Snowden and the State of American Intelligence
The U.S. intelligence agencies, even more so than the rest of the American government, run on a set of self-constructed rails. External events add or subtract velocity or heft to their train. Technology changes its amenities. But the engineers and direction remain.
With his revelations, now-notorious National Security Agency (NSA) whistleblower Edward Snowden revealed some interesting details about how far into new terrain some of the existing tracks had gone, and about the train’s new technologies. The ensuing hue and cry, however, is destined to be cosmetic, because all involved are invested in the intelligence community’s operations and no one in the U.S. political system has enough interest and knowledge to change the tracks, the train, or the engineers. Herewith, then, is a glance at the tracks on which these agencies have run in recent years, and at the problems that massively increased resources have only exacerbated.
Bigger… but not necessarily better
Since 9/11, the U.S. intelligence community—including contractors—has doubled in size into a complex that spends upward of $80 billion per year and the boundaries of which are impossible for anyone to define. Yet no one contends that U.S. intelligence serves America twice as well, or indeed any better at all, than when it was half its present size.
In July 2010, the Washington Post published a lengthy three-part series entitled “Top Secret America,” in which a dozen reporters tried to identify the boundaries and functions of a massive, bewildering network of classified activities.(1) They ended up with more questions than answers. The report’s inconclusiveness about the balance between cost and benefit, good and harm, was fact-based and honest.
Having supervised the entire intelligence community’s budget on behalf of the U.S. Senate for eight years, I found this report superior to any account ever produced by Congressional oversight committees. Why? Because the fourteen volumes with classified annexes published by the original committees, led by Representative Otis Pike (D-NY) and especially Senator Frank Church (D-ID), were partisan documents, aimed not at measuring the intelligence agencies’ activities against what intelligence should do for America, but rather at indicting the people and activities that leftists inside and outside these agencies meant to sideline and replace with their own ilk. This they did.
The intelligence agencies are no different from the rest of the federal bureaucracy, except for the secrecy that necessarily surrounds them. Since this largely frees them from having to explain what they do to outsiders, they end up often not explaining it adequately to themselves either. The senators and congressmen on the oversight committees have time mostly for the agencies’ dog-and-pony shows, as well as for the agencies’ contractors, who reinforce those narratives with campaign contributions. The agencies, thus unchallenged, routinely confuse their most parochial interests with all that is right and needful. The results are that bureaucracy’s typical ills—programs with their own momentum, post-
retirement relationships with contractors, empire-building, reflexive defensiveness, jealousy, and so on—are present in spades in the intelligence community.
After 9/11, Congress poured additional billions of dollars into a system that had failed to “connect” the plentiful “dots” about the hijackers it had had in its possession, in the forlorn hope that making it bigger would also make it better. For example, it funded a National Intelligence University, postulating that such an institution would produce a deeper, truer, more useful understanding of the craft. Alas, it simply trains people to staff the present system’s ever-
inflating apparatus by perpetuating its customs and verities.
Foremost among these is the assumption that more and better access to secrets is the key to America’s success. But that is even more unfounded with regard to the present-day struggle against terrorists than it was during the Cold War. In those years, the U.S. never lacked basic information about who our enemies were, or about their intentions or capabilities. Hence, much of the collection—strictly military intelligence aside—dedicated as it was to monitoring arms control treaties and to subtle (often imaginary) variations in foreign leaders’ attitudes, disproportionately fed struggles among intelligence analysts over whether U.S. policy should be “harder” or “softer” toward the communist world. In turn, these struggles were little more than reflections of divisions in U.S. domestic politics. Knowledge of the Soviet Union, secret or not, was irrelevant to these struggles or to the Cold War’s outcome.
The essence of the matter is quite simply that the key to success in international affairs is intelligence in the ordinary sense of the word, rather than intelligence in the sense of access to secrets. Without the former, the latter only adds to confusion.
Seeds of corruption
Here, we must interject a distinction between what the budgeteers call the “National Foreign Intelligence Plan” (NFIP)—which includes the CIA, most of the NSA, the Defense Intelligence Agency, the Foreign Counterintelligence division of the FBI, as well as the intelligence arms of the Treasury and State Departments, etc.—and the Defense Department’s “Intelligence Related Activities” (or IRAs).
These activities, which take up about half of the total intelligence budget, focus on multi-spectral reconnaissance of potential targets, as well as on coordinating target information with the fire control systems of various weapons. They also involve all manner of intelligence and counterintelligence that are integral parts of combat units. The drone program—whose craft were initially unarmed—was part of IRA. Such programs, because of their proximity to combat, are often extraneous to the practices that vex those in the NFIP, which we will consider below.
The reason NFIP programs are so vexed is the distance between what they do and the uses that other agencies make of them. The Central Intelligence Agency and the system of which it is the lynchpin embody the notion that intelligence should be separate from operations. It is a novel, uniquely latter-day American notion. That is why keeping in mind the distinction between the two sets of programs—one tied to operations and responsible for their success, and the other separate from them—is essential to understanding U.S. intelligence.
The problems, past present and future, with what we usually call U.S. intelligence—the CIA et al.—as well as their imperviousness to correction, stem from their lack of connection to action. The consumers can specify the results they want. But they cannot interfere in how the producers proceed. In the end, the consumers must take what is given to them. In short, these programs have the characteristics found in all producer-dominated systems: they do the things they do because that is how they want to do them.
No less important is that they are not subject to independent quality control. The 1947 National Security Act gave the CIA a legal monopoly on the collection of intelligence from human sources. (The exception, battlefield intelligence, has become more important in recent years.) Some 97 percent of its corps of “clandestine” human collectors, or case officers, merely pretends to be employees of other U.S. government agencies. This is what is called “official cover.” During the Cold War, this “cover” gave them little chance to try recruiting spies among communists. In our time, it gives them no chance whatsoever to recruit spies among terrorists. So, as they did during the Cold War, CIA case officers are limited almost exclusively to dealing with people who offer themselves as potential spies, as well as with people whom foreign intelligence services pass on to them as spies. They also interrogate persons whom such sources have fingered as terrorists, from which interrogations they may direct the capture of others, whom they then also interrogate. And so forth. They call this human intelligence.
The insoluble problem with this is that the CIA has no control over the number and quality of the would-be spies who offer themselves or are proffered by others, and is limited to whatever they provide as it tries to meet the requirements levied by policymakers and the military. Perpetual hunger for information, met in only this way, sets up an inherently unhealthy conflict between the need to make sure that the take is neither trash nor outright disinformation, and the necessity of sending reports up the line. That is why, conflict of interest notwithstanding, the CIA assigns quality control of human intelligence to the very people who collect it—and why it has never formed a bureaucratically independent quality control element.
The technical side of intelligence collection is beset by a remarkably similar problem: namely, that the means of collection are well known to the targets of collection. In short, NSA’s modus operandi for communications intelligence has always, overtly, focused on capturing and recording as many electronic transmissions as possible, and then on sorting the take to isolate and analyze communications that are of intelligence interest. Hence, any sentient being who knows that his or her communications might be of interest to U.S. intelligence has always known not to put them onto the electronic spectrum in a way that lets the NSA use them. As we will see below, the means available for hiding electronic communications from the “big ear” have improved dramatically over the years.
This, in turn, means that any electronic communications that the NSA’s “big ear” intercepted from America’s enemies has been subject to the question: is this interception the result of the subject’s ignorance, inadvertence, error—as happened when Osama bin Laden’s courier used his own cellphone to discuss his contacts with his master—or is it part of an effort to mislead the United States? Alas, U.S. intelligence is as allergic to quality control in electronic communications intelligence as it is with regard to human intelligence.
This question became lively prior to July 4, 2013, when the interception of a self-advertised electronic “board meeting” of al-Qaeda told the NSA that a massive wave of attacks on U.S. embassies around the world would be staged on that holiday, leading the U.S. government to shut down 21 of them. Embarrassment abounded when the portended day of doom passed as uneventfully as Y2K. By contrast, no interception occurred to warn America of the massive wave of attacks on embassies that did happen on September 11, 2013.
What happened on a CIA base near Khost, Afghanistan, on December 30, 2009, offers an insight into how U.S. intelligence is serving America in our time. For the previous eighteen months, the CIA had been relying on an agent, passed on from Jordanian intelligence, for information on the basis of which the U.S. Air Force targeted drone strikes in Pakistan and Afghanistan. So important had this source become that the CIA invited him into a conference with seven of its officers. Upon arrival, the source blew up the seven, along with himself. Had the agent continued to play along, the CIA ignorantly would have continued targeting innocents and making more enemies for America.
Missing the story
The NSA programs that Edward Snowden publicized are seamless, inertial continuations of long-standing ones. The harm that they may do to innocent Americans is no more intentional—and done no less irresponsibly—than what CIA intelligence has caused to innocent Afghans. What good they do for America’s security is no less incidental.
Already by the 1970s, the NSA’s main programs for communications intelligence against America’s enemies were yielding rapidly diminishing returns. Although its computing capacity was keeping up with the explosion in the amount of innocent traffic, enemy traffic was increasingly encased in unbreakable codes. By the decade’s end, when the last of our secret geosynchronous COMINT satellites, Chalet, was revealed by a combination of espionage and New York Times reporting, enemy traffic in the clear had well-nigh disappeared. So, by the 1980s, the several “big ear” programs were yielding just half of COMINT reports. As long-term technical trends continued, the proportion continued to drop.
These same trends were radically increasing the effectiveness of targeted COMINT—various kinds of “bugging.” But the NSA transferred resources out of “big ear” programs only slowly and reluctantly, because designating targets for surveillance explicitly is almost the same as designating enemies, and the government prefers to do this implicitly. Bureaucratic inertia also contributed, as contractors and managers of current programs fought for their rice bowls. These are programs in which countless officials have built careers within the agency, programs that offer these officials the post-retirement jobs by which they cash in on their service; programs whose contractors are major contributors to members of the House and Senate Intelligence committees.
The bureaucratic factor was so strong that it delayed and eventually killed even software programs for pre-screening the “big ear” programs’ gargantuan and nearly entirely useless take. The purpose of these programs, the best known of which was called “Thin Thread,” was to reject and not record the vast bulk of data vacuumed up that no one envisaged ever analyzing. No matter; bureaucratic interest has zero tolerance for threats.
The government’s reaction to 9/11 doubled down on bad habits. Instead of designating enemies and targets of surveillance, our government officially supposed that it really did not know from where terrorism came, that it could come from anywhere, and that therefore intelligence ought to expand rather than to refine its focus. That expansion came at the expense of ordinary Americans.
Twenty-first century technology was all too ready to serve this purpose. The various means of mass collection from satellites, microwave towers and fiber optic networks were now scooping up not just a high percentage of phone calls to, from, and through the U.S., but uncountable amounts of Internet traffic as well. New data storage technology was enabling the NSA to compress it and keep it. No software existed to screen out the communications of ordinary Americans and corporations. If it had, the same logic that gets grandma palpated at the airport would have dictated that everyone’s communications be treated as those of potential terrorists. The NSA is no different than the TSA. And so it has been.
One factor, however, protected at least some of the communications of innocent Americans, as it does those of America’s enemies: encryption. Nowadays, all electronic financial transactions move over encrypted circuits, as do all communications that anyone deems worthy of protection. If the encryption is state-of–the-art, it is unbreakable. By the 1970s, the art of computer code-making had surpassed that of code breaking. When private cryptographers were ready to release the Data Encryption Standard, a mathematical formula that is still practically unbreakable, the NSA asked Congress to pass a law to force its developers to embed in it a feature called a “clipper chip” that would provide a “back door” (accessible by court order) for the government into that formula. Congress refused adamantly. Because of solid confidence in the reliability of American encryption products, they became the world standard for communications security.
But this confidence turned out to have been misplaced because after 9/11 the NSA, acting covertly (though not illegally) through business relationships with the encryption industry, managed to insert precisely such a “back door” into its main products, circumventing its lack of legal authority to do so. It was able to do it by persuading RSA, the leading U.S. developer of advanced codes, to adopt an algorithm that had been developed by the NSA itself as the basis for developing the Deterministic Random Bit Generator (Dual EC DRBG) that generates “random numbers” for RSA’s industry-standard security products. With the NSA’s blessing, these products sold widely within the U.S. government and throughout the civilian world. The top Internet companies bought them as well.
According to computer security expert Bruce Schneier, the RSA/NSA approach to generating random numbers features “a bunch of constants—fixed numbers—[that] have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output.”(2)
This is a very big deal. Of course, as soon as Snowden’s revelations had confirmed the suspicions of computer professionals, users of encryption products scrambled to rid themselves of RSA/NSA tainted products. In time, they will. But will the U.S. government stop trying—lack of law notwithstanding—to find “back doors” into encryption products? The 2013 Presidential Panel on NSA surveillance chose to emphasize in a New York Times op-ed that “we should make it clear that the United States will not in any way subvert, undermine, weaken or make vulnerable generally available commercial encryption.”(3) Failure to protect encryption would destroy more than confidence in the U.S. security products industry. It would confirm that the relationship between Americans and their government is adversarial.
And yet, no less than the Wall Street Journal clamors for ever-wider intrusion, claiming that “more” collection and capacity to look into more nooks and crannies is a viable substitute for good judgment about where you should be looking—to put it bluntly, for explicit profiling.(4)
That claim is the reverse of the truth. In fact, mere expansion of collection leads naturally to focusing on the data that is available most easily and plentifully—in other words, for picking low-hanging fruit. The lowest-hanging fruit happens to be data on ordinary Americans. That is why federal agencies scramble for access to the NSA’s trove in order to better enforce their burgeoning regulations. Security bureaucrats, being as lazy as any other kind, will find “suspects” where the finding is easy—by profiling of the implicit kind.
As our ruling class applies the term “terrorist” ever more promiscuously and conveniently to its own domestic competitors, it would be surprising if data gathered by mere inertia resulting from garden-variety corruption is not used for the most nefarious of purposes.
Edward Snowden gave the public a chance to consider what intelligence is for, and how well our intelligence establishment is meeting the nation’s needs. The problem is, such consideration can take place only to the extent that the people’s elected representatives and the media take the trouble to understand the issues. So far, they have not.
Angelo M. Codevilla is professor emeritus of international relations at Boston University and a member of the Hoover Institution’s working group on military history. A former professional staff member of the U.S. Senate Select Committee on Intelligence, he was instrumental in creating the programs for space-based missile defense, and supervised the intelligence community budget. He is the author of thirteen books, including Informing Statecraft, The Ruling Class and, most recently, To Make and Keep Peace Among Ourselves and With All Nations.
1. “Top Secret America,” Washington Post, July 18-20, 2010, http://projects.washingtonpost.com/top-secret-america/.
2. Bruce Schneier “Did NSA Put a Secret Backdoor in New Encryption Standard?” Wired, November 15, 2007, http://archive.wired.com/politics/security/commentary/securitymatters/20....
3. Richard Clarke et al. “Protecting Citizens, and Their Privacy,” New York Times, December 19, 2013, http://www.nytimes.com/2013/12/20/opinion/protecting-citizens-and-their-....
4. “Disarming Surveillance,” Wall Street Journal, December 12, 2013, http://online.wsj.com/news/articles/SB1000142405270230440380457926222273....