November 23, 2014 | Posted in: Congress, E.O. 12333, FISA, FISC, Intelligence, Leaks, NSA, PPD-28, Privacy, U.S. Code Title 50

NSA Complex, Fort Meade, MD.

NSA Complex, Fort Meade, MD.

As the new Congress comes into session in January, it will have many issues to address. One of the most important will be changes and improvements to the Foreign Intelligence Surveillance Act, commonly known as FISA.  Some of its Patriot Act created provisions, like the better known Section 215 used to collect bulk phone records, and the less well known Section 702 authority compelling telecommunication providers to provide the government non-U.S. person communications have been hotly debated in Congressional committee hearings and by the general public during 2014.

The Senate recently failed to advance ‘USA Freedom Act’ to change FISA, ensuring that the debate will be rekindled in the next Congress early in 2015. Hopefully, the next version of the bill will address some of the concerns that Judge John Bates (a federal district judge who has served on the FISA Court) described – laid out about the concerns the FISA Court might have, and challenges it might face in its processes, if that version of the USA Freedom Act had become law.

Congress will work its will in passing a final set of changes to FISA from these bills, enhancing existing privacy protections in light of the rapid advances in modern communications and the public outcry over government access and storage of telephone and internet activity by ordinary citizens.

Once signed into law, I am certain the professionals within NSA, both military and civilian, will comply with the changes to the FISA statute, whatever their final form. That compliance is not only an integral part of their oaths to the Constitution, it is also completely consistent with the professional attitudes of the many men and women at NSA I have worked with over the years.

However, in light of this long debate, three ‘lessons learned’ are abundantly clear in this era of rapidly evolving modern telecommunications and the ‘internet of things’:

The public needs a better understanding of exactly what information they surrender when they use communications technology.  This is a difficult goal to attain given the technological complexity of modern personal communications devices and the limited time or desire someone may have to delve into the privacy related issues attendant to the device or service they use.  Do you know what personal information the operating system on your mobile device stores when you use an application?  During the INFOSEC 2014 conference in Orlando earlier this year, an iPhone demonstration proved that while the app you use may keep your personal information secure, the phone’s underlying operating system may be storing much of it in a very unsecure manner.

Next, Congress and local legislatures need to play a more active role in the oversight of law enforcement and intelligence activities where they involve modern telecommunications technology.  Law enforcement and intelligence organizations operate within the laws they are given, and the law must keep pace with advances in technology. As such, laws like FISA must continue to have yearly ‘sunset’ clauses built into them to force legislatures to engage regularly and keep pace with the leaps forward in technology. Police and intelligence services will leverage new technologies to conduct their missions, and they need laws adopted at a quicker pace, not just to constrain their actions within our Constitutional principles, but also properly enable them to bring criminals to trial or monitor agents and actions of a foreign adversary.

Lastly, a level of increased transparency is required.  The days of ‘No Such Agency’, borne from the Cold War era, are long over, and a new balance needs to be struck.  I believe law enforcement and intelligence organs must have and foster public trust, but intelligence organs cannot operate effectively if operational means and methods are exposed to the whole of the American public, and therefore, our adversaries. Adversaries would exploit such knowledge to kill our citizens, damage or destroy our critical national infrastructure, or win in battles with our military.  We have begun to see the first steps towards increased transparency with the release of unclassified versions of FISA Court opinions and reports of aggregate counts of FISA warrants and NSLs.  Among other things, greater transparency can be achieved by: providing unclassified titles for the closed door briefings to intelligence oversight committees; including in the aggregate counts of FISA warrants actively in use by each government agency; and releasing unclassified versions of all damage assessments produced as a result of unauthorized leaks of classified information. The government cannot claim damage due to leaks, without backing the claim in a credible manner in a public forum – something I believe can be done without exposing sources and methods or risking lives.

U.S. intelligence and law enforcement agencies exist and operate from the bedrock of public confidence.  More transparency, consistent with protecting sources, methods, operational intelligence, and our troops in the field, is achievable, and since the Snowden leaks and the misinformation that has stemmed from them, something I believe is now mandatory.

Tom Wither is the author of the military/intelligence thrillers: “The Inheritor” (Turner Publishing, June 2014) and “Autumn Fire” (Turner Publishing, September 2014). He is also a 25 year veteran of the intelligence community. The views and opinions expressed are his own and are not those of any organization or element of the intelligence community or Department of Defense. His email is Tom@TomWither.com.

I've served my country for more than 25 years as a member of the United States Air Force, both on active duty and as a civilian. I've spent my entire career as a member of the Air Force’s Intelligence, Surveillance, and Reconnaissance Agency and its predecessor organizations, the Air Intelligence Agency, the Air Force Intelligence Command, and the Electronic Security Command. I've served in various locations throughout the world during my career, including Japan & Saudi Arabia. I am a veteran of the 1991 Persian Gulf War. I also earned professional certifications from the National Security Agency as an Intelligence Analyst, and the Director of National Intelligence as an Intelligence Community Officer during my career. I have an M.S. in Computer Systems from the University of Maryland Graduate School of Management and Technology, and am a Certified Information Systems Security Professional.