There’s a great scene in the 2007 Hollywood blockbuster, “The Bourne Ultimatum,” in which Jason Bourne (played by Matt Damon) tells fictional Guardian reporter Simon Ross (played by Paddy Considine) to stop texting and focus on the situation at hand because the CIA was about to snatch him out of thin air in the middle of Waterloo Station due to his communications with a leaker of classified information.
“This isn’t some story in a newspaper,” Bourne said. “This is real.”
The scene is a turning point in a fast-paced, entertaining action thriller. But the script behind that scene, written in 2007 by Tony Gilroy, Scott Burns and George Nolfi, seems to offer an accurate depiction of the tension now playing out between the media, privacy advocates and the U.S. intelligence community.
While media and privacy organizations treat each and every revelation as evidence of a massive government conspiracy to enslave the world, security professionals are left wondering what it is about the dangerous world we live in that media and privacy experts simply refuse to understand.
At the center of this struggle is what appears to be an orchestrated effort by the media, supported by privacy advocates, to mine the thousands of classified documents stolen by former National Security Agency contractor Edward Snowden and time the release of each and every new revelation for maximum impact.
Since June 2012, only 1 percent of the estimated 50,000 pages of information leaked by Snowden have been made public by the handful of media outlets that have access to them. According to one estimate, at the current rate of disclosure, it will take the Guardian, The Washington Post and the five other media outlets with access to the documents approximately 42 years to release the entire stockpile. By that time, Edward Snowden will be 72 years old, and many of the reporters now working with him will probably be dead.
But it is the lack of access to information about what the NSA programs fully entail, as well as a fundamental lack of knowledge in media and privacy circles about the inner workings of the intelligence community that may be fueling a more divisive debate and threatening important, legal intelligence collection programs.
“I don’t like what you read in the press because it’s mainly spin,” said James Lewis, director and senior fellow for the Strategic Technologies Program at the Center for Strategic & International Studies in Washington, D.C. “It’s not a good way to base your debate. It makes me really unhappy to see these misrepresentations,” he said, referring to the media’s tendency to sensationalize the level to which NSA has spied on innocent civilians.
“It’s hard for people to have a reasonable discussion,” Lewis said, speaking Nov. 5 at CSIS’ Global Security Forum. “You have to get more data out there. And we don’t really have enough to have reasonable discussion.”
What does a reasonable discussion look like?
Although there are legitimate concerns about the most recent revelations, which indicate NSA may have gained access to Google and Yahoo customer information without the knowledge of those companies, the main thrust of the debate has taken aim at NSA’s telephone metadata collection program under Section 215 of the USA Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act, which authorizes the targeting of content belonging to non-U.S. persons located outside of the U.S.
For privacy advocates, the issue boils down to the bulk collection of data, which leads to a presumption of guilt without due process, and a regulatory and oversight regime insufficient and instituted well after the data is collected and NSA has had access to it.
Elizabeth Goitein, co-director of the Liberty and National Security Program at the Brennan Center for Justice, characterized the data collected under Section 215 as “a trove of extremely personal information.”
Although metadata only contains the telephone numbers involved in a call and the duration of the call, Goitein argues phone numbers can easily lead to identities and addresses, and that bulk collection and storage of the data enables the creation of sensitive personal histories.
“Section 215 … contains vastly more information than you will find in a phone book,” Goitein said. She argued the process for granting NSA authority to collect and search such data — currently governed by what the government calls a “reasonable, articulable suspicion” — should be made more cumbersome by meeting a higher standard of evidence.
“That is a price we should be willing to pay,” she said.
Darren Dick, staff director for the House Permanent Select Committee on Intelligence, countered such a notion, arguing Section 215 “needs to be thought of as an insurance program” against additional mass casualty terrorist plots that would otherwise avoid detection.
“The program results in the government getting less information than is available in the phone book,” Dick said. “This is a program that the Supreme Court has ruled we do not have a legitimate privacy interest in.”
Lewis also questioned Goitein’s suggestion that a more cumbersome intelligence collection process should be an acceptable price to pay for privacy. According to Lewis, a U.S. ally recently acknowledged during a closed meeting that NSA surveillance activities had helped stop four mass-casualty terrorist attacks in that country. The choice, Lewis said, comes down to people making up their own mind about where the balance should be between the very real threat of mass-casualty terrorist attacks and data privacy.
NSA’s reaction to the future
NSA’s Deputy Director Chris Inglis on Oct. 29 told the House Permanent Select Committee on Intelligence that NSA is not wed to the current surveillance architecture, as long as somebody can come up with a better method that does not sacrifice the agency’s ability to both foil real-time terrorist plots and provide the White House with strategic-level intelligence about the plans and intentions of foreign nations — friends and foes alike.
According to Inglis, there are many potential architectures that could support the collection requirements under Section 215 of the Patriot Act, but all would need to provide for rapid searching, accurate results, as well as the security and privacy of the data.
“It needs to be available in a timely way,” Inglis said. “Minutes count. Agility counts.”
On Oct. 3, 2007, NSA published a top-secret strategic plan for the nation’s signals intelligence capabilities. That document, part of the trove of documents stolen by Snowden, shows an agency working in overdrive to deal with the explosion of information flowing across the global Internet and billions of wireless devices.
￼￼￼￼￼”Most of what we access goes unexplored or unexploited,” the document states, arguing human analysts are simply not capable of finding actionable intelligence in such a massive data set. “Our global sensors need to be able to think for themselves and talk to one another instantaneously. Our processing systems need to automatically find meaning in and across vast and dispersed data sets.”
In 2007, NSA had begun the process of shifting its focus from intercepting point-to-point communications to “exploiting networks” and “harvesting” massive amounts of metadata via “bulk midpoint collection of global backbones.” In addition, it began planning for the alteration of routing and encryption “for the benefit of passive sensors.”
While some may view these actions as evidence of nefarious intentions, the overall tone of the document is not one of an agency running amok. Rather, it depicts an NSA — the world’s premiere signals intelligence and electronic eavesdropping organization — struggling to accomplish a foreign intelligence mission in the face of an avalanche of data. Finding the needle in the proverbial haystack was getting much harder.
But the legal framework and adherence to democratic values are mentioned as well.
“At the same time, some immutable values must continue to influence our daily choices and behavior. Some of our adversaries will say or do anything to advance their cause; we will not,” the document states.
“Nothing that has been released has shown that we’re trying to do something illegal,” said NSA Director Gen. Keith Alexander. “There have been no willful [privacy] violations,” Alexander said, adding he would rather see additional oversight than the elimination of the programs.