Back in 2001 or early 2002, I sat next to a lifetime Arthur Anderson accountant on a long plane ride. We talked about the Enron debacle and its ties to Anderson. She hadn’t worked the Enron account, and she insisted that Anderson itself was a highly ethical company — it was just the Enron account that was bad, she said. I gently raised the several other big accounting scandals Anderson starred in — Waste Management and Sunbeam both broke in 2001. But in her mind, that she and the people she worked with seemed like good people was all the proof she needed that Anderson was not a systematically unethical company.
That is, effectively, the defense that Bobby Chesney and Ben Wittes want to offer of the NSA after Chesney helped set up a special meeting of academics (plus Wittes) with the agency.
Our major takeaway concerns the dramatic disparity that separates the perception on the outside of what this agency does and NSA’s self-perception. To hear NSA folks talk about their compliance regime, for example, is to hear about an entirely different animal than the situation depicted in many new stories. To hear NSA folks discuss the relationship between encryption, cyber-security, and cyber offense is a different animal than to read news stories about how NSA breaks encryption. And so forth. These conversations were all unclassified, but they vividly described a wide gap in understanding between NSA and the press, members of Congress, and the public regarding what the agency does and doesn’t do, how accountable and regulated it is, to what extent it complies with the law and how, and what the relevant law is.
That gap is unnecessary, or at least it need not be so wide. Over the coming weeks, we will be looking for ways to close it, or at least to more fully expose this disparity between the self-perception and public perception of the agency. However one feels about the underlying issues, after all, it is surely a good thing for everyone involved to better understand one another’s perception of them.
Amy Zegart, who attended, also raised NSA’s inability to respond to criticism in an interview about it (though at least she hinted that NSA might benefit from listening to academics, rather than just speaking at them).
The was a sense at senior levels that they need to think more systematically and long-term about education, about being more open to academics coming in and doing research about the NSA and hearing what academics have to say. In part, thought-leaders at universities can play a role in transmitting some of the complexities in which the NSA operates – the tradeoffs the agency is confronting and the constrains [sic] under which they are operating.
One thing this meeting highlighted for me is that the NSA is not free to respond to the criticism it gets in the press. It’s intertwined with other organizations that have a say in how it responds: the Office of the Director of National Intelligence, the FBI, the Justice Department and the White House. And they have never had to deal with the spotlight before. They gave me this statistic: Last summer, there were 167 legitimate questions from the press; in the summer of 2013 there were 1,900 media requests. That’s a tenfold increase. This is a whole new world for this agency. And to go against secrecy is just totally counter to their culture. This was a bold step for them to have us come in.
A couple of general points about this. While I think the social scientists included represent a decent though not perfect range of views (Zegart is an expert on flawed oversight of the intelligence community), I’m not aware that any of the scholars is technically focused. If the NSA wants to address one of the worst disclosures so far — its deliberate weakening of encryption standards — they’re going to need to expose their technical claims to the judgement of technical experts, not social scientists.
But that brings us to a bigger problem with this effort to seduce the academics. It was all unclassified. Given that the NSA is still claiming as classified things like the Internet dragnet violations and the NSA IG Report showing that the existing dragnet is just the old illegal program sanctioned by partial disclosure to the FISA Court, holding such unclassified briefings even as some of the worst disclosures are still “classified” willfully participates in an absurd fiction, in which the NSA can refuse to talk about its known violations by just pretending they’re still secret. All the more so when people walk out of such briefings and declare it all “legal,” clearly not having discussed the things NSA is hiding most determinedly.
Then there’s the more serious problem with this attempt to address the Snowden leaks by letting the NSA talk about what nice people they are. While I’m sure rank and file NSA employees are really as nice as Ben and Bobby say they are (and as nice as that Arthur Anderson accountant I met in 2002), NSA’s top officials are documented serial liars. One of the underlying events behind these disclosures, after all, is the time Keith Alexander dressed up in a hacker costume and went to DefCon to affirmatively lie to hackers, which led directly to James Clapper’s lies to congress. As Ron Wyden noted at Thursday’s hearing, the leaders of the Intelligence Community brought this difficult situation on the nice workers at NSA by their lying.
Notwithstanding the extraordinary professionalism and patriotism of thousands of dedicated intelligence professionals, the leadership of your agencies built an intelligence collection system that repeatedly deceived the American people. Time and again, the American people were told one thing about domestic surveillance in public forums, while government agencies did something else in private.
Now these secret interpretations of the law and violations of the Constitutional rights of Americans have become public, your agencies face terrible consequences that were not planned for. There has been a loss of trust in our intelligence apparatus here at home and with friendly foreign allies, and that trust is going to take time to rebuild. And in my view this loss of trust undermines America’s ability to collect intelligence on real threats, and every member of this committee knows there are very real threats out there.
Your joint testimony today blames the media and others, but the fact is that this could have been avoided if the intelligence leadership had been straight with the American people and not acted like the deceptions that were practiced for years could last forever. I hope this is a lesson that your agencies are going to carry into the future.
And it’s not just Alexander and Clapper. Within an hour of Wyden’s comments, Dianne Feinstein made several misstatements about the NSA’s upstream collection violations and earlier in the week Mike Rogers claimed, contrary to NSA’s own claims and the data, the roamer problem pertained to terrorists rather than Chinese targets.
What’s hurting the NSA is not that NSA critics assume the people are horrible people or don’t get they’re in a complex situation. It’s that there are documents out that that show NSA’s self-perception is wrong. They show that the compliance regime has holes and NSA doesn’t disclose all the relevant information to Congress and the Court. They show enough to make NIST withdraw its own encryption standard. They show (contrary to what I originally believed) some — though not all — judges on the FISA Court really have been wielding pathetic rubber stamps. And the NSA seems most concerned about preventing its presumably very nice employees from learning about the ones that aren’t rubber stamps; they seem most concerned about the documents officially released.
Just a few weeks ago, the NSA’s then-current claim (though unconvincing) was that the limits on the phone dragnet got out of hand because they were too dumb to know what they were doing. Now, they’ve got surrogates claiming that the NSA perceives their work differently, with the suggestion that their perception — not that gleaned from actually reading the primary documents — is correct.