A former senior analyst at the National Security Agency said Thursday that both the Foreign Intelligence Surveillance Court and congressional intelligence committees need electronic access to the NSA’s sensitive operations in order to conduct effective oversight of the government’s spying activities.
Revelations about the NSA’s vast surveillance programs have brought renewed attention to the FISC, the secret court tasked with overseeing the government’s foreign intelligence operations. According to J. Kirk Wiebe, who left the agency after the Sept. 11, 2001, terrorist attacks, any reform to the court would be meaningless unless the court has direct access to observe how the NSA is using the sensitive information it is collecting on Americans.
Wiebe was among the few NSA employees who tried to draw attention to the wasteful programs at the NSA after 9/11, a group that included former NSA crypto-mathematician William Binney and was aided by NSA whistle-blower Thomas Drake, as detailed by Jane Mayer in the New Yorker. Wiebe, Binney and Drake spoke Thursday morning at a panel discussion in Washington, D.C., titled "Whistleblowers, Journalists and the New War Within," hosted by the Government Accountability Project, a whistle-blower advocacy group.
“There are simple mechanisms that could make the system much more open, much more compliant with the Fourth Amendment of the Constitution,” Wiebe said. “We must grant access to NSA’s processes, the sensitive ones, the actual touching of data and information, that must be viewable by the FISA court, or some court, and by Congress, the two intelligence committees.”
Specifically, Wiebe proposed that rather than rely on the NSA to conduct its own audits of how it is accessing sensitive information and then share those reports with the FISC and the intelligence committees in Congress, the oversight bodies in the judicial and legislative branches should be able to perform that oversight directly with computers that can monitor the NSA’s use of the databases from their respective offices.
Practically, this would require trained IT personnel at the FISA court and in Congress who knew how to do that kind of monitoring, since “judges and Congress aren’t very technical." These analysts would need security clearances and be able to spend time at the NSA learning how the databases work in order to effectively oversee NSA’s activities, Wiebe said.
Calling current oversight of the spy agency a “joke,” Wiebe said this would allow him to trust his former employer and is the “only way you’re going to gain the trust of the American people.”
Recalling their time at the NSA during the panel discussion, Wiebe, Binney and Drake described the agency as hostile to oversight attempts by the intelligence committees as well as the 9/11 commission’s efforts to find out what went wrong in the lead up to the terrorist attacks. Drake, who helped investigators on the 9/11 commission, discussed during Thursday’s panel how he was warned about leaking to the commission. As detailed in the New Yorker report, then-NSA Director Michael Hayden was furious when he discovered Binney had met with a staffer on the House Intelligence Committee, whose job it is to oversee the agency.
Since Snowden revealed that the government is collecting metadata on all Americans’ phone calls, intelligence officials have assured members of Congress that the program is performed under “rigorous oversight.” However, as described by government officials, oversight procedures are conducted almost entirely within the NSA and it is unclear whether there is an electronic trail outside of the NSA’s reports that would detail how the NSA is using the database.
Chris Inglis, deputy director of the NSA, explained NSA oversight procedures during a hearing before the House Intelligence Committee in June. “The metadata segregated from other data sets held by NSA and all queries against the data base are documented and audited,” Inglis said. “As defined in the orders of the court, only 20 analysts at NSA and their two managers, for a total of 22 people, are authorized to approve numbers that may be used to query this database. All of those individuals must be trained in the specific procedures and standards that pertain to the determination of what is meant by reasonable, articulable suspicion.”
He continued: “Every 30 days, NSA reports to the court the number of queries and disseminations made during that period. Every 90 days, the Department of Justice samples all queries made across the period and explicitly reviews the basis for every U.S. person, or every U.S. identity query made. Again, we do not know the names of the individuals of the queries we might make.”
At the same hearing, Deputy Attorney General James Cole assured the committee that if any mistakes are made in querying the metadata database, the FISA court and the intelligence and judiciary committees in Congress receive immediate reports of those incidents.
“What we have today is, ‘Shake hands, I’ll trust you,’” Wiebe said. “Years ago, I argued NSA ought to be sharing more with a select group in Congress. What’s it afraid of unless you’re doing something wrong?”