Category Archives: NSA

Elgar, T - Why Obama should pardon Edward Snowden - 20160914

I have signed on to the letter asking President Obama to pardon Edward Snowden that was released today.  I know this will be an unpopular position among many of my former colleagues in the national security community.  My reasons for doing so are not fully captured by that letter.  They are different from those who see Snowden simply as a hero and the NSA as the villain.  I have concluded that a pardon for Edward Snowden, even if he does not personally deserve one, is in the broader interests of the nation.

Around the time Edward Snowden got his first job in the intelligence community, I decided to leave my position as an ACLU lawyer in the hope I could make a difference by going inside America’s growing surveillance state.  Surprisingly, senior intelligence officials took a chance on hiring me in a unique new office safeguarding civil liberties and privacy.  I began work in June 2006.

For the next seven years, I worked with a growing team of internal privacy watchdogs inside the intelligence community.  We reviewed the most secret surveillance programs in government, including the major programs that Snowden later leaked.  Our job was to ensure those programs had a firm basis in law and included protections for privacy and civil liberties.  While I am proud of the work we did, it is fair to say that until Snowden stole a trove of top secret documents and gave them to reporters in 2013, we had limited success.  It took a Snowden to spark meaningful change.

The NSA’s operations are essential to national security and to international stability, but it is hard to reconcile them with the values of a free society.  Snowden forced the NSA to become more transparent, more accountable, more protective of privacy—and more effective.  Today, the NSA’s vital surveillance operations are on a sounder footing—both legally and in the eyes of the public—than ever before.

For that, the United States government has reason to say, “Thank you, Edward Snowden.”

The Snowden Reforms

In the last four years, there have been more significant reforms to mass surveillance than we saw in the four decades before the Snowden revelations began.  Not since the post-Watergate reforms of the Ford and Carter administrations has the intelligence community faced such scrutiny.  The NSA has taken painful steps to open up.  The most secret of the government’s secret agencies will never be a model of transparency.  Still, it has never been more transparent than it is today.

Before Snowden, basic information like the number of targets of the NSA’s mass surveillance operations affected by court-ordered surveillance was a closely-guarded secret.  Today, the head of the intelligence community publishes an annual transparency report that provides these and other details.

Before Snowden, the NSA used a secret interpretation of the Patriot Act to amass a nationwide database of American telephone records.  Congress has now replaced this program of bulk collection with an alternative program that leaves the data with telephone companies.

Before Snowden, the secret court that authorizes intelligence surveillance never heard more than the government’s side of the argument. Now, outside lawyers routinely appear to argue the case for privacy.

Before Snowden, there was no written order, directive or policy that gave any consideration to the privacy of foreigners outside the United States.  When intelligence officials asked lawyers like me about privacy, it went without saying that we were talking about American citizens and residents.  Today, for the first time in history, apresidential directive requires privacy rules for surveillance programs that affect foreigners outside the United States.  In an agreement with the European Union, the American government has been forced to adopt new protections for foreign data. In the next few years, the NSA’s partners in the United Kingdom will have to justify the surveillance practices of both countries in court against human rights challenges.

In 2017, Congress will review PRISM—a program leaked by Snowden that allows the NSA to obtain e-mails and other communications from American technology companies.  The law that provides authority for PRISM expires at the end of the year. The law also gives the NSA access to the internet backbone facilities of American telecommunications companies, in a program called “upstream collection.”  Until Snowden leaked details about PRISM and upstream collection, little was known about how the law worked.  Thanks to Snowden, the debate over whether and how these programs should continue will be one in which the public is reasonably well informed – unlike the debates in Congress over the Patriot Act in 2001, 2005, 2009, and 2011, over the Protect America Act in 2007, over the FISA Amendments Act in 2008 and 2012, and over the constitutionality of the FISA Amendments Act in the Supreme Court in 2013.

The NSA’s new transparency about its surveillance operations showed that they were designed not to bring about a dystopian society where privacy would be abolished, but to collect intelligence vital to the national security.  To be sure, Snowden’s trove of documents and the investigations that followed showed some programs were more effective than others.  The same privacy board that reviewed PRISM said that the NSA’s bulk collection of American telephone records had “minimal value.”  The board could find “no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot or the disruption of a terrorist attack.”  Still, there has been remarkably little evidence of intentional abuse of the NSA’s sweeping powers for improper purposes unrelated to intelligence.  None was revealed by Snowden.  In response to inquiries from Congress in the fall of 2013, the NSA itself disclosed that itsinspector general had uncovered a dozen incidents over ten years in which analysts used overseas collection to spy on ex-girlfriends.

As a result, the programs Snowden exposed have all survived in some form.  In the case of telephone records, the NSA says that the privacy reforms adopted by Congress have actually resulted “access to a greater volume of call records” than before. Many of the NSA’s other mass surveillance programs also enjoy greater public support and legitimacy than they did before Snowden came along.  As Jack Goldsmith observeswryly, “These are but some of the public services for which the U.S. government has Snowden to thank.”

A Failure of Leadership

Edward Snowden’s actions caused great damage to national security.  They should not have been necessary to achieve the sensible reforms of the past four years.  That they were represents a failure of leadership by the intelligence community and the national security teams of the previous two administrations.  For me, that failure is at least in part a personal one.

As a privacy and civil liberties official inside the intelligence community, and later at the White House, my job was precisely to provide top officials with confidential advice about how to ensure that intelligence programs were protective of our liberties.  In doing so, I made just the sort of arguments that many have said Snowden should have raised internally instead of compromising classified information.  Unlike Snowden, I had direct access to the officials that could have made surveillance reform a reality—and who did so, after the Snowden leaks forced their hand.  There is no way a junior NSA contractor could have accomplished more.

Snowden’s critics argue that he should have made his concerns about privacy known through official channels without disclosing secrets and without breaking the law.  That would have achieved nothing—even in an imaginary world in which the agency had a perfect system for protecting whistleblowers.  Snowden’s concerns were not those of a traditional whistleblower.  Snowden’s complaint was not that the NSA was violating its rules, but that its aggressive pursuit of its mission—even as it largely adhered to its existing rules – posed a serious risk to privacy in the digital age.  If Snowden was wrong about mass surveillance being an “architecture of oppression,” he was certainly right about that, as many government officials have now acknowledged.

There is an inherent tension between the values of a free society and mass surveillance.  For Snowden and his supporters, the answer is easy.  End mass surveillance—which is to say, most of what the NSA does.  Those of us who believe that the NSA’s far-flung operations are essential to national security and global stability have the harder task of keeping mass surveillance under control.

If Snowden deserves our thanks for both this round of surveillance reform and thenext, it is only because the laws and institutions we created to control surveillance had become so obsolete.  Intelligence agencies should not need the shock of massively damaging leak to abandon programs that are not working and refine and improve those that are.  Disclosing details of classified programs should not be the most effective way to force change.

What Do We Do With Snowden?

It makes no sense for the United States government to pursue Snowden like a digital age Inspector Javert while at the same time admitting that his actions strengthened both our civil liberties and our national security.  This is especially true because it was the intelligence community’s own shortcomings that made his reckless leak the only effective way to achieve reform.

If Snowden returned to the United States today, of course, he would have to stand trial for disclosing classification communications intelligence, among other serious crimes.  This will never happen.  Snowden’s lawyers know he would likely be convicted and would face a lengthy prison term.  Under federal sentencing guidelines, an offender with no criminal history who is convicted of disclosing “Top Secret” communications information under 18 U.S.C. § 793(d) faces a prison term in the range of 168-210 months, or 14 to 17.5 years.  See U.S.S.G.M. § 2M3.2.  Snowden might face a considerably longer sentence if convicted of additional charges, or as a result of sentencing enhancements.  Naturally, Snowden prefers to stay abroad.

The law does not allow the public interest defense that Snowden says he wants, nor should it.  Permitting such a defense would encourage copycats.  A Snowden wannabe might hope his lawyer could convince a credulous jury that his leaks also had some positive outcome, even if the benefits were scant.  The Snowden disclosures were a unique watershed event, resulting in historic reforms.  It is highly unlikely a future leak of classified surveillance information would produce such positive change.

While Snowden might be enticed to return if offered a favorable plea agreement, negotiating such a deal would create poor incentives. One idea, favored by the top lawyer for the intelligence community, was for Snowden to plead guilty to a single felony charge and serve three to five years in exchange for his help undoing the damage he caused.  Through his lawyer, Snowden has said he would never plead guilty to a felony.  If a plea deal was ever really on the table, Snowden has less to offer every day, as the information he leaked becomes stale and the intelligence community moves on.  In any event, the Justice Department rightly objects to negotiating plea agreements with fugitives, to avoid giving those who flee prosecution an advantage over those that do not.

The Status Quo

Nevertheless, the status quo is clearly not in American interests.  Snowden’s exile in Russia is a continuing embarrassment.  Snowden has become a potent symbol for privacy and civil liberties, human rights, and an open internet in which surveillance operations are controlled by law.  His presence in Moscow is a gift to Vladimir Putin, allowing the Russian president to cynically pose as a defender of digital human rights.  Every time Snowden makes a virtual appearance before his admirers, the unspoken message is that he has been forced to seek asylum because the United States opposes these values.  The message is no less effective for being false and unfair.

By contrast with a trial or a plea agreement, a pardon is an unreviewable act of discretion by the president.  Presidents have used them not only to correct injustices, but also when the broader interests of the nation outweigh the importance of punishing a crime even where some punishment is clearly deserved.  Gerald Ford pardoned Richard Nixon to help the country move beyond Watergate.  Jimmy Carter pardoned draft dodgers to close the chapter on the Vietnam War.

Pardons are exceedingly rare.  A pardon sets no precedent and so creates no incentives.  Future leakers could not count on one.  Even if Snowden does not deserve a pardon for what former Attorney General Eric Holder called his act of “public service,” we should give him one and move on.  We are the good guys. It is time for the world to know it again.

Timothy H. Edgar is the academic director of law and policy at Brown University's Executive Master in Cybersecurity program, and visiting scholar at Brown University’s Watson Institute for International and Public Affairs. He was the first-ever director of privacy and civil liberties for the White House National Security Staff during President Obama’s first term, focusing on cybersecurity, open government, surveillance and data privacy. Under George W. Bush, Mr. Edgar was the first deputy for civil liberties for the director of national intelligence, from 2006 to 2009. He was the national security counsel for the American Civil Liberties Union from 2001 to 2006. He clerked for Judge Sandra Lynch, United States Court of Appeals for the First Circuit. He is a graduate of Harvard Law School and Dartmouth College.

Snowden Tried to Tell NSA About Surveillance Concerns, Documents Reveal - VICE 20160606

Snowden Tried to Tell NSA About Surveillance Concerns, Documents Reveal - VICE 20160606

On the morning of May 29, 2014, an overcast Thursday in Washington, DC, the general counsel of the Office of the Director of National Intelligence (ODNI), Robert Litt, wrote an email to high-level officials at the National Security Agency and the White House.

The topic: what to do about Edward Snowden.

Snowden's leaks had first come to light the previous June, when the Guardian's Glenn Greenwald and the Washington Post's Barton Gellman published stories based on highly classified documents provided to them by the former NSA contractor. Now Snowden, who had been demonized by the NSA and the Obama administration for the past year, was publicly claiming something that set off alarm bells at the agency: Before he leaked the documents, Snowden said, he had repeatedly attempted to raise his concerns inside the NSA about its surveillance of US citizens — and the agency had done nothing.

Some on the email thread, such as Rajesh De, the NSA's general counsel, advocated for the public release of a Snowden email from April 2013 in which the former NSA contractor asked questions about the "interpretation of legal authorities" related to the agency's surveillance programs. It was the only evidence the agency found that even came close to verifying Snowden's assertions, and De believed it was weak enough to call Snowden's credibility into question and put the NSA in the clear.

Litt disagreed. "I'm not sure that releasing the email will necessarily prove him a liar," Litt wrote to Caitlin Hayden, then the White House National Security Council spokesperson, along with De and other officials. "It is, I could argue, technically true that [Snowden's] email... 'rais[ed] concerns about the NSA's interpretation of its legal authorities.' As I recall, the email essentially questions a document that Snowden interpreted as claiming that Executive Orders were on a par with statutes. While that is surely not raising the kind of questions that Snowden is trying to suggest he raised, neither does it seem to me that that email is a home run refutation."

Within two hours, however, Litt reversed his position, and later that day, the email was released, accompanied by comment from NSA spokesperson Marci Green Miller: "The email did not raise allegations or concerns about wrongdoing or abuse."

Five days later, another email was sent — this one addressed to NSA director Mike Rogers and copied to 31 other people and one listserv. In it, a senior NSA official apologized to Rogers for not providing him and others with all the details about Snowden's communications with NSA officials regarding his concerns over surveillance.

The NSA, it seemed, had not told the public the whole story about Snowden's contacts with oversight authorities before he became the most celebrated and vilified whistleblower in US history.

Hundreds of internal NSA documents, declassified and released to VICE News in response to our long-running Freedom of Information Act (FOIA) lawsuit, reveal now for the first time that not only was the truth about the "single email" more complex and nuanced than the NSA disclosed to the public, but that Snowden had a face-to-face interaction with one of the people involved in responding to that email. The documents, made up of emails, talking points, and various records — many of them heavily redacted — contain insight into the NSA's interaction with the media, new details about Snowden's work, and an extraordinary behind-the-scenes look at the efforts by the NSA, the White House, and US Senator Dianne Feinstein to discredit Snowden.

The trove of more than 800 pages [pdf at the end of this story], along with several interviews conducted by VICE News, offer unprecedented insight into the NSA during this time of crisis within the agency. And they call into question aspects of the US government's long-running narrative about Snowden's time at the NSA.

* * *

The Obama administration spent the spring of 2014 engaged in highly classified talks centered around three events: Snowden's testimony to European Parliament in March, the release of a 20,000-word April 2014 Vanity Fair story about Snowden, and his first US television interview, with NBC News's Brian Williams, in May.

In all three instances, Snowden insisted that he repeatedly raised concerns while at the NSA, and that his concerns were repeatedly ignored. In his testimony to the European Parliament on March 7, he was asked whether he "exhausted all avenues before taking the decision to go public."

"Yes," he said. "I had reported these clearly problematic programs to more than 10 distinct officials, none of whom took any action to address them. As an employee of a private company rather than a direct employee of the US government"—Snowden had been a contractor with Booz Allen Hamilton when he leaked the documents—"I was not protected by US whistleblower laws, and I would not have been protected from retaliation and legal sanction for revealing classified information about law breaking in accordance with the recommended process."

Four days after Snowden's testimony, the chief of the NSA's counterintelligence investigations division sent an email with the subject line "Snowden Claims" to Richard Ledgett, the deputy director of the NSA and the head of the so-called Media Leaks Task Force established the previous year to investigate Snowden's leaks to journalists. Also copied were Leoinel Kemp Ensor, the NSA's security chief, and other NSA officials.

"As requested we, ADS&CI [the NSA's associate director security & counterintelligence] and FBI, have conducted extensive research into [Snowden's statement to the European Parliament]," the NSA counterintelligence official wrote. "This included a review of all interviews and case material to include all paperwork and interviews collected/conducted with contractors Dell and Booz Allen Hamilton."

In several emails, Snowden, as a systems administrator for Dell in August 2012, provided NSA officials with tech support on FISA templates.

"Our findings are that we have found no evidence in the interviews, email, or chats reviewed that support his claims," the NSA official continued. The official did, however, acknowledge that Snowden had at the very least brought up privacy while at the agency. "Some coworkers reported discussing the Constitution with Snowden, specifically his interpretation of the Constitution as black and white, and others reported discussing general privacy issues as it relates to the Internet."

Because none of the people interviewed by the NSA in the wake of the leaks said that "Snowden mentioned a specific NSA program," and "many" of the people interviewed "affirmed that he never complained about any NSA program," the NSA's counterintelligence chief concluded that these conversations about the Constitution and privacy did not amount to raising concerns about the NSA's spying activities.

That was the basis for the agency's public assertions — including those made by Ledgett during a TED talk later that month — that Snowden never attempted to voice his concerns about the scope of NSA surveillance while at the agency.

* * *

Snowden declined to answer a number of very specific questions for this story. His attorney, Ben Wizner of the ACLU, told VICE News that Snowden is "ambivalent" about discussing the issues raised by the NSA documents because he doesn't trust the NSA's motives for releasing them.

"[Snowden] believes the NSA is still playing games with selective releases, and [he] therefore chooses not to participate in this effort," Wizner said. "He doesn't trust that the intelligence community will operate in good faith."

Due to the review process conducted by the government before releasing requested documents, FOIA releases are "selective" by their very nature. A series of guidelines determines what the government can and can't keep from the public, but ultimately the interpretation of those guidelines can be relatively subjective. It is not a process unique to the NSA.

Related: Here's Every Email the NSA Got After Asking Americans for Tips on How to Protect Privacy

What's remarkable about this FOIA release, however, is that the NSA admitted it removed the metadata in emails related to its discussions about Snowden. In a letter disclosed to VICE News Friday morning following inquiries we made about discrepancies in some of the emails turned over to us, Justice Department attorney Brigham Bowen said, "Due to a technical flaw in an operating system, some timestamps in email headers were unavoidably altered. Another artifact from this technical flaw is that the organizational designators for records from that system have been unavoidably altered to show the current organizations for the individuals in the To/From/CC lines of the header for the overall email, instead of the organizational designators correct at the time the email was sent."

* * *

Snowden's email, which would go on to spark so much debate at the highest levels of government, from the NSA to the Department of Justice (DOJ) to Congress to the White House, was inspired by a question on a training test. The NSA portrayed it as an innocuous question that elicited a direct response when it released the email in 2014. But the declassified documents tell a somewhat different story, with multiple people from different departments becoming involved in formulating an answer.

On April 5, 2013 — a year before the Vanity Fair story came out — Snowden clicked the "email us" link on the internal website of the NSA's Office of General Counsel (OGC) and wrote, "I have a question regarding the mandatory USSID 18 training."

United States Signals Intelligence Directive 18 (USSID 18) encompasses rules by which the NSA is supposed to abide in order to protect the privacy of the communications of people in the United States. Snowden was taking this and other training courses in Maryland while working to transition from a Sysadmin to an analyst position. Referring to a slide from the training program that seemed to indicate federal statutes and presidential Executive Orders (EOs) carry equal legal weight, Snowden wrote, "this does not seem correct, as it seems to imply Executive Orders have the same precedence as law. My understanding is that EOs may be superseded by federal statute, but EOs may not override statute."

(Illustration by Todd Detwiler)

About 20 minutes after Snowden sent the email, an OGC office manager forwarded it to the Signals Intelligence Oversight and Compliance training group — the people who had designed the test.

"OGC received the question below regarding USSID 18 training but I believe this should have gone to your org instead," the office manager wrote. "Can you help with this?" The office manager also cc'd Snowden.

But the next working day, April 8, the email and question were sent right back to the OGC. The woman who did this would later explain to NSA investigators, "Although I felt comfortable answering his question, I thought it was more appropriate for OGC to respond since the authority documents include legalities and the individual wanted them ranked in precedence order." So she forwarded the email to two OGC attorneys who "had recently provided the hierarchy of the authorities" in the training program to which Snowden was referring.

Snowden's email was unusual, the lawyer recalled. Indeed, a Security & Counterintelligence official said in an email a year later that officials had spoken to "the lawyer who responded to Snowden's inquiry and she remembered considering calling Snowden since the inquiry was out of the ordinary. However, she decided not to and instead in her email invites him to call her if he wanted further discussion. She does not recall any actual telephonic contact by Snowden."

When one of the lawyers responded to Snowden that Monday, she cc'd five people: three in the Oversight and Compliance Office (referred to at the agency with the letters SV), as well as two other OGC lawyers.

The lawyer who responded to Snowden explained to him in an email, "Executive Orders (E.O.s) have the 'force and effect of law.' That said, you are correct that E.O.s cannot override a statute." Snowden read this email, then put it in a folder in his inbox.

In a recent interview with VICE News, Litt, who in 2014 had expressed misgivings about the email before reversing himself, said: "To the extent Snowden was saying he raised his concerns internally within NSA, no rational person could read this as being anything other than a question about an unclear single page of training."

Less than six weeks after he sent the email, Snowden would be on a plane to Hong Kong with thousands of highly classified government documents. In a report on the subsequent investigation, a special agent pointed out what Snowden had already done by the time he sent his email.

"It should be noted this is four months after contacting Glenn Greenwald (according to Greenwald) and three months after contacting Laura Poitras (according to Poitras and Greenwald)," the special agent wrote. Poitras is the filmmaker Snowden originally contacted along with Greenwald and Gellman. "So this email is not evidence that he tried to raise concerns about NSA procedures through official channels before turning to the media." It is not clear whether Snowden had yet shared any documents with the journalists.

* * *

In April 2014, the month after he testified before the European Parliament, Snowden again challenged the NSA's public narrative about his failure to raise concerns at the agency. In advance of the publication of the Vanity Fair story, the magazine posted apreview online on April 8. "The NSA... not only knows I raised complaints, but that there is evidence that I made my concerns known to the NSA's lawyers, because I did some of it through e-mail," he said. "I directly challenge the NSA to deny that I contacted NSA oversight and compliance bodies directly via e-mail and that I specifically expressed concerns about their suspect interpretation of the law."

Later that day, someone from the Media Leaks Task Force circulated an email with the subject line, "FYSA: Snowden Allegation in Pending Vanity Fair Article." (FYSA is an acronym for "for your situational awareness.") A day later, Rogers, who had been NSA director for only a week, stated that he favored openness and transparency in the agency's response to Snowden.

"Let's be ready to be very public here," Rogers wrote in an email to Ledgett, De, Ethan Bauman (the director of the NSA's Office of Legislative Affairs), Frances Fleisch (the agency's executive director), and other officials whose names were redacted. "If [Snowden's] claims are factually incorrect and we do not have security concerns with the subject matter we should be very forthright in stating his claims are factually incorrect. I want us to do the coordination ASAP [versus] waiting for an article and then spending three weeks debating our way ahead."

This was easier said than done. On the morning of April 10, a day before the full Vanity Fair article was published, someone at the NSA sent an email to Arlene Grimes in the agency's office of public affairs, cc'ing several other officials, to recommend "the best way forward" in light of Rogers' directive.

"One of the key issues in any response will be the degree of certainty we express on the specific issue of outreach by Snowden to express concerns," the NSA official wrote.

Henceforth, the Media Leaks Task Force's main mission would be to take "more proactive actions to undermine future and recurring false narratives" by Snowden, as one NSA official wrote. The task force could use Snowden's email, the official said, to accomplish that goal by "contacting Vanity Fair BEFORE they publish and let them know that we plan to immediately and publicly challenge that assertion AND make clear that we warned Vanity Fair that the facts are wrong."

To go forward with this plan, the NSA needed two things: Absolute certainty that Snowden had not communicated his concerns, and approval from the DOJ to release the email.

The NSA appeared to have neither.

Emails show that the DOJ preferred that Snowden's email not be publicly released. In addition, some in the NSA believed that additional investigations were necessary to ensure Snowden had not raised concerns.

"We need great certainty about whether or not there is/was additional correspondence before we stake the reputation of the Agency on a counter narrative," a person from the task force replied in an email addressed to counterintelligence, the legislative affairs office, and the office of general counsel on April 9. "I am going to trigger an action for the appropriate organizations to do an e-mail search [redacted] to affirm that there is no further correspondence that could substantiate Snowden's claim."

A little before 6:30 the next morning, someone from the task force sent an email to the chief of the NSA's counterintelligence division.

"One last question that woke me up last night, do you know if [redacted] who received the April [2013] e-mail from Snowden was specifically asked if she received any further correspondence?" the person wrote. "I ask only because there probably isn't anyone checking her e-mail queue since she is now retired. I'm just trying to be as sure as possible we've asked the right people and checked the right places for any potential surprises."

The woman in question was the lawyer at the OGC who had addressed Snowden's email and its query about legal hierarchies. (She had indeed retired from the NSA in the interim.) The counterintelligence chief wrote that the woman had not recalled any interaction when she was questioned by the NSA in the wake of Snowden's leaks, but that he would "triple check."

The counterintelligence chief got in touch with the retired lawyer, and about an hour after their conversation, sent another email.

"Spoke with [redacted] at home," the chief wrote. "She said no telephonic contact after the email. Also confirmed that Snowden did not reply to her response which matches what we see in the email. Our review of his email did not turn up any additional emails that match the description in the [Vanity Fair] article. I truly believe we have the right one. I have asked DOJ to call me so we can discuss the release issue [of the email]. I have heard that [redacted] is not happy that I am talking to DOJ, but I am not too concerned with that right now."

"Thanks," the task force official replied. "I'll visit you when they put you in prison for talking to DOJ."

Bauman sent an email on the afternoon of April 10 to David Grannis, then the staff director for the Senate Intelligence Committee, and other congressional staffers alerting them to the pending Vanity Fair article. Bauman also provided them with a redacted copy of the Snowden email.

On April 11, Vanity Fair released its story. That afternoon, Ledgett sent an email to Teresa Shea, the director of signals intelligence — or SIGINT, which is responsible for decoding electronic communications — and a number of officials whose names were redacted. (Later that year, Shea left the NSA after BuzzFeed reported that she and her husband ran a SIGINT "contracting and consulting" business out of their house in what appeared to be a conflict of interest with her official NSA duties.) The email, with the subject line, "Vanity Fair Article With Fugitive – May Cause Additional Work," said "the much anticipated Vanity Fair article with the fugitive is out.... Probably the most concerning issue in the article is the fugitives [sic] assertion that he raised complaints with NSA lawyers and oversight and compliance personnel."

(Illustration by Todd Detwiler)

The scramble in the lead-up to the article's publication to make certain Snowden hadn't logged his concerns within the agency is especially notable in light of one fact: Ledgett had already said unequivocally that Snowden hadn't raised any formal concerns — and he had said it in the article itself, having been interviewed well in advance of its publication. He added that if Snowden made his concerns known to anyone personally, they had not stepped forward to alert the NSA during the agency's subsequent internal investigation.

The article, and Snowden's assertion in it that he had repeatedly made his concerns known in email, was the catalyst for VICE News' initial FOIA request, filed the same day the preview was released. But the assertion did not prompt widespread coverage in the media, which may have given NSA officials the impression that the agency could move on.

"The good news is that this article has not received any bounce and there have been no media queries today," Grimes wrote on the afternoon of April 10.

Grimes spoke six weeks too soon.

* * *

On the morning of May 23, 2014, Matthew Cole, then an investigative reporter with NBC News, sent an email to NSA public affairs. He wished to alert them to NBC's exclusive on-camera interview with Snowden, which would be his first with a US television network. (The interview had first been revealed by the Washington Post a day earlier.)

"As you may have seen, NBC News will be airing a long interview with Edward Snowden," Cole wrote in an email addressed to NSA spokesperson Vanee Vines and ODNI spokesperson Shawn Turner. "Given that he makes plenty of claims in the interview, I have the enviable job of checking the veracity of said claims. Is it possible to discuss by phone at your earliest convenience?"

Vines asked him to put what he needed in writing.

"Let's start with this one, but I will still need to have a follow up phone conversation," Cole responded. "Can the NSA and/or DNI confirm or deny that Mr. Snowden sent emails to the NSA's OGC or any other internal/agency legal compliance body? NBC News is aware that in the past NSA has denied that they can find any such emails."

The same day, Cole submitted a short FOIA request to the NSA, asking for "any and all emails, documents, or any other form of communication" between Snowden and any legal authorities within the agency. Although VICE News and a number of other media outlets had already filed FOIA requests for the same documents, the NSA now began to discuss taking quick action because of the pending broadcast of NBC's interview.

Vines was part of the team that had spent several weeks dealing with identical claims Snowden had made to Vanity Fair a month earlier, so she was well aware of the existence of Snowden's lone email. But she was coy with Cole.

"What do you mean? An email about *what*?" Vines wrote to him before repeating an NSA statement from December 2013 saying that investigations found no evidence that Snowden ever brought up his concerns.

Cole responded by asking for the documents again, "based on more detailed claims in our interview."

Vines immediately forwarded the exchange to De, the NSA's general counsel.

"[With] its story done, NBC is asking us to fact-check. Incredible," Vines wrote. "We'll get more info soon from the producer. In the meantime, there's apparently a fresh claim about email the leaker [Snowden] allegedly sent to OGC or a compliance official."

De, a staunch advocate for releasing Snowden's email, informed Vines that the NSA had already been speaking to the White House about Snowden's claims. He asked Vines to see if she could ferret out additional details from Cole about the interview.

Later that day, Feinstein, the chairwoman of the Senate Intelligence Committee, sent word over to the NSA that she expected a "forceful NSA response" to Snowden's claims.

"You can help temper expectations by making clear [to Feinstein] that we were not aware of this story before it was publicly advertised and until yesterday had not been contacted to respond to any issues," the person wrote. "We have not been and don't expect to be given much if any detail beyond the public 'teaser.' We can only crystal ball so much, especially when the protagonist is not bound by facts or the truth."

Vines sent out a "situational awareness" email alerting NSA officials that NBC News had an "'agreement'/relationship with Mr GlennG [Glenn Greenwald]. It has been working w/him on stories in recent months." A separate email was sent by another NSA official to Fleisch and others at the agency that said Greenwald, Poitras, and Greenwald's husband, David Miranda, "may also be involved in the broadcast." Fleisch then informed Rogers, Ledgett, and Elizabeth Brooks, the agency's chief of staff, about the pending broadcast; intense discussions were held to determine how the agency, and the Obama administration, would respond.

The following morning, De sent someone at NSA an email with the subject line "NBC/email."

"I need very senior confirmation [Kemp/Moultrie) [a reference to the NSA's director of security and Ron Moultrie, then the NSA's deputy SIGINT director] that all possible steps have been taken to ensure there are no other emails from [Snowden] to OGC," De wrote.

Those assurances apparently could not be provided — even though the agency had publicly been saying over the course of a year that no other relevant communications from Snowden existed.

(Illustration by Todd Detwiler)

"Raj, if you are looking for 100% assurance there isn't possibly any correspondence that may have been overlooked I can't give you that," an NSA official, whose name was redacted, wrote in response to De. "If you asked me if I think we've done responsible, reasonable and thoughtful searches I would say 'yes' and would put my name behind sharing the e-mail as 'the only thing we've found that has any relationship to [Snowden's] allegation. Give [sic] Snowden's track record for truth telling we should be prepared that he could produce falsified e-mails and claim he sent them. The burden then falls to us to prove he didn't (you know how that will end)."

That morning, Hayden, the National Security Council spokesperson, sent an email to Vines, Stuart Evans at the DOJ, and Litt at the ODNI, which is entirely redacted. At about the same time, De emailed someone asking, "Why is DOJ weighing in on our obligations under privacy act," an indication that Justice was interfering in the NSA's decision to release Snowden's email.

"I have no idea," the person responded to De.

In the early evening of May 24, Rogers suggested that the NSA finally release Snowden's email, which Rogers mistakenly said Snowden had addressed to the agency's Inspector General (IG).

"I'd love to share the specifics of the only e-mail we have that [Snowden] sent to the IG which asked a very broad question on the hierarchy of law vs the direction in regulation and other publications and which never mentioned privacy concerns once," Rogers wrote.

An NSA official offered up several options for dealing with NBC News, only one of which was left unredacted: "Option 1 – Engage NBC in dialog before their program airs about our factual understanding (a single outreach [from Snowden] noted, barely relevant to his claims."

That's the option Rogers chose.

Vines then sent a note about whether the NSA should release Snowden's "ONE email to NSA OGC (and OGC's response to his very benign question." Included on the correspondence were officials from the NSA, the DOJ, and the White House. Vines noted that a number of news organizations had filed FOIA requests for any emails in which Snowden raised concerns, and if the NSA were to release the single email the agency said it found, it would need to be released "to all."

Several responses by Hayden, De, and Litt followed and continued throughout the weekend; Hayden appeared to have enormous influence over whether the NSA could release the email.

On Tuesday, May 27, a day before NBC aired the first part of its interview, Cole emailed Vines and asked her to respond to seven very specific questions about Snowden and his work, though none touched on whether Snowden raised concerns at the agency.

Vines forwarded the email to officials but didn't respond to Cole's queries.

It appears that during the weeklong exchange between officials at the NSA, DOJ, ODNI, and White House, someone went above Cole's head and reached out to executives at NBC. In an email Vines sent to Hayden on May 28, she said that Cole once again contacted her seeking a response to his inquiries.

The NSA's release of a 2013 email to employees marks the first official confirmation that Snowden had also worked with the CIA.

"Matthew Cole, the 'investigative producer', assigned to NBC's project, again asked... about the e-mail today," Vines wrote. "I'm guessing that execs above him have not filled him in."

Hayden's reply was redacted, but it appears that NBC was informed about the email, possibly by Hayden. In another email on May 28 to Vines, De, and other senior White House and DOJ officials, Hayden said NBC contacted her and asked "whether our search was just of e-mails to OGC or also to the Compliance Office. Can folks confirm?"

"EVERYTHING email and registry wise was checked," someone whose name was redacted responded.

That evening, NBC News aired the first part of its interview with Snowden, which included his claims that he raised concerns and complaints about NSA surveillance programs before he made off in May 2013 with thousands of classified documents.

"We should release the Snowden email ASAP," De wrote in an email late that evening to Ledgett and another person whose name was redacted.

Unlike the Vanity Fair story, the NBC News report generated widespread media interest. Just before midnight on May 28, Vines sent a "situational awareness" email to Hayden, De, and others.

"Reuters is now pounding the pavement over the email issue," she wrote. "[Brian] Williams clearly said multiple sources confirmed at least 1 email" that Snowden had sent raising his concerns.

Vines had been hoping the NSA could immediately respond to the claims by releasing the email, thereby undercutting Snowden. Hayden, however, said the administration would not be able to resolve that question "tonight." Hayden added that she saw "relatively little Twitter discussion on the interview."

By the following morning, the NSA was hastily arranging to have the email released. The agency prepared a rough Q&A for officials there and at the White House and DOJ focusing on questions to which they would have to be prepared to respond, such as: "What is the training and awareness provided to gov't and contractor employees about reporting activities they perceive to be inconsistent with law or ethics?... Did we receive correspondence from Edward Snowden about his concerns?... How was our search for any correspondence from him conducted?... Is it possible there is correspondence we overlooked, didn't record?"

Also on the morning of May 29, Litt, in an email sent to high-level officials at the NSA, White House, and DOJ, shared a communication he received from Grannis, the staff director for Feinstein at the Intelligence Committee, about Snowden's email:

FYI received the attached from David Grannis, which I believe may reflect conversations he had with others as well.

Is there any reason not to make public the one email that NSA/FBI have located between Snowden and NSA people involving a legal question? That email is certainly not what Snowden described in the interview.... The only reason that I can see not to release the email exchange is if people are concerned that there are other emails out there, so I suppose that is a question of how confident are people in their ability to search old records. That shouldn't be too difficult.

(By the way, Sen. Feinstein spoke last week to [White House Chief of Staff] Denis McDonough and [Obama's counterterrorism adviser] Lisa Monaco about this very thing, having been tipped off it would be part of the interview. I followed up with NSA OLA [Office of Legislative Affairs] to make sure there was a response in place. I haven't seen anything yet.)

De appeared to be exasperated.

"OK. I seem to be the only one who thinks we should do something, so I will back off if everyone disagrees," he replied.

"Raj: This is still an active discussion," Hayden responded.

De, who has since left NSA, did not respond to requests for comment.

About three hours before Snowden's email was publicly released — and while Hayden, De, Litt, and the NSA's public affairs team continued to debate the merits of the release — a special agent assigned to the NSA's counterintelligence division sent an email to other counterintelligence officials about additional Snowden emails found within divisions at the NSA Snowden said he had contacted with his concerns.

There were about 30 emails discovered from the security office that Snowden either sent or received. The special agent said many of them were "blast emails" from a redacted source to an email list to which Snowden belonged. There was an email thread asking Snowden to call and discuss an issue he was having with his access card. And there was a thread in which Snowden wrote that his girlfriend had been invited to apole dancing competition in China; presumably, he queried security officials about whether they could attend.

They were "counseled against... going," according to the special agent.

A special agent assigned to NSA counterintelligence provides a breakdown of emails the NSA said it found from offices Snowden said he contacted.

The special agent said there weren't any emails that Snowden sent or received from the Office of Inspector General. But there were seven emails discovered in the OGC, five of which were "regarding the ability to open certain documents."

"Strictly a technical trouble shooting email thread," the special agent wrote.

The confidence that the NSA would soon display publicly that it discovered only one email was not reflective of what was taking place behind the scenes. De was still looking for assurances that it was the only communication from Snowden — but no one could confidently say there weren't other emails that had been overlooked.

"I would encourage you to work with your staff to give yourself confidence that requests of your folks to check for records are/were sufficiently robust to underpin your personal level of confidence," someone at the NSA said in an email to De hours before Snowden's email was released. "l am not in any way suggesting that people did not take the requests seriously — they did, but they did so under time pressure."

Rogers was informed via email by someone at the NSA whose name was redacted that the plan, which was based on "dialog with the White House," called for White House press secretary Jay Carney to read a prepared statement and indicate that the one email Snowden wrote, "the same benign email that you and I discussed," would be released later in the day.

Carney was scheduled to give his daily press briefing at 12:30pm and would read a statement the NSA sent over characterizing Snowden's email. He would also be prepared to answer questions, if any were asked, about how the NSA planned to respond to Cole's FOIA request.

Vines said she intended to contact Cole and other journalists and would provide them with the email and the NSA's statement. Yet even as Carney's briefing was taking place, NSA officials were still trying to locate additional correspondence.

In the two years since the email was released, the NSA has not walked back its insistence that Snowden failed to raise concerns internally.

* * *

The NSA, of course, had not waited for Snowden's public comments in the spring of 2014 to start looking at his emails and investigating him. They started shortly after he leaked the documents in 2013.

On June 10, 2013, one day after Snowden revealed that he was the source of the leak in a video interview posted on the Guardian's website, the NSA sent an email out to its workforce seeking information from employees who'd had contact with Snowden. The email identified Snowden as a "current NSA contractor and former CIA affiliate"; the NSA's release of this email to VICE News marks the first official confirmation that Snowden had also worked with the CIA.

The email the NSA sent to its workforce the day after Snowden revealed himself. In it, the NSA identifies Snowden as a former CIA affiliate.

In a declaration filed last year in US District Court in response to our FOIA lawsuit, the NSA's director of Policy and Records, David Sherman, said that after Snowden leaked details about NSA surveillance programs, the agency collected and searched each and every email Snowden sent.

During a hearing in the case, Justice Department attorney Steve Bressler told US District Court Judge Ketanji Brown Jackson that "there were many searches very carefully conducted by human beings. These were manual 'eyeball on every email' searches conducted by people."

"My staff searched for any records expressing concern about NSA programs by reviewing each individual email in context to see if it was responsive," Sherman said.

The NSA defined a "concern" as a "worried feeling or state of anxiety about NSA programs rather than bringing up for discussion or consideration a matter of interest or importance." How the NSA applied that narrow definition of "raising concerns" to the emails they reviewed isn't clear.

* * *

Though the NSA publicly expressed confidence it would have found among all of Snowden's emails ones that more directly involved his concerns with domestic spying, it appears the agency did not obtain all of Snowden's emails. On April 10, 2014, a member of the media leaks task force asked the chief of the Counterintelligence Division whether "we had a clean capture of all of his work e-mail related to high-side [classified] email — to include any engagement with his Booz chain?"

The response notes that "we have his [Top Secret] NSANet email and his UNCLASSIFIED email," but is followed by several redactions, one quite long.

In June, the chief of staff of the Associate Directorate for Security and Counter Intelligence corrected a document for accuracy to clarify they had "reviewed all of the email and NSANet social media posts authored by Edward Snowden which we have been able to obtain," seemingly suggesting they were not confident they had obtained them all. Yet several other emails suggest NSA officials were confident they had gotten everything from Snowden's "final acts in government."

The same chief of staff also admitted, "it remains possible that unrecorded verbal communication existed between Snowden and one of the offices he cites, but we have not located any individual who remembers any such hypothetical conversations."

As it would turn out, more communications were located. But a person or people at the agency withheld these details, which contained important context about Snowden's correspondence, from the media — and initially even from Rogers.

* * *

About an hour after the email was released, and a few hours after Carney said only one piece of correspondence from Snowden had been located, a member of the Media Leaks Task Force sent an email to a dozen people and offices at the NSA saying the Office of Director of Compliance "reminded us of some other 'interactions' with Snowden that may need to be considered."

"[Redacted] dug this one out of the SSCT files for us.... It displays 2-3 additional contacts with the SV [Oversight and Compliance] contingent that we need to consider... but they do not appear to have any 'alarm' or 'concern' for illegal pr [program] questionable activities on the part NSA," the email said.

The emails found included the one that had been released, a "personal exchange" with an Oversight and Compliance official Snowden had when he "appeared at her desk with concerns about 'trick questions' in the test he was taking being the reason why he failed the test." And the technical email exchanges related to a FISA "document template" in August 2012 while he served as a systems administrator with Dell. (FISA, or the Foreign Intelligence Surveillance Act, dictates a legal framework for wiretapping and other surveillance.)

The task force "does not see these as items that show his 'concerns'... but they do show interaction with the Compliance elements [that Snowden said he had and which the NSA denied] for NSA, albeit administrative in nature," the email said.

About 10 minutes later, a special agent from NSA's counterintelligence investigations division replied and said, remarkably, that they were unaware that Snowden had a verbal discussion with compliance.

"The in person contact is news to me, but again, not an actual complaint about the law or authorities (just that we use trick questions in our tests)," the special agent wrote.

An NSA counterintelligence investigations official reveals in an email, nearly one year after Snowden's leaks, that they were unaware Snowden had an in-person discussion about his concerns.

Forty-five minutes later came another reply, this one from the chief of the signals intelligence directorate's strategic communications team, a lieutenant colonel in the US Army, who asked his NSA colleagues to do a bit of soul-searching, and perhaps admit that they should shift their focus away from trying to hold Snowden accountable and instead focus on repairing the NSA's "brand."

"The contentions by the fugitive that he had umbrage with programs are not apparent, in any fashion, in these communications," the lieutenant colonel wrote.

The lieutenant colonel went on to say that the type of test Snowden had been taking when he asked about legal hierarchies was a standard one given to junior analysts or someone new to working signals intelligence at the National Threat Operations Center (NTOC). This, he argued, proved that Snowden was not working in a senior capacity at the NSA.

"Complaints about fairness/trick questions are something that I saw junior analysts in NTOC (and I had about 8 of them on my team in 20 months) would pose — these were all his and positional peers: young enlisted Troops, interns, and new hires," the officer wrote. "Nobody that has taken this test several times, or worked on things [redacted] for more than a couple of years would make such complaints."

Despite the discovery that Snowden had additional contacts with other divisions within the NSA — which the agency did not inform the media about, and which officials did not disclose to Rogers — a decision was made not to make mention of it in a final Q&A document prepared for the White House.

"There are obviously lots of contacts Snowden had with folks in various organizations of NSA while he was in access," wrote the NSA's deputy associate general counsel for administrative law and ethics in an email later on the afternoon of May 29, 2014. "So long as the Q and A remain fashioned about correspondence regarding 'his concerns' — i.e. reporting of violations; questions of lawfulness, etc... then it seems like the planned approach will still be accurate."

Later that day, Rogers sent an email to several officials and the public affairs office stating that the NSA should be proactive and transparent with the public "as long as we don't endanger any follow-on legal action."

"SEN Feinstein adding her thoughts to the public would be of value to the public I believe," Rogers said.

In a statement Feinstein posted to her website that afternoon, she noted that she was the one who had released the email and that the NSA told her committee it found no other "relevant communications from Snowden... in email or any other form," which turned out to be untrue. The email, her statement said, "poses a question about the relative authority of laws and executive orders — it does not register concerns about NSA's intelligence activities, as was suggested by Snowden in an NBC interview this week."

Shortly after the email was released, the Washington Post's Barton Gellman published an interview with Snowden, who responded to the release of the email by saying it was "incomplete."

It "does not include my correspondence with the Signals Intelligence Directorate's Office of Compliance, which believed that a classified executive order could take precedence over an act of Congress, contradicting what was just published. It also did not include concerns about how indefensible collection activities — such as breaking into the back-haul communications of major US internet companies — are sometimes concealed under E.O. 12333 to avoid Congressional reporting requirements and regulations," Snowden said.

Snowden's statement resulted in a barrage of media inquiries to the Office of Public Affairs and dozens of FOIA requests seeking any additional material showing that he raised concerns. However, the NSA refused to entertain any additional questions, instead providing reporters with a copy of their prepared statement and the sole email.

A day after Snowden's email was released, the public affairs office asked the OGC to clear a statement to be sent to the NSA workforce. Grimes, one of the public affairs officials, explained in an email that "several questions" were submitted to the media leaks internal communications website since Snowden's NBC News interview had been broadcast two days earlier. The message to the workforce contained the prepared statement Carney read at the White House briefing along with a statement directed to NSA employees.

"We understand the frustration many must feel," a draft copy of the statement said. "Please understand we are making every effort to ensure that NSA continues to be transparent with the public while protecting sources and methods and the integrity of the investigation."

That evening, a special agent with the NSA's counterintelligence investigations wrote an email to others at counterintelligence, whose names were redacted:

"It's going to need to be crystal clear that we denied having correspondence containing any complaints, not that we denied having any correspondence period."

* * *

There were reasons to doubt the completeness of the NSA's search for Snowden's emails within an hour of the NSA's release of Snowden's one email.

At 1:13pm on the day the email was released, someone in OGC identified a new version of the OGC contact, which appears to have been missed because OGC (like Oversight and Compliance) alerted the counterintelligence people — not the Media Leaks Task Force — about the contact after Snowden came forward. By 3pm, those responding had found two more details they hadn't known before, including that the compliance woman had had a face-to-face interaction with Snowden, and that he had provided help to a compliance person having technical issues.

While the efforts on both the document search and the Q&A document continued, on June 3 it took on new urgency. Elizabeth Brooks, the NSA chief of staff, started doing a "review of the thoroughness of the check for material which may represent outreach by Edward Snowden to officials at NSA along the lines of what he claimed."

Multiple people offered to help, sending email threads from the previous days and weeks. By the end of the day, a senior member of the Media Leaks Task Force apologized to Rogers that he or she hadn't adequately informed him — and the 31 other people receiving the mail — about Snowden's interactions.

"I, as the accountable NSA official for Media Disclosures issues, accept responsibility for the representation that the only engagement we have uncovered is a single web platform e-mail engagement with an attorney in the NSA Office of General Counsel," the person wrote, taking responsibility for leaving NSA leadership "insufficiently informed about this matter," and promising "to correct for that going forward."

The first page of the apology email sent to Rogers and cc'd to more than 30 others.

The email went on to explain what days of searches had discovered were in fact three interactions between Snowden and the Oversight and Compliance Office: the emailed question the training person received and then sent back to OGC; a face-to-face interaction with another training person; and Snowden offering assistance troubleshooting a problem with a document template while working for Dell in 2012.

The email includes a passage that describes the process NSA used to assess whether Snowden had raised concerns.

"Through interviews, research and solicitations for information in support of investigative and other requirements we have accumulated a set of data which represents our best, most authoritative capture of encounters initiated by Edward Snowden which may have some bearing on the investigation, media disclosures or his claims," the apology explained. "We cannot affirm with 100% certainty that this is a complete set of information, that would be impossible to achieve, but it is a body of knowledge upon which we can and have drawn some defendable conclusions."

The apology then reviews Snowden's claims, and concludes, in part, "no examples have been found that rise to the level of his claims." The apology is a remarkable example of accountability, but it still doesn't tell the whole story.

When the NSA first released Snowden's email, it suggested his question was simple and the answer straightforward. This was superficially true; does the NSA have to follow the laws passed by Congress — a set of laws generally called the Foreign Intelligence Surveillance Act — or can a presidential executive order, which for the intelligence community would be Executive Order 12333 (it governs intelligence activities), override that family of laws? OGC told Snowden that NSA has to follow the laws passed by Congress.

But the General Counsel's office and Oversight and Compliance had actually just been collaborating on the subject of Snowden's question as part of a revision to the training course. "Two of the OGC attorneys had recently provided the hierarchy of the authorities during the OVSC1800 [USSID 18] course development meetings," the Oversight and Compliance training woman said a year later while explaining why she sent the question back to OGC to answer. Perhaps for that reason, the two departments engaged in a discussion about who would answer it; six or seven people got involved in the response.

Then there was the in-person contact with Snowden. As the Oversight and Compliance training woman described in an email written a year later, he "appeared at the side of my desk in the Oversight and Compliance training area... shortly after lunch time." Snowden did not introduce himself, but "seemed upset and proceeded to say that he had tried to take" the basic course introducing Section 702 "and that he had failed. He then commented that he felt we had trick questions throughout the course content that made him fail." Once she gave him "canned answers" to his questions, "he seemed to have calmed down" but said "he still thought the questions tricked the students."

That may well have been what the exchange seemed like to the woman, though it is unlikely Snowden, who six weeks later would walk out of the NSA with thumb drives full of NSA secrets, was agonizing over failing an open-book test.

After fixing an obvious error in her description of the exchange she provided a year later, the Oversight and Compliance training woman said it would have happened "during the timeframe between 5-12 April 2013." That means the exchange occurred within a week — and possibly on one of the same days as — the discussions about how to respond to Snowden's emailed question to OGC, a question that was characterized as unusual. The training woman said Snowden did not introduce himself, which means she wouldn't have known he was the same person whose question she had sent back to OGC; nothing in her explanation reveals how she came to understand it was Snowden. But the NSA's records show OGC received complaints from Snowden about at least two different training programs within days, and that he knew they were speaking to each other about his question. In its internal assessment of Snowden's communications with the agency, however, the NSA treats these as two separate incidents.

There's evidence the NSA's training materials and courses at the time had significant errors. A revised Inspector General report on Section 702 of FISA, reissued just days before Snowden returned to Maryland for training on the program in 2013, found that the Standard Operating Procedures (SOPs) posted on the NSA's internal website, purportedly telling analysts how to operate under the FISA Amendments Act passed in 2008, actually referenced a temporary law passed a year earlier, the Protect America Act.

"It is unclear whether some of the guidance is current," the report stated, "because it refers only to the PAA," a law that had expired years before. A key difference between the two laws pertains to whether the NSA can wiretap an American overseas under EO 12333 with approval from the attorney general rather than a judge in a FISA Court. If the SOPs remained on the website when Snowden was training, it would present a clear case in which NSA guidance permitted actions under EO 12333 that were no longer permitted under the law that had been passed in 2008.

Similarly, a key FISA Amendments Act training course (not the one described in the face-to-face exchange, but another one that would become mandatory for analysts) didn't explain "the reasonable belief standard," which refers to how certain an analyst must be that their target was not an American or a foreigner in the US — a key theme of Snowden's disclosures. While some work on both these problems had clearly been completed between the time of the report's initial release and its reissue just days before Snowden showed up in Maryland, both these findings remained open and had been assigned revised target completion dates in the reissued report, suggesting the IG had not yet confirmed they had been fixed.

The issue of whether the presidential Executive Order that the Intelligence Community uses to authorize its overseas activities, EO 12333, can trump the law Congress passed in 1978 to impose limits on spying, has been a simmering issue since DOJ lawyer John Yoo secretly claimed in 2001 that FISA's limits on Executive Branch spying might be an unconstitutional infringement on the president's authority. It has been a public issue since 2006, when the DOJ revealed a theory that the war against al-Qaeda meant the president could override the law passed by Congress, and was a key issue in passage of the FISA Amendments Act in 2008.

It was central to one of Snowden's most inflammatory revelations, documents showing that the NSA was hacking Google overseas, effectively giving itself a way to bypass FISA and access domestically collected data directly. And it was an issue Feinstein and Senator Mark Udall raised in a confirmation hearing months before Feinstein would advocate an assertive response to Snowden's claims in 2014.

* * *

The video of Snowden released by the Guardian on June 9, 2013 may have been what triggered the woman from Oversight and Compliance to recognize that it had been Snowden who approached her at the NSA. The next morning, when she "realized I had contact with him," the first thing she did was try "to pull his training record, but it had already been pulled from the system." She "reported the [face-to-face] contact to my management and considered the issue closed."

If she did so in writing, that document was not released to VICE News. The emails do show that she emailed her supervisors on the other contact she had with Snowden, however; she forwarded the email chains involving the response to Snowden's OGC email, with the first of what may reflect four emails sent at 9:15am.

At 10:02am, the chief of Oversight and Compliance sent Ensor, the NSA's security chief, the third of those email chains, explaining, "Here's another data point on the Snowden situation."

The records turned over to VICE News do not show that the face-to-face exchange with Snowden was written up until April 9, 2014, a year after the exchange, after teasers from the Vanity Fair article revealed Snowden was claiming he "contacted NSA oversight and compliance bodies directly via email and that I specifically expressed concerns about their suspect interpretation of the law."

As noted, the compliance woman's story had to be corrected to match the dates up to when Snowden would have been at Fort Meade. "We received a call from D4 [Office of the Director of Compliance] questioning the dates (11 or 12 Jun) that [redacted] annotated during the discussions on" the Section 702 course, one of the other people in Oversight and Compliance wrote on April 10. She "has modified her dates to reflect 5-12 April 2013."

NSA did not provide a version of the draft of the email with the incorrect date. When the chief of Oversight and Compliance provided a description of all the department's interactions with Snowden to the NSA chief of staff, Elizabeth Brooks, in June 2014, there was no mention of any other paper trail of the exchange, though earlier that same day the deputy chief had stated, generally, that that information had been provided to Ensor on June 10, 2013.

(Illustration by Todd Detwiler)

In the absence of a response from NSA or Snowden, it is impossible to know what to make of this contact, the current version of which appears to have been drafted in response to Snowden's claims. One person who would speak on the record, however, is former NSA official turned whistleblower Thomas Drake. We asked him how the compliance department functioned, though we did not reveal to Drake details of this report. Drake told us, "These are positions that are designed to protect the institution from bad news, even internally. So, you know, 'We'll turn bad news into good news.'"

One thing that is clear, however, is that the apology laying all these details out, written after several days of fact checking at the NSA and document review in June 2014, leaves out at least one key detail — that the OGC email and the face-to-face communication could have happened the same day, making it far more likely they should be treated as parts of the same exchange. More significantly, the apology claims that "in response to the June 2013 Agency All... she provided in writing her account of these engagements." If the timestamps on documents provided to VICE News are correct (something that the NSA has admitted is a problem with this FOIA response), she actually provided her side of at least the OGC contact even before the Agency All email. But there is no record she provided her written account, to either of these exchanges, until a year after the event, a detail — if true — that Rogers should have known.

* * *

Snowden noted in his testimony to European Parliament that there was no safe avenue for contractors like him to raise concerns.

"US whistleblower reform laws were passed as recently as 2012, with the US Whistleblower Protection Enhancement Act, but they specifically chose to exclude intelligence agencies from being covered by the statute," Snowden said. "President Obama also reformed a key executive whistleblower regulation with his 2012 Presidential Policy Directive 19, but it exempted Intelligence Community contractors such as myself. The result was that individuals like me were left with no proper channels."

The NSA's director at the time Snowden left the agency, General Keith Alexander, was apparently unaware whether contractors were covered by whistleblower protection laws. He emailed Ledgett four days after Snowden testified before European Parliament on March 11, 2014.

According to an email he sent, former NSA director Keith Alexander was unaware whether contractors could report whistleblower complaints.

"Rick, I believe there is also a Whistleblower methodology for contractors. Do we have that?" Alexander wrote.

"Sir, it's not the recently enacted Whistleblower Protection Act but there are previous laws that protect contractors. Cc'ing Raj [De, the NSA general counsel], and [redacted] who can provide that info," Ledgett responded.

A person at the NSA whose name was redacted weighed in on another email, telling Alexander:

The Intelligence Community Whistleblower Protection Act of 1998 and Presidential Policy Directive PPD-19 provide a mechanism for both employees and contractors to report alleged wrongdoing. Whistleblowers can report matters of "urgent concern" to the NSA IG [Inspector General, a government organization's internal watchdog] and DoD IG. Whistleblowers, to include contractors, can report matters of "urgent concern" to the intelligence committees after notifying the NSA IG or DoD IG of the intent to do so and obtaining direction from the IG on how to contact the Intelligence Committees. The Whistleblower statute provides an avenue to report concerns related to classified matters without improperly disclosing classified information.

The Q&A document begun just before the release of the email, which started as a rushed attempt to provide more information to the White House — an attempt, De suggested, to "put off" the decision on whether to release Snowden's email — revealed, over the course of many rounds of editing and fact-checking, the limits of what the NSA would claim about its own oversight, Snowden's claimed efforts to raise concerns, and whistleblowing. An early draft aspired to determine "how many cases have been brought to the attention of Agency officials, and how those cases were closed out," but the final document states only that "NSA OIG keeps a record of all inquiries and actions taken."

Early on, it was noted that "technically speaking all reported activity that is found to be a violation of law, directive, or policy requires some corrective action." By the final version, NSA had changed that to read, "Activity that is found to be a violation of law, directive, or policy is thoroughly reviewed to determine corrective action."

By the end of the first day of working on the Q&A, a lawyer had suggested the issues Snowden claimed to care about did not pertain to ethics. "I recommend we drop the word 'ethics' and replace with 'policies' for Question #1. There is no annual 'ethics' training requirement for every employee," the lawyer noted. "In addition, 'ethics' issues are often about use of government resources and the like... not typically violations of the 4th Amendment type concerns."

The changes in the Q&A document also reflect the evolving understanding of Snowden's complaints. On June 3, not long before the apology to Rogers, the security chief of staff changed the characterization of what the email search had found "for purposes of accuracy" to state they had reviewed all of Snowden's emails "which we have been able to obtain."

NSA tried to make the case that Snowden should have known where to voice his concerns thanks to (sometimes mandatory) training that emphasized limits to the NSA's authority, and how to report any violations of those limits. "These specific training courses discuss the limitations of SIGINT authorities and mission operations to include reminders and guidance about who to contact with questions about scope of authorities, and who to contact if there are known or even potential compliance concerns," the Q&A document said.

The Q&A cited a basic training course, "NSA/CSS Intelligence Oversight Training," as the place where most people learn how to report a concern. The document claims, "Most contractors are required to take this course," and asserts Snowden is the kind of person, as a SysAdmin until 2012, and as an analyst trainee in 2013, who would have been required to complete it. But it stops short of asserting that Snowden did so.

The editing process of the Q&A document also indicates that the other means by which Snowden might have learned he could make protected complaints — via the IG himself — were not crystal clear.

The initial drafts of the document overstated the degree to which the NSA's IG invited whistleblowers to report legal violations. It started by claiming, "The NSA OIG [Office of Inspector General] also provides briefings to various NSA training classes, including the new hire orientation class." But on June 3, 2014, the IG's Executive Officer admitted, "Technically we are not quite briefing [that class] yet... still trying to get OIG on schedule."

Similarly, it claimed, "The OIG also issues agency-all messages covering policies and avenues for reporting suspected mismanagement and violations of law, policy, and regulations." But on June 4, the counsel to the Inspector General noted the agency-all messages "aren't as focused as the two [post-Snowden] ones you mention, and we might need to massage the words a little."

As the finished Q&A document makes clear, before Snowden's leaks, the most regular notice on reporting to all NSA employees from the IG pertained only to "waste, fraud, mismanagement of Agency resources, and abuse of authority." After that, in the spring of 2014, the IG sent out a notice stating that NSA/CSS Policy 1-60 "requires that NSA/CSS personnel report to the OIG possible violations of law, rules, or regulations," as well as things like mismanagement. It also cites the Intelligence Community Whistleblower Protection Act (ICWPA).

The Q&A document goes on to describe other reporting mechanisms, and includes one — the Privacy and Civil Liberties Office — that was created in August 2013 as a response to the Snowden leaks.

Thus, while the Q&A document does provide a map of ways in which legal issues might be raised, it's also a map of resources put in place in response to Snowden, an indication that the resources available to Snowden may have been inadequate.

And it's still not clear these policies apply to contractors. Congress is only now debating, in the Intelligence Authorization for next year, requiring the Intelligence Community Inspector General to report "the number of known or suspected reprisals made against covered contractor employees during the five-year period preceding the date of the report," and to evaluate "the usefulness of establishing in law a prohibition on reprisals against covered contractor employees as a means of encouraging such contractors to make protected disclosures."

Even though Litt claimed to be trying to provide more protections for contractors, he had not heard of this provision when asked during our interview. Instead, he offered reasons why the government can't protect contractor whistleblowers. "We are constrained what we can do with contractors," he explained. "We don't have the ability... to modify a contractor's employment relationship with his employer."

* * *

Last weekend, former Attorney General Eric Holder said Snowden's leaks, while illegal, were a public service because they sparked debate about the legality of surveillance programs and resulted in changes.

Senator Ron Wyden, one of the Democratic members of the Senate Intelligence Committee, agreed.

"Senator Wyden certainly believes that protections for intelligence agency whistleblowers need to be much stronger, to prevent retaliation and encourage reporting of serious systemic problems," said Keith Chu, a spokesperson for Wyden, who sits on the Senate Intelligence Committee. "However, in the case of mass surveillance, agency leaders, inspectors general, and the relevant oversight committees were all aware that mass surveillance was happening, but the problem was not fixed until it became public."

The NSA declined to respond to a series of questions VICE News sent the agency. Instead, on the afternoon of June 3, NSA spokesperson Michael Halbig provided VICE News with comments about avenues whistleblowers like Snowden could take to raise concerns about waste, fraud, and abuse. The NSA's statements closely match the language in the Q&A document prepared for the White House, which was turned over in much greater detail as part of the agency's FOIA response.

Perhaps the NSA was hoping to get ahead of VICE News's report. At 11:40pm on June 3, Vines, the NSA spokesperson who clashed with NBC's Matthew Cole and was critical of other journalists' coverage of Snowden, emailed VICE News to say that the 800 documents turned over to us after two years of litigation had been publicly posted to the agency's website.

An NSA cover letter accompanying the release on the website said, "The documents illustrate that, as the Agency reported in May 2014, NSA conducted a thorough search of e-mail and has no records of any e-mail from former NSA contractor Edward Snowden to Agency officials raising concerns about NSA programs."

The letter goes on to say: "[T]he Agency has no record that he submitted complaints to senior NSA leadership — including the NSA Director, Deputy Director, and Executive Director."

It's a denial of claims Snowden never made.

Snowden Claims 'Deceptive' NSA Still Has Proof He Tried to Raise Surveillance Concerns - VICE 20160607

Snowden Claims 'Deceptive' NSA Still Has Proof He Tried to Raise Surveillance Concerns - VICE 20160607

On June 4, VICE News published more than 800 pages of declassified NSA documents that shed new light on the contentious issue of whether Edward Snowden raised concerns about the agency's surveillance programs while he still worked there. Since then, Snowden has alleged there's additional evidence that has not yet been made public.

The former NSA contractor has long maintained that his 2013 leak of a trove of highly classified documents was a last resort after his efforts to sound the alarm about the agency's secret spy programs went largely ignored.

The NSA, meanwhile, has rejected Snowden's narrative, insisting that the closest he got to raising concerns was sending a single email asking a question about the interpretation of legal authorities.

The documents published over the weekend were released in response to a long-running Freedom of Information Act (FOIA) lawsuit filed by VICE News. Heavily redacted, they include an assortment of NSA emails from officials at the NSA, Department of Justice, and the White House, along with talking points about how to respond to the media in the wake of the leaks and subsequent public comments by Snowden.

The documents show that the NSA's narrative about Snowden's one email left out nuance and details about the nature of the question he raised, and didn't disclose all of the relevant contacts he had with people at the NSA. Snowden also had an in-person conversation with an Oversight and Compliance officer around the time he sent the email, though that meeting apparently wasn't documented at the time. The NSA had never publicly revealed that the interaction took place, nor had the agency disclosed that Snowden's former coworkers described "discussing the Constitution" with Snowden.
Snowden declined to comment to VICE News for our story. His attorney, Ben Wizner of the ACLU, said Snowden was "ambivalent" about discussing matters contained in the NSA documents because he believes the agency is "still playing games with selective releases."

Snowden has since responded to our story in a series of tweets, which include claims that the NSA is still withholding pre-2013 email discussions, testimony from his colleagues, and chat logs or transcripts from communication platforms like Jabber, IRC, and Lync. The absence of these files, Snowden contends, is "intentionally deceptive." (VICE News has since submitted FOIA requests for these records.)

"Interesting that this still shows an incomplete history of the concerns I expressed," Snowden wrote. "Simple incompetence, or did NSA destroy records?"

The NSA released Snowden's single email after a heated back and forth between officials at the NSA, DOJ, and White House about the merits of releasing the email and whether it effectively undermined his credibility. In the email, which Snowden sent in April 2013, Snowden asked about the NSA's apparent assertion on a training test that presidential executive orders carried the same legal weight as laws.

The email was released to the public in May 2014, and in the lead-up to that and even in its aftermath, internal communications at the NSA show that officials were concerned about overlooking other relevant communications from Snowden while he was at the agency. In one instance, an unnamed NSA staffer described waking up in the middle of the night, thinking about whether the agency had "checked the right places for any potential surprises."

Days after Snowden's email was released, an unnamed official wrote to NSA director Mike Rogers, cc'ing 31 other NSA officials and one agency listserv. The official apologized for failing to provide Rogers with all the information regarding Snowden's communications with NSA officials related to his concerns. The official acknowledged leaving the NSA's leadership "insufficiently informed," and promised to "correct that going forward."

During testimony to the European Parliament on March 7, 2014, Snowden was asked whether felt like he had "exhausted all avenues before taking the decision to go public."

"Yes," he replied. "I had reported these clearly problematic programs to more than ten distinct officials, none of whom took any action to address them."

The documents don't confirm that assertion, but they do reveal information about something else Snowden discussed: The lack of protection for contractors like him who wished to act as whistleblowers, and the absence of a clear protocol for how contractors could voice concerns or file complaints with the agency.

As encryption debate heats up, experts dissect Obama's surveillance policies - Daily Dot 20160408

As encryption debate heats up, experts dissect Obama's surveillance policies - Daily Dot 20160408

When FBI Director James Comey told an audience at Kenyon College on Wednesday that Americans should reconsider the value of unbreakable encryption in a world of persistent threats, he was addressing a conflict far broader than whether his agency could unlock a suspect's iPhone. He was wading into a debate over the course of national-security law that has emerged as one of the central conflicts of post-9/11 America.

On Friday morning, in one of the final events of Kenyon's biennial political-science conference, a panel of experts discussed the national-security approaches of Presidents George W. Bush and Barack Obama; the relationship between federal laws and local police practices; and the rhetoric of officials, like Comey, who consistently push for broader government power.

Charlie Savage, a national-security reporter at the New York Times, opened the discussion by recounting a discussion he had had with Greg Craig, President Obama's first White House counsel, about Obama's decision to preserve—and in some cases expand—the far-reaching surveillance state he inherited from President Bush. As Craig explained it, Obama's lawyers heard from the leaders of the intelligence community that the government's programs were both necessary and legal, and they stopped there.

“They didn’t ask, ‘Is this American?’” Savage said. The Obama team, intent on rectifying the perceived lawlessness and rhetorical overreach of the Bush administration, focused on grounding everything the government did in the law—brushing aside many civil-liberties questions, including whether a program comported with American traditions of liberty.

In his remarks at Kenyon, Savage reiterated the argument he made in his 2015 book Power Wars, about the difference between rule-of-law and civil-liberties critiques of national-security policy. When Obama’s liberal critics accused him of acting like Bush on surveillance issues, they meant it in a civil-liberties context. Obama's officials, Savage said, rejected this criticism because they were looking at things through a rule-of-law prism—and in that context, they believed, they were nothing like the Bush officials, who championed controversial legal theories about the commander-in-chief being able to override statutes in the name of national security.

Jameel Jaffer, deputy legal director at the American Civil Liberties Institute, took issue with Savage's framing and presented a different view of two ways to criticize national-security policy. Some people, he said, were concerned with how the Bush administration saw the relations between the branches of government (namely that Bush, as president, could trump Congress and the courts in national-security areas). Others were worried about how Bush's programs changed the relationship between government and citizenry.

People cared that Congress and courts weren’t involved in Bush's original warrantless-surveillance and military-detention programs, Jaffer said, but they cared more about the impact of those programs on their lives.

Jaffer's view was that the Obama administration “found statutory arguments to get to more or less the same place” as Bush on many national-security issues. Thus, he said, they could not be praised for caring more about the rule of law, per se, because, in his view, they simply construed the language of the laws to suit their policy goals.

When an administration essentially twists statutory language to permit it to do whatever it wants, Jaffer said, “the phrase ‘rule-of-law’ doesn’t fit comfortably with what you are actually doing.”

Chris Calabrese, vice president for policy at the Center for Democracy and Technology, agreed that Obama had “essentially ratified” Bush-era programs by declining to end them upon assuming office. What's more, Calabrese said, Obama's approval made the programs bipartisan, shielding them from many common political accusations while normalizing surveillance practices that, he said, would have appalled people had they foreseen them in 2002.

Calabrese also expanded the conversation to the state and local level. While the federal government develops technology like Stingray devices and policies like mass surveillance, local police often adopt these tools for their own work. Lawmakers, said Calabrese, must place the limits on these approaches, because at the investigative level, police will always do the most they can do; that is, after all, their job.

This interplay between federal and local tactics can profoundly affect a citizen's relationship with her government. Calabrese described a technique called "parallel construction," in which a spy agency learns something incriminating about an American and tells a law-enforcement agency how to discover it in a "clean" way that will be admissible in court. Americans arrested for crimes discovered in this manner cannot contest the real methods used to discover them, because those exist within national agencies that are subject to different rules.

Julian Sanchez, a senior fellow at the libertarian Cato Institute, sharply criticized Comey's Wednesday night remarks about encryption and its effects on investigative practices.

Comey was “rhetorically really masterful,” he said, using measured language to urge people to accept the need for a new “balance” between individual rights and government demands. By casting this balanced approach as the only rational one, Sanchez said, Comey implicitly characterized the status quo—itself the result of decades of laws and exemptions—as “absolutist.”

As an example, Sanchez noted that Comey had mentioned the Communications Assistance for Law Enforcement Act of 1994, which required companies to be able to comply with wiretaps but specifically excluded situations where companies did not control the ability to decrypt communications. Instead of accepting that CALEA was the result of a political compromise, Comey characterized it and the resulting legal environment as an absolutist position in favor of privacy.

Sanchez urged the audience to worry about this argument, saying that, when policymakers who grow uncomfortable with current surveillance law describe it as unacceptable and in need of rebalancing, this produces a “ratcheting toward ever-greater surveillance.”

"Architectures are stickier than rules," Sanchez said. “The architecture we construct on the premise that the legal restrictions on it will inhibit its use will outlast those rules. The rules can change much faster than the architecture.”

The Obama Administration Has Embraced Legal Theories Even Broader Than John Yoo’s - Just Security 20160407

The Obama Administration Has Embraced Legal Theories Even Broader Than John Yoo’s - Just Security 20160407

The Justice Department recently released another of the now-notorious Office of Legal Counsel memos written by John Yoo — memos that authorized torture, warrantless wiretapping, and indefinite detention. The new memo, written as a “letter” to then-presiding FISC Judge Colleen Kollar-Kotelly in May 2002, addresses the legal basis for the NSA’s warrantless wiretapping of Americans’ communications under the “Stellar Wind” program.

Unsurprisingly, Yoo’s memo is extremely broad and poorly reasoned — but we knew that much already, thanks to Jack Goldsmith and Jim Comey. Still, it would be a mistake to think of Yoo’s memo as just an historical artifact, full of long-repudiated legal arguments. In fact, many of the arguments Yoo made behind closed doors in 2002 continue to appear in the Obama administration’s briefs defending warrantless surveillance under Section 702 of FISA today. And, in at least one key respect, the Obama administration’s arguments are even broader than the ones that Yoo felt he could justify.

Americans’ Expectation of Privacy in Their International Communications

Like Yoo, the Obama administration has argued that Americans have a “greatly reduced” expectation of privacy in their international communications — so diminished, in fact, that no warrant is necessary for the government to intercept and search those communications. That might come as a surprise to the millions of Americans who regularly engage in personal or confidential communications with family, friends, business associates, and others overseas. When you pick up the phone to call a family member abroad, there is no reason to believe that your communication is any less private than calling a friend across town. The Supreme Court has certainly never said any such thing. Indeed, Yoo eventually admitted in his memo that the case law did not support the suspicionless interception of “the contents of telephone or other electronic communication[s]” — though he then proceeded to ignore his own conclusion.

But that has not stopped the government from making the same claims in the Section 702 cases now moving through the courts. The government has embraced Yoo’s position, arguing that the privacy interests of US persons in international communications are “significantly diminished, if not completely eliminated,” when those communications are sent to or from foreigners abroad.

On top of that, the government assumes that any communication entering or leaving the country has a foreigner on one end — and thus is eligible for warrantless searching. As the new Brennan Center report makes clear, the implications of this position are especially dire given the global structure of the Internet, where even Americans’ domestic communications may be routed or stored abroad without the parties to those communications even knowing. In short, it is the Obama administration’s view that Americans forfeit the core protection of the Fourth Amendment whenever their private communications cross an international border. And, in today’s globally connected world, that is happening more and more.

Foreign Intelligence Surveillance and the Warrant Requirement

The Obama administration has also followed Yoo in arguing that intelligence agencies may disregard the Fourth Amendment’s warrant requirement simply because they are conducting surveillance for a foreign intelligence purpose. But as Yoo ultimately acknowledged in his memo — and as the Privacy and Civil Liberties Oversight Board observed in its report on Section 702 — no court has ever endorsed such a sweeping exception to the warrant requirement. Instead, courts analyzing this question have limited the exception to surveillance of foreign powers and their agents (in addition to recognizing other requirements). That is a far cry from the warrantless surveillance the government is conducting under Section 702, which can be used to target almost any foreigner abroad, including individuals who are not suspected of any wrongdoing whatsoever — people like journalists, cryptography researchers, human rights advocates, and IT system administrators.

Upstream Surveillance: Too Far for Yoo?

Perhaps most remarkably, however, the Obama Justice Department has pressed legal theories even more expansive and extreme than Yoo himself was willing to embrace. Yoo rounded out his Stellar Wind memo with an effort to reassure Judge Kollar-Kotelly that the government’s legal interpretation had limits, saying: “Just to be clear in conclusion. We are not claiming that the government has an unrestricted right to examine the contents of all international letters and other forms of communication.” But that is essentially the power the NSA claims today when it conducts Upstream surveillance of Americans’ Internet communications. The NSA has installed surveillance equipment at numerous chokepoints on the Internet backbone, and it is using that equipment to search the contents of communications entering or leaving the country in bulk. As the ACLU recently explained in Wikimedia v. NSA, this surveillance is the digital analogue of having a government agent open every letter that comes through a mail processing center to read its contents before determining which letters to keep. In other words, today the Obama administration is defending surveillance that was a bridge too far for even John Yoo.

It is hard to explain how astonishing this is. Yoo was at the center of the Bush administration’s effort to radically expand executive power, opening the door to widespread electronic surveillance of Americans without any individualized judicial approval. His efforts are widely understood to have been extreme, analytically indefensible, and contrary to the basic values of our country. Yet many of the legal arguments that Yoo made nearly 15 years ago have now been endorsed by the Obama administration to continue and expand the warrantless surveillance of Americans — surveillance that is even more pervasive than the wiretapping Yoo felt comfortable defending in secret.

At the same time, the Obama administration has fought to keep the public courts from scrutinizing these legal arguments, relying on secrecy and standing doctrines to short circuit challenges to mass surveillance programs. Whether it is John Yoo’s OLC memos, expansive reinterpretations of the law in the FISC, or ex parte criminal proceedings, by now it should be clear that good law is not made in secret.

Reddit's warrant canary just died - Daring Fireball 20160331

Reddit's warrant canary just died - Daring Fireball 20160331

Cory Doctorow, writing at BoingBoing:

In early 2015, Reddit published a transparency report that contained heading for National Security Requests, noting, “As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information.”

Five hours ago, Reddit published its 2015 edition, which contains no mention of classified requests for user information.

“Warrant canaries” are a response to the practice by governments of serving warrants on service providers that include gag orders forbidding the service from disclosing the warrant’s existence.

The idea of warrant canaries is ingenious — but when one works, it’s both terrifying and sad.

McLaughlin, Jenna - Five Big Unanswered Questions About NSA’s Worldwide Spying - The Intercept 20160317

McLaughlin, Jenna - Five Big Unanswered Questions About NSA’s Worldwide Spying - The Intercept 20160317

Nearly three years after NSA whistleblower Edward Snowden gave journalists his trove of documents on the intelligence community’s broad and powerful surveillance regime, the public is still missing some crucial, basic facts about how the operations work.

Surveillance researchers and privacy advocates published a report on Wednesday outlining what we do know, thanks to the period of discovery post-Snowden — and the overwhelming amount of things we don’t.

The NSA’s domestic surveillance was understandably the initial focus of public debate. But that debate never really moved on to examine the NSA’s vastly bigger foreign operations.

“There has been relatively little public or congressional debate within the United States about the NSA’s overseas surveillance operations,” write Faiza Patel and Elizabeth Goitein, co-directors of the Brennan Center for Justice’s Liberty and National Security Program, and Amos Toh, legal adviser for David Kaye, the U.N. special rapporteur on the right to freedom of opinion and expression.

The central guidelines the NSA is supposed to follow while spying abroad are described in Executive Order 12333, issued by President Ronald Reagan in 1981, which the authors describe as “a black box.”

Just Security, a national security law blog, and the Brennan Center for Justice are co-hosting a panel on Thursday on Capitol Hill to discuss the policy, where the NSA’s privacy and civil liberties officer, Rebecca Richards, will be present.

And the independent government watchdog, the Privacy and Civil Liberties Oversight Board, which has authored in-depth reports on other NSA programs, intends to publish a report on 12333 surveillance programs “this year,” according to spokesperson Jen Burita.

In the meantime, the authors of the report came up with a list of questions they say need to be answered to create an informed public debate.

1. How far does the law go?

The authors ask: How does the NSA actually interpret the law — most of which is public — and use it to justify its tactics? Are there any other laws governing overseas surveillance that are still hidden from public view?

When Congress discovered how the NSA was citing Section 215 of the Patriot Act as giving it the authority to vacuum up massive amounts of information about American telephone calls, many were shocked. One of the Patriot Act’s original authors, Rep. Jim Sensenbrenner, R-Wis., has repeatedly said the NSA abused what was meant to be a narrow law.

“The public deserves to know how the agencies interpret their duties and obligations under the Constitution and international law,” the authors write.

2. Who’s watching the spies?

How can we know there’s proper oversight of the intelligence community, both internally and through Congress? Does Congress even know what it’s funding, especially when intelligence work is contracted out to the private sector?

Lawmakers have complained that they learned more about NSA spying from the media and Snowden than from classified hearings.

3. How much foreign spying ends up in domestic courts?

The authors wonder how evidence collected through foreign spying is used in court, and whether or not “targets” of the surveillance are told about the NSA’s search when that search finds data that can be used against them.

Officials told New York Times reporter Charlie Savage that “in practice … the government already avoids” introducing evidence obtained directly from 12333 intercepts “so as not to have to divulge the origins of the evidence in court.” “But the officials contend,” Savage wrote, “that defendants have no right to know if 12333 intercepts provided a tip from which investigators derived other evidence.”

4. How many words don’t mean what we think they mean?

Some of the report’s questions focus on the NSA’s use of language when it describes different programs. Though words like “collection” and “gathering” sound synonymous to us, the NSA could be using them differently, leading to misinterpretation of what the agency is actually doing. “Is the term ‘collection’ interpreted differently from the terms ‘interception,’ ‘gathering,’ and ‘acquisition’?” the authors ask.

5. Where does it end?

When the NSA says a search is “targeted,” could the agency still be sweeping up a lot of information? And not just about foreigners?

Does the agency use vague search terms like “ISIS” or “nuclear” when combing through communications, thereby grabbing up data from millions of innocent people simply discussing the news?

And how much American data is swept up, either on purpose or incidentally, when Americans talk with friends overseas, or their messages are routed through other countries due to the way the internet works?

“The fact that [12333 programs] are conducted abroad rather than at home makes little difference in an age where data and information flows are unconstrained by geography, and where the constitutional rights of Americans are just as easily compromised by operations in London as those in Los Angeles,” the authors write.

Crockford, Kade - Keep Fear Alive - The bald-eagle boondoggle of the terror wars - The Baffler 20160311

Crockford, Kade - Keep Fear Alive - The bald-eagle boondoggle of the terror wars - The Baffler 20160311


“If you’re submitting budget proposals for a law enforcement agency, for an intelligence agency, you’re not going to submit the proposal that ‘We won the war on terror and everything’s great,’ cuz the first thing that’s gonna happen is your budget’s gonna be cut in half. You know, it’s my opposite of Jesse Jackson’s ‘Keep Hope Alive’—it’s ‘Keep Fear Alive.’ Keep it alive.”
—Thomas Fuentes, former assistant director, FBI Office of International Operations

Can we imagine a free and peaceful country? A civil society that recognizes rights and security as complementary forces, rather than polar opposites? Terrorist attacks frighten us, as they are designed to. But when terrorism strikes the United States, we’re never urged to ponder the most enduring fallout from any such attack: our own government’s prosecution of the Terror Wars.

This failure generates all sorts of accompanying moral confusion. We cast ourselves as good, but our actions show that we are not. We rack up a numbing litany of decidedly uncivil abuses of basic human rights: global kidnapping and torture operations, gulags in which teenagers have grown into adulthood under “indefinite detention,” the overthrow of the Iraqi and Libyan governments, borderless execution-by-drone campaigns, discriminatory domestic police practices, dragnet surveillance, and countless other acts of state impunity.

The way we process the potential cognitive dissonance between our professed ideals and our actual behavior under the banner of freedom’s supposed defense is simply to ignore things as they really are.

They hate us for our freedom, screech the bald-eagle memes, and so we must solemnly fight on. But what, beneath the official rhetoric of permanent fear, explains the collective inability of the national security overlords to imagine a future of peace?

Incentives, for one thing. In a perverse but now familiar pattern, what we have come to call “intelligence failures” produce zero humility, and no promise of future remedies, among those charged with guarding us. Instead, a new array of national security demands circulate, which are always rapidly met. In America, the gray-haired representatives of the permanent security state say their number one responsibility is to protect us, but when they fail to do so, they go on television and growl. To take but one recent example, former defense secretary Donald Rumsfeld appeared before the morally bankrupt pundit panel on MSNBC’s Morning Joe to explain that intractable ethnic, tribal, and religious conflict has riven the Middle East for more than a century—the United States, and the West at large, were mere hapless bystanders in this long-running saga of civilizational decay. This sniveling performance came, mind you, just days after Politico reported that, while choreographing the run-up to the 2003 invasion of Iraq, Rumsfeld had quietly buried a report from the Joint Chiefs of Staff indicating that military intelligence officials had almost no persuasive evidence that Saddam Hussein was maintaining a serious WMD program. Even after being forced to resign in embarrassment over the botched Iraq invasion a decade ago, Rumsfeld continues to cast himself as an earnestly out-manned casualty of Oriental cunning and backbiting while an indulgent clutch of cable talking heads nods just as earnestly along.

And the same refrain echoes throughout the echelons of the national security state. Self-assured and aloof as the affluenza boy, the FBI, CIA, and NSA fuck up, and then immediately apply for a frenzied transfer of ever more money, power, and data in order to do more of what they’re already doing. Nearly fifteen years after the “Global War on Terror” began, the national security state is a trillion-dollar business. And with the latest, greatest, worst-ever terrorist threat always on the horizon, business is sure to keep booming.

The paradox produces a deep-state ouroboros: Successful terrorist attacks against the West do not provoke accountability reviews or congressional investigations designed to truly understand or correct the errors of the secret state. On the contrary, arrogant spies and fearful politicians exploit the attacks to cement and expand their authority. This permits them, in turn, to continue encroaching on the liberties they profess to defend. We hear solemn pledges to collect yet more information, to develop “back doors” to decrypt private communications, to keep better track of Muslims on visas, send more weapons to unnamed “rebel groups,” drop more cluster bombs. Habeas corpus, due process, equal protection, freedom of speech, and human rights be damned. And nearly all the leaders in both major political parties play along, like obliging extras on a Morning Joe panel. The only real disagreement between Republican and Democratic politicians on the national stage is how quickly we should dispose of our civil liberties. Do we torch the Bill of Rights à la Donald Trump and Dick Cheney, or apply a scalpel, Obama-style?

Safety Last

Both Democrats and Republicans justify Terror War abuses by telling the public, either directly or indirectly, that our national security hangs in the balance. But national security is not the same as public safety. And more: the things the government has done in the name of preserving national security—from invading Iraq to putting every man named Mohammed on a special list—actually undermine our public safety.

That’s because, as David Talbot demonstrates in The Devil’s Chessboard, his revelatory Allen Dulles biography and devastating portrait of a CIA run amok, national security centers on “national interests,” which translates, in the brand of Cold War realpolitik that Dulles pioneered, into the preferred policy agendas of powerful corporations.

Public safety, on the other hand, is concerned with whether you live or die, and how. Any serious effort at public safety requires a harm-reduction approach acknowledging straight out that no government program can foreclose the possibility of terroristic violence. The national security apparatus, by contrast, grows powerful in direct proportion to the perceived strength of the terrorist (or in yesterday’s language, the Communist) threat—and requires that you fear this threat so hysterically that you release your grip on reason. Reason tells you government cannot protect us from every bad thing that happens. But the endlessly repeated national security meme pretends otherwise, though the world consistently proves it wrong.

When it comes to state action, the most important distinction between what’s good for public safety (i.e., your health) and what’s good for national security (i.e., the health of the empire, markets, and prominent corporations) resides in the concept of the criminal predicate. This means, simply, that an agent of the government must have some reasonable cause to believe you are involved with a crime before launching an investigation into your life. When the criminal predicate forms the basis for state action, police and spies are required to focus on people they have reason to believe are up to no good. Without the criminal predicate, police and spies are free to monitor whomever they want. Police action that bypasses criminal predicates focuses on threats to people and communities that threaten power—regardless of whether those threats to power are fully legal and legitimate.

Nearly fifteen years after the “Global War on Terror” began, the national security state is a trillion-dollar business.

We can see the results of this neglect everywhere the national security state has set up shop. Across the United States right now, government actors and private contractors paid with public funds are monitoring the activities of dissidents organizing to end police brutality and the war on drugs, Israeli apartheid and colonization in Palestine, U.S. wars in the Middle East, and Big Oil’s assault on our physical environment. In the name of fighting terrorism, Congress created the Department of Homeland Security, which gave state and local law enforcement billions of dollars to integrate police departments into the national intelligence architecture. As a result, we now have nearly a million cops acting as surrogates for the FBI. But as countless studies have shown, the “fusion centers” and intelligence operations that have metastasized under post-9/11 authorities do nothing to avert the terror threat. Instead, they’ve targeted dissidents for surveillance, obsessive documentation, and even covert infiltration. When government actors charged with protecting us use their substantial power and resources to track and disrupt Black Lives Matter and Earth First! activists, they are not securing our liberties; they’re putting them in mortal peril.

Things weren’t always like this. Once upon a time, America’s power structure was stripped naked. When the nation saw the grotesque security cancer that had besieged the body politic in the decades after World War II (just as Harry Truman had warned it would) the country’s elected leadership reasserted control, placing handcuffs on the wrists of the security agencies. This democratic counterattack on the national security state not only erected a set of explicit protocols to shield Americans from unconstitutional domestic political policing, but also advanced public safety.

Mission Creeps

As late as the 1970s, the FBI was still universally thought to be a reputable organization in mainstream America. The dominant narrative held that J. Edgar Hoover’s capable agents, who had to meet his strict height, weight, and dress code requirements, were clean-cut, straight-laced men who followed the rules. Of course, anyone involved with the social movements of that age—anti-war, Communist, Black Power, American Indian, Puerto Rican Independence—knew a very different FBI, but they had no evidence to prove what they could see and feel all around them. And since this was the madcap 1970s, the disparity between the FBI’s glossy reputation as honest crusaders and its actual dirty fixation on criminalizing the exercise of domestic liberties drove a Pennsylvania college physics professor and anti-war activist named William Davidon to take an extraordinary action. On the night of the Muhammad Ali vs. Joe Frazier fight of March 8, 1971, Davidon and some friends broke into an FBI office in Media, Pennsylvania. They stole every paper file they could get their hands on. In communiqués to the press, to which they attached some of the most explosive of the Hoover files, they called themselves the Citizens’ Commission to Investigate the FBI.

Not one of the costly post-9/11 surveillance programs based on suspicionless, warrantless monitoring stopped Tsarnaev from blowing up the marathon.

When Davidon and his merry band of robbers broke into the FBI office, they blew the lid off of decades of secret—and sometimes deadly—police activity that targeted Black and Brown liberation organizers in the name of fighting the Soviet red menace. According to Noam Chomsky, the Citizens’ Commission concluded that the vast majority of the files at the FBI’s Media, Pennsylvania, office concerned political spying rather than criminal matters. Of the investigative files, only 16 percent dealt with crimes. The rest described FBI surveillance of political organizations and activists—overwhelmingly of the left-leaning variety—and Vietnam War draft resisters. As Chomsky wrote, “in the case of a secret terrorist organization such as the FBI,” it was impossible to know whether these Pennsylvania figures were representative of the FBI’s national mandate. But for Bill Davidon and millions of Americans—including many in Congress who were none too pleased with the disclosures—these files shattered Hoover’s image as a just-the-facts G-man. They proved that the FBI was not a decent organization dedicated to upholding the rule of law and protecting the United States from foreign communist threats, but rather a domestic political police primarily concerned with preserving the racist, sexist, imperialist status quo.

In a cascade of subsequent transparency efforts, journalists, activists, and members of Congress all probed the darker areas of the national security state, uncovering assassination plots against foreign leaders, dragnet surveillance programs, and political espionage targeting American dissidents under the secret counterintelligence program known as COINTELPRO. Not since the birth of the U.S. deep state, with the 1947 passage of the National Security Act, had the activities of the CIA, FBI, or NSA been so publicly or thoroughly examined and contested.

Subsequent reforms included the implementation of new attorney general’s guidelines for domestic investigations, which, for the first time in U.S. history, required FBI agents to suspect someone of a crime before investigating them. Under the 1976 Levi guidelines, named for their author, Nixon attorney general Edward Levi, the FBI could open a full domestic security investigation against someone only if its agents had “specific and articulable facts giving reason to believe that an individual or group is or may be engaged in activities which involve the use of force or violence.” The criminal predicate was now engraved in the foundations of the American security state—and the Levi rules prompted a democratic revolution in law enforcement and intelligence circles. It would take decades and three thousand dead Americans for the spies to win back their old Hoover-era sense of indomitable mission—and their investigative MO of boundless impunity.

False Flags

In the years following the 9/11 attacks, the Bush administration began Hoovering up our private records in powerful, secret dragnets. When we finally learned about the warrantless wiretapping program in 2005, it was a national scandal. But just as important, and much less discussed, was the abolition of Levi’s assertion of the criminal predicate. So-called domestic terrorism investigations would be treated principally as intelligence or espionage cases—not criminal ones. This shift has had profound, if almost universally ignored, implications.

Michael German, an FBI agent for sixteen years working undercover in white supremacist organizations to identify and arrest terrorists, saw firsthand what the undoing of the 1970s intelligence reforms meant for the FBI. And German argues, persuasively, that the eradication of the criminal predicate didn’t just put Americans at risk of COINTELPRO 2.0. It also threatened public safety. The First and Fourth Amendments, which protect, respectively, our rights to speech and association and our right to privacy, don’t just create the conditions for political freedom; they also help law enforcement focus, laser-like, on people who have the intent, the means, and the plans to harm the rest of us.

Think of it like this, German told me: You’re an FBI agent tasked with infiltrating a radical organization that promotes violence as a means of achieving its political goals—the Ku Klux Klan, for example. KKK members say horrible and disgusting things. But saying disgusting things isn’t against the law; nor, as numerous studies have shown, is it a reliable predictor of whether the speaker will commit an act of political violence. When surrounded by white supremacists constantly spouting hate speech, a law enforcement officer has to block it out. If he investigates people based on their rhetoric, his investigations will lead nowhere. After all, almost no white supremacist seriously intending to carry out a terrorist attack is all that likely to broadcast that intent in public. (Besides, have you noticed how many Americans routinely say disgusting things?)

Today, more than a decade after it shrugged off the Levi guidelines, the FBI conducts mass surveillance directed at the domestic population. But dragnet surveillance, however much it protects “national security,” doesn’t increase public safety, as two blue-ribbon presidential studies have in recent years concluded. Indeed, the Boston bombings, the Paris attacks, and the San Bernardino and Planned Parenthood shootings have all made the same basic point in the cold language of death. The national security state has an eye on everyone, including the people FBI director James Comey refers to as “the bad guys.” But despite its seeming omniscience, the Bureau does not stop those people from killing the rest of us in places where we are vulnerable.

The curious case of Boston Marathon bomber Tamerlan Tsarnaev demonstrates the strange consequences of sidelining criminal investigations for national security needs. In 2011, about eighteen months before the bombings, Tsarnaev’s best friend and two other men were murdered in a grisly suburban scene in Waltham, Massachusetts—their throats slashed, marijuana sprinkled on their mutilated corpses. These murders were never solved. But days after the marathon bombings, law enforcement leaked that they had forensic and cellphone location evidence tying Tamerlan Tsarnaev to those unsolved crimes. Not one of the costly post-9/11 surveillance programs based on suspicionless, warrantless monitoring stopped Tsarnaev from blowing up the marathon. But if the police leaks were correct in assigning him responsibility for the 2011 murders, plain old detective work likely would have.

If security agencies truly want to stop terrorism, they should eliminate all domestic monitoring that targets people who are not suspected of crimes. This would allow agents to redirect space and resources now devoted to targeting Muslims and dissidents into serious investigations of people actually known to be dangerous. It’s the only reasonable answer to the befuddling question: Why is it that so many of these terrorists succeed in killing people even though their names are on government lists of dangerous men?

After the terrorist attacks in November, the French government obtained greater emergency powers in the name of protecting a fearful public. Besides using those powers to round up hundreds of Muslims without evidence or judicial oversight, French authorities also put at least twenty-four climate activists on house arrest ahead of the Paris Climate Change Conference—an approach to squashing dissent that didn’t exactly scream liberté, and had nothing to do with political violence. As with the Boston Marathon and countless other attacks on Western targets, the men who attacked the Bataclan were known to intelligence agencies. In May 2015, months before the attacks in Paris, French authorities gained sweeping new surveillance powers authorizing them to monitor the private communications of suspected terrorists without judicial approval. The expanded surveillance didn’t protect the people of Paris. In France, as in the United States, the devolution of democratic law enforcement practice has opened up space that’s filled with political spying and methods of dragnet monitoring that enable social and political control. This is not only a boondoggle for unaccountable administrators of mass surveillance; it also obstructs the kind of painstaking detective work that might have prevented the attacks on the Bataclan and the marathon.

Our imperial government won’t ever admit this, but we must recognize that the best method for stopping terrorism before it strikes is to stop engaging in it on a grand scale. Terrorist attacks are the price we pay for maintaining a global empire—for killing a million Iraqis in a war based on lies, for which we have never apologized or made reparations, and for continuing to flood the Middle East with weapons. No biometrics program, no database, no algorithm, no airport security system will protect us from ourselves.

Eisler, Barry - Memo To Authoritarians: The "Oath" is to the Constitution, Not to Secrecy - 20130611

Eisler, Barry - Memo To Authoritarians: The "Oath" is to the Constitution, Not to Secrecy - 20130611

It's been interesting to read pundits like David Brooks of the New York Times and Josh Marshall of Talking Points Memo prattling about how whistleblower Edward Snowden violated his "oath" of secrecy.  I was in the CIA, and I can tell you there was no secrecy "oath," just a contract.  The oath was to protect and defend the Constitution against all enemies, foreign and domestic.

I find the misnomer revealing.  I don't think Brooks, Marshall, and the many others like them are misusing the word "oath" in a deliberate attempt to mislead.  My guess instead is that their deference to government secrecy is so strong that they reflexively equate a contract to maintain secrecy -- a nondisclosure agreement, really -- with something as strong as, say, a sworn oath to preserve, protect and defend the Constitution.  You know,like one the president takes.

In fact, I'd go further.  That these pundits aren't even discussing the real oath CIA and other government employees take -- the one to protect and defend the Constitution against all enemies, foreign and domestic -- suggests they don't believe such oaths are important enough to bother mentioning.  Now, admittedly oaths to protect and defend the Constitution are all very pre-9/11, but shouldn't an intelligent and honest pundit at least offer a nod of the head toward the fact that someone like Edward Snowden might have felt faced with two competing obligations -- his secrecy contract, on the one hand, and his sworn oath to protect and defend the Constitution, on the other?
Of course, if deference to governmental secrecy prerogatives trumps all other values, then there's no trade-off even to mention.
And look, even if you think that "oath" and "contract" are interchangeable terms (in which case you'd have to explain why Brooks, Marshall et al consistently use the former regarding secrecy while eschewing the latter, and why the drafters of the Constitution did the same with regard to oaths of office), you still have to explain why various pundits are so intent on referring to only one of the "oaths" while ignoring the other.
Here's another way of looking at it.  Say you're the employee of an intelligence agency.  You've signed a contract to maintain secrecy and also sworn an oath to protect and defend the Constitution.  And you become aware of a secret program that you believe violates the Constitution you have sworn to protect and defend.  Reasonable people can argue about how you might best redress that violation, but reasonable people can't deny, whether explicitly or implicitly, that you are faced with a dilemma and that, if you have a conscience, you should and hopefully will grapple with how to resolve it.
Here's a terrific piece from Daniel Ellsberg, the previous generation's heroic whistleblower, on why in revealing the scale of the NSA's secret spying on millions of innocent Americans, Snowden has done America such a noble service.
Maybe you'll disagree.  That's fine; there are competing interests in all cases of whistle blowing, and reasonable people might balance those interests in different ways.  But arguing as though a contractual obligation to maintain secrecy trumps all other values, including actual sworn oaths to protect and defend the Constitution, just makes you look like an authoritarian.  As well as a fool.

Eisler, B - Freedom of the Press Foundation 20160229

Author Barry Eisler talks about whistleblowers and secrecy at the Association of Former Intelligence Officers - 20160229

Author and former CIA officer Barry Eisler spoke at the Association of Former Intelligence Officers opposite ex-CIA and NSA director Michael Hayden on Monday. Below is an adaptation of his opening remarks about the importance of whistleblowers and government transparency. Eisler's new novel, "God's Eye View," inspired by the Snowden revelations, is available now on Amazon.

Thank you, it’s a real honor for me to be invited to address this group today along with General Hayden. I worked at CIA for only three years, and that was almost 25 years ago, so I barely feel like an actual former intelligence officer. Not that this stops people who hear about the CIA background from asking me at book signings who killed JFK, and which assassinations and coups I was involved in, and what the aliens at Area 51 really look like.

Today I’d like to share a few thoughts, not just as a former intelligence officer—to the extent I qualify for such a title—but also as a former technology lawyer, former startup executive, and current full-time thriller writer. What I have in mind are some issues I deal with in my latest novel, The God’s Eye View, which involves the NSA, whistleblowing, and some political skullduggery, plus the usual compelling characters, exotic locations, and steamy sex I like to think my stories are known for. Specifically, what I want to talk about is intelligence and propaganda—two endeavors I think are diametrically opposed and that we should take great care to distinguish.

I’ll start by talking about whistleblowing, and in particular about Edward Snowden. I’m confident there’s a range of opinion in this room about the merits of what Snowden did. A divergence of opinion about acts so consequential isn’t just inevitable; in a democracy, it’s desirable. So I’m glad to know we won’t all see eye-to-eye on Snowden, and that we’re able to discuss him and his revelations in the spirit of honest debate.

But regardless of how our views might differ, there are a couple of items I think the media has distorted—distortions that make honest debate more difficult. And those distortions are part of what I’d like to talk to you about today.

You might have come across a phrase involving Snowden—in fact, this phrase isn’t easy to avoid if you favor establishment pundits like David Brooks and Fred Kaplan and Josh Marshall—to the effect that Snowden violated his “oath of secrecy.” Even former CIA director David Petraeus has claimed—awkwardly, in retrospect—there is such an oath. I wrote about this supposed oath in a bit more detail after the first Snowden stories broke, in a blog post called “Memo to Authoritarians.”

All of us in this room know there is no “oath of secrecy”—that the notion of such an “oath” is the product either of ignorance or propaganda. There is a secrecyagreement—what here in Silicon Valley we typically call a nondisclosure agreement, or NDA. But to inflate the status of such an agreement to the level of an “oath,” akin to, say, the president’s oath of office, is false and misleading.

And worse, the false and misleading notion of an “oath” of secrecy obscures the existence of an actual oath—the oath we in this room have all taken, and continue to adhere to: the oath to protect and defend the Constitution.

Edward Snowden signed a secrecy agreement. He also swore an oath to protect and defend the Constitution. You might not think he got the balance right—that, despite the subsequent rulings of several federal courts, the programs Snowden revealed were not in fact unconstitutional. Or that a secrecy agreement should always trump an oath to protect the Constitution. Or that Snowden went about protecting the Constitution in the wrong way. We should have those conversations. They’re important. But what we shouldn’t do is to suggest, implicitly or otherwise, that an obligation to protect secrecy exists in a vacuum. We shouldn’t pretend that the oath to protect and defend the Constitution is unimportant, or worse, that it doesn’t even exist. To do so would be to get the facts wrong. And as intelligence professionals, we know that if we get the facts wrong, the likelihood of accurate, useful, effective conclusions becomes pretty remote.

Now, at this point I wouldn’t be surprised if at least some people here are wondering, “Well, Barry, that’s fine, but what if everyone did what Snowden did? What if every top-secret cleared federal employee took it upon herself or himself to declassify whatever she or he deemed to be in the public interest?”

It’s in interesting question. But I think it’s a misleading one. Here’s why.

First, because the question is essentially a fantasy. Whistleblowers are in fact incredibly rare. The government has been so draconian in its application against whistleblowers of the 1917 Espionage Act that the demonstrated risks and costs of whistleblowing deter almost everyone. So the reality is that only people of the most exceptional conscience, courage, and conviction have ever become whistleblowers, and only a handful ever will. To try to frame the question as some version of, “Well, what if there were in fact innumerable whistleblowers?” is therefore akin to discussing angels dancing on pinheads—not an exercise in which intelligence professionals would ordinarily engage.

Interestingly, the tendency to focus on the fantasy of what might happen rather than on the reality of what is happening is not unique to discussions of whistleblowing. It is also prominent in discussions of torture, where torture proponents try to frame the issue around a hypothetical that has never happened and will never happen—the ticking time bomb, where the government has captured a terrorist we know has planted a bomb, who we know can disarm the bomb, and who we know will tell us under duress where the bomb is and how to disarm it. And this fantasy then obscures the reality of the actual costs of torture—erosion of our adherence to our own laws and values; wild goose chases; alienation of indigenous populations and a drying up of potential walk-in sources of intelligence; and a propaganda bonanza for our enemies.

So: what reality does the “What if everyone were a whistleblower” fantasy obscure? Three things:

First, the reality is that the government classifies far too much information, frequently in violation of applicable laws governing what information may and may not be classified. We knew this long before Edward Snowden; we know it even more now. A little secrecy is necessary to protect democracy. Too much secrecy begins to strangle it. So rather than focusing on the fantasy problem of what might happen if more secrets were revealed, shouldn’t we be focusing on the real problem of what is happening because too many secrets are being created? Why do we blame whistleblowers for revealing things we might believe should be secret, while giving the government a pass on classifying things thatshouldn’t be secret? Why would we want to obscure the many harms caused by over-classification, including demonstrably horrendous decision-making like the Bay of Pigs invasion, nonexistent missile gaps, and the Gulf of Tonkin basis for our war in Vietnam?

In this regard, I have to say I think it’s a shame our discussion today isn’t being recorded and made available to other citizens with an interest in how former intelligence officers view these issues. It’s a minor moment in the scheme of things, yes, but closed-door discussions like this one are in some ways a manifestation of the problem. We’re a democracy. Wherever possible, we should favor openness over secrecy.

Second, the reality is that if we really are worried about the unauthorized disclosure of secrets, we should be prosecuting the thousands of officials who incessantly leak secrets favorable to the government. Instead, secrecy is enforced selectively, with the government prosecuting the few leaks it doesn’t like while smiling benignly on the thousands it does. In this regard, a Martian might find it strange that the Espionage Act has been deployed, say, against former CIA employee John Kiriakou, and not against former CIA director David Petraeus, whose misdeeds regarding classified information were at least equally noteworthy. Or against former CIA employee Jeffrey Sterling, but not againstHillary Clinton, who stored classified information on an unsecured personal email server. Or against any of the numerous government officials who leak supportive details about America’s drone assassination program, even as theCIA resists in court Freedom of Information Act demands about the most basic aspects of when, where, how, and whom the US government believes it can kill with drones. There are countless other examples of this apparent double standard, and our Martian might conclude that the only difference between the people prosecuted for leaking secrets and the ones who aren’t is that the latter class is more powerful, or leaks in a fashion the government likes. It would be hard to argue that the reality of such a one-sided and hypocritical enforcement of secrecy rules—or of any law—could be healthy for a democracy.

Third, the reality is that corruption and criminality flourish in secret, and that government corruption and criminality does far more damage to national security than any whistleblower ever could. One of the things we learned from Snowden’s revelations is that Director of National Intelligence James Clapper was lying in his Senate testimony about whether the NSA collects data on millions or hundreds of millions of Americans. Even Clapper himself subsequently acknowledged that his testimony was “untruthful.” When a whistleblower reveals that the head of American intelligence is lying in his testimony to a Senate oversight committee—a federal crime akin to perjury—I think as citizens we ought to focus more on how national security is being damaged by the lying than on how it might be damaged by the whistleblowing that exposes those lies.

But instead, in response to every whistleblower revelation ever, the government’s scripted response is to claim “grave” or “irreversible” damage to our national security, or “blood on the hands” of the whistleblower and the media that then reports on the whistleblowing, only to have those claims subsequently revealed to be alarmism at best. Just a few examples:

The rightness of Daniel Ellsberg’s whistleblowing regarding the Pentagon Papers has been vindicated by history, and today everyone understands that what was harming US national security was a war built on lies, not the whistleblower who exposed those lies.

Despite her role in catalyzing the Arab Spring, in exposing various government lies about civilian casualties in Iraq, and in otherwise educating the public about the actual policies being pursued in our name, Chelsea Manning faced the usual “blood on her hands” accusation for the Wikileaks Cablegate revelations—after which even former CIA director and former Secretary of Defense Robert Gates acknowledged that Manning’s actions caused no substantive damage.

After sharing unclassified information with a reporter about waste involving Trailblazer—an NSA program that was cancelled after the NSA Inspector General judged it an expensive failure—Thomas Drake was prosecuted under the Espionage Act. Eventually, the government dropped all charges, and Drake pled to a misdemeanor of unauthorized use of a computer. Once again, the harm lay in the corruption the whistleblower revealed, not in the whistleblowing that revealed it.

Given all this, our hypothetical Martian might wonder if the seemingly obligatory government “blood on his hands” scaremongering might be intended to distract from the governmental wrongdoing whistleblowers reveal. Were Martians possessed of a sense of irony, ours might also wonder at the spectacle of a government that kills hundreds of thousands of innocents in the course of endless wars suggesting that the real blood-on-their-hands culprits are the people blowing the whistle, and not the politicians forever blowing the war trumpets.

So to distort facts, to overlook inconvenient facts, and to focus on fantasy hypotheticals while ignoring actual costs are dangerous habits for intelligence professionals. Indeed, I would argue that these habits are a form of propaganda, which we should understand to be abhorrent in part because propaganda is the opposite of intelligence.

In this regard, I want to discuss one a related tendency I think intelligence professionals should be on guard against: the recruitment of language in service of political ends. You don’t have to have read George Orwell’s Politics and the English Language to know there are always euphemisms available to us by which we can obscure the true nature of our actions. But the purpose of language for intelligence professionals is not to describe the world as we wish it, but rather insofar as possible to describe the world as it is.

There are so many suspect phrases worth a second look in this regard—enhanced interrogation techniques vs torture; detainees vs prisoners; targeted killing vs assassination; interventions vs wars; regimes vs governments; tribes vs factions; data collection vs surveillance; collateral damage vs innocent human beings burnt to death and blown into little pieces; the notion that terrorists somehow magically “self-radicalize” rather than being radicalized by our policies of assassinations, bombings, invasions, and occupations, as a Rumsfeld-era Pentagon study unsurprisingly found…you could write a book on this topic, and probably someone should (at least in the meantime we have an interim list of NSA-speak compiled by two ACLU lawyers). But we don’t have time for that today, so for the moment I’d like to focus on just a few descriptive phrases I find troublingly misleading and that I think are worth reconsideration.

The first is former NSA director Keith Alexander’s famous notion that “You need the haystack to find the needle.” This phrase has been picked up and propagated by legislators, lawyers, and journalists, and has undoubtedly shaped the public’s understanding of the nature of bulk surveillance (or, as the NSA might call it, “data collection”). And it’s an appealing notion at first glance, isn’t it? There’s a farm, or maybe a barn, with a bunch of hay scattered around, and General Alexander just wants to sweep up the hay into a neat pile and find the needle in it. Nothing menacing about that, is there? In fact, removing that nasty steel needle from all that soft, organic hay might even prevent someone from getting stabbed in the buttocks.

But think about it. “Needle in a haystack” is just a phrase intended to denote an item hard to find against a given background. There is no organic connection at all between needles and hay, so saying, “To find the needle, we have to collect all the hay” makes about as much sense as saying, “To find the needle, we need to collect all the bicycles.” After all, there’s about as much chance of a needle being in a haystack as there is of a needle being in a collection of bicycles. So either Keith Alexander is suggesting we need to collect a dataset that has nothing to do with the data we’re actually looking for—or he’s instead suggesting that we what we really need is to collect everything. But because the American people might find objectionable the notion of the government collecting everything about our electronic communications, online behavior, and physical movements, it’s easier to frame the program as something limited, something out of an Andrew Wyeth painting, rather than as something out of, say, Nineteen Eighty-Four.

Secret slide (troubling)
Public painting (reassuring)One other such phrase I’d like to comment on is the title of the book we’re all looking forward to hearing former director Hayden discuss with us today:Playing to the Edge. This is of course a reference to General Hayden’s notion that he will always play the game of intelligence within the rules—but so aggressively, so “close to the line,” that he will get “chalk dust on my cleats.”

As a student of what makes an effective book title, I want to start by saying that I think Playing to the Edge is a killer title, and my reservations about the notion of playing to the edge, and chalk dust on my cleats, has nothing to do with any shortcomings in terms of selling the book.

Instead, my concern is that I think the imagery, while powerful, is misleading. Because in a game of football, which is what the imagery seems most closely tied to, or in any game played on a field with lines, there are two critical components: spectators, and a referee.

That is to say, a game on a field is being watched by an audience and monitored by a judge. But in the game General Hayden was playing while head of the NSA and then head of the CIA, these two critical components did not and do not exist. Until Edward Snowden revealed it, the bulk surveillance game was played in secret. Not only was the American public not permitted to watch from the bleachers or on television, the American public was not even permitted to know of the game’s existence.

As for a referee, the closest approximation in the American intelligence game would be the entity commonly known as the FISA court. But the FISA “court” itself meets in secret, issues rulings that are kept secret, and permits no adversarial process at all. And if you think a term like “rubber stamp” is too harsh for a body that has denied only eleven out of something like 33,400 government surveillance requests—an approval rate of 99.97%—then another way to understand the FISA body’s function is as something more akin to the Justice Department’s Office of Legal Counsel, or some other executive administrative office. In fact, I would argue that the term “FISA court” itself is propagandistic, intended to suggest to the public that intelligence programs have been blessed by the judiciary—that is, that they are being refereed, and that the referee will impose penalties for rules violations—when the truth is, this is not at all the case.

In fact, if you think about it, an executive intelligence agency getting a blessing from another arm of the executive is not so different from say, a novelist setting up a review page to praise his own novels. There’s a word for this in the book business, by the way—it’s known as sock puppetry, and is widely and rightly frowned upon. But the game General Hayden was playing is vastly more important, with vastly greater consequences, than the game played by novelists. The intelligence game as played in a democracy requires an audience and a referee if we’re to ensure that We, the People are satisfied it is being played as we want it to be played—indeed, if the people are going to have any say in the game at all—and I’m concerned that General Hayden’s vivid imagery might suggest to people who don’t know better that the game he refers to has an audience and is adjudicated by a referee when in fact it has neither.

There are so many related examples of propaganda creeping into intelligence I think are worth discussing: the notion that Dianne Feinstein was being unacceptably emotional when she reacted to Americans torturing prisoners (or, as it’s more commonly known, “conducting EITs on detainees”)—while we view the wars we launched in Afghanistan and Iraq immediately following 9/11 the products only of pure logic, reason, and dispassion; that former CIA director James Woolsey, in calling for Snowden to be “hanged by the neck until he’s dead, rather than merely electrocuted” is perhaps himself just slightly in the grip of ungovernable and undesirable emotions; that a failure to deploy killer sky robots or otherwise go to war is identical to “inaction,” as General Hayden suggested in a recent New York Times op-ed; that the mission patches released by organizations like the National Reconnaissance Office, depicting creatures like demons, raptors, the Grim Reaper, and a giant, angry octopus strangling, eating, and/or assaulting the earth, are perhaps telling us something we ought to heed about the collective id of what we refer to in our friendly, benevolent way as the “intelligence community.”

But I want to make sure there’s time for Q&A because I imagine not everyone here will see these issues in quite the same way I do. Which, again, in a democracy is something I see as both inevitable and desirable. So thank you for listening and for considering my thoughts, and I’ll look forward to hearing yours now, too.