Paul Pillar

Don't Surrender to Leakers

One of the best summaries of the escapade involving endlessly dribbled-out secrets stolen from the National Security Agency came this week from Representative Mike Rogers (R-MI), chairman of the House Permanent Select Committee on Intelligence. As Rogers put it:

A systems administrator with only the dimmest understanding of the legal and technical complexities of vital counterterrorism programs stole and disclosed a mountain of properly classified material. The compromised programs are authorized in law and carefully overseen by Congress, the Justice Department and the courts. Yet these selectively leaked documents, framed hyperbolically by an activist masquerading as a journalist at the Guardian, have created the dangerous misimpression that the intelligence community is lawless. The American people must not accept this absurd myth. Congress also can’t let Edward Snowden’s anarchy paralyze us from addressing real threats to our country.

The damage from the leaks, to U.S. foreign policy and U.S. national interests, mounts with each dribble, and the amount and variety of the damage are sweeping. The most recent inflictions of damage concern relations between the United States and important foreign partners ranging from Brazil to Germany. The visible part of the damage includes public expressions of disapproval by foreign governments and consumption of the valuable time and attention of the president of the United States in efforts to smooth out the ruffles. There probably are related invisible parts of the damage as well, wherever public ruffles affect the non-public work of government agencies, including work that involves international cooperation in tackling shared threats and problems.

None of this damage is due to the NSA programs that are the subjects of the leaks. All of the damage comes from the leaks themselves. Even if a foreign government somehow were to learn through its own capabilities of U.S. collection of signals intelligence aimed at its agencies or leaders, its response would be quietly to intensify efforts to bolster its own communications security. To do otherwise and to raise a stink about the matter would risk further compromising its own counterintelligence capabilities and damaging a relationship it would not be in its own interests to damage. It is only when such collection activity is made public through a leaker, with all of the embarrassment and public pressures that are triggered by such a revelation, that leaders feel obliged to take conspicuous umbrage, with all of the further damage that entails.

There is no way to undo the damage that already has occurred. The current episode is an occasion for redoubling efforts to prevent similar damage from future would-be leakers and their collaborators. This involves, among other things, ending nonsensical references to governmental efforts to preserve security as “going after whistleblowers.”

We also need to avoid compounding the damage by shying away from doing worthwhile things, either as executive branch operations or as legislation, because leakers have scared us away from doing such things. Chairman Rogers made the observation quoted above in the course of expressing disappointment with a Washington Post editorial that suggested the political atmosphere following Snowden's leaks makes it unrealistic to pass legislation enlisting government help for private companies in defending against foreign cyber espionage. Rogers is correct in stating that Congress should not be freed of its responsibilities on this subject, and that American companies should not have to fend entirely for themselves when the threat is often coming from foreign governments.

A later Post editorial, while saying several sensible things on the broader subject of foreign intelligence collection, again unfortunately exhibits a pattern of being scared by leakers. In referring to reported collection against communications involving the president of Brazil, the Post says:

But the potential benefits of collecting intelligence on nominally friendly leaders has to be weighed against the potential blowback if the operations are exposed — which in the Internet era has become increasingly likely. It seems unlikely that anything gleaned from Ms. Rousseff’s e-mail is worth the trouble it has caused.

We are partly seeing the effects of the cleverness of the activist who is masquerading as a journalist, who started his dribble of leaks with revelations about collection within the United States that is directed against terrorism, before moving on to leaks about very different forms of electronic collection, collected for very different purposes. The starting focus on terrorism has led to the habit of evaluating almost anything NSA or the intelligence community does by asking how many terrorist attacks the intelligence prevented. Actually, access to the email of an important foreign leader, if such access were to be gained, would be quite useful to U.S. policymakers in a number of respects. And again, the “it” in the reference to “trouble it has caused” properly refers to the leaking, not to the intelligence collection.

More fundamentally, if we were to resign ourselves to giving up anything that would cause a flap if exposed, on the grounds that “in the Internet era” exposure is likely, this would mean ceasing most collection of the entire intelligence community—all of it except what is directed against open source material. Most intelligence collection is kept secret because most of it assuredly would cause flaps if exposed. This is true not just of NSA's electronic activities. Human espionage, for example, almost always involves the violation of some other country's laws. If we were to abandon all of this, the damage from leaks would be exponentially higher. We would be the losers, and foreign-based activists dedicated to undermining U.S. foreign policy would be the winners.