The real NSA scandal is overseas

The real NSA scandal is overseas

Last week Edward Snowden popped up from his exile in Moscow for an exclusive interview with NBC News anchor Brian Williams. Like much of the public narrative that has emerged since Snowden absconded with reams of classified documents from the National Security Agency, the interview further muddied the waters about what his historic leaks have revealed.

Snowden claimed, for example, that “the Constitution of the United States has been violated on a massive scale” and that “the Fourth Amendment as it was written —  no longer exists.” That’s simply not true.

He said the “government” had “gone too far and overreached.” That is true, but not in the way Snowden means. He described how metadata could be used to get a clear picture of someone’s life while failing to provide evidence that the U.S. government is compiling such comprehensive profiles of American citizens without legal permission.

Finally, he asked: If the U.S. government “can't show a single individual who's been harmed in any way by this reporting, is it really so grave?”

This was one of the interview’s most unintentionally revealing moments because, while the agency’s domestic data gathering raises serious privacy concerns, Snowden’s question can be turned back on him. Can he point to a single American who’s been harmed by the NSA’s actions?

One of the more striking takeaways from a year of stories about the NSA is that they have turned up no evidence to suggest that Americans' privacy rights are being systematically violated or that NSA-collected metadata is being used to target political enemies. None.

Even Glenn Greenwald, the lead reporter for the Guardian newspaper on the NSA leaks story, has acknowledged as much, noting in a recent NPR interview that there is no evidence that the NSA used “online activities to blackmail people or ruin their reputations, or otherwise coerce and threaten them.”

It is “a scandal in search of a victim,” says Joshua Rovner, a political scientist at Southern Methodist University.

This is one of the great paradoxes of the Snowden story. Public attention has been focused, by and large, on a domestic data-gathering program that is legal, well-regulated and constrained by judicial oversight. While there are legitimate and very real concerns about the potential for NSA abuse, what we’ve learned so far is that no actual abuse is occurring. If anything, the system, by and large, has been shown to work. “What impresses me is that when nobody was watching, the NSA caught big mistakes, reported them and had a significant dialogue with the FISA [Foreign Intelligence Surveillance Act] Court on fixing them. The process is not perfect, but it has integrity,” says Benjamin Wittes, a senior fellow at the Brookings Institution.

But as new safeguards and reforms of domestic data gathering are being debated in Congress, there has been far less conversation about the NSA’s ever-expanding global footprint. By law, the NSA is mandated to gather foreign intelligence, and much of what has been revealed is consistent with the agency’s mission (which is detailed on the NSA’s website).

What is disconcerting, however, is how far the NSA has pushed the envelope. The agency remains an essential tool for protecting U.S. national security, but the disclosures of the past year also suggest that its zeal in pursuing its mandate risks undermining the same interests it is seeking to protect. In an era of rising privacy concerns, more frequent and larger leaks of classified material, and diminishing confidence in public institutions, the NSA and its political overseers must do a better job of weighing the need for security versus the growing perceptions of a surveillance state out of control. In short, the agency and its political bosses must do something that hasn’t been done enough since 9/11  think not only of the benefits of stopping the next terrorist attack but also of the costs.

When it comes to gathering domestic intelligence, the NSA must follow a very clear set of rules and legal mandates. But internationally, it can and does operate with far fewer legal constraints and virtually no significant congressional or judicial oversight. In the spying game, any piece of intelligence is considered fair game  and that’s been the agency’s modus operandi.

This has translated into an astounding set of operational capabilities. In the last year we’ve seen revelations about NSA activities that fall into the realm of traditional intelligence gathering, like tapping phones, spying on foreign intelligence services and collaborating with other governments to collect data. But there are also activities that have raised eyebrows, like the NSA’s efforts to break widely-used Internet encryption standards; plant devices, backdoors and malware from afar on target computers; and develop a broad and sophisticated set of tools that allow it to obtain information from computers, phones and gaming systems.

Some of what we’ve learned is simply mind-boggling. Recent revelations indicate that the NSA is recording all the phone records from the Caribbean island of the Bahamas. That it can collect and store so much data is amazing. What is downright shocking is that it can reportedly download the content of every phone call made on the island and store it for 30 days.

None of this is illegal under U.S. law, but it is demonstrative of the ardor even brazenness with which the NSA does its job. In the post-9/11 world, the NSA has adopted a maximalist position and sought to get its hands on as much data as possible.

In a 2007 speech, then-director of the CIA (and former head of the NSA) General Michael Hayden boasted that he “had a duty to play aggressively  ‘right up to’ the line. ...  I made it clear I would always play in fair territory, but that there would be chalk dust on my cleats.”

Hayden’s words were an indication of how serious many inside the intelligence community perceive threats to the United States to be. But bureaucratic politics figures in here as well. If there is another major terrorist attack, fingers will again be pointed at the intelligence community. Where was the incentive to be anything but as aggressive as possible?

According to Spencer Ackerman, who shared in the Pulitzer Prize won by the Guardian for its coverage of the Snowden leaks, you had a situation post-9/11 in which there is this “enormous bureaucracy, which has long been accessing mainly phone communications, and now all of a sudden there is a broad vista of digital information available to them.” Since “you don’t know what you need, you think ‘let’s get our hands on everything’” and the result is the most “powerful technology-advanced bureaucracy” in the U.S. government with a broad directive to stop the next attack. “I don’t buy nefarious explanations for what the NSA has done. There is no mustache-twirling villain [a popular phrase on Team Snowden]. The problems are much more institutional than they are purposeful," says Ackerman. 

This mandate appears to have seeped into everything being done by the NSA an organization that already had a culture of developing capabilities because it can, not necessarily because they are needed. The challenge of seeing how the NSA could manipulate the latest digital technology for its own purposes seems to have, in some cases, superseded questions of efficacy.

To be clear, this does not mean that the NSA is an agency that is completely out of control. The lion’s share of Snowden’s revelations describes legitimate intelligence-gathering activities. Moreover, the publication of the specifics of these programs has done significant damage to U.S. national security interests. There is, “not a single region of the world where U.S. operational capabilities in intelligence gathering have been unaffected,” says a former administration official who is familiar with the leak damage assessments done by the Office of the Director of National Intelligence. “The impact is off the charts.” The intelligence community is even seeing specific incidents where terrorists have been heard telling each other “we must stop communicating like this,” one senior government official told me.

But at the same time, the leaks have also identified specific examples of an agency that is overreaching and demonstrating a lack of political judgment. We can see this in stories related to U.S. spying on key allies and their leaders (such as Germany’s Chancellor Angela Merkel), surveillance of foreign companies (like Brazil’s Petrobas and China’s Huawei) and, above all, weakening Internet encryption standards — something that allows the NSA to get information from everywhere but in the long run may put ordinary citizens at greater risk of having their online communication purloined. This has undermined cooperation between the NSA and the private tech industry and has done serious near-term damage to U.S. relationships with key allies. Public trust in the U.S. government has also been significantly affected, which is driving the push for reform of the NSA at home and harming America’s reputation overseas.

It begs the question: Were the benefits of, for example, tapping Angela Merkel’s phone or weakening the encryption standards in ways that could potentially be used by “bad guys” really worth the costs? Did the NSA put its many legitimate intelligence-gathering programs at risk by too great a willingness to get chalk dust on its cleats? Were politically accountable leaders in the White House — whose job it is to think about the potential implications of exposure — asking these questions? Or rather were they concerned about the intelligence they were receiving and indifferent to how the sausage was being made?

In the wake of the Chelsea Manning leaks and now the Snowden leaks, the intelligence community simply must operate with an assumption that everything they are doing could one day be splashed across the front page — and respond accordingly. But that sort of guidance must come from their civilian overseers; otherwise, the NSA will continue to push the issue.

In his NBC interview, Snowden complained that NSA employees were being unfairly demonized — and he has a point.

“Blame,” says Thomas Rid, a professor of security studies at King’s College, “is being applied to the NSA, when it should be applied to public officials for failing to put proper restrictions on what the NSA was doing.” It’s a bit like heaping all the criticism for the Iraq War on the U.S. Army rather than the civilian leaders who sent them there in the first place.

“American political elites feel very empowered to criticize the American intelligence community for not doing enough when they feel in danger,” Hayden noted in a recent Frontline special looking at the NSA. “And as soon as we’ve made them feel safe again, they feel equally empowered to complain that we’re doing too much.” The comment may appear self-serving, but it’s not necessarily wrong.

The reality, says Wittes, is that “in almost every respect, the lesson from the Snowden leaks is that we have the intelligence community we’ve asked for.”

More than 12 years after 9/11, the United States continues to have a foreign policy mindset that demands zero tolerance on terrorism and treats even minor threats like existential challenges. In the pursuit of perfect security and in meeting the demands of a hugely expansive view of American power, the U.S. has failed to consider the ultimate consequences and potential political fallout — both at home and abroad — of what achieving that goal means. And that’s a challenge that goes far beyond the NSA.

Cohen is a fellow at the Century Foundation and a former columnist for the Guardian.