I am simply stunned that others have not been calling for a full investigation of the NSA surveillance program (see earlier blog). It has been nearly eight months since The Guardian’s first report on June 5, 2013, began the drip, drip, drip of continuing revelations made possible by Edward Snowden about a massive surveillance program operated by the U. S. National Security Agency (NSA). Media, such as The Washington Post, NBC News, and German television station NDR, also have published documents and conducted interviews with Mr. Snowden. Just two days ago another batch of documents published by The Guardian, The New York Times, and ProPublica revealed that the NSA is capturing information by exploiting mobile phones and gaming, social media, and mapping applications. A Top Secret powerpoint deck indicated the NSA can obtain a treasure trove of information from a smart phone, including location, phone settings, websites visited, networks connected, documents downloaded, and buddy lists.
The government has stated that it knows Mr. Snowden may have more to reveal. During Senate Intelligence Committee hearing yesterday, James Clapper, Director of National Security, called on Snowden “to facilitate the return of the remaining stolen documents that have not yet been exposed to prevent even more damage to U.S. security.”
The only thing that is certain about Snowden v. the NSA is that the full picture of what the NSA has been up to is not known. Prior to June 5, 2013, Americans generally believed their government was working hard to detect and prevent terrorist activities and attacks within the U.S. They also generally believed that whatever spying the U.S. intelligence community was up to was targeted at foreigners, not the American public. They now know that those general assumptions were not accurate. Through the many disclosures made since then, the people of the U.S. now know that:
- The NSA has been collecting data about every telephone call they have made, the number that was called, and the duration of the call. (Snowden revealed the Verizon court order, and it is now widely believed that other providers have received similar orders).
- According to NSA PRISM program documents, the NSA has been collecting every form of electronic communication conceivable directly from Microsoft (2007), Yahoo! (2008), PalTalk (2009), Google (2009), Facebook (2009), YouTube (2010), Skype (2011), AOL (2011), and Apple (2012). The documents indicate that the data is collected in a bulk manner, and it includes the content of Internet phone calls, chat, photos, emails, stored data, video conferencing, and text messages.
- The NSA has been intercepting communications at the backbone of major communications providers.
- The NSA reportedly has worked with various vendors to get them to use technologies that the NSA has secretly figured out a back door to); this includes an important NIST encryption standard, Dual Elliptic Curve Deterministic Random Bit Generation (EC DRBG). NSA reportedly paid RSA $10 million to make it the default encryption in its random number generation product, Bsafe.
- The companies that have been ordered to participate in NSA surveillance programs by a Foreign Intelligence Surveillance Court order are forbidden by law from disclosing any information about the order. Many of the technology companies have pressured the Administration to let them provide information to the public about their participation. The Administration relented two days ago, with a narrow permission allowing them to disclose limited information about what the companies have provided to the government under court order, which would not include data that the government may be collecting directly from the providers. (Risk: The disclosed data may be so high-level and limited as to skew data or create confusion about the scope of the program.)
- The NSA can keep and use communications on U.S. residents without a warrant for five years.
- Intelligence officials have not been truthful about their surveillance programs. The Director of National Intelligence, James Clapper, lied to Congress about what communications it was collecting on Americans when he answered Sen. Ron Wyden’s question, “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Mr. Clapper answered, “No sir.”
- The leaked intelligence budget revealed that the NSA is spending billions of taxpayer dollars on these programs.
- Many members of Congress were not aware of the full extent of the programs and their reach into American’s daily lives and communications.
- A majority (3-2 vote) of the Privacy and CIvil Liberties Oversight Board (PCLOB), an independent bipartisan agency within the executive branch, determined that the NSA’s phone collection program was illegal. Five of the most respected legal and privacy experts in the country
- The President’s Review Group on Intelligence and Communications Technologies recommended in its report “a series of significant reforms” to the bulk telephone collection program, including, “Congress should end such storage and transition to a system in which such metadata is held privately for the government to query when necessary for national security purposes.”
- No written opinion regarding the legality of the NSA program that collected all domestic telephone records on a daily basis was issued by the Foreign Intelligence Surveillance Court until 2013 — seven years after it began.
- The necessity of the data for national security purposes is questionable. No terrorist attack has been stopped due to data collected by the program. The government has not named any individual person who was identified as a terrorist and charged as a result of the program (although a New America report concludes that out of 225 cases brought against persons recruited by terrorist organizations, the data assisted in initiating only 1.8 percent of the cases). The government has not even stated how many Presidential Daily Briefings contained important findings from the data.
Knowing this much, however, raises more questions than answers, and it is a far cry from a full picture. Moreover, there is no party in this mess that is pure. Not the NSA, the Administration, Congress, or Snowden. The NSA has denied, back-pedaled, used scare tactics, exaggerated, and apologized. They are masters at deception and loathe to admit overreaching. The Administration has defended, retreated, offered concessions, proposed reforms, and rejected the findings of it PCLOB report (238-pages) on the day it was issued. Congress has shrugged, justified, back-stepped, held hearings, changed its tune, and introduced numerous bills aimed to reform intelligence gathering, protect privacy, or tinker with procedures. They are afraid if they vote to strike down a program and something happens, they will be blamed, and they hate to backtrack on earlier votes.
Snowden has not been careful to release only information that impacted Americans’ civil liberties. Within the first ten days of his disclosure campaign, the South China Morning Post reported that Snowden had provided documents indicating that the NSA was spying on computers in China and Hong Kong, hacking into Chinese backbone providers to steal mobile text messages, and attacking the network of one of China’s top universities, Tsinghua University. He then revealed information about NSA’s spying on Angela Merkel and other allied leaders and collaborative intelligence sharing programs between the U.S. and the “Five Eyes” (U.S., U.K., Canada, Australia, and New Zealand). He also disclosed a Top Secret document regarding a program called Boundless Informant that analyzes and reports on telephone metadata collected around the world. These revelations revealed legitimate intelligence activities and involved national security information that harmed our national interests.
This post is a call for the facts to be found out and the truth to be determined. The privacy and civil liberties advocates and many in the media have railed about the scope of the programs and the intrusiveness of them. Some have filed legal actions. None of them, however, has called for an independent counsel to be appointed, a Congressional Committee to be established, or a special counsel to be appointed with full authority to seek and obtain information on exactly what the NSA has been up to, what authorizations or orders were given to establish these programs, how the collected data has been used and who has used it, and what private sector entities have cooperated and under what terms. (The Ethics in Government Act, which established the Office of the Independent Counsel, expired in 1999, but Congress could enact a new law for independent counsel or establish a Congressional Committee. The President also can order investigations. He announced in his State of the Union address that he was going to do all he could via his presidential powers. Here is an opportunity.)
It would be a mistake for Congress to enact legislation on intelligence reforms without having the full picture of what has been going on. In similar times, an earlier Congress established the Church Committee and dug deep. Their corrective measures may not have been perfect and some were probably flawed, but at least they were made on the basis of full information. (See my blog prior to Snowden asking whether we needed another Church Committee.)
This call for the truth is not all about what is legal or illegal. It is about providing the full set of facts for debate and discussion and making informed decisions about how this country should be operating and the values it should be upholding in the digital age — before it turns into a full police state.