How have surveillance practices impacted cyber security agenda, private sector?
JUDY WOODRUFF: To help make sense of the scope of government surveillance, we get three views. General Michael Hayden was the director of the NSA from 1999 to 2005, when many of the programs revealed by Snowden were first launched. He is now with a consulting company.
James Bamford is an author and journalist. He has written extensively about the NSA. And Dmitri Alperovitch is co-founder and chief technology officer at CrowdStrike. It’s a cyber-security company.
And welcome, all three of you, to the NewsHour again. Thank you.
Let me start with you, James Bamford.
What is the main concern you have about what we have learned that the NSA is doing?
JAMES BAMFORD, “The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America”: Well, I think the main concern was the fact that so much of this stuff was being done in absolute secrecy.
And once you start showing — putting a little light on it, like from this Judge Leon who took a look at it, the White House panel who took a look at if, you start seeing that all this becomes what they’re calling unconstitutional or illegal. And I think that’s the big problem.
One of the things that I discovered in looking at some of the documents was the fact that the NSA was beginning to look at the question of visiting porn sites, who was visiting which porn sites, and then using that against the people to destroy their reputation. And that was done…
JUDY WOODRUFF: Against which people?
JAMES BAMFORD: Against people who they considered radical. They weren’t even people who were considered terrorists.
And that was done in the 1960s by J. Edgar Hoover against a radical at the time, who was Martin Luther King. So I think, without any kind of proper oversight, you start moving along those lines, and going back to where we were back in the ’60s and ’70s.
JUDY WOODRUFF: So, you are saying it is much more targeted at what individuals are doing than what the NSA…
JAMES BAMFORD: That is what they were proposing.
And that was — that’s again going sort of back to what we were doing in the ’60s, which, again, were terrible things that we did back then. And without proper oversight, we start moving again back into those bad habits.
JUDY WOODRUFF: But are you saying that is happening now?
JAMES BAMFORD: That was one of the documents. I was in Brazil. I was with Glenn Greenwald. And I saw one of the documents. And that was the document that indicated that they were starting to follow who’s going to what porn sites, and then talking about using that to discredit radicals in the future, not currently, but in the future.
JUDY WOODRUFF: General Hayden, what about the overall complaint about what is going on, including the specific point that he just made?
GEN. MICHAEL HAYDEN, former CIA Director: Well, Jim said this is being done in absolute secrecy. I think absolute is too big a word.
I will accept secrecy, because espionage is usually done in secret. All right? But absolute? Not so. I mean, this program, the things that have been revealed were fully known by both Oversight Committees in the House and in the Senate. They were authorized by two presidents, two actually incredibly different presidents. And…
JUDY WOODRUFF: Bush and Obama.
MICHAEL HAYDEN: Right.
And for a big chunk of the activity that has been revealed, we have also had oversight by the FISA court, the Foreign Intelligence Surveillance act court.
I would suggest to you that that is kind of the Madisonian trifecta when it comes to not being overly secret. Look, the great compromise in the 1970s after some of the abuses at that time was that intelligence couldn’t be done publicly, but it needed oversight. And what we created at that time were these two Oversight Committees in the Congress and the FISA court. They knew all about this.
JUDY WOODRUFF: So, James Bamford, you hear what the general is saying, that, yes, there is spying — that is what surveillance agencies do — but it’s being done with oversight.
JAMES BAMFORD: Well, actually, it’s funny General Hayden brought up James Madison, because Judge Leon mentioned James Madison in his opinion. And he said James Madison…
JUDY WOODRUFF: This is the federal district judge who just ruled.
JAMES BAMFORD: Exactly.
And he said James Madison would be aghast at government encroachments on privacy like he was discovering. So I don’t think this would be approved by the founding fathers, and I don’t think it’s approved by the American public now that they are finding about it.
JUDY WOODRUFF: Even with the oversight he’s describing?
JAMES BAMFORD: The oversight — the problem with the oversight, it’s absolutely secret oversight.
And is the FISA court, the Foreign Intelligence Surveillance Court, has come out numerous times saying in secret that the NSA wasn’t obeying what it was directed to do, and that it was collecting more information than it was allowed to collect.
JUDY WOODRUFF: General…
MICHAEL HAYDEN: Sure.
JUDY WOODRUFF: … how do you respond?
MICHAEL HAYDEN: Yes. I mean, these are complex tasks. And the commission report that I’m sure we will talk about before we’re done here pointed out there were no abuses in any of these programs.
Now, it is difficult to do what NSA is doing. And when NSA discovered, self-discovered, I might add, what it was they were doing might be beyond what had been authorized by the court, they self-reported to the court and corrected whatever was wrong.
JUDY WOODRUFF: And when did that happen?
MICHAEL HAYDEN: It happened routinely.
There were several instances when, because of the complexity of the task, whether it had to do with metadata, or the PRISM program that had to do with content, when different selectors were put in, perhaps they hadn’t narrowed the search appropriately.
In one case — let me give you an example. In one case — and this was reported publicly in the press — with much fanfare, I might add — that NSA violated privacy 3,000 times in the course of a year. When you go over the details of that report, let me give you one example. They said that there were overly broad search terms used by NSA going after the data it had already lawfully collected, and that during a quarter that had happened 160 times. That is 160 over 63 million inquiries that had taken place during that quarter.
JUDY WOODRUFF: I want to bring Mr. Alperovitch in just a moment.
But just quickly, James Bamford, do you — what is your response to that?
JAMES BAMFORD: Well, again, in terms of oversight, we were just talking about the FISA court. Let’s take a look at Congress. That’s the only other oversight…
JUDY WOODRUFF: I mean, that there were so few instances out of all the data collected?
JAMES BAMFORD: Well, the point is they have got enormous amounts of data. There was one report here they had 35,000 instances of — of abuse that came out.
MICHAEL HAYDEN: No, I’m sorry. I’m sorry. I don’t mean to interrupt. Abuse is one thing. Making an error in a complex task is quite another.
JUDY WOODRUFF: All right, I want to bring — I want to bring Dmitri Alperovitch in, because you have looked very closely. You have talked to these tech companies, whether it’s Google or the others. What is it that you have found has taken place in the relationship between these companies that are in the middle of all this and the U.S. government, the NSA?
DMITRI ALPEROVITCH, CrowdStrike: I think, Judy, one of the most tragic things out of this entire situation is the impact that we have had on cyber-security, which has been really damaging.
If you look at the last 12 months, we started the year with so much hope. President Obama mentioned cyber-security for the first time ever in the State of the Union. We started to realign our entire policy on how to confront the Chinese on the cyber-espionage that they’re conducting against U.S. companies, which has damaged us significantly economically.
And if you will recall, from a timing perspective, President Obama was meeting with the president of China that weekend in June, and cyber-security was at the top of the agenda. The leaks come out, and the entire agenda is now in shambles, and we can no longer have any moral high ground to confront the Chinese on these topics.
JUDY WOODRUFF: So, go ahead and finish your point.
DMITRI ALPEROVITCH: Yes.
And from the impact on the private sector, there is great concern amongst the private sectors, companies like Google, Apple and others, that are saying, you know what? You no longer can trust the government and work closely with the government, as we have in the past.
JUDY WOODRUFF: General Hayden?
MICHAEL HAYDEN: Yes.
There are three — three bodies of folks out there who are worried about this program. One are foreign governments. And I really don’t have a great deal of concern about that. The other are privacy advocates. And although they’re very serious, I actually think the commission report points out there have been no abuses. And, therefore, I’m quite willing to have that discussion.
JUDY WOODRUFF: No abuses?
MICHAEL HAYDEN: No, no.
JUDY WOODRUFF: You mean in terms of the dealings with the tech companies?
MICHAEL HAYDEN: No, no, just in general with regard to privacy.
But Dmitri points out a very important and very sad fact. And I do agree with Dmitri. The ones who have suffered the most because of these revelations, the ones who have the greatest amount of grievance with regard to that is American industry, because these revelations are being used to, I think very unfairly, expose American industry to criticism abroad and hurt their competitiveness, when American industry does for the American government the very same things that other national industries do for their governments.
But the fact that the American intelligence enterprise has been made public punishes American industry.
JUDY WOODRUFF: So, given that, Dmitri Alperovitch, what needs to change? And we know the president is going to come back supposedly with some recommendations in January.
What needs to change in terms of the NSA’s relationship with these tech companies?
DMITRI ALPEROVITCH: Well, I think a lot has already changed where a lot of these companies no longer want to have a relationship with the NSA.
And that’s — certainly can be impactful to our national security. If the next time — if you recall, Google approached the U.S. government when they got hacked by the Chinese in 2010 for help. I’m not sure they would do that again. And that would hurt both the private sector and the government because we wouldn’t be able to collaborate and share information, as we have in the past.
JUDY WOODRUFF: How does that affect national security, General Hayden, if the companies don’t work with the government?
MICHAEL HAYDEN: Oh, look, I’m an Air Force officer, almost 40 years in the Air Force.
The American Air Force is the military expression of the American aviation industry, right? The American signals intelligence enterprise, American cyber-security are the espionage and military expressions of the American telecommunications and computer industry.
I mean, these two things are wed. And if for one reason or another these are separated, American security is harmed and American commerce is equally harmed.
JUDY WOODRUFF: But do you think that could happen?
MICHAEL HAYDEN: Yes.
JUDY WOODRUFF: That sounds like…
MICHAEL HAYDEN: Oh, absolutely.
JUDY WOODRUFF: All right, James Bamford to you. What needs to change? I mean, you came with a long list of abuses that you believe need to be fixed. What are the main ones — main ways it needs to change?
JAMES BAMFORD: Well, what I think has to happen is — we did this in 1975. We had the Church Committee that took a very comprehensive look at the entire intelligence community and looking at the abuses that took place back then.
We haven’t had such a comprehensive look at the intelligence community since then. And, in that time, we have had allegations of torture, allegations of eavesdropping on so many communications and so forth, picking up all this telephone data.
I just think there needs to be one maybe yearlong comprehensive look that is equivalent to the 9/11 Commission report. That’s really the only way we can get to the bottom of it.
JUDY WOODRUFF: Well, what is a — what’s a — what’s one of the main changes that you think, though, should be made?
JAMES BAMFORD: Well, the panel that — the White House panel came out with a — I think, what, 45 of them, I think, that were very useful.
The main changes, I think, you have got to have far more transparency. I mean, the information is out now that the NSA does this kind of activity. And I think you have to have more transparency. And I think you have to have far better oversight than we have had in the past in terms of the FISA court and Congress.
JUDY WOODRUFF: General Hayden, what if that happens? What if there is a lot more transparency about what…
MICHAEL HAYDEN: Yes.
Well, first of all, there need be more transparency to give the American people confidence in their espionage services, that they are acting consistent with the values of the American people. Now, look, let’s not kid anyone. That will shave points off of operational effectiveness. There is no way to give the American people deeper knowledge without giving our adversaries deeper knowledge too.
But I think that line has moved, and we will have to become more transparent. Now, I should add, though, all right, that Jim has just mentioned the Church Commission and what it suggested. And it put in place oversight. The oversight the Church Commission put in place is the oversight that has been watching the NSA these past several years, the FISA court, and the two Intelligence…
JUDY WOODRUFF: You’re saying that’s already in place?
MICHAEL HAYDEN: .. and the two Intelligence Committees, that’s correct.
JAMES BAMFORD: But they weakened — the problem was, the FISA court was weakened a few years ago in the FISA Amendments Act. They took a lot of the powers away from the FISA court.
And we see from the FISA court’s reports that they were chastising the NSA constantly about abusing their authority.
JUDY WOODRUFF: Just very quickly, Dmitri Alperovitch, back to you.
General Hayden, we just heard him say that if these changes take place, if the relationship between the tech companies and the government is frayed, U.S. security is hurt. What do the companies feel about that? How do they — what do they think about that?
DMITRI ALPEROVITCH: Well, it’s very problematic, because for a long time we have been sort of waiting for the government to step in, in this field of cyber-security and protect us against really sophisticated nation state threats.
You would never expect in the physical world for companies to defend themselves against threats from PLA, threats from the FSB in Russia or what have you. But, in cyber-space, that’s the situation. And today I think the reality is that the legislation on the Hill that has been considered for the last number of years is that — the idea of information sharing between the government and the private sector is no longer acceptable to the American people.
So, as a result, I think we will all be less safe, and the private sector is realizing they’re on their own.
JUDY WOODRUFF: Well, we’re in — we’re in a new world, when all this is taken together.
Well, we thank you all for pulling it together. General Michael Hayden, James Bamford, Dmitri Alperovitch, thank you.
JAMES BAMFORD: Thank you.
MICHAEL HAYDEN: Thanks, Judy.
DMITRI ALPEROVITCH: Thank you.