Ex-NSA chief: Safeguards exist to protect Americans’ privacy

Story highlights

Supporters of NSA metadata program only had 12-vote margin in favor

Ex-NSA director Hayden: PRISM program is used to target foreign threats

He says agency employees are trained to respect privacy

Hayden: NSA doesn't have access to servers of Internet service providers

Editor’s Note: Gen. Michael V. Hayden, a former National Security Agency director who was appointed by President George W. Bush as CIA director in 2006 and served until February 2009, is a principal with the Chertoff Group, a security consulting firm. He is on the boards of several defense firms and is a distinguished visiting professor at George Mason University.

CNN —  

The effects of l’Affaire Snowden continued to accumulate this past week with a dramatic vote in the U.S. House of Representatives.

By a bare 12-vote margin, a bipartisan coalition of more or less centrist Republicans and Democrats defeated an equally bipartisan coalition of their more ideological brethren, the latter an incredibly improbable alliance that almost succeeded in defunding NSA’s telephone metadata program.

One Hill participant described the hours before the vote as “hand to hand combat,” but for now, at least, NSA will continue to acquire American telephone “business records” to help it detect terrorist activity in the United States.

Michael Hayden
Michael Hayden

Even as Americans were focused on the fate of this program, however, lines were being drawn for future debates based on other revelations by data leaker Edward Snowden.

Chief among these is PRISM, an effort probably best understood by contrasting it to the telephone metadata program. PRISM (authorized by the FISA Amendment Act of 2008) is about the content of communications, not just the fact that a communication has taken place. It deals with digital data, like e-mails, not traditional phone calls. The subjects and activities related to PRISM collection are foreign and specific, not domestic and broad as in the metadata effort. Finally, PRISM is used for a number of legitimate foreign intelligence purposes, not just counterterrorism.

There are also parallels. Both programs can only work with the court-compelled compliance of electronic communication service providers.

And both programs are responsive to the world in which America found itself after 9/11. The metadata program was designed to deal with the reality of potential terrorists already inside the United States. PRISM was designed to deal with changes in how modern communications are moved, stored and accessed.

Take this example. NSA is targeting the communications of a known terrorist in Yemen. It discovers that the Yemen-based terrorist is communicating electronically with another individual; he could be in Pakistan, elsewhere in Yemen or even in the United States. They are using a U.S. hosted Internet service; they send e-mails back and forth.

Similar contours could apply to e-mail traffic detailing the invoice of a delivery of dual use chemicals to a state suspected of developing chemical weapons. Or to another communication that provides data on the timing and routing of human trafficking in the Caribbean.

In each of these cases, the only thing likely to be “American” about any of these communications is that they are physically in the United States and are being hosted by a U.S.-based Internet service, a phenomenon that the 1978 Foreign Intelligence Surveillance Act, FISA, could not have anticipated.

Recognizing this, under the prodding of then-Director of National Intelligence (and former Director of NSA) Mike McConnell, Congress amended FISA in 2008 to allow NSA more speedy and effective access to these kinds of communications.

Access is still overseen by the FISA court (which also compels firms to turn over requested data), but the process no longer requires the time consuming, cumbersome, individualized warrants of the past.

Early Snowden-based stories here and abroad made a great deal of PRISM. Rushing against deadline, some outlets reported (inaccurately) that NSA had direct and free access to the servers of American Internet service providers, or ISPs, and it was a short step from there to near libelous accusations that the agency was routinely rummaging through the e-mails of ordinary Americans.

In reality, in performing its foreign intelligence mission, NSA treats PRISM as just another SIGAD, SIGINT Activity Designator, an admittedly new and particularly valuable collection point, but still one among many designed to acquire foreign communications of foreign intelligence value.

The alleged NSA slides that some have ominously included in their accounts of PRISM look far more benign to anyone experienced in signals intelligence. Indeed, if the slides are at all accurate, they look like an orientation briefing designed to show new analysts that PRISM is one tool in a large tool kit for them to use as they work to piece together actionable intelligence out of diverse, dispersed and frequently hard to acquire foreign communications.

As recently as this past Sunday, however, Snowden chronicler-supporter-spokesman Glenn Greenwald was working to revive the meme of an unchecked NSA. Appearing on ABC’s “This Week,” Greenwald described tools that allow analysts “to listen to whatever e-mails they want, whatever telephone calls, browsing histories, Microsoft word documents.”

Greenwald’s accusations were sufficiently broad and breathless (even though he did at one point concede that there were “legal constraints for how you can spy on Americans”) that the stunningly misleading lead of ABC’s follow-on story was that these tools “allowed even low-level analysts to search the private e-mails and phone calls of Americans.”

Actually, if Greenwald’s description of the tools themselves is correct, they are the product of a decade-plus effort at NSA to improve the analytic and collection means available to its work force, to allow NSA analysts at all levels–analysts trained annually in how to protect American privacy–to make a single query to access all relevant information across agency databases and to assign tasking across various SIGADs.

Put another way, NSA can more readily connect dots (dots comprised of lawfully collected foreign intelligence) and coordinate tasking (of legitimately targeted foreign communications) than at any other time in the agency’s history.

And if that is true, it is something we should celebrate rather than condemn. But it remains to be seen if the coming national discussion will be based on facts like these or on something else altogether.

And what of that debate, both overseas and at home? More to follow.

Follow us on Twitter @CNNOpinion.

Join us on Facebook/CNNOpinion.

The opinions expressed in this commentary are solely those of Michael Hayden.