Written byDan Verton
National Security Agency Director Gen. Keith Alexander this week defended the private sector’s cooperation with the agency’s electronic surveillance programs, telling Congress the companies involved are being punished in the media for meeting legal obligations under U.S. law and helping to save lives.
“We have compelled industry to help us…by court order,” said Alexander, during testimony Oct. 29 before the House Permanent Select Committee on Intelligence. “And what they’re doing is saving lives” in the U.S. and around the world. “And it’s the right thing to do,” Alexander said.
But what if you’re a chief technology officer employed by a global IT and telecommunications company that holds U.S. government contracts and you’re also being paid by the Guardian newspaper in London to study the classified NSA documents? And what if you then write editorials for that same newspaper encouraging others with access to classified information to expose it to the public? Is that the right thing to do and, more important, does it raise legal or contractual questions for your employer?
Bruce Schneier is a noted cryptographer often quoted by reporters writing about cybersecurity. He has done a fair amount of writing himself, including publishing a popular blog, a newsletter called Crypto-Gram and several books. But lately, Schneier has been quite vocal about the NSA surveillance programs. Not only has he entered into a contract with the Guardian to help that newspaper understand the leaked classified NSA documents, but he has launched an all-out lobbying campaign to, in his words, take the Internet back and dismantle the surveillance state.
“If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story,” Schneier wrote in an editorial published Sept. 5 in the Guardian. “If you work with classified data and are truly brave, expose what you know. We need whistleblowers,” he wrote, characterizing such actions as a “form of civil disobedience.”
But while Schneier may be a respected security commentator, he is also a technology executive with BT (formerly British Telecom), which in 2006 acquired Counterpane Internet Security Inc., the company Schneier founded. Counterpane’s former website now points to BT’s Global Services website. Documents on the company’s website list nearly a dozen federal agencies, including the Defense Department and the Transportation Security Administration, as longtime customers of BT’s secure videoconferencing solutions and other security technologies. The company also lists multiple General Services Administration contract vehicles and purchasing options.
Schneier is careful to host his blog and Crypto-Gram newsletter on servers outside of BT, and makes a point to add the disclaimer that the “opinions expressed are not necessarily those of BT.” But is that enough from a legal perspective to avoid a real or perceived conflict of interest, or an outright violation of law, when it comes to BT’s contractual obligations with the U.S. government? Or should Schneier’s association with BT and his work with the Snowden documents be raising red flags for the U.S. government?
“Yes, maybe,” said a former legal counsel for NSA, who spoke to FedScoop on condition of anonymity. “A lot of the stories have related to wiretapping of international cables, fiber optic lines and other facilities that might be owned by BT. So he might be faced with situations where the story he’s following touches on BT.”
According to its website, BT has a global presence in more than 170 countries and provides worldwide support through four Network Centers located in the U.S., Australia and the U.K. The company offers onsite service and management of high-definition video solutions for DOD and civilian agencies for business meetings, training, telemedicine, telepresence and desktop collaboration in secure and nonsecure environments. Purchasing options include the BT GSA schedule and teaming agreements with various contract vehicles such as Qwest GSA Networx, SEWP and government leasing programs.
BT said in a statement “the views Bruce expresses on his blog are his own and have nothing to do with BT.”
GSA Deputy Press Secretary Jackeline Stewart referred to GSA’s agreement language with schedule holders, which include at least four statutes and regulations governing the protection of government information. Stewart did not comment on whether GSA would investigate any potential security issues raised by Schneier’s personal activities and his association with a federal government contractor.
In a series of email exchanges, Schneier told FedScoop he’s retained legal counsel and he does not believe a conflict of interest exists between his work to counter NSA surveillance activities and his employment relationship with BT. But the centerpiece of his defense is that he’s acting as a journalist under the protection of the First Amendment.
“According to the attorneys I have spoken to on this manner — and there have been several — my position is 1) not unique, and 2) not difficult,” Schneier said. “Freedom of the press does not presuppose either 1) full-time employment by the press organization in question, and 2) no employment by any other organization. At least, that’s what the attorneys who do this stuff for a living tell me. I am relying on their advice.”
Bruce Rosen is a lawyer with the New Jersey-based law firm McCusker, Anselmi, Rosen & Carvelli, P.C. and has specialized in media law and First Amendment issues. Rosen said conflicts of interest come in two flavors — actual conflicts and perceived conflicts. And without knowing Schneier’s exact responsibilities at BT, it’s hard to know where his actions fall, he said.
“If BT’s contract with the U.S. is providing him with any information that allows him to better understand the national security apparatus and he is using that information — or that knowledge base — to help interpret the Snowden documents, it seems to me that it could be an actual conflict and possibly violation of the contracts themselves, and maybe U.S. national security laws,” Rosen said.
Dan Collins is a former assistant U.S. attorney and federal prosecutor with the financial crimes and special prosecution section as well as export enforcement program manager for the Northern District of Illinois. He said anytime an employee of a company that holds U.S. government contracts, particularly contracts involving classified systems or information, acknowledges having access to classified data he or she does not have a need to know or calls publicly for the release of classified information, it should raise red flags for the government.
“The United States government is understandably sensitive to properly securing its classified information,” Collins said. “And to the extent that anyone, but especially the employee of a government contractor, is misusing that information I would suspect the U.S. government would be quite concerned.”
“That said, when he is here, he has a First Amendment right to say or write what’s on his mind so long he hasn’t voluntarily restricted himself by contract,” Rosen said.
A spokesman for the Justice Department’s national security division declined to comment.
In his own defense, Schneier told FedScoop he has “no relationship with the government services side of BT, either in the U.S. or the U.K.”
Schneier’s work comes amid a heated debate in the U.S. about who and what work qualifies as journalism protected under the First Amendment, as well as whether leakers such as Edward Snowden are truly whistleblowers or common criminals guilty of treason. For now, Schneier remains adamant his work with the NSA documents falls under the banner of journalism.
“I have a working — for money, a real working — relationship with the Guardian,” Schneier said in an email. “And I am a contributing editor to The Atlantic; I’m on their website as such. I contribute regularly to CNN.com and other publications. My blog has more readers than your publication. Can you claim to be a journalist?”