The NSA headquarters in Fort Meade, Maryland, USA.

Source: Time

By Fred Kaplan

On August 9, 2013, a hot, humid Friday, shortly after three in the afternoon, the laziest hour in the dreariest month for news in the nation’s capital, President Obama held a press conference in the East Room of the White House.

Two months earlier, Edward Snowden, a contractor with the National Security Agency, had leaked tens of thousands of highly classified documents, revealing that the NSA was intercepting phone calls and emails of millions of Americans, in apparent violation of the law—and tapping the phones of allied leaders abroad as well. Citizens were outraged, embassies were fuming, Silicon Valley executives were worried that they’d lose foreign customers who suspected their products had “back doors” that the NSA could enter. Something had to be done; the stench had to be contained, the trust restored. So President Obama announced that he was doing what many of his predecessors had done in the face of crisis—he was appointing a blue-ribbon commission.

Already, he and his advisers had chosen five candidates and asked the FBI to vet them for security clearances.

Michael Morell was the establishment pick among the five, a 33-year veteran of the CIA, who had just retired two months earlier as the agency’s deputy director and who’d been the point of contact between Langley and the White House during the secret raid on Osama bin Laden.

Cass Sunstein, a constitutional lawyer, had worked on Obama’s presidential campaign, served for three years as the head of his regulatory office, and was married to his United Nations ambassador, Samantha Power.

Geoffrey Stone, a law professor and member of the ACLU’s advisory council, had been dean of the University of Chicago’s Law School when Obama taught there in the 1990s.

Peter Swire, a law professor at the Georgia Institute of Technology and a White House aide to Bill Clinton, had written a landmark essay on surveillance law.

Finally, there was Richard Clarke, the White House chief of counterterrorism and cyber security policy under Clinton and (briefly) George W. Bush.

Clarke had resigned in protest over the 2003 Iraq invasion and, soon after, gained fame and notoriety during the 9/11 Commission’s hearings, testifying that Bush had ignored warnings of an impending attack by al-Qaeda.

On August 27, the five—christened as the President’s Review Group on Intelligence and Communications Technologies—met in the White House Situation Room with Obama and his top advisers. Obama gave the group a deadline of December 15 and assured them access to everything they needed. He made it clear that he didn’t want a legal analysis. Assume, he said, that we can do this sort of surveillance; your job is to tell me if we should be doing it as policy and, if not, to come up with something better.

Through the next four months, the group met at least two days a week, sometimes as many as four, often for twelve hours or longer, interviewing officials, attending briefings, examining documents, and discussing the implications.

On their first day of work, they were driven to NSA headquarters in Ft. Meade, Maryland. Clarke and Morell were the only ones who had been in the building before. Swire had dealt with some agency officials while working in the White House, considered them competent, but that was long ago. He was aware of court rulings that let the NSA invoke its foreign-intelligence authorities to monitor domestic phone calls, but Snowden’s documents, suggesting that it was using its powers as an excuse to collect all calls, startled him.

Stone, the one member who’d never had contacts with the intelligence world, expected to find an agency gone rogue. Stone was no admirer of Snowden: he valued certain whistleblowers, but Snowden’s wholesale pilfering of so many classified documents struck him as untenable. Maybe Snowden was right—he didn’t know—but he thought no national security apparatus could function if a junior employee decided which secrets to preserve and which to let fly. Still, the secrets Snowden revealed appalled him. Stone had written a prize-winning book about the US government’s tendency, throughout history, to overreach in the face of national security threats, and it looked like the reaction to 9/11 might be another case in point. He was already mulling ways to tighten the agency’s checks and balances.

Upon arrival at Ft. Meade, they were taken to a conference room and greeted by a half-dozen NSA officials, including the director, Gen. Keith Alexander, and his deputy, Chris Inglis. Alexander came and went throughout the day, leaving Inglis to run the meeting.

Inglis started with the most controversial program that Snowden had revealed: the bulk collection of telephone “metadata,” as authorized by Section 215 of the Patriot Act. As the news stories described it, this law allowed the NSA to monitor all phone calls inside the United States—not the conversations, but the phone numbers of those talking as well as the dates, times, and durations of the calls, which could reveal quite a lot of information on their own.

In fact, though, Inglis told the group, this was not how the program operated. Court rulings allowed the NSA to examine metadata only for purpose of finding associates of three specific foreign terrorist organizations, including al-Qaeda.

Clarke interrupted him. You’ve gone to the trouble of setting up this program, he said, and you’re looking for connections to just three organizations?

That’s all we have the authority to do, Inglis replied. Moreover, if the metadata revealed that an American had called a suspected terrorist’s number, just 22 people in the entire NSA—20 line personnel and two supervisors—could request and examine more data about the phone number. At least one supervisor had to approve the request. And the authority to search the suspect’s records would expire after six months.

The group then asked about the program’s results: How many times had the NSA queried the database, how many times were terrorist plots disrupted as a result?

One of the officials had the numbers at hand. For all of 2012, the NSA queried the database for 288 phone numbers. As a result, it passed on 12 tips to the FBI, which had the legal authority to investigate much more deeply. How many of those tips led to the halting of a plot? The answer was zero. None of the tips had led to anything.

Stone was floored. “Uh, hello?” he thought. “What are we doing here?” The much-vaunted metadata program seemed to be tightly controlled, did not track all phone calls in America, and hadn’t unearthed a single terrorist.

Clarke asked why the program still existed. Inglis replied that just because it hadn’t produced results so far didn’t mean it wouldn’t in the future. Besides, the metadata files existed; the phone companies routinely stored them as “business records”; why not use them as a potentially useful tool?

Inglis moved on to what he considered a far more damaging Snowden leak, the program known as PRISM, in which the NSA and FBI tapped into the central servers of nine leading U.S. Internet companies—Microsoft, Apple, Yahoo, Google, Facebook, AOL, Skype, YouTube, and Paltalk—extracting email, documents, photos, audio and video files, and connection logs. Gen. Alexander had released a statement, when the first stories broke about Snowden’s leaks, claiming that data gathered from PRISM had helped discover and disrupt 54 terrorist attacks, a claim that Inglis now repeated.

Did PRISM scoop up Americans’ email and cell phone calls along with targeted foreign communications, as the stories charged? Yes, the NSA officials said, but this was an unavoidable byproduct of the technology. Digital communications, they explained, travel in packets, which break up into pieces and flow along the most efficient paths before reassembling at their destination. Because most of global bandwidth was concentrated in the United States, pieces of almost every email and cell phone conversation in the world flowed, at some point, through a line of American-based fiber optics. If a terrorist in Pakistan was talking with an arms supplier in Sudan, there was no need to place a listening post in hostile territory. Instead, pick up the strand that came through fiber-optics cable inside U.S. territory and hop on.

In the age of landlines and microwave transmissions, if a terrorist in Pakistan called a terrorist in Yemen, the NSA could intercept their conversation without restraint; now, though, if the same two people, in the same overseas locations, were talking on a cell phone, and if NSA analysts wanted to latch on to a packet containing a piece of that conversation while it flowed inside the United States, they would have to get a warrant from the Foreign Intelligence Surveillance Court. It made no sense.

Read more