Liberty & National Security Fellow, Michael German, interviewed Edward Snowden in a presentation titled “From the Plumbers to Citizenfour: Comparing Surveillance and Civil Liberties Past and Present” at Computers Freedom Privacy 2015. To watch the interview, click here.
Gabe: Hello everyone, good morning. It’s an honor to welcome you to the 25th annual Computers Freedom and Privacy Conference and I extend a hearty hello to everyone who is joining us, both here in person and online. Thank you for making CFP what it is and I urge you to join the conversation on hashtag CFP 2015. My name is Gabe Rottman, one of this year’s co-chairs, and I work on privacy and free speech at the American Civil Liberties Union. In the month we spent putting together the program for the next two days, we’ve tried to find a unifying theme. On the website we cite the potential benefits and threats of technology to free speech and how technology can both stretch and close the digital divide. And those themes will be quite apparent in our conversations over the next two days. But I think, here at the Silver Jubilee of CFP, that the theme is much simpler. While we may disagree on the particulars, and I know and hope that we occasionally will, we are all here today out of the firm belief that technology, properly managed, can be of force for good in the world. It can equalize opportunity, bring truth to power, further tolerance and understanding, promote health in the general welfare, and save lives. And on the flip side, technology improperly managed can entrench power, widen economic inequality, promote hate and fear of the capital-O other, and cause vast and tragic loss of life. The challenge today then is to figure out how, best we can, to manage technology; how to turn it so it serves our values as free peoples. Throughout the next 36 hours or so that will be the simple theme, and I am very glad to be part of that inquiry. Thank you for being part of it too.
Before I turn the stage over to our keynote speakers, it is also my privilege to thank my friends and colleagues who have given so much to make what I’m confident will be a conference befitting CFP’s quarter-century Anniversary. None of this will be possible without the generous support of our sponsors: Google, Microsoft, the ACLU, Free Press, the Internet Society, Spitfire Strategies, and Start Mail. Sandy Fulton, CFP coach chair, and the government relations manager at Free Press has been an extraordinary partner over the past year. And Nathaniel Turner, my colleague at the ACLU, is the real co-chair at this year’s conference. Thank you, Nathaniel. I’d also like to thank the program committee for its tireless efforts to find and organize an amazing slate of panels and speakers. And I can’t express enough gratitude for those who have volunteered their time, especially at so early an hour, to help bring this year’s CFP together, thank you. And now it is my distinct pleasure to introduce our distinguished keynote speakers, both of whom who are about to be fixed in light as the inspiration of two major motion pictures. It’s amazing! Mike German is a man of many hats; he is a former FBI whistle blower, a civil liberties advocate, and a fellow at the Brennan Center and he is an expert on the history of intelligence scandals. Please join me in thanking him for being here this morning. As my colleague Jay Stanley often says, Edward Snowden is well, Edward Snowden; global icon, privacy activist, NSA whistleblower, and according to WIRED magazine, the most powerful person on twitter. A huge thanks to Mr. Snowden for being here as well. And now I leave the next hour in their hands. Thank you again for joining us at the 25th Anniversary of CFP.
Mike: Thanks very much Gabe and Sandy, and thanks to CFP and all the sponsors for inviting me, for having us here, and thanks Ed for being here. It’s interesting that there’s so much similarity in our backgrounds. We both come from a military family; both spent a lot of time in the D.C. area growing up; both went into federal service. Kind of as, that’s what you do, right? You go into the government, then go to work. And really I think the big distinction is that you came into the intelligence community, into the military, after 9/11, where I came in in 1988, when the lessons from the previous intelligence scandals, and particularly the framework for the reforms was very present in everyone’s mind.
And what I saw was a big transition after 9/11 that, well, I’ll let you explain, whether that was actually something that was in the front of people’s minds when you started at these agencies?
Edward:I definitely think so. When I joined, first sort of entered into government service, I was enlisting for the Army in 2004, when everyone else was protesting against it, because when you grow up in the shadow of government, you don’t really doubt, like you said, it’s what you do. You grow up, you work for the government, and then eventually retire. But in 2005 I started working for the CIA as a contractor and that was quite unusual. Because although I had a significant amount of technical skill, didn’t have a lot in terms of paper credentials.
I had some industry certifications and things like that, but the Bush administration had really gone on a hiring tear for all the intelligence community, but specifically for the CIA, the NSA, groups like that. So when I joined, there was this incredible bifurcation in the workforce where you had sort of a group of old timers who grew up going through training learning Morse code and how to solder, you know, radios together. They didn’t think that when something breaks, you just threw it away and got another one like you do today. They had to field service everything.
And then you had this new generation where everything was digitized, everything was computerized. What made us valuable was the fact that we had mastered a new sort of era of technology, but what we all lacked was the institutional history of why the reforms happened and why they were so necessary. We still knew about them in sort of a generalized academic sense, because every year, you know, in government you’ve got these annual training requirements where you’ve got to tick the box saying you watched the Flash presentation or read the, you know, 15 page whatever.
And we got those but it wasn’t really something from our generation. It was considered solved problems, secret history, and rather than bearing in mind that power and reach and extension by government can be dangerous, not just to sort of our adversaries but also inside to our own civil society, we were in this new moment where anything could be justified, I mean whether it is torture or mass surveillance, targeted killings and so on and so forth.
The motto that I learned almost the first day when I came in, and this was as a contractor, before I was even sworn in officially as a CIA officer, was mission first, mission first. That’s really all that mattered, not when you go home, not what you do, but the mission. The mission was all that matters. And I think that did have a lasting impact on not just to this new wave but it gave an organization a chance to change its character and its culture radically, and I think that’s happened.
Because the majority of those holdovers have since retired.
Mike: And interestingly, in the FBI now, one of the scary statistics I heard was that more than half, 60 percent of the workforce has been hired since 9/11, so as you suggest, that number of people who realize that they’re used to be rules on what you were allowed to do with this information is shrinking very quickly and will be gone fairly soon. One of the things…
Edward: Yeah.
Mike: Go ahead.
Edward: If I could actually tag onto that, I mean one of the things that I’ve seen from my experience sort of living through this, this reform argument first hand. As I now read histories of intelligence scandals going back, to the beginning of the 20th century, not the 1970s, but 19-teens, '20s, '30s, '40s, is that it’s natural, it’s to be expected that any bureaucracy, any institution will over time expand its reach, expand it’s power. That’s what institutions do, that’s why they’re there, is to solidify and strengthen things beyond individuals, and to create a structure that’s self-perpetuating, self-sustaining. And in many cases that can be a valuable thing, that can be, you know, a great benefit if it’s an organization like the ACLU, or things we rely on like police departments.
But when an institution has a certain amount of power, certain amount of privilege, a certain amount of resources that is never questioned, and basically any ask can be granted on the basis of national security, you get things where for example the FBI was very tentatively looking at, you know, people who supported Sacco and Vanzetti and anarchists and things like that in the 1910, 1920 period, as subversives. And those sort of baby steps eventually were what led to the grand scale abuses of, you know, the Red Scare and McCarthyism, and eventually, you know, Hoover trying to talk Martin Luther King into committing suicide.
Simply because at some point it becomes taken for granted that that’s what they do, that their prerogatives are the nation’s prerogatives; that the institution and the state are the same thing and that they know what is best for the public more so than the public. So the question for me is, how do we correct for that, how do we address that? And I think something that we’ve seen is that whistle blowers are valuable, but they can do nothing in a vacuum. It requires a civil society, it requires a free press, it requires reporting and eventually collective congressional action, institutional action, also through the courts is a good way to force reform.
Because that pendulum will always swing too far, and one of the reasons that I felt so compelled to come forward when I did is not because I saw, you know, I felt that the pendulum was irrecoverably far, but because I saw it moving in the direction and I feel that citizens, individuals, have an ability, particularly when they’re inside this, witness these programs that are occurring without our knowledge or consent, to arrest that swing.
And maybe you can’t solve the problems, maybe you can’t fix everything. But you can buy us a decade.
Mike: And I think that’s right, what you say about how a bureaucracy is created so as not to allow questioning, but in most bureaucracies people still have free speech and can talk about what’s going on. In the intelligence community bureaucracy there’s actually an effort to suppress the people who are questioning and you’re the last person I have to tell that to. So you would think in that kind of a system that recognizes that weakness they would build in a system to protect people who are questioning.
But actually we’ve gone the other way with the insider threat program that was put in place just a little while before you came forward. And can you talk about how that system, why you felt that system wouldn’t work and you had to go around it?
Edward: Right. So there’s always been a little bit of a North Korean flavor to working in the intelligence community. I think you’re familiar with it as well. Just from the culture where you have counter-intelligence posters, for example, in the hallways, where it’s eyes watching you and saying “danger,” and saying, you know, don’t be a spy, don’t be this that or the other, don’t talk to the press, because you’ll end up in handcuffs, think of your loved ones. There’s a constant propaganda which in this case, in counter-intelligence is valuable and it’s encouraging people to protect information that would be, you know, an official to the public good to keep secret in theory, but eventually becomes a culture.
And what happens when you move beyond those posters, right? This is what happened in a few years before I came forward, and I hear now from sort of those in the know, that it’s really kicked into overdrive at this point which is what, as you mentioned, was the insider threat programs. And this is where you go through that annual sort of security training programs, and say yes, I won’t click open the spam email and get my computer hacked, although of course, you know, 90 percent of the workforce absolutely will.
They also talk about what the threats are, not externally but as a person sitting next to you at the desk. And they’re not necessarily saying that this person is going to be working for a foreign intelligence service. They’re actually saying don’t respond to reporters, don’t talk to the press, close yourself off, don’t get involved with that at all, refer people to public affairs officers. They’re the only ones, and then report the journalists to security, and things like that.
If you hear a coworker that you think has any involved with any sort of reform organization, journalism organization, those could be indicators of hostile intent. And these are sort of red flags that you’re supposed to self report to security. And I mean I think that radically changes the dynamic of who’s really in charge of these institutions, of these agencies, of these organizations. Because ultimately it should be the public holding the leash. But the public understands the nature of its government through its press.
What would I guess your thoughts be on that dynamic? Where is the real danger to intelligence services? Is it really from the press?
Mike:So it is interesting. I actually wrote a piece for The Guardian last year. How many people here have heard of, well, how many people here knew who Edward Snowden was? How many of you knew who I was? How many of you know who Jeffrey Delisle is? Not many hands are going up. So Jeffrey Delisle was a Canadian Naval intelligence officer who because of the Five Eyes agreement worked with the NSA and the other intelligence services from the Five Eyes countries, and for a five year period he would walk out of the institution with a thumb drive full of information that he would give to his Russian handlers.
For five years. So the idea that certainly the Canadian, the British, Australian government obviously learned nothing new from the disclosures that came from the journalists who printed the stories about the documents that Ed provided, but the Russians obviously knew this information. They had been getting a download of it for over a five year period. So I think it’s important to recognize that there are insider threats, there are people, and those are the people who are dangerous. Yet if you look at the insider threat program, it’s focused on whistleblowers.
It talks about monitoring and limiting contact with reporters. Robert Hanson was a spy during the entire time that I worked at the FBI and I doubt very seriously he was doing a lot of discussions with the press. Right? That’s not how spies survive. So that’s a clear indication to me that this program isn’t about protecting information in a counter-intelligence sort of way but is rather about suppressing dissent within the organization, suppressing the journalism that you say is most important. Because I think that’s exactly true.
And I think one of the things that’s also true that we know is that the effort to suppress whistle blowers has had this coinciding pattern of trying to suppress reporting, and I think one of the things that’s important for you to talk about, Ed, is why you went to Laura Poitras when you were coming out. Because you know, now we all know her as an Oscar-winning documentarian but there was a different story that drew you to her.
Edward: Let me just tag on to one point before I move there, which is that you mention the fact that intelligence agencies find out about these programs, foreign intelligence agencies, our adversaries find out about these long before the public does and that’s because they don’t share this information, they don’t want to reduce the value of their intelligence holdings by revealing their hand, by saying that they know how we operate. And we do the same thing in reverse.
And when you look at how, for example, intelligence agencies actually justify why they’re classifying these programs that have tremendous public impacts like mass surveillance. Why are they classifying them at such a high level, why they won’t talk about them? Their own top secret documents, this is a story from the Guardian of June 2013, looking at cables from the GCHQ, basically an NSA subsidiary that’s run by the United Kingdom. They get funding from the US. But they are, you know, nominally sovereign. And their version of the NSA had classified materials that said what they were really afraid of was a quote, their words, damaging public debate about the scale of their activities because it could lead to legal challenges against mass surveillance programs. Not because it would cost lives, not because they would lose an intelligence advantage. That’s not what it was really about. It’s exactly the points that Mike just mentioned.
And I would also point out, I used to teach counter-intelligence seminars for the DIA. They’ve got a group called the JC, the Joint Counter Intelligence Training Academy, and I taught counter-cyber. Now they would go through these cases again and again and again and the dirty secret of counter-intelligence is that most spies are never caught. You do get the big cases, the Rick Ames, the Bob Hansons, where they operate for decades, they were selling out human intelligence sources, these guys got executed, they died. And in almost every case these people are turned over by defectors, somebody from that foreign intelligence service says, hey, I want ten million dollars or whatever, and they change sides.
Now the thing to remember is that when intelligence officers, when James Clapper’s in front of Congress and he’s like ooh, I can’t really talk about that in open session because, you know, the Chinese will know or something like that, they already know. They always already know. Unless this is a program that’s only been in existence for 30 days and is only known by six people. Over time, over years, programs that span decades absolutely become known.
But let me get on to Laura there. Which is when I was trying to figure out which journalists would actually, would actually report on this information, who would be willing to shoulder the risks of irritating some of the most powerful intelligence organizations in the world, I had to think about people who were familiar with the issues, who were able to secure their communications in an effective way, because I didn’t want them to make a mistake and it basically cause problems for me before this material got back to public hands.
And there were only a few journalists who could do this kind of thing. And Laura Poitras was one of the ones that I knew this was the case for. Because she had been harassed by our own government. She had been specifically targeted for surveillance for basically a secondary inspection every time she crossed the United States border, of course, because they’re exempted from the warrant requirement there.
So they can go through all her things, they can try to make copies of her drive, they can see what she’s working on. Because she was making documentaries about Iraq that didn’t have the kind of perspective narrative that we preferred. There were all kinds of allegations that were being made against her that were of course never proven, eventually disproven. But it’s interesting that when you think about history, past reporting, why is that so important, why can’t you simply mail documents to the Washington Post, the New York Times? But when you go back to the 1970s, the burglary in Media, Pennsylvania, which maybe people don’t remember so well, this was the origin of the Cointelpro reporting programs where the NSA, or the FBI had counter intelligence programs that were watching the civil rights movement, civil rights leaders.
They were monitoring Martin Luther King, Jr. Hoover was writing him letters trying to get him to commit suicide. All of these sort of dirty secrets only became public because a small group of activists in Pennsylvania worked in concert to embark on what I consider to be one of the most extraordinarily dangerous and successful domestic publication operations we’ve ever seen, which is they cased the FBI building, figured out how to beak in, and then at night during the Mohammed Ali / Joe Frasier fight actually did that, stole the FBI’s files out of their safes and then mailed them to newspapers and mailed them to senators.
Now the extraordinary thing about this story and why it’s so important is only one newspaper actually published on those materials. The other newspapers and all of the Senators that received those materials simply gave it back to the FBI without saying anything about it. And that is why a press that is not just free but adversarial is so important. If we have a compliant press, if we have a cooperative press, we will never know what the government is really doing about the things that matter the most to the nature of our rights and our society.
Mike: And interestingly, I got to meet a lot of the burglars which was interesting for a former FBI agent. When I talked to Bonnie Raines, I asked her if it was the first time an FBI agent had ever interrogated her and it was. Her husband had actually been interviewed by the FBI during the investigation, John Raines, and one interesting thing about John is he was one of the original Freedom Riders. So breaking into an FBI office wasn’t even the bravest thing he did to try to help our country reform its practices.
You also mentioned cyber security as one of the risks to information that the government also doesn’t really talk about. I mean it’s amazing how much they focus on whistleblowers rather than on what are the real threats to information from intelligence services, and I just wanted to ask you whether you’re getting free identity theft protection from the Office of Personal Management. Have they sent you your notice?
Edward: Yeah, so the OPM has not directly informed me yet that I’m getting the free identity protection. On the other hand, God save the person who tries to steal my identity.
Mike: Yeah, interestingly…
Edward:I wish them the best of luck.
Mike: Yeah, they haven’t contacted me either. I wonder if that’s part of a pattern. And then of course is the way intelligence agencies shares, not just the Five Eyes but many other governments. So it’s almost as if there’s this secret society that doesn’t know international borders, or national borders, that knows far more not just about what our personal proclivities are because they’re sharing information about us, but also about what our governments are doing that somebody in, you know, name your foreign country knows far more about the intelligence practices of our government than the public and how this affects the democratic public not just in the United States but around the world, that there is this secret society that is in charge of a lot more and knows a lot more about us than we know about it.
Edward: I mean we see this happen in the context of judges, for example, who have know idea what’s going on, who have to completely rely on government assertions. They’re not really empowered to disbelieve them in some cases, which is extraordinarily dangerous. And this is toxic for a number of reasons. I mean one, so for people who aren’t necessarily familiar with all the revelations, one of the big things that people weren’t familiar with is the existence of what’s called the Five Eyes Alliance.
The Five Eyes are the US, the UK, Canada, New Zealand and Australia. The Anglophone countries all put their SIGINT “get” into a big pot, everything they collect, through mass surveillance programs, in their countries and co-mingle it. This allows a kind of jurisdictional arbitrage where they can’t say we want you to target this individual who we are not lawfully able to target because that would implicate them in things that they don’t want to be implicated in, but what they can do is say do you have any information about this person.
And then that agency will do whatever they can to get it, because this is a mutually beneficial partnership. They simply won’t say what the source of the information was. And this is normal, because every intelligence agency is expected to conceal their sources and methods of their intelligence collection, even from allies. Now this is extraordinary when you think about the fact that foreign government officials in New Zealand knew more about what was going on than judges in the United States.
And it’s not just Anglophone countries, in case you consider them to be, you know, mostly the same thing. Even in Germany, even in France, even in the Netherlands, countries which we had so-called third party relationships with. This kind of intelligence sharing about our capabilities and programs was being done and in fact jointly occurring. In Germany, for example, we asked them to set up a mass surveillance program where again they were monitoring Internet cables, which is completely unlawful in Germany on the basis of what’s called their G10 privacy law, where much like our 4th Amendment, only stronger, it forbids basically generalized collection. It has to be individualized.
But they did it anyway because they believed it would be secret. They said, well, we’ll put filters in place to try to comply with the spirit of the law, but then later, recently now, an NSA inquiry in Germany is trying to investigate what happened, how it all went wrong, they’re saying the filters never functioned all. Now this is not just sort of a foreign discovery. If you look at the reporting from, this was originally done by the Washington Post, Barton Gellman, even by their own incredibly lax standards, the NSA violated their own policies and our laws at least 2,776 times in a single calendar year.
Now this kind of thing is not just, you know, 2,776 phone calls intercepted, in case you think, oh, well, that a rounding error given the amount of collection that they’re doing. A single one of these events, these 2,776 times, was intercepting every phone call in a Washington, D.C. area code for a period of days. That’s one incident out of three thousand that happens in a single year. And I presume you know about the FISA court, which is when they go, all right, we need a warrant, we can’t justify this without any warrant at all, so we go to a secret court and in 33 years they’ve asked 34,000 times for the government to say yes.
And in those 33 years the government said no only 11 times. That’s as close to a rubber stamp as you can get. Now beyond that, even if you think the FISA court is not a rubber stamp, you think yeah, you know, they’re reliable. The judges on the FISA court themselves say that the orders that they’re levied with the NSA are completely disregarded when it comes to how to actually implement these programs. They said the NSA violated these requirements so frequently and systemically that it can be fairly said that the critical elements privacy protection and regime never functioned effectively at all.
The question becomes, if everyone else overseas, anybody with any kind of government nexus, knows what’s going, our own judges can’t keep control of the program, even secret courts that have clearances, how can we correct for this, how can we reform these things? You know, what can be done?
Mike: And that is the question, how do we reform it. And you know, particularly focusing on whistleblowers, when you look at the way the government talks about reforming whistleblower protections for the intelligence community, it’s still within a closed system. Right? They created a little internal board that will review whether the agency that they work for has retaliated against you. And it’s all about, again, suppressing the public knowledge of what’s going on.
And how many people have read or know about some of the reforms and some of the information that Edward Snowden has passed on to reporters? How many of you know what I blew the whistle on? The people I worked with, who I know personally. And I think it’s an example of what happens. I made my first complaint about mismanagement of a counter terrorism case in 2002. There was finally a hearing about it in Congress in 2007. And very little information about what the actual complaint was, what the actual concerns were ever came out.
And when they did, it was seen as, well, yes, this was a problem five years ago, it’s since been addressed, everybody’s moved on, you should move on too. And there was no actual reform that were put in place, which for somebody within the intelligence community who actually wants to create reform of the system there isn’t really another method. But those methods are closed off even within the reforms that are being put in place to protect whistleblowers.
So two things. One, with a workforce that doesn’t really know the history and sort of the regulations and rules that were put in place to protect our civil freedoms, and this pervasive system that, how do we build a cadre of people who are willing to come forward and how do we actually protect them?
Edward: There’s a fundamental problem, and I think when we try to consider how we can fix this it ultimately comes down to what are the incentives for reform, what are the incentives for disclosure. What are the incentives for the kind of behavior we want to see? And when you look at them today, they basically don’t exist. As you said, you know, you put your career on the line to report any kind of wrongdoing and you’re required to report that wrongdoing to those most responsible for it occurring in the first place.
You’re asking in some cases, and more radical people would argue in most cases, you’re asking criminals to indict themselves. And if we can’t restructure that and we can’t show publicly, demonstrably, that the whistleblowing process works, that it’s effective, that there are reforms, that there are protections, people will create their own. Now fortunately we live in a society where the press exists precisely for that reason but it comes at a very great cost to the actual whistleblower themselves and if we as a society are reliant on asking volunteers to stand up and self-immolate to report a wrongdoing, we will very quickly find ourselves out of volunteers.
Mike: So I think it’s, there has to, number one, a way for whistleblowers to have their rights vindicated in court. Access to court would change so much about it that an agency and the individuals involved knew that ultimately this was going to see a court of law, they would be much less reluctant to open, I mean one of the things I was surprised about internally, having followed the rules, having, you know, gone only to internal, how brazen the retaliation was, that it was open and obvious.
At that point I’d been in the FBI for 14 years and was fairly well known because I did undercover work, I would move around to the various offices. So I was fairly well known as somebody who knew how to do their job, did it well, didn’t cause problems. And I thought that protected me. But with hindsight what I learned was that actually made me an attractive target, that they knew that if they could send a message to the workforce that even if you’re career has been stellar, we will crush you if you don’t follow the protocols of not reporting mismanagement of information. So I think…go ahead.
Edward: It’s extraordinary to me, the words, the language that you just used. You said we will crush you. Because I have heard that verbatim from people inside the NSA. When I was talking to my colleagues and supervisors about what they thought about these problems, are they right, are they wrong, and ultimately, you know, the majority of individuals, there were a few who said, you know, due process, just kick them out of airplanes, they’re bad guys.
But there were people who said, yeah, you know, this is ridiculous, we should not be spying more on Americans than we are on Russians, which was the case according to our reporting tools. But what are you going to do about it? You know, you know what happens to guys like that. If you try to stand up and fight with leadership on this, you know, particularly as a contractor, they are going to crush you. And it’s what you described, it doesn’t occur by accident.
There is an authoritarian undertone in many organizations and institutions, but particularly I think in secret ones. And they feel that control of sort of structure, narrative, policy, is the absolute most vital, fundamental principle for them. And so as you said, the idea of sending a message I think is not an exaggeration, I think that’s a normal thing and I think everybody at the working level hears that message very clearly.
So it begs for me the question of how do you resolve that. And this is just me thinking out loud. I don’t really have a policy proposal here. But we need to have some mechanisms of truly independent groups, whether they are civil commissions, whether they are made from the opposition, from people who are known to oppose these issues and things like that, in some way balanced. Or, this is something that was recently proposed by the UN, new UN special rapporteur on privacy, I believe, some international mechanism, some international court that will allow people access to courts without the same ties of nationalism or deference to this or that political authority interfering.
I’m not sure it’ll actually ever work but, you know, what do you think about that?
Mike: And it’s interesting because if you talk to somebody in the government and the administration about it, they would say, well yes, those things are nice and we would love to do that, but it’s so critically important for us to keep the sources and methods of our activities secret and, you know, the risk of going into court, even if we’re just focused on the employment issues that are involved in the retaliation are simply too great that information would leak out.
But what they won’t talk about is how their pervasive information sharing puts all that information at risk, so it’s no longer just are there any spies in the FBI or the NSA but are there any spies in the Canadian Navy, are there any spies in…
Edward: Or the Iraqi intelligence service.
Mike: Right, exactly. You know, all these other things. And plus, there’s one very simple thing that we could do because even without spies there is so much leakage going on, right. The lack of cyber hygiene, as you said. You know, I think GAO did a study once at DHS where they just threw a bunch of thumb drives in the parking lot, and sure enough almost all of them ended up in a government computer. This is a long-time problem.
And one thing that would actually protect the leakage of that information is strong encryption, and yet that is something that the government is opposing as much as they are opposing effective whistleblowers reforms. Or has opposed…
Edward: It is a real concern that we see sort of director of FBI, Jim Comey out there, who’s really denouncing encryption like it’s the end of the world, it’s the only way like, you know, intelligence are going to shut down overnight, close the doors and give up and go home, if communications become encrypted by default. And I think this is not only dishonest, but intentionally misleading. Because yes, they may lose access to, or almost certainly will lose access to certain sources of communications that would have been freely available.
But in most cases those are communications flows, transactions with major websites, major services, American service providers, that we as a society benefit much more from having protected than these agencies gain in relative offensive advantage by having it open. It is more important for us to protect what we have. When everyone’s able to attack each other freely, because the defense of everything sucks right now, just being completely frank, that’s why the OPM can get completely owned and, you know, lose absolutely everything, people’s SF86s, their 30 page security clearance backgrounds, going back multiple years, their fingerprint records and everything like this.
And we don’t find out about it for, you know, ages later, months, years and so on and so forth. And then when it does happen, no one’s held to account for it. These are dynamics that are preventable if our policies incentivize both good security and particularized liability for those who don’t just get hacked, not the ones who are victimized, but the ones who are clearly negligent in their policies and their effects.
But even if we presume that then losing this will be a problem, this is something that I’d actually like to ask you particularly based on your experience actually sitting behind the FBI desk, when I worked at the NSA, mass surveillance was wonderful but it actually wasn’t necessary because we had so many different ways of getting to the same nut. You know, we could dig it up with a thousand different tools. Is it not the same with the FBI? I mean when I imagine what life must have been like for a law enforcement agent a hundred years ago trying to investigate a crime, where every conversation is ephemeral unless someone writes it down, compared to today, where nobody can travel with a cell phone without leaving a permanent record with their service provider, that there’s got to be more than one way in.
Mike: I think that’s exactly right, and that a lot of what James Comey has argued completely misses the point, and in fact there are tremendous ways of getting information. In fact, it’s actually the opposite problem if you look at, for example, the Webster Commission’s review of the Fort Hood shooting, they talked about how the agents involved were just drowning in data, that the data explosion within the FBI had made it impossible for them to keep up with the workload that this data flow was creating.
So you have the opposite problem. But I think where Director Comey is coming from and where people in the FBI, their attitude about this, is that they have had such free access to information for so long now that they’ve come to expect that if it’s data, they deserve to have their hands on it. That its their right to have that information if it’s in a data form. I think the best analogy I’ve heard was by my colleague at the Brennan Center, Faiza Patel, who said, you know, if we want to talk about evidence destruction, the one invention that has destroyed more evidence than any other is the flush toilet.
But as a society we’ve made choices. That yes, some evidence will likely be destroyed if we have these but the other problems it solves are actually more severe to our society. And I think that’s the choice that hasn’t been made in the intelligence community, that they aren’t looking at is a societal good, right. Think of this great, and you know, the Army deserves credit for this, the US military, the Department of Defense, the creation of this incredible tool, the World Wide Web, the Internet, that is an incredible democratizing voice, I mean gives voice to anyone, everyone can express themselves.
And if we could do it in a secure way, even the most authoritarian dictator out there would crumble, because you would be able to get the information out. In fact, we wouldn’t need to spend 70 billion dollars on an intelligence community. We would just have to have bloggers in Moscow and in China and in these other places and we could get our information through that free transmission of information. But instead we decided to make this a surveillance device, an enormous surveillance device, and I think that’s the reason why encryption is such a threat to them, because it would risk the flow of in that they depend on.
And one of the things that I want to talk about with you is, you know, people tend to talk about the problems, the past intelligence abuses as spying on Martin Luther King and that this is different because mass surveillance, isn’t targeted in those inappropriate ways. But just as you suggest with an investigation, once you have the data in a place, and this came up with the reviews of the Section 702 program, the PRISM program, that they said, well, this information actually has been valuable to investigations. Well, of course it has, all the information is there. I no longer have to go to the telephone company, I no longer have to go to the Internet service provide. I have my own bucket for it.
But that doesn’t mean I couldn’t have gone to the telephone company when I wanted the information, I couldn’t have gone to the ISP. So whether it’s necessary to get that benefit should have been the question that was asked. And it is a negative consequence which is the censorship of society, the suppression of the exchange of free ideas. Go ahead.
Edward: I think what you described about the fact that there are alternative means of collection really highlights what we lost in the wake of 2011 as an intelligence gathering culture within these organizations, which is the concept of using the least intrusive means of investigation. When we saw these targets, these terrorists, opportunities, criminal groups, whatever, there would be a specific operation targeted against a specific adversary where they use a specific means. It was regularly reviewed on an ongoing basis to collect this information.
Now no matter what, they just immediately jump in the data bucket, regardless of agency, and they 702, they 12333, they use basically the foreign and domestic means of authorization for collecting communications. And the danger here is that we’re reaching a state where we have a quantified world. We now have an intelligence agency that’s spying on US law firms not to thwart terrorist attacks but to get an advantage in negotiations about the price of shrimp and clove cigarettes. That’s a literal story. You can search for that specific case.
US law firms, right? Attorney/client privilege. What happened to that? Now they’ll go we’re not going to use it in court, but when people know the capability that not only exists but is being used, what is the danger of this? Moreover, when you think, okay, even if they’re only doing it in targeted cases, targeted collection, Barton Gellman, a reporter at the Washington Post, had access to actually raw intelligence collection material from the NSA’s office.
And he reviewed it with a technologist. They ran big data analysis on it, and they found that 90 percent of the people whose communications were being stored were not targets, they’re ordinary people. Because of what are called the back door search loopholes, once you get memorialized in this database, they no longer need a warrant, they don’t even need reasonable articulable suspicion. If it’s not truly raw signals intelligence but is related to some prior intercept that happened, you know, one year ago, ten years ago that’s still in their holdings, they can review it with no restrictions at all. And 90 percent of these individuals are completely innocent.
Now this has impacts. People don’t understand it very well yet. They don’t understand the incidental collection because we haven’t done a good job explaining it. But there have been studies done, again and again, that show something as simple as putting eyes on a poster shapes people’s behavior. It has an impact that will change the way you make decisions, the way you act, the openness with which you share, and this is increasingly happening in our society and I think around the world.
Now the question is, must it be this way. And I think it doesn’t. Now when we consider the current political moment in the United States where we have the most extraordinary regulatory capture in living memory, where campaign contributions and things like that are really used in exchange for favorable treatment regarding policies, for people who are on oversight committees, I mean every member who sits on the Intelligence Oversight Committee in the House and the Senate, they both receive twice as much in donations from defense contractors relative to the average members of Congress.
They recognize they are entitled by virtue of their position, and it in their interest not to change things. Can we change this, can we restructure this in the policy moment? Maybe. I’d like your thoughts on this. But the question is, what happens if we can’t? Ideally we would rely upon the courts, but because of the abuse of the State Secrets Doctrine, domestically and abroad, this is really something that’s become increasingly unreliable in the context of intelligence regulation control, of state abuses rather than those of private actors or corporations, whatsoever.
Do we need to start considering efforts to discover new means of enforcing human rights, for example, through technology? And that’s what encryption and similar technologies do. As we develop ways of divorcing identity from persona, where we can selectively share and present ourselves to our friends, to our workforces and so on in a voluntary manner that is secure and reliable, we can provide the same rights, we can guarantee the same rights that we ourselves inherited to those who come after us, but we can also provide these across borders to people in every country everywhere in the world.
People who are living under the most abusive and most intrusive regimes in ways that they cannot stop without limiting their access to trade, which today is becoming and more difficult to do. And I think provides some reason for hope, for optimism. But to check that optimism, I have to ask. What do you think the opportunity for political reform is today, particularly given that we see these groups, these agencies, whenever there is a disclosure, trying to draw a very tight circle around the controversy to protect how it interacts with other agencies and programs and policies.
Mike: I, as an advocate on civil rights issues and national security reform, I think I have to be an optimist, otherwise I couldn’t do this work. I’m sure you feel the same way, that what keeps you involved is our hope…
Edward: There are days.
Mike: …that we can force change. And I think there are some positive signs developing. In May the Brennan Center put on a symposium on strengthening intelligence oversight that involved a lot of the staff members of the Church Committee to come and talk about how they were able to accomplish what they were able to. We were so fortunate to have Vice President Mondale and Senator Gary Hart, two surviving members of the Church Committee, appear on the panel.
C-Span covered it. You can see that. And we’re actually going to be publishing the transcripts because it was really an incredible day-long experience. But we didn’t really have any active members of Congress very interested in talking about these issues or even active staff members. Mostly formers. But former Senator Carl Levin is now putting on a conference next week on Capitol Hill to talk about the same issue.
So the fact that there is some movement to bring this right up to the doorsteps of the Capitol is really important and I think is a sign that there is some political chance of comprehensive intelligence reform, and I think it does need to be comprehensive because, you know, as we’ve started to narrow some of these authorities, Section 215, we’re talking about narrowing 702, you know, we also found out that the DEA had been doing metadata collection domestically for decades before that, that the US Marshal Service, excuse me, is flying planes over the country collecting metadata.
So there are so many programs. Unless we know how they interact together, we can’t really reform a system because if they limit Section 702, but increase the number of planes that are flying over the country gathering metadata, we haven’t really accomplished anything. I think that’s one critical aspect, is that any reform discussion is talking about a broad array of issues and not just one and talking about how the different authorities interact with one another.
And I think part of the problem, you mentioned earlier the abuse we know about, but I think that’s got to be just a fraction of what is actually happening as you suggest. And you know, if you look at the Church Committee, one of the things, that when they looked at the way the FBI in particular but the other agencies as well were abusing intelligence authorities and access to information for political purposes, you mentioned John Edgar Hoover, J. Edgar Hoover, who went after people who he opposed politically by using this trove of intelligence he gathered.
And one recent story I think suggests that that’s still a possibility is the chairman of the House Government Reform Committee Jason Chavitz was holding hearings critical of the Secret Service, and the Secret Service agents went in and went through their records and found that he had applied to the Secret Service and been rejected, and released that information to the press in an attempt to embarrass him. And it’s not surprising to me that happened. You know, that’s what intelligence agencies do. And if you look back at the Church Committee they said that it was the unfettered access to all this information that made it so much of a draw to the people who wanted to use it for political purposes, it was almost uncontrollable.
But the thing that was a surprise to me is the Inspector General report on that issue said that there were at least 100 people within the Secret Service who knew about what was happening. 100 people, and nobody put a stop to it, right. So if you think that your information is safe, when the chairman of the Oversight Committee’s information isn’t safe, I think you’re kidding yourself, and I think what we need is part of a comprehensive investigation that would bring more of those stories out, because that’s what intelligence agencies do, they use the information for policy purposes, for political purposes, not necessarily just for security purposes.
Edward: If I could just make one point regarding 702 which you mentioned…
[Phone ringing]
Mike:I’m not sure what that is. The phone is ringing for somebody. Sorry about that.
Edward: No worries. Let’s see, 702. One of the things that we’re seeing from [unintelligible 0:52:50] reports and basically all the government talking points is they say this is targeted, this is valuable, please don’t interfere with it. And this is something that we should be very cautious in accepting as a fact. One, as you mentioned, there are other means for achieving the same information. If they have a reason to scrutinize this individual they can get a warrant. It’s really not difficult. I don’t think we’ve ever seen a ticking time bomb scenario, despite the fact that these agencies have been looking for them for decades now.
Even if they were, that would be an edge case, that would not be a manner to change our law, that would just be something to authorize an emergency procedure. But I can tell you from experience, from having worked with X-Key Score, sort of the front end to dive into the ocean of raw collection on everyone in the world, every single intercept is tagged with the authority it was collected by, which happens at the front end side, whether it’s intercepted, say the cable overseas in Oman or at home, here domestically, and it’ll say EO-12333, FAA 702. A significant, I would actually wonder if a majority, almost certainly a majority domestically in the United States, of communications that are populated in that database come from FAA 702. That would not be possible if this authority were being used in a targeted manner.
Now what is actually happening here in these reports, I believe, is they’re playing word games. They’re trying to draw a distinction between the interception and the storage of these communications that they get versus the actual use of these communications, where they deliver it to an analyst, the analyst reads it, the analyst tries to use it in some function.
This is bulk collection. Bulk collection is mass surveillance. The distinction between it is only euphemistic. When we think about how do we correct for that on that scale, one of the major things is simply to require them to use plain language, to go look, FAA 702 may be used in a targeted, warranted manner against US citizens here domestically. But is that the only use space? Are there any others? Is this being collected in bulk in any way?
Because the reality is, I believe what FAA 702 provides, or actually the FISA amendments act in general provides, that is so attractive to these intelligence agencies, is what’s called the Transit Authority, which is where they can intercept, filter, analyze, store, do whatever, domestic communications that are intercepted in the United States, or communications that are transiting domestically from, for example, Europe to Latin America and so on and so forth.
These will necessarily include a majority of communications, not only about innocent individuals but a significant fraction of those among Americans, particularly when you consider the previous reporting shows that 90 percent of those were held in communications that have actually been selected, on the basis of using targeted selectors like an email address, like a phone number, but then stored and memorialized at the NSA.
Ninety percent of those are non-target communications of innocent people. And I think that’s just something to be very aware of, is when they say FAA 702 is targeted, go whoa, whoa, whoa, not really, not quite. There may be a targeted use for it, which we don’t need to dispute, but it is not a targeted a collection program, it is in fact a bulk collection program. FISA Amendments Act in general was created to legalize the Bush era warrantless wiretapping program that was initially sort of legitimated through the Protect America Act of 2007, I believe.
FISA Amendments Act passed in 2008. Which was intended for two reasons. One, to immunize the companies that were unlawfully cooperating. We now know that AT&T was the foremost of these, thanks to the New York Times’ recent reporting. And the second one in my belief, I can’t prove this, of course, was to provide some sort of legal fig leaf so that officials in the Bush administration didn’t ultimately end up in the defendant’s chair.
Mike:I’m afraid we’ve run out of time. I’d love to spend a lot more time talking with you. So let me just end by thank you for the courage that you have and for having more courage than I had. And for the sacrifices that you’ve made to change this conversation. Because as an advocate having been involved in this conversation before and after Edward Snowden, it’s a very different conversation. You’ve added valuable information to help Americans gain control of their government.
And you don’t have to believe Mike German. President Obama said that. So I think that’s the definition of a whistleblower, is somebody who brings an urgent concern that deserves attention. So I thank you for that, I thank you for being with us, and I’ll give you the last word.
Edward: You know, there’s, the most encouraging thing for me is the fact that we see cultural changes. You can change policy, you can change a program, you can fire an official. They’ll be replaced. But what is very difficult to change is awareness, is culture, and we’re not there yet, we’re not at the ideal where people internally recognize the dangers and internally realize the importance of acting to defend the right that they have.
But we are much closer than we were before. We see a growing cohort that are not simply objecting, but they’re arguing, and they’re making sophisticated arguments. We see people who are realizing that raising protest matters, and we increasingly, this is something that’s, you know, there may be a little bit of shadenfreude here, but I find quite encouraging is, just as I wasn’t the first whistleblowers, we now see that I’m not the last.
When Bob Litt, the senior lawyer for the Director of National Intelligence James Clapper is writing little evil emails internally on his system that are complaining that they can’t pass encryption legislation that forces back doors into phones, that forces them to modify the hardware and things like that, some kind of compelled thing that makes us pay for law enforcement access to our devices, that ends up on the front page of the Washington Post in less than a month.
That is extraordinary and I think that is something that will pay dividends for us and for our society for a very long time.
Mike: Well, thanks very much and I hope someday we can continue this conversation here at home.
Edward: Thank you.
Mike: Everybody, thank you. [Applause]