September 22, 2016 | Posted in 4th Amendment, Al-Qaeda, Classified Information, Department of Defense, Director of National Intelligence, E.O. 12333, FISA, FISC, Intelligence, Leaks, NSA, President Obama, Russia, Snowden, Terrorism | By Tom Wither
In recent days, in the run-up to the release of an Oliver Stone helmed movie about him and his self-admitted theft of secrets from NSA and subsequent flight to China and then Russia, Edward Snowden has stated that he believes he deserves a presidential pardon for his crimes.
He bases this on a belief that, “If not for these disclosures, if not for these revelations, we would be worse off,” and goes on to say that a pardon would be appropriate, “…for the exceptions, for the things that may seem unlawful in letters on a page but when we look at them morally, when we look at them ethically, and when we look at the results, it seems obvious that these were necessary things,”. Both these quotes come from a CNN article that cites an interview in The Guardian.
Estimates reported by news outlets vary, but he allegedly stole approximately 1.5 million classified documents from NSA’s internal networks, far more material than anyone could have possibly needed to demonstrate alleged malfeasance and abuse by the government. According to NBC and Defense One, he did so by using computer passwords and credentials belonging to a civilian employee of NSA, a member of the military, and an NSA contractor to hide his criminal acts – in other words, he acted as a thief and con man to gain access to as much classified material as he could before he fled to China, and Russia – two great bastions of freedom and personal privacy.
Much has been made in various media outlets of the alleged impropriety, illegality, or unconstitutionality of NSA’s foreign intelligence efforts, both within the U.S. and abroad. However, after extensive public debate, the most controversial tools that concerned U.S. citizens remain in NSA’s toolbox, one of them, the ‘Section 215’ program, retooled by Congress and the Obama administration to ally the public’s concerns about potential overreach or misuse, but not halt it.
Moreover, NSA’s extensive efforts to preserve and protect the privacy rights of U.S. citizens is now documented the Director of National Intelligence’s ‘IC on the Record’ pages on Tubmlr. Thousands of now declassified documents that demonstrate how the government worked within the constitutional and complex legal framework set up to protect U.S. citizen privacy rights during the conduct of NSA’s SIGINT operations – controls that have been in place since at least 1980.
With regard to Mr. Snowden’s assertion that we “…look at the results…” of his actions to see that his pardon is warranted, we can do that. The report from the DoD Information Review Task Force-2 (IRTF-2) Initial assessment in December of 2013, titled ‘Impact Resulting from the Compromise of Classified material by a Former NSA Contractor’, said in its overall assessment that, “The IRTF-2 assesses with high confidence that the information compromise by a former NSA contractor….will have a GRAVE impact on U.S. national defense.”
In January 2015, Al-Qaeda created a YouTube video after the Snowden leaks teaching its operatives how to evade what the terrorists referred to somewhat erroneously as ‘FBI Secret Spying technology’. In May of 2015, the Henry Jackson Society, a conservative British think-tank published a 78-page report that drew heavily from the testimony from senior security sources outlining how terror groups had changed their communications methods and began more extensive use of encryption to hide terrorist operations from intelligence agencies. A July 2015 report in the New York Times also reported the Islamic State learning communications security from the Snowden leaks.
More recently, a Wall Street Journal article discussed how an Islamic State terrorist who led the November 13th terror attacks in Paris, evaded western intelligence agencies using better operational discipline and technical savvy in his communications. An awareness of which Mr. Snowden’s leaks undoubtedly raised, given the previous reporting.
The results of Mr. Snowden’s theft and leaks are pretty clear to my mind. Operating from a misguided sense of superiority and a flawed and incomplete understanding of the extensive U.S. person privacy protections in place within the intelligence community more broadly, and NSA in particular; he elected himself congressman, attorney general, and judge of a process and an oversight regime he initially tried to cheat his way into, and then barely had three months of experience in as a contractor (I’ll bet none of that is in the movie).
President Obama believes Snowden should stand trial, and so do I.
As the new Congress comes into session in January, it will have many issues to address. One of the most important will be changes and improvements to the Foreign Intelligence Surveillance Act, commonly known as FISA. Some of its Patriot Act created provisions, like the better known Section 215 used to collect bulk phone records, and the less well known Section 702 authority compelling telecommunication providers to provide the government non-U.S. person communications have been hotly debated in Congressional committee hearings and by the general public during 2014.
The Senate recently failed to advance ‘USA Freedom Act’ to change FISA, ensuring that the debate will be rekindled in the next Congress early in 2015. Hopefully, the next version of the bill will address some of the concerns that Judge John Bates (a federal district judge who has served on the FISA Court) described – laid out about the concerns the FISA Court might have, and challenges it might face in its processes, if that version of the USA Freedom Act had become law.
Congress will work its will in passing a final set of changes to FISA from these bills, enhancing existing privacy protections in light of the rapid advances in modern communications and the public outcry over government access and storage of telephone and internet activity by ordinary citizens.
Once signed into law, I am certain the professionals within NSA, both military and civilian, will comply with the changes to the FISA statute, whatever their final form. That compliance is not only an integral part of their oaths to the Constitution, it is also completely consistent with the professional attitudes of the many men and women at NSA I have worked with over the years.
However, in light of this long debate, three ‘lessons learned’ are abundantly clear in this era of rapidly evolving modern telecommunications and the ‘internet of things’:
The public needs a better understanding of exactly what information they surrender when they use communications technology. This is a difficult goal to attain given the technological complexity of modern personal communications devices and the limited time or desire someone may have to delve into the privacy related issues attendant to the device or service they use. Do you know what personal information the operating system on your mobile device stores when you use an application? During the INFOSEC 2014 conference in Orlando earlier this year, an iPhone demonstration proved that while the app you use may keep your personal information secure, the phone’s underlying operating system may be storing much of it in a very unsecure manner.
Next, Congress and local legislatures need to play a more active role in the oversight of law enforcement and intelligence activities where they involve modern telecommunications technology. Law enforcement and intelligence organizations operate within the laws they are given, and the law must keep pace with advances in technology. As such, laws like FISA must continue to have yearly ‘sunset’ clauses built into them to force legislatures to engage regularly and keep pace with the leaps forward in technology. Police and intelligence services will leverage new technologies to conduct their missions, and they need laws adopted at a quicker pace, not just to constrain their actions within our Constitutional principles, but also properly enable them to bring criminals to trial or monitor agents and actions of a foreign adversary.
Lastly, a level of increased transparency is required. The days of ‘No Such Agency’, borne from the Cold War era, are long over, and a new balance needs to be struck. I believe law enforcement and intelligence organs must have and foster public trust, but intelligence organs cannot operate effectively if operational means and methods are exposed to the whole of the American public, and therefore, our adversaries. Adversaries would exploit such knowledge to kill our citizens, damage or destroy our critical national infrastructure, or win in battles with our military. We have begun to see the first steps towards increased transparency with the release of unclassified versions of FISA Court opinions and reports of aggregate counts of FISA warrants and NSLs. Among other things, greater transparency can be achieved by: providing unclassified titles for the closed door briefings to intelligence oversight committees; including in the aggregate counts of FISA warrants actively in use by each government agency; and releasing unclassified versions of all damage assessments produced as a result of unauthorized leaks of classified information. The government cannot claim damage due to leaks, without backing the claim in a credible manner in a public forum – something I believe can be done without exposing sources and methods or risking lives.
U.S. intelligence and law enforcement agencies exist and operate from the bedrock of public confidence. More transparency, consistent with protecting sources, methods, operational intelligence, and our troops in the field, is achievable, and since the Snowden leaks and the misinformation that has stemmed from them, something I believe is now mandatory.
Tom Wither is the author of the military/intelligence thrillers: “The Inheritor” (Turner Publishing, June 2014) and “Autumn Fire” (Turner Publishing, September 2014). He is also a 25 year veteran of the intelligence community. The views and opinions expressed are his own and are not those of any organization or element of the intelligence community or Department of Defense. His email is Tom@TomWither.com.
July 27, 2014 | Posted in 4th Amendment, Department of Defense, Director of National Intelligence, E.O. 12333, FISA, FISC, Intelligence, Leaks, NSA, PPD-28, Privacy, Snowden, U.S. Code Title 50 | By Tom Wither
Over the last year, some media outlets have used the leaked classified material from Edward Snowden to write news stories that imply NSA has either: allegedly violated the privacy rights of ‘every American’ or exceeded its authorities. In every one of these stories, what is usually missing is a SIGINT professional’s level of understanding on the part of the journalist, admittedly difficult to gain when SIGINT operational training is classified.
Signals intelligence, referred to as SIGINT, is both technically complex due to the nature of modern communications technologies, and legally complex, due to the heavy legal and Constitutional burdens placed on the professionals at NSA who conduct it.
These professionals spend months and oftentimes years during a career training in the operational, technical, and legal aspects of conducting SIGINT – which includes training in the protection of U.S. person privacy.
For example, a recent Washington Post article on July 11th, ‘How 160,000 intercepted communications led to our latest NSA story’; written to amplify its July 5th story ‘Non-targets far outnumber targets in NSA data collection’, states that the rules for ‘minimization’ of U.S. person information are ‘opaque’ – in fact, they are not opaque at all.
The minimization rules come in two forms, both of which are written in black and white for anyone to read, now that they have been declassified. They are contained in the Foreign Intelligence Surveillance Court’s minimization instructions as part of its numerous court rulings, and United States Signals Intelligence Directive 18 (USSID 18). USSIDs provide implementation guidance and direction to NSA’s civilian and military workforce, ensuring our Constitutional principles, current laws, Executive Orders, and binding court orders are implemented and enforced within the entire United States SIGINT System. For the purposes of this blog post, we’ll focus on USSID 18.
USSID 18 is titled, “Legal Compliance and U.S. Persons Minimization Procedures”, and is fifty-two pages long. Naturally, portions of many paragraphs are blanked out as part of the declassification process, but the direction in, and intent of USSID 18 are very clear, and I can tell you from my experience in the intelligence community that it is binding and followed by all SIGINT professionals.
Discussing all the limits USSID 18 places on SIGINT operations would take several blog posts worth of space, but we can look at one instance where USSID 18 applies in the Washington Post’s July 5th story.
The Post’s story states that, in the sample of surveillance files it reviewed, ‘NSA analysts masked, or “minimized,” more than 65,000 [references to U.S. citizens or residents], but the Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S. residents.’ This line is clearly meant to bolster the implication that U.S. person identities or identifiers incidentally collected under the legally authorized, and court monitored FISA Amendments Act (the Patriot Act) Section 702 program are not properly minimized.
If this element of the Post’s story is accurate, that translates to a 98.7% accuracy rate (based on (900 / 65,900) x 100) of minimization, as required under USSID 18 – an operational standard that many U.S. corporations would envy. The Post didn’t word it that way, but it is example of how the professionals at NSA take protection of U.S. person privacy seriously, rather than supporting the Post’s implication that NSA treats U.S. person data in a cavalier manner.
The Post’s explanatory piece on the 11th also expresses its concern about the volume and nature of incidental collection, the Director of National Intelligence’s assertion that it is unable to estimate how many Americans are affected, and that no outside watchdog – the Congress, courts, or the President’s Privacy and Civil Liberties Oversight Board have access to the content to judge for themselves.
The reason for this is obvious to a professional. Although the Post could traipse at will through its purported pile of 160,000 intercepts (reviewing U.S. citizen’s private information under the comforting blanket of the 1st Amendment) – the government cannot legally look through incidental collection to identify and characterize it because laws, and both executive and court orders forbid it. Laws and orders every American citizen, including those working at NSA, must obey.
At this stage of the debate, I had hoped to see stories covering how NSA adheres to law and policy to conduct their assigned foreign intelligence mission, using background interviews with NSA’s professionals and managers in a more transparent environment. Instead, we continue to see stories from some members of the media filled with a selected set of ‘facts’ provided by a man charged with theft and violations of the espionage act, filtered through well-intended, but only partially educated journalist guesswork, resulting in implications or insinuations of impropriety or illegality. There is more to the story than just what Mr. Snowden, or the journalists who support him, would have you believe.
Please feel free to contact me with your comments using the e-mail address in the tag line at the end of the piece. We live in a free society and I respect any point of view that you may have, so long as you express it in a civil manner.
Thanks to all who have already sent me comments. I’ve enjoyed reading them, and I am doing my best to respond to all of them individually. Also, I’d like to thank Tricia Bishop and the other members of the Sun’s Editorial Board who thought this Op-Ed was worth publishing.
If you are skeptical about NSA operations and activities reported over the recent weeks, that’s certainly understandable, particularly since most Americans do not work within the intelligence community or understand the rigorous training, oversight (from the courts and Congress), and professionalism the men and women of the intelligence community bring to their work every day.
I’ll ask that you keep in mind a few things as you read news reporting from journalists that may have only incomplete or partial facts drawn from briefings or other documents outside of their proper context, and/or an incomplete understanding of the law, rules, and oversight in place. Every civilian employee and military member in the U.S. Intelligence Community (I.C.), including those at NSA, are U.S. Citizens, just like you are. They are highly trained professionals that take an oath to defend our nation and uphold the Constitution; not to any executive branch organization or institution. In fact, many have spent their entire professional lives quietly and unobtrusively working without fanfare or acknowledgement outside of the close knit intelligence community to defend our nation, provide our policymakers with the information needed to make informed decisions, and protect our troops in battle when needs be. To be allowed to serve, they have allowed themselves to be subjected to repeated background investigations, financial reviews, and polygraph examinations every few years to prove that they are responsible men and women of good character, worthy of being trusted with their nation’s most highly valued secrets. These investigations, when done properly and thoroughly (as most are), are an invasive process that many of their fellow citizens might find unacceptable or intolerable with regards to their personal privacy. These men and women are given their nation’s (actually every American citizen’s) trust, and are no more interested in violating the privacy or other constitutional rights of U.S. citizens than you are. Remember, these men and women are citizens of this nation, just like YOU are.
Undoubtedly, more news reports about the size, scope, and capabilities of NSA’s activities will be appearing in print and electronic news sources, given Mr. Snowden’s admitted removal and provision of classified material to an activist/journalist like Mr. Greenwald, and Mr. Greenwald’s recent statements that ‘new revelations‘ are coming. As you read these future stories, bear in mind that NSA’s activities are governed by Executive Order 12333, and constrained by the Foreign Intelligence Surveillance Act, and the Foreign Intelligence Surveillance Court, as well as regular oversight by Congress. Moreover, publishing of more ‘sources and methods’ information by Mr. Greenwald and his contemporaries will serve primarily to give away any advantage we may have over our adversaries and result in exceptionally grave damage to U.S. national security.
We citizens are reliant upon our members of Congress to provide proper and regular oversight of the I.C. elements. To date, Congress has held three hearings (House Intel Senate Judiciary House Judiciary ) addressing the legitimate concerns voiced by the public and some members of Congress about the programs and activities Mr. Snowden and his enabler Mr. Greenwald have shared. The law often fails to keep up with the rapid pace technology changes, and some members of Congress are not likely giving the activities of the intelligence community regular scrutiny due to time constraints, current committee assignments, or just simply because their activities aren’t the ‘hot button’ issue of the day. I do believe that the majority of members on the House and Senate Intelligence Committees have it right. The programs exposed thus far are legal, in that they are operating under the FISA law as enacted, and they are Constitutional, given the strict oversight and compliance requirements outlined by the Foreign Intelligence Surveillance Court, and the process and procedures NSA put in place to adhere to those requirements, as outlined in the public testimony and statements (Mr. Litt from ODNI). Having said that, given that Congress is paying more attention now, certain senior members like Senators Chambliss and Feinstein, and Congressmen Rogers and Ruppersberger have offered not only endorsement but in some cases reasonable improvements to the programs and oversight regime (note that they do not advocate stopping it, nor does the administration). Should Congress change the law or oversight requirements, I am certain that the Attorney General, FBI, and the NSA will abide by those changes.
Encourage your member of Congress and Senators to pay closer attention if you have concerns, and choose to take their word or not when they tell you an agency is doing what is supposed to under the law and Constitution. Fortunately, it’s YOUR choice, because we live in America; not Russia or China; but get all the facts, not just the ones a particular journalist may offer as you evaluate what you’ve been told.
As to whether Mr. Snowden is a ‘whistle blower’ / leaker, or a traitor, I’ll say this. In my view, a whistle blower sees illegality or unconstitutional acts and reports them to competent legal (the FBI or Attorney General) or agency authorities (a supervisor, a senior manager, an inspector general, an internal counsel) first, then to Congress and the media if the existing process fails. Along the way that person may suffer the loss of a job, the travails of our legal process including: possible pre-trial confinement, and a trial for his or her belief in the truth or ‘rightness’ of their actions, consistent with our Constitution and laws. In the end, they will either be vindicated, not only in court, but in the court of public opinion, or convicted under the law. Moreover, if this whistle blower is working in a classified information environment, that person uses the processes established to ‘blow the whistle’ in a way that does not expose the sources and methods of intelligence operations to our nation’s adversaries, endangering the lives of our men and women in uniform, our diplomats overseas, and our citizens (and those of our allies and friends) at home and abroad.
A traitor takes whatever classified information he can, boards a plane to a foreign country beyond the reach of U.S. law enforcement, and barters that information for notoriety, monetary gain, or presumed safety in the hands of one or more foreign governments. Mr. Snowden is not a whistle blower. People like Bunnatine ‘Bunny’ Greenhouse are whistle blowers.
President Bush issued Executive Order 13470 yesterday. This order alters Executive Order 12333, UNITED STATES INTELLIGENCE ACTIVITIES.
EO 12333 is one of the documents used within the U.S. Intelligence Community (IC) to set policy, along with U.S. Law, the Constitution of the United States, and the Bill of Rights.
It sets out the President’s guidance for the management of the community, affirms the roles and responsibilities of various IC elements, and prescribes some specific prohibitions the IC and its employees must respect.
So what was changed? (The changes listed below do not reflect typographical, grammatical, or consistency related changes within the EO.)
Part 1 – “Goals, Directions, Duties, & Responsibilities with Respect to U.S. Intelligence Efforts” was completely re-written. The major effect of the re-write of Part I is to insert the Director of National Intelligence (DNI) into a position of more direct control over the IC. This re-write helps to codify the DNI’s authority and will hopefully cut down on any, “Yes you will.” “No I won’t.” situations between the DNI and the heads of the IC elements.
Part 2 – “Conduct of Intelligence Activities” was altered to include:
- Changing Section 2.2 to include gathering foreign intelligence regarding “the spread of weapons of mass destruction.”
- Changing Section 2.3 to ensure that signals intelligence (SIGINT) is only “disseminated or made available to Intelligence Community elements in accordance with procedures established by the Director in coordination with the Secretary of Defense and approved by the Attorney General.”
- Changing Section 2.3.e to permit the collection, retention, and dissemination of information needed to protect foreign intelligence or counterintelligence activities.
- Changing Section 2.5 to limit the delegation of the approval of the IC’s monitoring of a U.S. Person to that outlined in the FISA of 1978, as amended.
- Adding a new section, 2.13, which states that, “No covert action may be conducted which is intended to influence United States political processes, public opinion, policies, or media.”
Part 3 was altered to include:
- Affirming the Attorney General’s (AG) Role in Approving Procedures Established by IC Element Heads that Implement the Procedures in Section 2 – Any Dispute Between the AG and the IC Element Head will be Resolved by the National Security Council
- Providing current definitions of Counterintelligence, Covert Action, Electronic Surveillance, Employee, Foreign Intelligence, Intelligence, Intelligence Activities, the members of the IC, National Intelligence & Intelligence Related to National Security, and the National Intelligence Program
The prohibition against assassination remains in place, as well as the ban on human experimentation outside of the guidelines provided by the Department of Health and Human Services where the subject’s informed consent has been documented.