A bunch of people have been discussing Stanford Professor Jennifer Granick’s account of a dinner she had with NSA Director and CyberComander Keith Alexander. The main storyline describes how, three weeks ago, Lying Keith promised Granick that seeing the Primary Order for the Section 215 dragnet would make her more comfortable with the program.
It didn’t work out how Lying Keith might have liked.
I had a chance to read the Primary Order the next day, and rather than reassure, it raised substantial concerns. First, it did not set forth any legal basis for the phone record collection, which Christopher Sprigman and I have argued is illegal. Second, it confirmed that the FISA court does not monitor compliance with its limitations on the collection program, a problem that, according to a former FISA court judge, is endemic to NSA surveillance programs.
If that weren’t already enough, seeing the FISA Court order released earlier this week, with its revelation that — at least until 2009 — the safeguards on the dragnet program never functioned at all, really ruined Alexander’s efforts to make her feel better.
I remembered our conversation about the Primary Order yesterday while reading the newly declassified FISA court opinion that tangentially raised the phone records surveillance program. According to the court in 2011, NSA was flagrantly disregarding the dictates of the Primary Order anyway:
[T]he Court concluded that its authorization of NSA’s bulk acquisition of telephone call detail records … in the so-called “big business records” matter “ha[d] been premised on a flawed depiction of how the NSA uses [the acquired] metadata” and that “[t]his misperception by the FISC existed from the inception of its authorized collection in May 2006, buttressed by repeated inaccurate statements made in the government’s submissions and despite a government-devised and Court-mandated oversight regime.” … Contrary to the government’s repeated assurances, NSA had been routinely running queries of the metadata using querying terms that did not meet the required standard for querying. The Court concluded that this requirement has been “so frequently and systemically violated that it can fairly be said that this critical element of the overall … regime has never functioned effectively.” (Footnote 14)
How does a good man sit across you from the dinner table and assure you the government is properly constrained, when in reality it lies and disregards even the most anemic purported safeguards?
Granick is far more polite than I am — because my conclusion here would be “a good man doesn’t spin you like this.”
But there’s one further bit of spin she doesn’t mention explicitly. Alexander — as he has done repeatedly since Snowden’s documents started leaking — pretended this was all about terrorism.
I have no doubt that Gen. Alexander loves this country as much as I do, or that his primary motivation is to protect our nation from terrorist attacks. “Never again,” he said over dinner.
[snip]
The General seemed convinced that if only I knew what he knew, I would agree with him. He urged me to visit Pakistan, so that I would better understand the dangers America faces. I responded that one of my longest-standing friends has relatives there and visits regularly, maybe she would take me. I did not miss his point, and he did not miss mine.
I’m not saying this isn’t, partly, about terrorism. But if that’s all he’s doing, Alexander can roll up his CyberCommand, all the programs targeting Iran, and more generalized cyberdefense: the things that, until these leaks, were considered more urgent issues. Once again, Alexander wants to use terror terror terror to justify a dragnet that (for the content side) targets far more broadly than just terror.
I asked Granick about this, and she said Alexander said “surprisingly little” about cybersecurity — perhaps just a comment about the applying the rules of armed conflict to cyberwar.
As with his audience at BlackHat, Alexander here was talking to someone that Stanford considers an expert on cybercrime and cybersecurity. All differences of opinion about the phone dragnet aside, he should have spent his dinner with Granick discussing ways to accomplish the objectives of cybersecurity most effectively.
[A]s we go into cyber and look at–for cyber in the future, we’ve got to have this debate with our country. How are we going to protect the nation in cyberspace?
… Alexander claimed when speaking to a group that stood to get rich off of cybersecurity.
And yet, once again, when presented an opportunity to have that debate with one of the experts he needs to win over, Alexander cowered from the debate.