- Michael Hayden: It's good for U.S. to discuss balance between liberty and security
- Former NSA director says much has been misunderstood in recent debate on agency
- He says Americans are only surveilled when in contact with foreign agents
- Hayden: Violations of rules were discovered by NSA, represent tiny fraction of communications
As Congress prepares to return from its August recess, Washington is gearing up for a national conversation on the balance between security and liberty, between necessary surveillance and necessary privacy.
That's a good thing.
It would be an even better thing if the discussion were based on fact rather than contaminated by inaccuracies and posturing. A quick review of recent commentary suggests that may not be likely.
For example, Fox News seems incapable of commenting on this story without the header "NSA Scandal," a lead that brings with it its own conclusion.
A prominent U.S. senator recently opined
that, "They (the National Security Agency) basically I believe probably are looking at all the cell phone calls in America every day."
Another lawmaker has already concluded
that the NSA is "an agency out of control."
And a former congressman on a Sunday talk show added to the sum total of human knowledge with this
: "CIA! Hello! I mean we have a CIA. What's the NSA really about?"
I fear that the coming debate will have all the characteristics of a mob -- thoughtless action driven by artificial urgency, unreasoning fear, emotion and misinformation.
And that's a pity since the heart of this issue has been around for years and deserves serious discussion.
As far back as at least 2000, the NSA tried to hit the real question head-on. The agency knew that past targets of its surveillance largely communicated on their own dedicated networks. There was hardly a civil libertarian alive who would be concerned about trying to intercept communications between the Soviet high command in Moscow and intercontinental ballistic missile silos beyond the Urals.
But the threats of the 21st century do not communicate on their own networks. Terrorists, drug traffickers, arms proliferators and the like live on a unitary global information grid where their communications co-exist with the communications of the very people the NSA is committed to protecting.
It was clear even pre-9/11 that the NSA could not do its mission without working aggressively on this common grid. It was also clear that the agency would not have the power to do so -- legally, financially or technologically -- unless the American people were convinced that this power would be limited to its intended purpose, that even as constitutionally protected communications mingled with and were sorted from targeted communications, they would still be protected.
And that basically is the issue of the moment, whether the headline is PRISM, XKeyscore, metadata, "upstream" communications, Blarney or an alleged NSA secret room at an AT&T facility in San Francisco -- all of which have been featured in recent coverage.
Americans will have to decide what constitutes a "reasonable" expectation of privacy and what running room they will give their government to search for the signals almost everyone agrees should be captured even as those signals co-exist with their own.
Although Congress, the courts and two administrations have authorized what the NSA is doing today, these are not easy issues. Resolution will hinge on how much trust people have in their government, or at least this part of it. It will also hinge on how much danger with which people are willing to live.
And if this is to be a fact-based discussion, resolution will also hinge on how well citizens understand a few basics of what exactly is being done. Unfortunately, much of the public discourse is confused to the point of incoherence.
Take the question of authorities. How does the NSA get the power to do any of this? In most instances, since this is about foreign intelligence, authority comes from the president and is codified in Executive Order 12333.
Only when a U.S. person is involved or for certain kinds of collection in the United States does the agency have to rely on the Foreign Intelligence Surveillance Act and the court it established.
This is important. Most intelligence collection -- by the NSA, CIA or any intelligence agency -- is not overseen by a court. Oversight comes from the president and the Congress. But it is still oversight. Breathless claims that some things are done without court review could well be true -- and not very relevant.
Then there is collection involving Americans. Most casual commentators simply assert that anytime the NSA is listening to an American, the agency must have a warrant. Indeed, trying to calm current concerns, President Barack Obama told
Charlie Rose that, absent a warrant, "What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls. ..."
Actually, that's not quite correct -- and never has been. As the president suggested later in the interview, the NSA cannot target the communications of a U.S. person. If it is tracking the communications of a legitimate foreign intelligence target and that target talks to an American, the NSA indeed covers it -- and always has.
This simply makes sense. Picture a known terrorist who makes a series of operational calls to confederates in say Paris, London and the Bronx. To suggest that the NSA has to stop coverage of the last call is ludicrous.
This is what the NSA calls incidental collection of information to, from or about a U.S. person. When this occurs -- and it is not rare -- the agency is required to keep its focus on the foreign intelligence in the communication and minimize or mask the U.S. identity unless the identity is essential to the intelligence (as it would be in the example above).
Keep this in mind when commentators claim that the NSA has collected the content of American e-mails or phone calls. That may be, but the NSA is not targeting them without a warrant.
And then there are the numbers. Like The Washington Post's August 15 headline
screaming, "NSA broke privacy rules thousands of times per year, audit finds."
You have to dig deeper to learn (as I pointed out
in another piece) that all of the incidents were inadvertent; no one is claiming that any rules were intentionally violated; and all of the incidents were discovered, reported and corrected by the NSA itself.
In one example, the Post referred to "large numbers of data base query incidents." The NSA later confirmed that in one quarter there indeed were 115 incidents of NSA queries being incorrectly entered, mistakes such as mistyping or using overly broad search criteria. That's 115 out of more than 61 million inquiries made in that quarter, a compliance rate of .999998.
In this, as in most issues, facts (and context) matter.
Understanding beyond the accusatory headline or the facile quip is needed, or we will be just tossing slogans at one another, slinging volleys of hyperbole, stoking fears and anger and distrust, all of which will make it even more difficult to resolve an already very difficult question.