When the “President’s Review Group on Intelligence and Communications Technology” issued its report (Liberty and Security in a Changing World) this past week, an honest and objective newspaper headline the next day would have read: “Rogue Panel Reports on Non-Rogue NSA Program.”
To start, almost every one of the panel’s major recommendations is at odds with the policy positions of the administration and its senior intelligence officials—be it, the need for telephony metadata, the party responsible for storing that data, and whether to end the dual-hatting of the director of NSA as also head of Cyber Command. As uncomfortable as the president is already in defending the NSA, one can only imagine how much more uncomfortable he will be with his liberal base if he turns his back on the panel’s recommendations. But never one to stick to a law or a redline, President Obama was already signaling in Friday’s press conference his willingness to accept a number of the panel’s proposed changes.
The potential problems and downsides in doing so of course will depend on which of the recommendations he has the intelligence community adopt. And there are plenty of problems and downsides in the panel’s nearly four-dozen proposals.
For example, the panel recommends that NSA’s “information assurance directorate”—the folks who protect our codes and communications—be split off altogether from NSA’s foreign collection activities. But separating the offensive and defensive elements of NSA is to weaken both. If you want a good defense, you need to know what new offensive strategies are being developed—and vice versa. Any middle school football coach could have told you that.
Or, take the panel’s proposed prohibition that NSA’s codebreakers “not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption.” Really? Do we really want to give a twenty-yard head start to terrorists, criminal syndicates, and weapons proliferators by tying NSA’s hands in this regard?
One could go on and on, but the panel’s key recommendation is to end “the storage of bulk telephony metadata” by the government and, instead, have that data held “either by private providers or by a private third party.” The data then could only be queried after NSA or some other part of the intelligence community had received specific approval from the Foreign Intelligence Surveillance Court. Given the fact that “private providers” are numerous, getting separate orders and querying multiple and distinct databases can’t help but make the program less timely and efficient.
Perhaps those problems could be alleviated if the data were held by some newly created third party entity. But that solution has problems of its own. Why should it be trusted anymore than NSA to protect that data? After all, it will almost certainly be a quasi-government body since neither Congress nor the public is going to trust handing over such sensitive material to a completely private organization. Nor will it be safe to do so unless NSA is involved (as the entity charged with protecting government communications) in helping this “private” body keep that data secure and available.
According to the panel, however, we shouldn’t worry about these complications because the fact is the metadata program as it exists today isn’t all that useful when it comes to counterterrorism. In 2012, the program produced only 12 “tips” to the FBI that called for further investigation and, in the panel’s judgment, the use of the metadata “was not essential to preventing attacks.” But, again, really? Are 12 tips too few? How about 20? How about just one if that tip helps prevent, as the government says it did, the plot to bomb New York’s subway system in 2009?