In early August, TAI editor Adam Garfinkle sat down with General Michael V. Hayden in his Washington office to talk about recent intelligence-related headlines and what is behind those headlines. General Hayden, a retired Air Force Four-Star, has served as director of the National Security Agency (1999–2005), as Principal Deputy to the Director of National Intelligence (2005–06) and as director of the Central Intelligence Agency (2006–09). Here is a lightly edited transcript of that conversation.
TAI: Thanks for speaking with us, sir. I know you don’t do many sit-downs like this—I know of only one other recently for the Australian Financial Review—so we thank you.
It’s hard to know where to start. I’ve had SCI-level clearance twice, but this NSA stuff is way above my pay-grade. I don’t want to dwell overly much on headline material, but let’s kick off by getting some of the basic facts on the table. Even with my limited understanding I can tell that most of those facts are either missing or mangled in the current discussion about Bradley Manning, Ed Snowden and the rest.
General Hayden: That is certainly the case. I’m going to be on CBS Sunday Morning in a few days, and one of the things I’m going to try to get across to the television audience is that the biggest problem government “communities” like ours have is that most Americans don’t understand what “normal” is. They don’t understand what we do routinely, which is not surprising since it’s both highly technical and secret. They don’t know whether what just got released by Glenn Greenwald, the Guardian journalist who is serving as Ed Snowden’s leak spout, is six sigmas from the centerline, or two, or none or what. So there is a vast discrepancy in the public domain right now about what NSA and other government intelligence agencies actually do, and how they do it with regard to the law on privacy protections, and what a lot of people seem to think they do.
TAI: Yes, and in this regard I think Walter Pincus of the Washington Post did a real service in a piece he published on July 29. Whatever one thinks of his politics, he’s a guy who reads the documents and knows the details, and in that piece he tried to lay out in plain English which programs and which sections of the law that deal with them we’re talking about. He distinguished between the NSA program known for short as 702, because it derives from section 702 of the Foreign Intelligence Surveillance Act (as amended in 2012), and the program known for short as 215, from its “section” number in that law.
Just to illustrate the loose and lazy way this whole business is being talked about, Pincus pointed out that Congress spent a total of fifteen minutes, or seven and a half minutes per section, examining all this before voting last month on amendments concerning funding. Explain for us, please, what the difference is between these two NSA programs, and what meta-data methodology actually does? Because the government isn’t really reading all of our emails and listening in on our phone conversations, is it?
MVH: I’ll do that gladly, but let me point out first that we let email service providers read all those emails. I write an email with the line, “I’m deeply saddened for your loss”, and a minute later an ad for flowers pops up. But no, for the most part NSA does not read emails sent by or to American citizens, whether by machine or otherwise. I mention service providers just to point out that the very rapid changes in technology here are posing all sorts of privacy and other issues that most of us have not really thought through. It’s not just about what government can do or is doing.
But now let me distinguish 215 and 702 for you. So, on the one hand there’s the meta data program, 215, and on the other hand there’s the PRISM program, 702. The first, 215, concerns data; the second, 702, concerns content. The first, 215, is about telephones; the second, 702, is about all things digital. One, 215, targets terrorism only; the other, 702, targets any legitimate intelligence purpose. The first, 215, is American; the second, 702, is foreign. Both are approved by law, and both are overseen by the courts.
Those are the basic distinctions and similarities. The meta-data program, that has so many people in a froth of indignation, involves exhaustive collection but a very light touch. It’s the outside of the envelope; it’s not about what individual called what other individual. It’s comprised largely of your telephone bill—this number called that number at what time for how long, and how many times this number called that number, and so forth. There is no geo-location, and there are no names.
TAI: I barely passed stat in grad school, but even I can see that this is a signal-to-noise statistical operation. Right? It's about the patterns of communications, not about the substance of any communication.
MVH: Right, exactly. It is the lightest touch possible we could develop, and the purpose was and remains not to target Americans, but to discover whether there is anyone in America who deserves, morally, operationally and legally, to be targeted. The targeting would take place only if we are able to link a number in that ocean of meta-data with a foreign terrorist-related number, a number in that ocean that had been in consistent contact.
TAI: And if that number is attached to an American, the law obliges NSA to turn it over to the FBI to investigate. Intelligence is separate from law enforcement.
MVH: Yes, and they do. And if steps need to be more invasive than what we’ve done already to learn more about a possible target, we go to the court.
TAI: The FISA court.
MVH: Yes. The 215 program helped us handle one of the problems we had after 9/11, which is that the enemy is to some extent, or potentially, already inside the United States. The other problem, which existed before 9/11 but which we didn’t master until afterward, is that not only is the enemy inside America, but a bunch of communications are inside as well—but they are communications that aren’t American.
Let me explain what I mean. Because of the way the law was originally constructed, we treated all communications inside the United States as if they were protected by the Fourth Amendment. That artificially penalized us because—and I’m quite willing to state this publicly—the arc of history and technology have given us tremendous advantages to keep ourselves safe, so why not take advantage of the fact?
TAI: You’re referring to the fact that because of the American lead in communications technology and commercial applications of it, a vast percentage of global digital exchange goes through the United States, even if it doesn’t originate or end up in the United States, right?
MVH: Exactly. So if you have someone in Yemen talking to someone in Pakistan, using an American service provider, the only thing “American” about the conversation is that it’s sitting in a server in the United States somewhere. But we still couldn’t access it by law. So what 702 and the FISA amendment act of 2008 did was to give us a little more freedom—but with precautions. Getting track of a microwave shot between strategic rocket forces headquarters in Moscow and an ICBM field east of the Urals? I’m probably not picking up your stuff. On the other hand, if you’re mucking about on emails in a server in the United States, there is a possibility I bump into you. But the purpose is the same: We’re going after foreign communications.
TAI: Sometimes when you read about Manning and Snowden in the papers and the magazines and on the internet, they’re often called “whistleblowers.” When I got wind of this thing, my instinct was that they’re not whistleblowers; they’re bad guys who violated oaths and put national security at risk. But as time as passed, my sense of this has become more nuanced. In the case of Manning, some of what he let out about the Apache free-fire zone stuff…
MVH: One video, one video, alleging wrongdoing.
TAI: Exactly, but that is whistleblowing, I suppose. But where does the letting loose of more than 250,000 diplomatic cables come in? What harm was being done there that could possibly attach to the term “whistleblowing”?
Snowden is different, it seems to me. Now, there might be some abuses in some of the programs you developed and oversaw at NSA. General Clapper spoke to that recently. When you get down lower in the analyst pecking order, I am a little concerned, to tell you the truth, about the potential for abuse now that the size of the operation, and all the new contractors, and the volume of data have ballooned so much since the programs began. I can easily imagine how unauthorized snooping using emails and servers could go on—and I’ll ask you about that in a moment. But Snowden can’t be a legitimate whistleblower unless he can provide evidence concerning abuse on that level, and to my knowledge he hasn’t. Pointing out what might happen or could happen isn’t the same as establishing that anything has happened. But the plumbing diagrams, so to speak, that he’s revealing about Upstream and the NARUS technology and beam-splitting and all that involves something entirely different. That’s dangerous, way beyond any harm that Manning did.
MVH: I agree, and then Snowden has been dropping out stories that seem designed to facilitate his own asylum. “Hey, the Americans are spying on you guys” in Russia or in some South American country—as if this is some sort of revelation.
TAI: Let me ask a more cultural kind of question, if I may, that bears on all this. Forty or so years ago, if something like this leaking had broken out, the vast majority of Americans would have said “we trust you guys”; “we respect your prudential judgment” and your right to make those judgments on behalf of the country. Nowadays, the default drive of a lot of Americans—the anarcho-libertarian types especially—is to assume the government must be wrong, must be involved in some sort of nefarious conspiracy. What changed here, and why do you think this has happened?
MVH: The arc starts at Watergate, when people concluded that they had been too trusting of government. It continues, accelerated over the past decade from the Right—the Left was always there. American conservatives have become less security conservatives and more social conservatives and more “reach-of-government” style conservatives. I’m not attacking the genuineness of it, just observing that the composition of the underlying cultural bias is changing.
TAI: In my mind I date the start of this to the 1975 movie “Three Days of the Condor”, so I connect it to Hollywood and the entertainment/celebrity culture. But you’re right: That movie, and the novel on which it was based, came right out of the Watergate era.
MVH: Look, the “reach-of-government” concerns are not entirely baseless. I’m a former director of two three-letter agencies, with lots of money and people and a pretty big mandate, and, believe it or not, I too am concerned about the overreach of government. I don’t see, for example, why the President gets to determine when both houses of Congress are or are not in session, and make a recess appointment when they’re not in recess. I don’t see why Kathleen Sebelius gets to redefine the limits of religious liberty with regard to Catholic institutions. I don’t understand how the President can tell the Department of Defense that we don’t care if you think Libya is a war, we don’t define it that way and therefore the War Powers Act doesn’t apply. The IRS affair is incredibly troubling. And I’m on record saying that I think the James Rosen and Associated Press warrants are examples of extreme overreach. But while I, too, have my reach-of-government concerns, with my background I’m able to distinguish this from all of that. A lot of Americans either don’t, won’t or can’t.
TAI: Let’s go back now to the NSA programs that were set up or developed and expanded under your tenure. Do you have any regrets about any of them, or any concerns about abuses under those programs? More specifically, do you credit any of the concerns James Bamford has been writing about for years now, most recently in the August 15 NYRB? Does nothing about the arc of these programs bother you at all?
MVH: I haven’t seen his latest one, but no: I have no regrets. I think these programs have been necessary and effective, and there is still no evidence of any sort of serious or systematic abuses, and no evidence of these programs being on the wrong side of the law.
As to Jim Bamford, he lives off of opposition to the agency’s presence. When the agency becomes more of a story, he rushes in with the “I told you so.” He wrote one positive book about the agency when I was director. When the terrorist surveillance program became public after 9/11, I actually expected him to call me and say, “Before I go postal on you, help me understand what it is you think you were doing.” He never did. He just went postal, and he joined the lawsuit against us, which I find puzzling. He has an incredibly conspiratorial view of the agency.
And it’s not obligatory. Although it’s hard to write about the NSA—for obvious reasons—it can be done. There’s a really good book by a young Brit, Patrick Radden Keefe, called Chatter. He wanted to meet with me while I was NSA director and I refused, but I shouldn’t have and I regret that I did. He tried very hard to write a balanced book. He said that among people in the public sector, there’s one rule: If you talk a lot about signals intelligence, it means you probably don’t know much about it.
TAI: All I know about it I learned from my cousin, who worked at NSA before it moved to Fort Meade—when it was still at Ward Circle. She was a cryptographer who helped break the Japanese naval code during World War II. And that personal note, you’ll excuse me for it please, leads right into my next topic: technology.
My cousin Shirley never saw a computer at NSA, but the technology arc is really a key driver in all this, it seems to me. Never mind 1949; when we think back just to 1999, the year you started as director of NSA, consider what it is possible to do now that was impossible then. It’s pretty dramatic. And it’s clear, I think, that the acceleration of the technologically possible has far outpaced what the FISA courts could have anticipated when they were set up in 1978, and what the law in general could have anticipated. There’s bound to be some grey area where people with different obligations and interests will push and pull on these subjects, and honest people can disagree about where the legal boundaries are, or should be.
So please explain what bureaucratic morale is like inside an agency like NSA. If you’ve got a new technology and don’t know yet what it can do, to me it makes sense to find out what it can do, if only for defensive purposes—since we don’t want to be helpless if some other actor gets there first. And it therefore becomes very hard to say, “This program doesn’t have a lot of potential; let’s kill it”, because you can’t know for sure whether, right around the next curve, a significant use for it might develop. So it’s hard to shut things down, and yet some programs have been shut down. How do you make this kind of decision?
MVH: It’s really hard to shut anything down. So, I’m there in 1999, and we need money. We’re in the pre-9/11 environment, remember, before the budgets got so flush. I tried to get rid of missions, and I couldn’t. There were traditional forms of communication still being used, and I had to regroup the agency to get into the network thing. It was nearly impossible. Even the old communications—systems like HF—are still out there. It was hard to get enough money to move and keep pace.
In the year 2000, our issues, as I saw them, were these: If we do this digital networking business right, it’ll be the golden age of signals intelligence, because our species is putting out more stuff in ones and zeros than anyone ever conceived of before. But the virtue is the vice: There’s so much out there. We really had to change the approach and the format of how to do this business. We moved from being gatherers to being hunters. We talked about not analyzing what we’ve collected, but analyzing what to collect. One of the tools we used to deal with volume was meta-data. How do you find the needle when there are so many haystacks? But then we realized that we could get something useful from counting the haystacks. I could tell you whether the pattern of the haystacks today looks different from yesterday. So we really did move in a big way in the direction we’re heavy into now; we started it and Keith Alexander, the current NSA director, reinforced it. Meta-data was a tool not only to point the needle hunt, but was a “product producer”, if one can say such a thing, in its own right.
I remember being in Basking Ridge, New Jersey, at the ops center for AT&T, and they were showing me American patterns of telephone behavior on Sundays. On an average day, there are spikes around 6 pm as you moved from Eastern through Central and Pacific Time. They show me another Sunday, and there are lots and lots of calls earlier in the day and they all go down at 6 pm, and then they don’t pop up again until ten. Why? What’s going on here? It was Super Bowl Sunday. They could tell me who won the game based on the patterns. If the slope of the comeback after 9:30 is violent, the underdog won. If it’s not so violent, the favored team won. We began to turn our attention to handling big data via meta-data.
Back in the 2000s, when I testified before Congress, I was getting hammered by some on the Hill for doing with a complex machine stuff we had been doing for decades with 3x5 cards. The data with which I was doing it was no different; the tool with which I was doing it—that was different. “You’re data mining!” And I answered, “Well, yeah. Like always. It’s part of the job description.”
TAI: That reminds me of the furor over GMOs. Humans have been selectively breeding plants, as well as animals, for millennia, but now that we’re doing it more scientifically, and using a variety of machines, suddenly it’s a problem.
But back to the problem at hand. Since your first encounters with the Hill, the firehose from which we’re trying to drink has gotten much bigger. We have a massive data management challenge, and partly as a result we’ve got around 35 percent more people working full time at NSA since 2002 and way more contractors in the loop as well. When you have so many more people trying to grapple with so much more data, you are going to have a management problem, an archiving problem and, ultimately, a budgetary problem. How is the NSA, the CIA, the system as a whole, coping with all this?
MVH: The key words now to an answer are “big data” and “data tagging.” With most of the questions you’re asking, you’ll find that we have something more than a gizmo to show you; we’ve actually thought about the process. We took our process and moved it from beeps and squeaks to signals to data, to information, to knowledge, and finally to wisdom. Our rule of thumb is to never take the human out of the loop. But you get the human as high up in that stack as you possibly can, and allow machines to handle as much of the lower stack as possible. That’s exactly how we designed our programmatic approach to buying stuff. Keep machines down here; keep humans liberated up here.
TAI: I had breakfast this morning with a guy who has recently been hired to be the policy planning lead and speechwriting guy for the German president.
MVH: You know there are press reports that they canceled their SIGINT relationship with the United States.
TAI: I know, but I think the stuff they cancelled is of Cold War vintage and we don’t use it anyway, so it’s not a big deal. It’s German domestic politics. Anyway, he quoted you to me saying that the Fourth Amendment isn’t an international treaty, meaning that it’s OK, as far as you and the U.S. government are concerned, to eavesdrop on German nationals at will. Suppose, he said, that the BND was collecting here the way we collect in Europe and elsewhere, and suppose that the BND and NSA shared information—which is hardly a farfetched supposition. By one degree of separation, then, you actually can collect inside-the-envelope domestically, even if you’re not doing it directly. Moreover, he argued, when leaks about such activities undermine a political ally, like Mrs. Merkel and the German government, you have to wonder whether the potential cost of doing it is worth the benefits you get. Rightly or wrongly, justifiably or not, this stuff has a caused a lot of grief in U.S.-European relations.
MVH: As Stewart Baker, a former NSA general counsel once said, the only thing amazing about the European complaints right now is their ability to recycle their outrage without any apparent embarrassment. I understand your German friend’s perspective, and I don’t deny that we’ve got trouble over this. But this is not as simple as it may seem.
So we have this map that young Mr. Snowden tosses out to the world, and we have half a billion “events” in Germany per month according to the map, which I can neither confirm nor deny. Let me now ask two questions: Why would your German friend or anyone else think that the collecting done in Germany is unilateral? And why would anyone think that communications captured in Germany are about German nationals?
Look harder at the map. Now you have Brazil, where there has been a huge outcry about how many “events” are typically captured there. What the hell are we interested in Brazil for? We’re not, really. Look at the map of the South Atlantic. Look at what connects to what. Again, I can’t comment on operations, but I can ask questions…
TAI: Good answers masquerading as questions, sir. Still, it’s just a fact of life that the general lack of understanding about how the techniques work creates political problems. So you still have to ask the question: Is it worth it considering what can go wrong if stuff leaks?
MVH: Here’s how you decide whether to target people. First, are they or are they not protected by the Fourth Amendment to the U.S. Constitution? If not, their privacy is not in my job description. Second, do their communications contain information of value to American safety and liberty? Not whether they’re good or bad people. If the answer is yes, I have one more bridge to cross. Do I have any policy guidance that would suggest to me that the gain I would anticipate by intercepting these communications outweigh the political cost of being detected. So that consideration is in there.
TAI: Most of them aren’t that interesting, are they?
MVH: Not for these purposes, no, they’re not. Besides, if we are so close to a country that we’re confident that anything of importance would be shared with us, it would be foolish for us to target them.
TAI: I have to confess that I found the European angle to the story kind of amusing at first. Snooping on EU bureaucrats? Unless you’re having trouble sleeping, why would you want to know what they’re saying?
MVH: I’ll make another distinction for you, which is very important. We do not spy for profit. We spy to make ourselves safe and free, not to make anyone rich. I could give you maybe five countries on this planet that could say the same thing and have it be true. They also speak English.
TAI: This is important because we’re trying to negotiate a massive free trade area with the EU, and the NSA-related leaks have made many Europeans antsy because they suppose, some of them anyway, that the NSA intel take somehow helps U.S. corporations and gives them a comparative advantage.
MVH: They’re using this as an excuse. The French are trying to protect their cheese production from American competition.
TAI: It’s good cheese; but I take your point.
MVH: When I was NSA director, I undertook a personal campaign with the Germans to remove any vestiges of the occupation from our intelligence relationship.
TAI: There’s stuff left over from the occupation, which ended in—what?—1949, still kicking in 1999, 2000? That’s hard to believe. Once again the final scene in Raiders of the Lost Ark rises to mind.
MVH: There were exclusively American bases that were being closed that… And the legal authority for the activities within them came from our being an occupying power.
TAI: Half a century later? That’s amazing.
MH: No, no, stop: Remember, geography matters. There are only three things that matter in signals intelligence: Location, location and location. Again, why assume that what was being done on those bases was directed at anyone or anything in the Federal Republic, or after 1990–91 in Germany? In any case, I had to give up some stuff in order to put the relationship on an ally-to-ally basis as those bases closed down. I worked very hard at it, and it was not easy to do. So if the Germans are throwing us over now I’m personally disappointed.
TAI: Well, it’s the American people throwing us over that worries me more. That vote on the Amash-Conyers amendment to void all funding for 215 was close: 205-214.
MVH: It was close. Everyone’s now back in their home districts, people waving their arms.
TAI: The stuff we’re starting to talk about now, the politics and related psychology of all this, isn’t headline material. It’s beneath the skin, where the real itch starts.
MVH: It is the stuff. That’s my problem. See, the President of these United States gave a press op at the Annenberg estate, where he described and defended the NSA programs—that was great, perfectly spoken. But then he did Charlie Rose and blurted out, any time you’re listening to an American, you’ve got to have a warrant. This is absolutely not true. Now Americans are all saying, “The NSA is reading our emails!” Well, only if they’re in some substantial way associated with a foreigner who is a legitimate intelligence target.
TAI: Speaking of POTUS, let me ask you a process question. When NSA programs like the ones we’ve been discussing get monitored and reviewed and go into the budget process every year, how high up does the review process go? Obviously it has to go to OMB at some point.
MVH: OMB knows and approves.
TAI: But does the President pay attention to these things, line by line? That strikes me as unlikely.
MVH: President Obama personally embraced these programs in 2008, during the transition. In 2009 he was briefed on them and made a conscious decision to keep these programs—unlike some of the ones I was running at the time that he decided to stop, like the detention and enhanced interrogation program. Clearly, if President Obama could have gotten rid of these programs in good conscience, he would have. But he didn’t. So it’s right that he now defends them.
TAI: But year to year it doesn’t come back to him, does it?
MVH: No. When I was doing something similar under President Bush with the terrorist surveillance program, I would brief the President about every four months. But that was very extraordinary, appropriate to extraordinary times. I was operating under raw, Article 2, commander-in-chief, presidential authority. But now, no, these programs do not come to a presidential chopping block year in and year out.
TAI: I have one more political question, and the rest are wiring diagram, institutional kinds of questions. These are not headline-relevant questions, but are the important questions going forward, I think you’d agree.
Recalling again that close vote for the Amash-Conyers amendment, how do you see the trajectory of the politics of this leak as we go forward? Are we going to run into some real problems at some point at the intersection of budgets with political backlash? How do we control this?
MVH: Everyone’s home now for five weeks, having town hall meetings, and that’s going to say a lot. I think the American population isn’t well informed about the issue, and the story is getting mangled day by day. There was a story in August in the New York Times by Charlie Savage, and it was really well written but it was wrong in a couple places. But at least that wasn’t Glenn Greenwald-style journalism, which I’d characterize as “let me throw all this stuff at a wall and see what sticks.” This was a really carefully written piece, and it still has some mistakes.
Now you’ve got folks back at home, and we’ll see how they respond to all this. It might be very useful for the President, since he knows this is happening in 435 districts, to come forward more publicly and embrace some more things—not just the one-liner on the Jay Leno Show. I think that does have a shaping function on the debate. Again, the programs are lawful and necessary, and if it they weren’t both lawful and necessary, Barack Obama would have done anything to get rid of it, because of its being George Bush’s program. And he did not do that.
TAI: That says a lot. The President may not have been as voluble as he could have been, so far, as you suggest; but he hasn’t been dishonorable.
MVH: I have to tell you, whenever this happens, whenever something you’ve been doing secretly gets into the public domain—something you’re comfortable with but you go “oh, this will be interesting”—we in the business go through what we call the long pause. We wait to see if the big guy is going to man up or let us swing in the breeze. The terrorist surveillance program broke on a Friday morning; by midday Friday President Bush had told his aides to destroy his canned Saturday morning address and said he’d do it live. And much to his credit, Barack Obama goes out there right before meeting Xi Jinping and says, “I’ll take one question”, and of course he knew what the question would be. He went out and in a very accurate way described the program.
TAI: Now let’s talk wiring, plumbing—shorthand terms for government design and structure issues. In addition to being director of NSA and CIA, in between you were John Negroponte’s deputy when the DNI was first set up, back in 2005. We’ve been living with this new bureaucratic structure for intelligence for some time now, eight and a half years.
MVH: It’s gone by so fast.
TAI: Well, time flies even when you’re not having fun, right? So how would you assess this experiment or this redesign, if you prefer? And I’ll be perfectly honest, and curt, about what I think of all this: I never understood why any of this was necessary. We could have properly aligned the CIA and NSA’s programmatic and budgetary responsibilities, and we could have avoided layering on a new level of bureaucracy. I’m not a fan of it, but it’s obviously much more important what you think.
MVH: Here’s how it works. When Jim Clapper was head of NGA [National Geospatial Intelligence Agency] and I was head of NSA, that’s when this all started. Jim and I had this infamous lunch with the Secretary of Defense, and we realized this was going to happen. We believed, and still believe, that it was based on a congressional misdiagnosis. All complex organizations have centripetal and centrifugal forces, and their view was that we didn’t have enough glue, that between autonomy and unity of effort, that we had too much autonomy and not enough unity of effort. That was actually a misdiagnosis. We were actually a reasonably coherent community. But they decided that wasn’t good enough—they had to change the plumbing after 9/11 and the 9/11 Commission proceedings, to show they did something, and so they created the DNI. Jim and I knew that the glue in the old structure came from the fact that the guy who was running it headed up the Central Intelligence Agency, with that name meaning what it always meant. And now, by law, the one thing you can be sure of is that the head of the American intelligence community is not going to head the CIA. So our view was, you’re going to have to put a lot of bricks in this new guy’s rucksack, or else you’re going to end up with a weaker center than we had before—and we did.
TAI: Plus you have another layer of bureaucracy, which is worse than expensive because it slows everything down.
MH: That’s all true. That said, I don’t think you’ll find anyone, even among the strongest supporters of what we did, who would say today, let’s let Congress open up the hood and rip out some more carburetor wires. Everyone, I think, agrees that we can make this work. We can make it work if we do three things. Number one, the DNI has to be a pretty unique human being. Number two, the relationship between the DNI and the President has got to be very close, because that’s how he’ll get bricks for his rucksack. Number three is the relationship between the DNI and the DCIA. So if you get those three in good shape, you’ll be okay. And things were mostly okay with me when I was DCIA and Mike McConnell was DNI—not perfect, but okay. The President liked McConnell, and he liked me. It was good enough, and it proves we can make this work. In retrospect, I could and should have done more.
There’s one additional factor. I’m the first person to occupy that seventh floor in Langley who was not the head of the American intelligence community. I have no idea how my predecessors did it when they were the heads. Running CIA is more than one man could possibly do. So in one sense, you’ve actually made the DCIA a stronger entity, because he’s narrowed his front and can really concentrate on what he’s doing. So there you have it: We’ve got a weaker center, but the former center is now stronger. How does that measure up in the ledger of unintended consequences?
TAI: Now let’s talk about DHS a little. Never mind for now how DHS got put together and why and what’s wrong with it; suffice it to say that DHS was given an intel function, a domestic counter-terror function. But it never really got to operationalize that function because early on it was taken away. My understanding is that at first the Bush White House filled its arms, and then encouraged the creation of the NCTC (National Counterterrorism Center). So I’m completely at a loss to understand how DHS’s intel function is supposed to fit with what the rest of the intel community does, including on the domestic side the FBI. How does it all fit together, or, rather, does it all fit together?
MVH: Well, whatever the role of the White House may have been, the NCTC was done by statute, just as DHS was set up by statute. So you have the Homeland Security statute, and the NCTC comes out of the Intelligence Reform and Terrorism Prevention Act. What happened was that some of the things envisaged for DHS got re-envisaged for NCTC.
Now, it gets worse, as your question about things fitting together suggests. We still have not decided as a government, 11 years in, who is the face for domestic counterterror intelligence to state, local and tribal authority. NCTC is prohibited by law from being that face. It’s actually in the law; it’s weird, but it’s there. So now you default to two other three-letter agencies: DHS and FBI. It’s got nothing to do with NSA or CIA.
That may be okay, actually, because the NCTC is a pretty big success story. But the role of DHS in the intel process changes. If I am at NSA or CIA, I’m interested in the DHS intel shop not so much as a producer but as a source. I think, you guys are sitting on a bunch of data over there—immigration data, customs data and a good deal more. It’s not quite intelligence, but it is certainly of intelligence value. So could you kind of, you know, share with your friends here? Ah, but that has been very hard to do as a matter of law and policy: namely, putting data to a use for which it was not originally collected. DHS has turned out to have a different intel value than that imagined at the start, but it’s a value we cannot well integrate, or sometimes integrate at all, integrate into the overall process.
DHS also needs to define itself properly in light of how things have evolved. DHS need to try not to replicate the terrorism warnings coming out of the National Counter-Terrorism Center. It’s way under-gunned for that; there’s no way it can do it well. DHS needs to determine who its real client is, and one of those clients could be the hospitality industry. It could issue confidential, sensitive but not classified, usable reports on, say, recent trends in threats to hotels globally. It would be a tremendous service, and they’re pretty well situated to do it.
TAI: Part of the problem, it seems to me, is that there were several misalignments, from the very beginning, when the thing was set up. The homeland security budget as a whole is mostly in DOD, not in DHS. So they had a lot of responsibilities on paper but didn’t have the budget responsibility to do what they were supposed to do.
MVH: Well, the DNI has the same problem, essentially.
TAI: Exactly. And then, lastly, you have an executive agency that is set up too small to perform its mandate, so they end up relying overwhelmingly on contractors who may not have the interest of the government at heart so much as the interest of the contractor’s bottom line. So they do all this make-work, writing these huge, voluminous reports that actually have no bearing on what the department does or can actually do.
MVH: I don’t challenge the fact. But that’s a management problem of the government, not a contractor problem.
TAI: Agree; but it’s still a mess. I don’t know how to fix it. All I know is that it’s not wired right, and I’m honestly not sure we’re any better off today than we were 11 or 12 years ago. There are some things we do a lot better, but sometimes I think that’s despite the structure we’ve put in place, not because of it.
MVH: One of the things the DNI has been able to do is to slowly, incrementally set in motion processes that will make us better. The whole joint duty requirement will take a decade to make a difference, but it’s a good way to go and will make a difference. The DNI directive on information sharing has set in motion good things. Jim Clapper’s commitment to make up a couple clouds and everything’s going to be in those two clouds—that’ll take a long time and cost far more than projected, but then we will be much better integrated than we’ve ever been in the past.
TAI: I have one more plumbing issue to ask about. We’ve talked about the intelligence community and about DHS and about NCTC. But then there’s the Department of Defense itself and the whole cyber phenomenon—and how those functions are being organized. Cyber is SIGINT in a way but it also crosses over into stopping foreign industrial espionage, others spying on us to get rich rather than to stay safe.
Of course, what everyone talks about are all the Chinese emanations coming at us, so to speak. I’m trying to figure out which agencies of the U.S. government, either separately or in combination and sometimes in cooperation with the private sector, are supposed to be dealing with which aspects of which of these emanations: trying to steal industrial secrets; trying to screw up DOD computers just to show us they can; hacking into contractor servers where they think sensitive material is less well protected. We don’t know if it’s the PLA or if it’s semi-private set ups in China. It’s kind of hard to distinguish what’s government, what’s para-statal, what’s truly private and what’s not. But clearly, lots of different stuff comes at us. And clearly, we have a host of agencies on our side that seem to have some responsibility for understanding, offsetting and responding; but it just baffles me how the lines go back and forth.
MVH: They’re not tight. No lines in the cyber domain are tight yet. We don’t have something like the National Security Act of 1947 for the cyber domain. Everyone’s still feeling their way around. The best org charts you can find on that are still in clouds that show some occasional connection.
TAI: That’s very reassuring…
MVH: But here’s the real problem: The statutory authority is up on Nebraska Avenue at DHS headquarters, and so is the outreach capability to explain this to the American people. But the young guns who can actually do this stuff are at Fort Meade. So you’ve got a real mismatch here. Even so, we’re actually pretty good at this cyber stuff, despite ourselves. So far.
TAI: What you just said sort of remind me of the Cold War experience in the sense that while we weren’t so great at what we were doing, the Soviets were far worse.
MVH: Yes, as I’ve said before, we were pretty good against octogenarian-led, slow-moving, bureaucratized, nation-states. We were awesome against those guys.
TAI: We couldn’t have asked for a better enemy; and a Western one, even.
MVH: That’s right, and the problems we’ve been having with the “big idea” thing today is that the enemy isn’t Western. We’re still a Judeo-Christian nation trying to figure out what makes this other, somewhat amorphous, actor tick, whereas communism was written by a German in a library in London.
TAI: Communism was the bastard child of the Enlightenment, and we understand the Enlightenment.
MVH: Yes, we could understand it well enough to say it was dumb, and have the legitimacy to say it. But if I criticize a passage of interpretation in hadith, I’ve just authenticated it for 1.2 billion Muslims in the world and caused an entirely new level of trouble. So it is a different situation, and no amount of raw intelligence can solve it.
Less than 24 hours after this conversation ended, President Obama gave a news conference, on Friday, August 9, in which he raised the possibility of changes to the FISA court and hinted at other alterations to how NSA operates. So TAI asked General Hayden one more question about this development.
TAI: Sir, right after our talk the President did just what you suggested he do: He got more voluble about the post-Snowden debate about privacy and national security. How do you read what he said?
MVH: Well, let me paraphrase how I put it yesterday on TV. The most significant aspect of the President’s remarks resided not in what he said but in what he didn't say: He didn't suggest any operational changes to the program. Nor did he suggest that anything done in either this or the previous Administration was anything other than lawful, effective and appropriate. He did not criticize the oversight regime either, pointing out there’ve been no abuses under him or under his predecessor. He really spoke to the issue of confidence, and of transparency, and therefore of ways to make the American people more comfortable about what we're doing. That’s understandable and useful, but it could be hard to do without also actually making Americans less safe.
TAI: Are you talking in particular about a “privacy” advocate added to the FISA process?
MVH: Let’s be careful here. The court makes two kinds of decisions: get a warrant on an individual or not; and broad decisions about the lawfulness of programs themselves. The President was probably talking about the latter, because it’s plainly not workable to interpose a public defender, as it were, into the process for every Tony Soprano you want a wiretap on. Now, is that a good idea? It may be useful for transparency and confidence building with the public today, but if we end up looking at this in the rearview mirror after the next successful attack, it risks looking like unnecessary bureaucratic layering. We need to be careful about layering in processes that slow us down and make us less effective, but it’s true at the same time that we perhaps can’t proceed at all unless the American people are comfortable about it. That’s where we are, I think.
TAI: Thanks again, sir. Let’s hope we can get this conversation out to the world before something else happens.
MVH: Hope isn’t a policy, but sometimes we have to make do with it.