Security Policies for a Post-Snowden Age
The hemorrhaging leaks by Edward Snowden — possibly aided by countries that have exploited his stolen classified information — have left the U.S. government reeling. That many media reports are inaccurate compounds the problem.
Endlessly playing defense is a poor strategy. Former National Security Agency director Bobby Inman, whose tenure ran from 1977 to 1981, recently suggested that the agency ought to “take everything you think Snowden has and get it out yourself. . . . [B]ad news doesn’t get better with age.”
Political candidates often get this sort of advice — and successful ones take it. If candidates tell voters what is likely to be said — what the context is and why your opponent is smearing you or distorting the information — they can largely inoculate themselves against unfair attacks. Sometimes, of course, the attacks are valid — in which case a preemptory explanation and apology can go a long way.
Waiting for the attack is almost always the worst strategy.
The Obama administration has reviewed what information Snowden took and has a pretty good handle on what has not yet been revealed. The public should be told what is likely to come out and how it fits within lawful government policies and practices. Any needed correction should be part of the rollout.
Most Americans and most members of Congress support the federal government’s effort to identify foreign terrorists and to prevent or disrupt their plans to harm us. Congress is reviewing the U.S. legal structure for gathering intelligence — based on the Foreign Intelligence and Surveillance Act and the USA Patriot Act — and considering ways to improve it by creating more transparency and tighter standards for access. This commendable effort involves public hearings.
But conflated with these terrorism-centric programs is an executive order issued by President Ronald Reagan in 1981 and updated by President George W. Bush in 2004 and in 2008. Executive Order No. 12333 deals with more than terrorism; it essentially authorizes the collection of intelligence about foreign governments’ intentions. Executive orders do not have the force of law, but they are public statements of executive-branch policy.
The House and Senate intelligence committees have long been familiar with Executive Order No. 12333; I surely was during my eight years on the House Permanent Select Committee on Intelligence. But now may be the time to assess whether it, too, should be codified and limited. Foreign leaders are incensed that their cellphone calls may have been intercepted by the United States. A cost-benefit analysis must be made. As President Obama recently said, “Just because we can do something doesn’t mean we should do it.” In many instances, we must not.
Beyond self-regulation and legal limits imposed by Congress, the administration should be open to multilateral agreements and possibly a global convention on surveillance. Yes, such things might give bad guys new opportunities to attack us. But done right, the programs that identify foreign terrorists could be strengthened while spying for other purposes could be amended to conform to international norms.
The danger is that each nation — or each state in the United States — would go rogue and enact its own rules. Surely that would hamstring commerce and valuable programs. Worse, the bad guys would no doubt find work-arounds.
Yet it is far better to explain what the United States will do — and will not do — and to rebuild shattered trust between our country and other world leaders.
Technology confers awesome power on those who can harness it for good or bad. Fashioning smart policies that protect security and liberty is the way forward. We live in a “post-Snowden” age. Although his deeds were despicable, this public debate could yield real dividends.