Lack of Dragnet Surveillance Isn’t Why Intelligence Agencies Missed 9/11

Originally published in The Washington Monthly on October 4th, 2013.

Senate Intelligence Chairwoman, Dianne Feinstein (D-CA), in an effort to protect the National Security Agency from a major reduction of its surveillance capabilities, is arguing that the U.S. could have prevented the 9/11 terror attacks had we had modern NSA powers back in 2000.

Feinstein declared in a Senate Judiciary hearing on Wednesday that before 9/11 “our intelligence was inadequate and we couldn’t collect enough data.” She argues that “absent these kinds of technological programs, we do not have an opportunity to pick [the information] up.” Her implication was that such reductions would render the U.S. government incapable of preventing future attacks.

How far the government, (and by extension, the public) pushes to reform / reduce / restructure the NSA will crystallize in the coming weeks as the national debate cranks up. But one thing is clear. Dianne Feinstein, who served on the Senate Select Committee on Intelligence when the Congressional Joint Inquiry into September 11was created, knows that there was quite a bit of ignored intelligence prior to the 9/11 attacks.

As co-director of the Center for International Security and Cooperation, Amy Zegart outlines in her book, Spying Blind, the problem before 9/11 was not really about a dearth of useful intelligence. To the contrary, there actually was much of that. Failures were more rooted in an inability to react to intelligence signals. This failure was, as Zegart argues, because of institutional resistance from intelligence agencies themselves, “whose structures, habits, cultures and procedures had grown impervious to change after decades of fighting the Cold War.” We had the capability to investigate pertinent intelligence prior to 9/11, but we didn’t.

Zegart argues that President Bush and Congress initially passed the PATRIOT Act, which reduced restrictions on law enforcement agencies’ ability to search individuals’ records and communications, eased restrictions on foreign intelligence gathering, and broadened the scope of detaining and deporting suspected terrorists, because it was “a lower cost approach to intelligence reform.” Bush saw he could use his unilateral powers more easily than “getting embroiled with the Defense Department.” Rather than engage in a politically costly intelligence reform fight, Bush opted for more minor changes through executive orders and announcements. From a political perspective, the PATRIOT Act was an ideal government response, but from a national security perspective, Zegart argues it was a real “squandered opportunity.”

Today Zegart says the near-term challenge is to “stop Congress from doing something stupid, such as the wholesale cancelling of NSA programs and capabilities.” However that appears to be a bit of a straw man fear, given it’s not really a seriously debated proposal. Zegart also argues in her book that U.S. intelligence agencies haven’t made much progress since 9/11 in terms of truly reforming their longstanding organizational cultures. Wide-scale metadata is probably not the panacea to these much-needed structural adaptations.

While we can’t ever know with full certainty what would have happened if we had modern NSA capabilities in 2000, we can surely make an educated guess. We do know what we didn’t do with the information and capabilities we possessed at the time. Feinstein says we couldn’t collect enough data, but as the Congressional Joint Inquiry showed, collecting data wasn’t really the issue.

All of this, coupled with Deputy Director of the NSA, John Inglis admitting in a Senate hearing that there is little evidence that the Section 215 phone record collection has helped to thwart terrorist attacks, and that evaluating the effectiveness of the practice is “a very difficult question to answer,” raises further questions about Senator Feinstein’s 9/11 assertions.

At Wednesday’s hearing, Senate Judiciary Chairman, Patrick Leahy (D-VT) discussed the prospect of a major reduction of the NSA’s powers. He supports curtailment that would go well beyond the NSA legislation Senator Feinstein is preparing; hers would focus primarily on transparency and oversight.

“Additional transparency and oversight are important,” Leahy said. “But I believe we have to do more.

Yet Leahy’s vision of “doing more” doesn’t really translate to the deep organizational changes Zegart advocates, either. Leahy pointed to things like the NSA’s secret interpretation of Section 215 of the PATRIOT Act, which allows the FBI to obtain all sorts of records so long as they’re ‘relevant’ to fighting international terrorism, andSection 702 of FISA, which the NSA has used to justify searching communication databases of U.S. citizens, as evidence for more serious governmental reform.

As such, Ron Wyden (D-OR) introduced a bipartisan bill that would, among other things, prevent the NSA from bulk-collecting Americans’ phone records under Section 215, and eliminate the NSA’s authority to install “backdoors” to monitor Americans’ internet communication.

Whether these proposals will provide sufficient reform to the intelligence community, both in terms of improving its effectiveness and restoring the public’s trust, remains to be seen.

The Threat To Internet Privacy

This editorial appeared in the Baltimore Sun on January 31, 2013.

This week, the United States, Canada, and the 27 countries in the European Union “celebrated” Internet Privacy Day. However, it seems there is little to really celebrate; the past few years have given rise to the largest increase in electronic wiretapping our nation has seen. To be sure, access to information is important for fighting crime and terrorism. However, because the major laws that govern Internet privacy were written in 1986, they fail to protect the modern-day security needs of American citizens. And despite Barack Obama’s campaign promises in 2008 to repeal policies that violate civil liberties, his administration is now not only supporting them but also quickly expanding their presence within the digital world.

The 1986 Electronic Communications Privacy Act (EPCA) was enacted before social networking sites were invented, and before the everyday use of email, Internet and cellphones. Thus, there are many unsettling constitutional quandaries that Congress simply could not have anticipated 27 years ago. For example, the bill says that the Fourth Amendment, which guards against unreasonable searches and seizures, applies to digital files — but only if they are not given to a third party. Yet third-party entities such as Google, Facebook and Dropbox hold some of our most private communications on their servers. The structure of the law as it is written gives more privacy protection to a yellow memo pad on your nightstand than emails on your Yahoo account.

In September, 2012 the ACLU released a report that stated the number of authorizations the Justice Department received to use “pen register” and “trap and trace” techniques on individuals’ email and network data increased 361 percent between 2009 and 2011. A “pen register” intercepts outgoing data from a phone or email account, while “trap and trace” intercepts incoming data. The ACLU also reports that the Justice Department used these measures to spy on phones 23,535 times in 2009 and 37,616 times in 2011, an increase of 60 percent.

Additionally, Google just released a report stating its company saw requests for information from the federal government increase by 70 percent over the past three years. In more than two-thirds of those cases, Google complied and released some amount of personal data. Sixty-eight percent of the requests Google received were through subpoenas, which typically do not require a judge’s approval. According to Google’s public statements, “Government agencies make requests … seeking information about Google users’ accounts or products. In [our] report, we are generally revealing statistics about demands in criminal investigations.”

To be sure, not all information requests are controversial, since these numbers reflect not only requests for “content” emails but also for basic subscriber information, which is not protected under the Fourth Amendment to begin with. Yet, while big companies like Google, Yahoo and Microsoft demand warrants for content requests, it is likely that smaller companies with less money for legal battles do not.

Google is not the only company facing a surge of government information requests. Verizon told Congress in 2007 that it received at least 90,000 such requests each year. And Facebook told Newsweek in 2009 that orders were arriving at the company at a rate of 10 to 20 a day. The number of requests and subpoenas has surely increased since then, but ultimately there exists no clear public mechanism to monitor exactly what information the government requests and receives from Internet companies. This is problematic.

The Obama administration has been too quiet on matters regarding digital security, and in situations where officials have spoken out, they’ve advocated for a greater ability to collect information, rather than less. In December, the administration reauthorized an extension of the Foreign Intelligence Surveillance Act, which allows the government to monitor overseas phone calls and emails without obtaining a court order for each intercept. While the law excludes Americans, there remains a lot of troubling obscurity as to the nature and execution of these powers. Additionally, the FBI has said that revising surveillance laws to make it easier to wiretap people who communicate online rather than by telephone is a top and urgent priority.

The FBI contends it is not seeking new, invasive powers but rather looking to keep its existing powers relevant in the modern age. However, the Obama administration, Congress and even the FBI have to work vigorously to protect the civil liberties and privacy of American citizens. As Internet Freedom Day (Jan. 18) and now Internet Privacy Day (Jan. 28) come and go, it is imperative that we actively seek to establish a clear and constitutional legal framework for the digital era.