We’re At Greater Risk”: Q. & A. with General Keith Alexander
New Yorker Online, May 15 | Mattathias Schwartz
Since Edward Snowden’s revelations about government surveillance, we know more about how the National Security Agency has been interpreting Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act. We’ve learned some new words —“bulk metadata,” “selector,” “reasonable articulable suspicion,” “emphatic-access restriction”—but we don’t really know how much of this works in practice.
The intelligence community isn’t used to explaining itself in public, but over the past few months, with much prodding by Congress and the press, it has taken some small, tentative steps. Last week, I spent an hour with General Keith B. Alexander, who retired in March after eight years as the director of the N.S.A. The forces pushing for omnivorous data collection are larger than any one person, but General Alexander’s role has been significant. We met on Wednesday morning, in the conference room of a public-relations firm in the Flatiron District. He is a tall man with a firm handshake and steady eyes who speaks rapidly and directly.
Here are excerpts from the interview.
In January, President Obama claimed that the N.S.A. bulk-metadata program has disrupted fifty-four terrorist plots. Senator Patrick Leahy said the real number is zero. There’s a big difference between fifty-four and zero.
Those [fifty-four events] were plots, funding, and giving money—like the Basaaly Moalin case, where the guy is giving money to someone to go and do an attack. [Note: Moalin’s case is awaiting appeal.] It’s fifty-four different events like that, where two programs—the metadata program and the 702 program—had some play.
I was trying to think of the best way to illustrate what the intelligence people are trying to do. You know “Wheel of Fortune”? Here’s the deal: I’m going to give you a set of big, long words to put on there. Then I’m going to give you some tools to guess the words. You get to pick a vowel or a consonant—one letter. There’s a hundred letters up there. You’ll say, I don’t have a clue. O.K., so you’ve used your first tool in analysis. What the intelligence analysts are doing is using those tools to build the letters, to help understand what the plot is. This is one of those tools. It’s not the only tool. And, at times, it may not be the best tool. It evolved from 9/11, when we didn’t have a tool that helped us connect the dots between foreign and domestic.
Around 9/11, we intercepted some of [the hijackers’] calls, but we couldn’t see where they came from. So guys like [Khalid al-]Mihdhar, [one of the 9/11 hijackers who was living] in California—we knew he was calling people connected to Al Qaeda in Yemen. But we thought he was in the Middle East. We had no way to connect the dots. If you rewound 9/11, what you would have done is tipped the F.B.I. that a guy who is planning a terrorist attack is in San Diego. You may have found the other three groups that were with him.
The C.I.A. could have simply told the F.B.I. that al-Mindhar was in the country. Which they didn’t do, for whatever reason.
But, you see, not everybody is looking at the same picture. So you’re thinking, We’re solving this puzzle. C.I.A. is over here, solving this puzzle. There are a lot of these puzzles that many of us are trying to work. Thousands at any given time. You might ask: What’s the best way for you to figure out who bad guys are? I’m going to tell you there’s a bad guy. What would you start with? You’d say, Well, I need to know who his network for friends are, because chances are many of them are bad, too.
Metadata is the least intrusive, most efficient way to do it. You don’t want to translate millions and millions of calls; you want to get to the most efficient approach. Then, once you know that’s a terrorist, then you can go and get content. So how can you do that in the U.S.? The first thing that people will say is: if you take our data, you’re going to be looking at what we’re doing. You’ve entered into a huge debate—a constitutional debate. You’ve got the Fourth Amendment. So the Administration and Congress set up a program where all three branches of government agree to the approach, such that it comports with the Constitution.
[Earlier this year, the Privacy and Civil Liberties Oversight Board (P.C.L.O.B.) recommended that the N.S.A. reduce its ability to dig into a targeted number’s chain of contacts. Previously, analysts had three hops—they could see a target’s friends’ friends’ friends. The P.C.L.O.B. recommended reducing this to two hops—a target’s friends’ friends. President Obama agreed.] Are we less safe now with two hops than we were with three hops?
I don’t think so. You can always go to the court with a reasonable articulable suspicion (R.A.S.) on a number. You just have to go through another step. But I think it’s doable. So I actually agreed with that.
Let me give you another case: Najibullah Zazi. [Note: Zazi was one of three men who pled guilty to plotting to bomb the New York City subway in 2009.] This one is in Colorado. And so this gives you the 702 [program]. We’re tracking a guy who is doing e-mail with somebody. And we think, Oh, we think he’s in the U.S. They’re talking about making for a bomb.
Zazi is e-mailing about quantities and ingredients.
We get this e-mail, and there’s a number in that, and we see all that and we pass that to the F.B.I. We say, Doesn’t it look like there’s something there? And they come back and say, Zazi, that number’s his. He’s associated with them. Based on that, we were able to get R.A.S. on that number, get it approved, and see that Zazi’s talking to this guy Adis Medunjanin.
There are people on one side saying that these N.S.A. programs could have stopped these plots. And then there are people who dispute that.
We know we didn’t stop 9/11. People were trying, but they didn’t have the tools. This tool, we believed, would help them. Let’s look at what’s happening right now. You ought to get this from the START Program at the University of Maryland. They have the statistics on terrorist attacks. 2012 and 2013. The number of terrorist attacks in 2012—do you know how many there were globally?
How many?
Six thousand seven hundred and seventy-one. Over ten thousand people killed. In 2013, it would grow to over ten thousand terrorist attacks and over twenty thousand people killed. Now, how did we do in the United States and Europe? How do you feel here? Safe, right? I feel pretty safe.
But the P.C.L.O.B. said that there weren’t any more plots [that were disrupted by the N.S.A. programs]. I don’t know if these are things that couldn’t be shared.
They should have had access to those.
I imagined they would have.
Sometimes, people don’t ask all the right questions.… Going back to “Wheel of Fortune,” 702 is like getting the free vowels. It helps you get all the key things that you need. It’s the base program. And, then, all the rest of your things are one-offs. Like the [telephone-metadata program]. It’s going to give you a piece, but it’s probably not going to be the key piece. It’s a starting point.
[Glenn] Greenwald has made a pretty good argument: if all this data is being controlled so carefully, then how was I able to get so much from this one person who had been taking it from the N.S.A. for months, unawares.
But he didn’t get this data. They didn’t touch—
The operational data?
They didn’t touch the FISA data. What they could have gotten was a report. But they didn’t get the database. That database, he didn’t have access to.
What could have conceivably happened [with the fifty-four cases] if the Section 215 bulk-metadata program weren’t there?
That’s conjecture. But think of the underwear bomber. How much do you think that cost if that had been … or the printer bomber, or the subway bomber?
But the printer and underwear bombers, those aren’t 215 cases.
The Zazi subway case is, and there’s a whole series of those.
The Brandon Mayfield case [in which a man in Oregon was wrongly accused of involvement in a bombing in Spain] got a lot of attention. Does anyone have a comprehensive list of false positives? Cases where the data led to an innocent person being arrested and accused of terrorism?
We always review the data that we get. We’re always doing that to see what we did, what we didn’t do. We’re focused on: How do you help stop a terrorist attack? Save a life? There are a lot of terrorist acts going on around the world. Some are pointed toward the United States. [Note: After the interview, General Alexander said that he did not know of anyone who had been falsely accused because of the Section 215 program.]
If, at some point many, many years in the future, there were no threats facing the United States abroad, who would ever tell the American people, given that we have such a large apparatus designed to detect these terrorist plots in their most gestational form?
It would be really easy. Here’s how: Do you have a reasonable articulable suspicion to go look at something? If you have none, there would be no queries. The court, for you to query, you have to have that level of confidence that what you’re going after is going to do something bad to you.
The court’s not quite very transparent, though. It’s hard to know—
Well, they are a court that’s set up to handle classified material.
Right.
Let’s go back to World War II and the German Enigma code. Would you agree that keeping that code secret was in our best interest to win the war?
The fact that we cracked it? Yes, absolutely. I agree.
O.K. And you may recall that, in 1942, [the German naval commander] Karl Dönitz came up with the thought that we’d cracked it, so he added a fourth rotor. We didn’t break that fourth rotor for nine months. And the war in the Atlantic shipping lanes—it went in the Germans’ favor. The tonnage that was sunk by the German U-boats over that nine months was significant. Then we broke the fourth rotor. Dönitz didn’t ask himself, Well, could they have broken the fourth rotor? And the rest of the war in the Atlantic, you know how it went. Those clues, the fate of a nation, and, I think, of the Western world, hung on that one key piece of information.
Now let’s go forward. How do you do enough against terrorists without telling them how you’re doing this? This is the issue that I have with leaking classified material, with what Snowden has done. I’ve had forty years of doing this. And some of those were good years.
This must be a very personal thing for you.
Yup. So think about how secure our nation has been since 9/11. We take great pride in it. It’s not because of me. It’s because of those people who are working, not just at N.S.A. but in the rest of the intelligence community, the military, and law enforcement, all to keep this country safe. But they have to have tools. With the number of attacks that are coming, the probability, it’s growing—
I’m sorry, could you say that once more?
The probability of an attack getting through to the United States, just based on the sheer numbers, from 2012 to 2013, that I gave you—look at the statistics. If you go from just eleven thousand to twenty thousand, what does that tell you? That’s more. That’s fair, right?
I don’t know. I think it depends what the twenty thousand—
—deaths. People killed. From terrorist attacks. These aren’t my stats. The University of Maryland does it for the State Department.
I’ll look at them. I will. So you’re saying that the probability of an attack is growing.
The probability is growing. What I saw at N.S.A. is that there is a lot more coming our way. Just as someone is revealing all the tools and the capabilities we have. What that tells me is we’re at greater risk. I can’t measure it. You can’t say, Well, is that enough to get through? I don’t know. It means that the intel community, the military community, and law enforcement are going to work harder.
So when people ask me that—including the President—would you give this up? I told them, Here’s my professional assessment of why—
Give what up?
B.R.-FISA. The Section 215 program. I said no.
Now, are there things we could do that don’t impact our security, but impact civil liberties and privacy? That’s what we’ve put on the table. I’m O.K. with that. I don’t care who keeps the data. You can have the service providers keep the data. And we’ll just do it like this. That’s fine; it’s their data. But you got to have the agility.
Congress is talking about reducing the amount of time that the metadata is kept, from five years to eighteen months.
Eighteen months to two years. That’s where they’re looking at. I’m O.K. with that. We sat down with our analysts. We asked, What are you comfortable with? I said, Now, tell me, because, you know, if something bad happens everybody in the world is going to ask: Why didn’t you tell us?
So we have to explain everything that we can, because I believe the terrorist attacks are coming. You’re going to be in an interview with my successor and say, How could you let this happen? And they’re going to say, Well, you eliminated all the tools to catch the terrorists! You don’t have to be a brain surgeon to figure that out.
Are there are other things that you can point to when you say that you believe more terrorist attacks are coming?
Look at the way Al Qaeda networks. From Al Qaeda in the Arabian Peninsula, Al Qaeda in the Islamic Magreb, and now in Syria, the al-Nusra front. Look at the number of jihadists going into Syria and what they want to do. When put all that together, yeah, you can say those are distant countries, but a lot of these groups are looking to attack the United States. I take that threat very seriously.
You said that there are more cases. And Clapper has said that there are more, and that these additional cases are classified. Is there anything you can say about these cases?
They’re ongoing things now.
Ongoing things.
From my perspective, this program is helpful in seeing things that we couldn’t see otherwise.… I lost a lot of friends in 9/11. I’m not going to make a mistake and say, Yeah, I’ll give it up—yeah, there’s nothing there. I do think it’s helpful. I do think our nation and our allies are at risk.
Here’s another thing: thirty-seven different times, sixteen federal judges have approved this program and found it to be constitutional. And they see what we’re doing with it. They get to see it all. What our country put together is: because some things need to remain classified, we’re going to give you a process to do it. That process will include the courts, Congress, and the Administration. Now, we can argue about how much Congress got to actually see it—
Congress is bucking pretty hard now.
—but my comment to Congress is: You had the material. If you didn’t read it, you should go back and look at it. I would ask you to talk to guys like Senator Franken and others. They went down and read it, and said, All the material is here.
All the material on what?
The program. What we’re doing with the program. I think there’s probably more we can do to help them to understand. You know, when you explain something, you think, That’s obvious. And it may not be as obvious as we think.
Yeah. Some of the people who have access to this classified material say that, if you could see what we see, you would believe us. And some, like Senators Wyden and Udall, say otherwise.
And that’s the Enigma problem. That’s the Enigma, right?
Yeah, although it’s not—
No, think about Enigma. They even let people die to keep that secret…
The key difference in the analogy that you’re trying to make is the size of the threat. There are a couple orders of magnitude separating the Nazis and Al Qaeda in the Islamic Magreb.
I think, you know, a life is a life. How many does it take to make it worth it? So, when you look at the oversight and compliance here, think of it this way.
Your number, my number, they have never been approved for reasonable articulateable suspicion. Unless, of course, you’re talking to a terrorist.
I’ve probably talked to people who could be construed as terrorists—
Well, no, I’m not a terrorist—
—or at least narco-terrorists.
—but, you see, they’re not Al Qaeda.
No, not—
Well, did you talk to al-Zawahiri?
No, I haven’t.
If you know where he is, that would be helpful. [Laughs.]
[Laughs.]
…Remember, under three hundred numbers each year were approved for B.R.-FISA queries in 2012. Every one of those is audited. Each one has got to have a written rationale for why we’re doing it. This is the most overseen program, I think, in our government. Now Congress is saying they’re not sure they understood it. O.K. So go back and debate it. And then, if something bad happens, then my comment would be, O.K., you took away that tool. But if there’s a terrorist attack, know that you made our job harder. I really am concerned that something bad is going to happen. And I don’t want to be Chicken Little. But I do think people need to know that we’re at greater risk, and there’s a lot more coming my way. It’s easy to stir up public emotion by saying: They’re listening to your phone calls. They’re reading your e-mails. And the answer is, if they’re doing that, they should be punished. Unless there is an authority to do it.
No comments:
Post a Comment