Edward Snowden is now out of his limbo at Moscow’s airport, presumably ensconced in some Russian dacha, wondering what the next phase of his young life will bring. Having spent 30 years in the intelligence business, I fervently hope the food is lousy, the winter is cold, and the Internet access is awful. But I worry less about what happens to this one man and more about the damage Snowden has done — and could still do — to America’s long-term ability to strike the right balance between privacy and security.
Ever since Snowden, a former contractor for the National Security Agency, leaked top-secret material about its surveillance programs, he and the U.S. government have locked horns about the nature of those programs.
But those following the Snowden saga should understand two key points. First, though many things need to be kept secret in today’s dangerous world, the line between “secret” and “not secret” is fuzzy rather than stark, and if the goal is security, the harsh truth is that we should often err toward more secrets rather than fewer. Second, despite the grumbling from Snowden and his admirers, the U.S. government truly does make strenuous efforts not to violate privacy, not just because it respects privacy (which it does), but because it simply doesn’t have the time to read irrelevant emails or listen in on conversations unconnected to possible plots against American civilians.
Incidents like the Snowden affair put my former colleagues in the intelligence community in an impossible position. Yes, the official explanations about the virtues of data-collection efforts can sound self-justifying and vague. But they’re still right. I know firsthand that Gen. Keith Alexander, the NSA director, is telling the truth when he talks about plots that have been preempted and attacks that have been foiled because of intelligence his agency collected. I know because I was on the inside, I have long held security clearances, and I participated in many of the activities he describes.
I spent years in the middle of the effort to identify, disentangle, and ultimately attack al-Qaida. We didn’t operate in secrecy because we were ashamed. We operated in the dark because we had to. Al-Qaida and its affiliates study our actions. They learn from our mistakes. America is safer because we’ve made a point of understanding their methods better than they understand ours.
I understand the trade-offs here. But the intelligence community isn’t keeping things from the American people because we don’t trust them, but rather because once important security information is out there, anyone can access it, including those who would do us harm.
That’s why I find the Snowden controversy so frustrating. I realize many Americans don’t trust their government. I wish I could change that. I wish I could tell people the amazing things I witnessed during my 30 years in the CIA, that I’ve never seen people work harder or more selflessly, that for little money and long hours, people took it for granted that their flaws would be scrutinized and their successes ignored. But I’ve been around long enough to know that deep-rooted distrust of government is immune to stories from people like me. The conspiracy buffs are too busy howling in protest at the thought that their government could uncover how long they spent on the phone with their dear aunt.
Your aunt’s not the target
Let me break this to you gently. The government is not interested in your conversations with your aunt, unless, of course, she is a key terrorist leader. More than 100 billion emails were sent every day last year — 100 billion, every day. In that vast mass of data lurk a few bits that are of urgent interest and vast terabytes of tedium that are not. Unfortunately, the metadata (the phone numbers, length of contact, and so forth, but not the content of the conversations) that sketch the contours of a call to your family member may fall into the same enormous bucket of information that includes information on the next terrorist threat. As Jeremy Bash, the former chief of staff of the CIA, memorably put it, “If you’re looking for a needle in the haystack, you need a haystack.”
Unfortunately, during the Snowden affair, many news outlets have spent more time examining ways the government could abuse the information it has access to while giving scant mention to the lengths to which the intelligence community goes to protect privacy. We have spent enormous amounts of time and effort figuring out how to disaggregate the important specks from the overwhelming bulk of irrelevant data.
System well monitored
This is done under tight and well-thought-out strictures. I witnessed firsthand the consequences of breaking the privacy rules of my former organization, the National Counterterrorism Center. As the center’s deputy director, I had to fire people, good people, and remove others from their posts for failing to follow the rules about how information could be accessed and used. It didn’t happen often, and it was never a malicious attempt to gather private information. We had mandatory training and full-time staffers to supervise privacy regulations. We used precious resources to hire lawyers and civil liberties experts to oversee our efforts. And on those few occasions when we made mistakes, the punishments were swift and harsh.
Yes, some things that are classified probably don’t need to be. That may undermine public trust and dilute our ability to protect the data that really need protecting. But some things — especially U.S. sources and methods — must be kept secret. Snowden didn’t offer fresh insight about a massive policy failure. Rather, he took upon himself the authority to decide what tradecraft the intelligence community needs to keep his fellow citizens safe. Sadly, Snowden has captured the public’s imagination and attention, and the government’s reaction now seems too little, too late and too reactive. But the intelligence community — always a less sympathetic protagonist than a self-styled whistle-blower — actually has a good story to tell about how seriously the government takes privacy issues. We should tell it.