as they see fit the FISA law, and the composition/functioning of the FISA Court based not just on what they have heard in open testimony, but also what the intelligence community and NSA has shown them in a classified setting, where I suspect the individual member’s opinions are less influenced by the proximity of reporters and video cameras, and more on practical application of law and the real threats and adversaries in the world.

The President chose not to address many of the remaining review group’s recommendations, ordering some for study, and ignoring (at least in the public speech) others.  For example, he did not address the personnel and computer security portions of the review group’s report, which will undoubtedly be actioned within the intelligence agencies, under the watchful eye of the DNI and Congress.  The detailed specifics will likely be left to classified briefings to Congress to ensure our adversaries don’t learn too much about the internal security mechanisms of our intelligence agencies.  They’ve obviously already learned more operational details than they could have ever hoped for.


The last item to address then is the extension of privacy protections to foreign (i.e. non-U.S.) persons.  Let me say at the outset that in all my professional experience, which is consistent with the testimony heard before Congress over the last eight months and the statements the President has made:  the U.S. Intelligence Community is tasked, and therefore interested only in: collecting, analyzing, and disseminating foreign intelligence – just like every other nation on the face of the planet.

During all that testimony, and all those speeches, no one in the U.S. intelligence community ever stated that they cared about or were tasked to gather information on the general public of any country.  Moreover, given Congressman Rogers’ assertion during a hearing last fall that ‘the committee has access to all the classified tasking and resulting intelligence reports’, I would expect any number of members to object to any collection effort outside of valid foreign intelligence tasking, if it were in fact occurring.

The U.S. Intelligence Community performs their foreign intelligence mission based on requirements received by the President and the Combatant Commanders around the world.  While stated plainly in Executive Order 12333, President Obama’s Presidential Policy Directive PPD-28 re-affirms that and formalizes the ‘rules of the road’ for intelligence collection in the 21st Century.  With PPD-28, those rules now include a formal declaration and direction to the U.S. intelligence community to protect foreign citizen’s privacy as they would a U.S. person’s, and it is direction that I’m sure, based on my direct knowledge of the professionalism of the 100,000+ member intelligence community, will be adhered to.

In doing so, the professionals in the U.S. Intelligence Community (of which NSA is a large part) will be doing exactly what it has been doing since 9/11, conducting its operations within the law as it exists, under the oversight regime Congress has put in place, based on the direction and prioritization given to it by the President.  Which, by the way, is not a set of circumstances you will find in Russia or China.

Read More →

Worth Watching – NSA D/Dir at Penn Law

January 5, 2014 | Posted in 4th Amendment, E.O. 12333, FISA, FISC, NSA, Privacy, U.S. Code Title 10, U.S. Code Title 50 | By

NSA Complex, Fort Meade, MD.

NSA Complex, Fort Meade, MD.

This is a very informative and interesting session that occurred at Penn Law last November.  Not only is Mr. Inglis, the recently retired Deputy Director of NSA, giving a keynote address that provides an excellent insight into the technological environment NSA operates in, and the constraints it operates under; the Q&A session provides pretty direct answers to some of the questions many Americans may have since the Snowden Leaks.  I think it’s worth your time.

You Tube –  Chris Inglis Keynote and Q&A at Penn Law

Read More →

Are we living in a surveillance state?

December 15, 2013 | Posted in 4th Amendment, Director of National Intelligence, E.O. 12333, FBI, FISA, FISC, Intelligence, Law Enforcement, NSA, Privacy, U.S. Code Title 10, U.S. Code Title 50 | By

Absolutely not.  A odni-circlenation where every move of every American citizen is recorded, cataloged and data based by the government runs counter to the privacy rights each citizen of the United States expects, and would be an abhorrent infringement upon one of the principle freedoms of our democracy.  Protecting those rights is something I swore to do as a member of the intelligence community, and was required to do as a civil servant and uniformed member of the armed forces.

In light of the ‘Snowden revelations’ and the plethora of news stories (few of those stories entirely accurate and not jaundiced by sensationalism), many Americans are concerned about invasions of their privacy by the government.  I share those concerns, but mine are tempered by the testimony offered before the House and Senate Intelligence and Judiciary committees, the declassified documents posted on the IConTheRecord tumbler site, and my own professional experiences within the intelligence community.

Much like the majority of the 100,000+ members of the intelligence community, I have a lifetime obligation to protect the classified material I’ve been exposed to.  I understand the valid reasons for that secrecy, and I respect them.  I was also made fully aware early in my career of the myriad of mechanisms in place to report perceived illegal or improper acts, from IG reporting through classified channels to include arranging closed door testimony before the relevant Congressional committees if needed.  For the record, in my more than twenty-five years in the intelligence community, I never encountered any instance of willful or intentional misuse of the tools, capabilities, or authorities any of my colleagues or I operated under, had access to, or could utilize.  Certainly honest errors were made, as they would be in any human endeavor, and those errors were reported through the proper mechanisms, and corrected.

At this point, let me point out some of the facts now available for every citizen to evaluate when deciding for themselves if the government is violating your privacy rights, and temper that with a few other thoughts.  Using just the FISA 215 program as an example, all of what follows is either from declassified documentation/information released by the ODNI, or provided as testimony on public session in front of the intelligence or judiciary committees by the senior leaders of the intelligence community.  See the ODNI’s IC on the Record website for the details on the FISA 702 program.

The FISA 215 Program

  • Gathers and centralizes at NSA, telephone call records from various U.S. telecommunications companies
  • The telephone companies are compelled to provide the information to the government by a FISA Court order
  • The FISA Court approves the orders based on the law and precedent (e.g. Smith v. Maryland, the FISA Law Congress passed twice, etc.) subsequent to receiving an application for the order by the government (usually the FBI, after coordination with the NSA, ODNI, and the National Security branch of the DoJ)
  • The FISA Court requires the government to store, access, and utilize the call records obtained under the order in a specific manner outlined by the Court, and report all deviations from those orders
  • The only records provided to the government by the telephone companies are:

               Calling Number

               Called Number

               Date & Time of the Call

               Duration of the Call

  • For example: Phone number 203-555-1212 called phone number 203-555-1414 at 0900 on the 10 Oct 2012 and the call lasted 10 minutes
  • No names, no addresses, or other identifying information is provided by the telephone companies under the FISA Court’s order
  • The content of conversations are not collected under this program – other warrants are required to collect content, and NSA says it currently has only 60 active warrants for content collection against U.S. persons
  • Searches of the call records under this authority can only be conducted with a ‘seed phone number’ that can be reasonably and articulately described, in writing, as being terrorism related
  • The written articulation must be signed off on by an NSA manager (an intelligence professional, not a political appointee) before a query is run against the records in the database
  • ALL queries of the database are recorded, tracked, and audited to ensure the FISA Court’s instructions are not violated
  • The returned call records meeting the intelligence need (i.e. not all of the returned records) are turned over to the FBI for any follow-up action
  • If the government wishes to wiretap any number based on the call records NSA provides, it must apply to the appropriate court for a warrant

Laws, Executive Orders, and Congressional Oversight

The United States intelligence community operates under several enabling laws, Executive Orders from the President, and Congressional Oversight.   These laws, orders, and oversight apply to every intelligence program conducted by the United States government. Some of the most notable of these are, USC Title 10, USC Title 50, Executive Order 12333, the Foreign Intelligence Surveillance Act of 1978 (as amended), and the oversight of the Senate Permanent Select Committee on Intelligence, the House Permanent Select Committee on Intelligence, and the Senate and House Committees on the Judiciary.  Within the SIGINT system specifically, the primary instruction for the protection of U.S. citizen’s 4th Amendment rights is outlined in USSID 18.


The recently declassified United States SIGINT Intelligence Directive (USSID) 18, Legal Compliance and U.S. Persons Minimization Procedures, dated 25 January 2011, describes the U.S. person privacy protections all elements of the NSA are obligated and required to follow.  Paragraphs 1.1 – 1.4 show that U.S. person privacy protections required by the 4th Amendment were in place long before Mr. Snowden’s massive leaks of classified material made the subject of U.S. person privacy a daily staple of newspaper front pages and legitimate public concern.  USSID 18 has been in existence since at least 1993.  In addition, the ODNI has made the training materials used by NSA to teach their analysts what is allowed and what is not allowed when dealing with FISA 215 data available for you to see.

Corporate America is ‘Spying’ on You All the Time – And you let them

Every time you make a purchase at a store, they know what you buy, and how often.  That frequent shoppers card you use at the checkout ties you to every item on your shopping list – vegetables, meats, shampoos, bakery products, gluten free items, condoms, feminine hygiene items, etc.  How many, which brands, how often, and which charge card you used.  Think about the ‘pattern of life’ information that offers the company that owns that store about you and your family.  You even surrendered it willingly.    Companies use the information to target advertising, sending you e-mails and paper circulars featuring the products you buy most often using a process called data mining.  You may not mind that, but what else are they using it for?  Reporting to the FDA about how much red meat a family consumes in a year?  How far you travel to get to the store?  How many times a week you go?  At what times of day?  If you have children and how old they are?  Are you under a doctor’s care or do you have an annoying hemorrhoid problem?   The list is practically endless.

Your credit card company shares your purchasing habits with marketing companies.  They may offer you the option to opt out, but I recently received a notice from one of my credit card companies telling me that they shared my personal information and purchase history with eight other companies, only offering me the opportunity to ‘opt out’ of the sharing with two of those companies.

How many video or still cameras did you appear on today as you went about your ‘private’ business?   Did you even notice them?  Did you notice the ones in every store you walk into, each ATM you passed, and the cell phone everyone you passed on the street was carrying?  How many of those cell phone captured videos or still images were forwarded to a friend, lover, relative, or business colleague by the shutterbug/videographer?  Do you know that there is a copy of that video or image on the telecommunication’s company’s servers or systems?  Do you know how long it stays there or what is done with it?  Are they kept for hours or years?  By whom?  How and where are they stored?  Are they ever deleted?  How can you be sure?

Oh, and those private phone calls you make, or e-mails you send?  The telecommunications companies can mine those records as needed to improve their infrastructure, determine what services to market, or even re-direct your communications through the network.  In doing so, do to the technical sophistication of today’s communications networks, the e-mail from your wife or husband in Cleveland, OH, just may have been routed through Vladivostok, Russia, where a copy was left on a server in Russia.  Are the Russian security services scanning that e-mail for information it might find of interest?  Do you honestly think they care about your privacy as a U.S. citizen?  Maybe they think that picture of your significant other in her new Victoria’s Secret undies is pretty hot and keep a few copies.

Internal to these companies, what are the company’s restrictions or policies on which employees can access, review or share that information?  Do those employees go through any kind of background check before they are hired?  What kind of oversight is there on the use or access to the data?

Just Who Might be Invading Your Privacy – The U.S. Government, a Corporation, or a Foreign Government?

Should we be reasonably concerned about U.S. Government overreach and invasion of privacy?  Yes.  It’s our government and we should keep an eye on it.  But I’m less concerned about the U.S. intelligence community’s activities than I am about a telecommunications provider (especially a foreign one) or foreign government’s respect for ‘privacy’ as we perceive it.

In the U.S., the intelligence community’s motivations, codified in both law and executive order, and overseen by Congress and the Courts, is at least grounded in a desire to preserve, protect, and defend the Constitution and the nation.  The professionals in that community undergo deep background checks, polygraph examinations, and in many cases, submit to financial disclosure requirements and psychiatric examinations before being exposed to intelligence operations or activities that may impact a U.S. person’s privacy in the modern digital age.  Moreover, they seem, based on the information released by the ODNI, to be rigorously trained to protect the 4th Amendment rights of U.S. persons, and there is at least one directive in place at NSA that requires that U.S. person privacy is protected.

Corporations (U.S. or foreign) are motivated by a desire to make a profit for their shareholders, and they never have to go to a judge for a warrant to see data that might invade someone’s privacy.  They also don’t have Congress and the Courts looking over their shoulder to be sure they aren’t using ‘private’ data to profile a person’s life, purchasing habits, or travel.

Foreign governments may not care at all about your privacy.  France just passed a surveillance law that, according to the story in the NYT, “…defines the conditions under which intelligence agencies may gain access to or record telephone conversations, emails, Internet activity, personal location data and other electronic communications.  The law provides for no judicial oversight and allows electronic surveillance for a broad range of purposes, including “national security,” the protection of France’s “scientific and economic potential” and prevention of “terrorism” or “criminality.””

Mr. Inglis, Deputy Director of NSA, made a statement during a Q&A session at Penn Law’s Center for Ethics and the Rule of Law Conference that I think is very relevant.  He based it on the number of NSA employees and affiliates who have died since 9/11 and the twelve internally reported ‘willful abuses’ during the conduct of its SIGINT operations – “… it’s three times more likely that you’ll die for your country if you work for NSA than you are to abuse the [U.S. SIGINT] system.”

For myself, while I accept that there is always room to improve a process, law, and oversight; I put more trust in the professionals in the U.S. intelligence community, the laws and policies that govern their activities, the internal controls, and the oversight mechanisms in place in the courts and congress when it comes to protecting my 4th Amendment rights.


Read More →

Executive Order 12333 Amended

July 31, 2008 | Posted in CIA, DIA, Director of National Intelligence, E.O. 12333, EO 12333, Intelligence, NSA, U.S. Code Title 10, U.S. Code Title 50 | By

1357163342_6957_whitehouse-logoPresident Bush issued Executive Order 13470 yesterday. This order alters Executive Order 12333, UNITED STATES INTELLIGENCE ACTIVITIES.

EO 12333 is one of the documents used within the U.S. Intelligence Community (IC) to set policy, along with U.S. Law, the Constitution of the United States, and the Bill of Rights.

It sets out the President’s guidance for the management of the community, affirms the roles and responsibilities of various IC elements, and prescribes some specific prohibitions the IC and its employees must respect.

So what was changed? (The changes listed below do not reflect typographical, grammatical, or consistency related changes within the EO.)

Part 1 – “Goals, Directions, Duties, & Responsibilities with Respect to U.S. Intelligence Efforts” was completely re-written. The major effect of the re-write of Part I is to insert the Director of National Intelligence (DNI) into a position of more direct control over the IC. This re-write helps to codify the DNI’s authority and will hopefully cut down on any, “Yes you will.” “No I won’t.” situations between the DNI and the heads of the IC elements.

Part 2 – “Conduct of Intelligence Activities” was altered to include:

  • Changing Section 2.2 to include gathering foreign intelligence regarding “the spread of weapons of mass destruction.”
  • Changing Section 2.3 to ensure that signals intelligence (SIGINT) is only “disseminated or made available to Intelligence Community elements in accordance with procedures established by the Director in coordination with the Secretary of Defense and approved by the Attorney General.”
  • Changing Section 2.3.e to permit the collection, retention, and dissemination of information needed to protect foreign intelligence or counterintelligence activities.
  • Changing Section 2.5 to limit the delegation of the approval of the IC’s monitoring of a U.S. Person to that outlined in the FISA of 1978, as amended.
  • Adding a new section, 2.13, which states that, “No covert action may be conducted which is intended to influence United States political processes, public opinion, policies, or media.”

Part 3 was altered to include:

  • Affirming the Attorney General’s (AG) Role in Approving Procedures Established by IC Element Heads that Implement the Procedures in Section 2 – Any Dispute Between the AG and the IC Element Head will be Resolved by the National Security Council
  • Providing current definitions of Counterintelligence, Covert Action, Electronic Surveillance, Employee, Foreign Intelligence, Intelligence, Intelligence Activities, the members of the IC, National Intelligence & Intelligence Related to National Security, and the National Intelligence Program

The prohibition against assassination remains in place, as well as the ban on human experimentation outside of the guidelines provided by the Department of Health and Human Services where the subject’s informed consent has been documented.

Read More →