What are we being protected against?
Now that President Obama’s promise in December of a “pretty definitive statement” about the nation’s electronic intelligence-gathering practices has been fulfilled with Friday’s speech, it is worth looking at what will actually happen as a result, at least in the near term, and what won’t.
The speech was preceded by seven months of arguably the most damaging leaks of national-security information—how we collect electronic intelligence—in the nation’s history, as the result of disclosures by former government contractor Edward Snowden. Yet the president made no recommendation as to how such leaks might be stopped.
To be sure, he mentioned the “avalanche of unauthorized disclosures” that resulted in “revealing methods to our adversaries that could impact our operations . . . for years to come.” But the rhetorical afterburners immediately kicked in to carry us to a higher altitude: “[T]he task before us now is greater than simply repairing the damage done to our operations or preventing more disclosures from taking place in the future.”
Forgive this brief demurrer, but consider: A young man gets a medical discharge from the military notwithstanding that his avocations include kickboxing, then has a rocky and brief tenure at the CIA that ends with his negotiated retention of his security clearance—which allowed him then to be employed by a military contractor in a job that gave him access to the secrets he later leaked—and then he manages to disable a complex computer system and steal more than a million-and-a-half documents. Are we not entitled at least to some brief assurance that the holes in the system that allowed Edward Snowden to do what he did have been sewn up?
But back to higher things. Perhaps the most definitive part of the president’s “pretty definitive statement” concerned the program whereby the National Security Agency gathers from telephone companies information about the calling number, the called number, and the date and time of domestic telephone calls. The information goes into an NSA database indicating whether a foreign number—say, of a terrorist safe house—has called or been called by a domestic number. If such contact has been made, the NSA can also determine other phone numbers that have been in communication with the domestic number.
The database, retaining information about millions of calls, is made available to only 22 NSA employees, who gain access only upon authorization from their superiors. It has been opened about 300 times in a year, there is no evidence it has been abused, and the president believes “it is important that the capability that this program is designed to meet is preserved.”
Nonetheless, Mr. Obama is now ending the program in its current form, with the feasibility of putting the database in the hands of a nongovernment entity to be explored by the director of national Intelligence and the attorney general. But effective immediately, the NSA may not consult the database unless permission is granted by the Foreign Intelligence Surveillance Court (FISC) based on a showing that the NSA has a reasonably articulable suspicion that there is cause to check out a number. The FISC provision sounds like a small thing. It isn’t—either practically or doctrinally.
Each application to the FISC must be prepared and reviewed by cadres of lawyers. When I served as U.S. attorney general, it was my job as the final member of that cadre to sign those applications. I would regularly be visited by a Justice Department lawyer from the National Security Division carrying several applications, each close to an inch thick. They were not in any sense light reading. The submission then had to be reviewed by FISC legal assistants, and eventually by one of the court’s judges.
To impose such a burden on the NSA as the price of simply running a number through a database that includes neither the content of calls nor the identity of callers is perverse. The president said that this step may be dispensed with only in a “true emergency,” as if events unfold to a musical score with a crescendo to tell us when a “true emergency” is at hand.
The president wants the database transferred to a private entity. Why? Because even though the database has not been abused—and notwithstanding the safeguards that surround it and the absence of motive in anyone with access to do anything but guard against a threat to national security—there exists the abstract possibility that the information could be used to draw a detailed profile of a person by mapping all the phone calls that the person has made or received.
Telephone carriers sensibly do not wish to be compelled to undertake the risks of storing the data, and could not as readily provide it to the NSA as the agency’s own storage facility. A private entity is likely to be far less secure than the NSA and staffed by less reliable personnel. The paradoxical result is that the Chinese and the Russians could wind up with easier access to the data than those trying to protect us.
Mr. Obama called upon Congress to establish a panel of nongovernment lawyers, presumably with security clearance, to “provide an independent voice in significant cases.” But last week, the Senate Intelligence Committee released a letter written by John D. Bates, a former FISC chief judge on behalf of current and former members of that court. The judges said “a privacy advocate is unnecessary—and could prove counterproductive—in the vast majority” of cases. The advocate, unable to communicate with the surveillance target or conduct an independent investigation, could not “constructively assist the Courts in assessing the facts.”
The president noted explicitly that a good deal of foreign tut-tutting over America’s capacity to tap into communications abroad came from people who themselves try to conduct the same surveillance on us and in any event are happy to rely on the information we obtain. Yet he insisted that we must do what no other nation does: offer the same privacy protections to citizens of other countries as we do to our own. So information about people who are not subject to U.S. laws and who owe this country no allegiance is to be gathered, stored and disseminated on the same terms as information about American citizens.
Whether wittingly or unwittingly, the choosing of venues for presidential speeches conveys a message. Thus in 2009 the president spoke at West Point to announce a troop surge in Afghanistan, and last spring at the National Defense University to describe his approach to defending the country.
Friday’s speech was delivered not at the NSA but at the Justice Department. The choice was revealing: The Justice Department’s engagement with the intelligence community in this administration has been at arm’s length and sometimes at sword’s point—notably in the refusal to recognize militant Islamism as the proper focus of intelligence-gathering, and in the reopening of previously closed investigations of CIA operators for alleged transgressions in the treatment of terrorists.
Many people whose job it is to decide how aggressively we will fight our enemies watched President Obama’s speech from the Justice Department and got the message—the “pretty definitive statement”—that when it comes to intelligence-gathering, the president would rather protect us from hypothetical abuses than from present dangers. That could be the most lasting effect of all.
Mr. Mukasey served as U.S. attorney general (2007-09) and as a U.S. district judge for the Southern District of New York (1988-2006).