Congress votes to override D.C.'s 2013 ballot initiative on budget autonomy. Virginia's governor faces a federal investigation over international finance and lobbying rules. And D.C., Maryland and Virginia move to create a Metro safety oversight panel.
News reports this past week unearthed details about sweeping surveillance programs run by the National Security Agency. The source of the most recent leaks, Edward Snowden, came forward over the weekend, revealing a vast landscape of intelligence work in the United States and the role private contractors play. Kojo chats with Washington Post investigative reporter Robert O’Harrow about the surveillance programs themselves and what they tell us about the nature of intelligence work today.
- Robert O'Harrow Reporter, The Washington Post; Author, "No Place to Hide' (Simon & Schuster, 2005)
MR. KOJO NNAMDIWelcome back. A fresh debate about balancing national security and civil liberties burst open this past week when reports surfaced about surveillance programs run by the National Security Agency to collect massive amounts of phone and email records and other personal data in the name of thwarting terrorist activity. But the disclosure of these programs is also calling attention to the role private companies play in the American intelligence apparatus. A man who leaked details about the scope of these programs worked for a contractor that's made more than a billion dollars during the past decade providing services to intelligence agencies.
MR. KOJO NNAMDIJoining to explore both the details of these surveillance initiatives and the work that was being done by the man who threw them into public view is Robert O'Harrow. He is an investigative reporter at the Washington Post and author of the book "No Place to Hide: Behind the Scenes of Our Emerging Surveillance Society." He joins us from studios at the Washington Post. Robert O'Harrow, thank you for joining us.
MR. ROBERT O'HARROWIt's my pleasure.
NNAMDIYou too can join the conversation, give us a call at 800-433-8850. What information do you think is in bounds for the government to be collecting in the name of national security? How did you react upon learning about the NSA's efforts to collect phone records and other data from Internet companies? 800-433-8850. You can send email to email@example.com.
NNAMDIRobert O'Harrow, the last time we talked in the summer of 2012, you joined us for a conversation about how much of our cyber infrastructure was susceptible to malicious attacks but here we are today talking about how our cyber infrastructure is being used by our intelligence apparatus to collect information on millions upon millions of Americans. Before we go any farther, what can you tell us about the National Security Agencies Prism Program the Post reported on last week? How does it work, and what kind of information is it gathering?
O'HARROWI'll tell you I know, but I'd like to point out that I can't help shake the feeling that the cyber component is very important here. What we are seeing is what's known as the insider threat which is a type of hacking, and once you get inside and have access, you can romp and roam like this character seemed to do. As for Prism, it seems to be the logical extension of things that really accelerated after 9/11, and that is to say the partnership between the government and the private sector for the purposes of intelligence and data collection.
O'HARROWAnd by that I mean companies like Google, Microsoft, Apple, and all the rest that we do business with every day collect an unimaginable large amount of information about all of us, and they do it to provide conveniences, services, access which we all appreciate. What prism does is give the government, the FBI, and the NSA essentially direct access to those oceans of data, and allow them to make queries based on secret court-approved subpoenas.
NNAMDIWhat legal clearance does the government have to seek such information? Do they seek -- or have to seek court approval when implementing Prism?
O'HARROWThey do actually. There is a law that was passed in the late '70s in reaction to a series of spy scandals that rocked our country involving the FBI and other agencies. They created what's called FISA, the Foreign Intelligence Surveillance Act, and that was modified in 2008. And what it does it create a legal framework, and checks and balances on spy agencies to collect information. To get the subpoena, they have to go to the FISA court, and the court reviews it and gives authorization.
O'HARROWNow, the problem for us is that no one knows exactly what the FISA court does in any detail whatsoever. It's all secret, and the approvals that agencies like the NSA receive are long-lasting, which I think obviously there's utility there, but the problem is it diminishes the amount of insight, even for the FISA court, because there are year-long subpoenas that give a lot of room for collecting a lot of data.
NNAMDIYeah. Because I was a little confused if they are FISA approved, as you pointed out, it could be a long period of approval a year on the one hand, and on the other hand, the Internet service providers are saying, well, we actually didn't know they were doing this. So if they had to get FISA approval to do it, how come the Internet companies didn't know that they were doing it?
O'HARROWThis is -- the reason this breach, among others, is so significant, is that we're talking about top secret programs and material. This is the kind of stuff that typically would not be declassified for may 20, 25 years from now. And that means that people at a particular company, and I'll just pick one, let's say Google. There may only be a handful of people that have proper security clearances to even know that the program exists, let alone the framework and how it works.
O'HARROWSo I suspect that a number of these company officials were speaking earnestly when they said they don't know about it, but has a little bearing on the reality. We've obviously received confirmation from the intelligence community, which we've reported fully, and they make a very good case that the FISA court and their own rules and structures mean that this is not just a random undisclosed freeform, you know, surveillance society that's looking at Americans, that it's supposed to be targeted to foreigners, and that the requests are supposed to be narrow.
NNAMDIWe're talking with Robert O'Harrow. He's an investigative reporter at the Washington Post and author of the book "No Place to Hide: Behind the Scenes of our Emerging Surveillance Society." Taking your calls at 800-433-8850. If you've called, stay on the line. We will get to your call. If you haven't yet, you may want to call. What do you think we've learned about the Obama administration's philosophy this past week when it comes to balancing national security and civil liberties? 800-433-8850.
NNAMDIRobert, you reported over the weekend that Prism isn't exactly a computer system, but a set of technologies and operations for collecting information from large Internet companies like Google and Facebook. What do you mean by that?
O'HARROWThe documents that my colleague Bart Gellman obtained, the top secret documents, give us some insight, but a limited insight into to the minutiae of the program. What it appears to be is a set of technologies that dramatically ease the queries from let's say an NSA analyst at Fort Mead making a query of company X data system. It doesn't look like the analyst at Ford Mead could go directly into the server where our search habits, our videos, photos, emails and such are held.
O'HARROWBut it does look like the query can go to let's say a black box that's connected to the server, and that there's some process that minimizes to some degree the access, but Bart's interviews with people in the intelligence community said that when you do a search, it feels, for all intents and purposes, like you're going straight into the heart of the server.
NNAMDIHow do different agencies work together on this program? Your reporting laid out some of the details about how the NSA and the FBI interact.
O'HARROWEllie Nakashima, a colleague on our national security desk spoke to some industry officials, and essentially they described the mechanism as -- think of it now black box at Company X. The query is made by an analyst. The data flows to Quantico, Va. in some cases, and is reviewed to be sure that it doesn't have American citizen's information or be confident that it doesn't have that, and then the system then forwards it along to the NSA analyst.
O'HARROWWe believe that that's part of the process, but as I say, the exact mechanics of these top secret programs are still coming into focus for us.
NNAMDIOnto the telephones. Here is David in Washington D.C. David, you're on the air. Go ahead, please.
DAVIDHi, thank you. Understanding that the social media revolution and all has changed things a little bit over the past decade or so, I'm just curious as to what extent this program is any different than the Echelon program that had the Europeans up in arms about a decade ago.
NNAMDIRobert O'Harrow, can you answer that?
O'HARROWEchelon was a program that was focused out to the rest of the world, and it was very powerful signals intelligence system that collected phone calls, Internet traffic satellite and such. The reason that -- the sort of biggest qualitative difference here is that the -- this system is collecting data on foreign nationals primarily, but it's from American companies. So there's a huge qualitative difference here that I think is properly triggering a renewed awareness and debate about Americans' civil liberties, personal privacy, and autonomy.
NNAMDIDavid, thank you very much for you call. We'll move onto Lawrence in Washington D.C. Lawrence, your turn.
LAWRENCEHi, how are you both?
LAWRENCEOkay. I guess my question kind of stems around is the actual issue that the news media is not understanding the mechanics of what's going on? Because you go back and you look prior to 9/11, whenever the government -- our government or anyone else's government was engaged in communications intelligence. There were programs that had algorithms that would look for key specific words or phrases either in telephone conversations or in emails, and that was done as a matter of routine.
LAWRENCEIt's not like somebody was sitting up listening to every phone call that everyone in America made, which would be impossible, but they were sifting for specific words, the concept being that if you found a specific pattern of words, then it would be easier to track terrorist behavior.
LAWRENCESo I don't, you know, and as far as reasonable expectation of privacy, you can go into Bing or Google, and you'd be surprised how much information is already out there about everyday Americans just on the Internet. But corporations have it, not the federal government. So I'm really missing what the problem is.
NNAMDIRobert O'Harrow, what they've been talking about here is metadata. They're not listening to the conversations themselves. So as you talk about what they're doing, can you also explain to Lawrence the reason why there are concerns about it?
O'HARROWPart of the concern, and I'll be, you know, gentle here is that he's using at some level an outdated framework to think about this. People still think about men and women in rooms secretly listening to phone conversations with headphones on, or they think about camera's recording pictures. The conceptual thing that we all need to embrace to even begin to understand all this is that phone conversations, email, everything, video, it's all just data. It's just ones and zeros, and that the surveillance that happens now is so much more granular than it could ever be just listening to a phone call and looking at a picture because the machines, the data-mining systems, to use, you know, for lack of a better phrase, are parsing this and looking for patterns, and once they identify those patterns they're drilling down into the lives of individuals.
O'HARROWAnd I argue that's a good thing if you're doing counter-terrorism. It's just that there needs to be more safeguards and more scrutiny and oversight than we've ever had before, and right now we don't have that. And so, that's probably the biggest difference. The other thing is that the thing that I documented in "No Place to Hide," after, you know, a year-long investigation, was that the government was essentially -- and I mean by the government now I mean local, state, federal law enforcement agencies, the Justice Department, and the Central Intelligence Agency for example, were in many ways sidestepping limitations on the collection of data of American by simply going to data brokers and buying it.
O'HARROWThe data brokers collect it, they have wonderful systems. There are trillions of pieces of data about virtually every adult American, and the government doesn't collect it. It simply has an account and buys it, or gets it directly from these companies. And that is deeply troubling, because most Americans still don't grasp it, and it means that the limits on the collection are not working.
NNAMDIThank you very much for your call, Lawrence. What we have heard a lot, and you just mentioned again, Robert O'Harrow, is the lack of what some people consider to be adequate oversight even though there are some member of both houses of Congress who said, oh, we're familiar with this. We conduct oversight. What would be more appropriately considered adequate oversight?
O'HARROWYou know, it's funny. I don't think I can offer prescriptions on that, but there are -- notwithstanding the reputation, there are a lot smart people on the Hill, and they -- if they summon the political will, they will strike a better balance between protecting the nation's secrets, which need to be protected, and protecting sources and methods, and actually letting us know what's going on, and giving us at least earnest, general overview of reassurance of what they're doing to make sure that these systems, once their created for one purpose, aren't being used for another.
O'HARROWThat's probably the biggest fear that I have is that you create a surveillance infrastructure that is mind blowingly granular and powerful and combines the government and the private sector for one purpose which is totally legitimate, which is fighting terrorism. How do we be sure that that's not being turned towards environmental activists that the government doesn't like, or political activists that are out of favor with the government in a particular point of view.
NNAMDITo what degree does such a program rely on the ability of information to flow among different government agencies, and among contractors working with them? A former NSA official told the New York Times that after 9/11 things shifted from a need-to-know to a need-to-share philosophy when it came to classified information. Would a contractor like Edward Snowden have had access to all of this information on these data collection programs say, oh, two decades ago?
O'HARROWNot a chance as far as I can tell. There's a couple of reasons for that. I'm going to wing it here a little bit because he's still coming into focus as well, and his job with any precision -- I can't say what he did, we know that he was a technology expert, and let's presume for a moment that he was not a senior technology expert running a program or something. I think that's safe. It appears that as a relatively low level technology person, he gained access to a whole array of top secret documents, and I'm going to report tomorrow from a contracting specialist, one of the real gurus in the country, that this is what happens when a staggering number of people have access to this kind of information.
O'HARROWIt's going to happen. It's almost an inevitability, and that's what's happened since 9/11, is that there are huge numbers of people, and it's -- the intelligence world, because of demands from Congress and a reaction to 9/11, has really shifted from a highly, highly compartmentalized, generally speaking, speaking to one that's still compartmentalized, but I think to a lesser degree because of the need that the Congress identified as for more information sharing.
NNAMDIRobert, what do the hackers that you speak with tell you about the vulnerability of all of this information? It would seem that the more people who have access it, the more susceptible it might become to those who might want to penetrate the networks hosting it and do mischief.
O'HARROWWell, it's not just hackers though. This represents a very grave threat to all systems which is the insider threat, and that's someone who you might think of as a hacker, but they're already in the system and they're either abusing clearances, or they're somehow, you know, through the first three layers and they can get through the next three easily enough. Just to repeat some things that we talked about last year, virtually every system -- now, I think this goes -- this is less true for the NSA, but virtually every system is vulnerable to hackers.
O'HARROWIt's -- the networks have grown too quickly and involve too much -- too much information, too many people.
NNAMDIOnly got about 30 seconds left.
O'HARROWSo the fact is there are great vulnerabilities that didn't exist a generation ago.
NNAMDIRobert O'Harrow is an investigative reporter at the Washington Post and author of the book, "No Place to Hide: Behind the Scenes of our Emerging Surveillance Society." Robert O'Harrow, thank you so much for joining us.
NNAMDIAnd thank you all for listening. I'm Kojo Nnamdi.
Most Recent Shows
A predominantly African American community in rural Prince George's County recently filed a federal civil rights complaint in response to plans to build a third power plant in one town, and fifth in the region.
An alleged rape occurred on a Metro train in mid-April. Why wasn't it in the news until this week?
D.C. Public Schools is abandoning longtime school food provider Chartwells in the wake of allegations of poor food quality and fraud, and it's moving forward with new vendors for 2016. But questions remain about the selection process and future oversight.