The Book Club

Scared of the Government Acquiring Information About You? The Really Scary Part Is What They Do With It.


Re: Gilligan’s Island, I suppose Poindexter would be the skipper crossed with the professor. I’d like to play the role of Mr. Howell. Or Ginger.

To your last question, I hardly think you’re being cynical to raise these perfectly valid points. What was it Lilly Tomlin said about cynicism? “No matter how cynical you become, it’s never enough to keep up.” I feel that way sometimes covering this beat, though I’m an optimist by nature. I recall my initial reaction after the New York Times broke the story of the NSA’s warrantless wiretapping program in December 2005. “Of course they’re doing that,” I thought. I’m sure you had a similar reaction. We’d all been told that the government respected and obeyed the privacy laws on the books, and yet when we officially learned that wasn’t true, it hardly seemed like news. But I also remember thinking at that moment that the NSA was probably up to some kind of TIA-like system, one that didn’t have any strong privacy protections. After some reporting, I confirmed this was so, and we see the results in the book. The NSA, in fact, absorbed most of the TIA research programs after Congress pulled their funding in 2003. But officials abandoned the experimental privacy protection thrust.

I think it’s fair to regard Poindexter’s magic-bullet theory on privacy protections as preposterous. Certainly, the government’s track record in this area doesn’t encourage public trust. But I still find his idea compelling, partly because he had the gumption actually to propose it and partly because it stands as the most far-reaching and “auditable” privacy regime I’ve ever encountered in the government. Stepping deep into the weeds of the spy biz for a moment, we know that the only true protections against privacy abuses after the government has collected data about us are the “minimization procedures” that agencies use to shield the names of U.S. persons in their reports. I’ve actually argued that we need to refocus our laws radically away from governing the acquisition of information and toward monitoring what agencies actually do with it behind closed doors. But in the meantime, these internal regulations and processes—all of them classified—are the only assurance we have that our names aren’t being passed around in spy circles. Poindexter’s idea trumped all of that. TIA would have subjugated the minimization procedures to its master code and then brought a judge into the mix. That’s a huge leap forward from where we are now.

But I recognize the implicit problem here: You have to have faith in technology and in people. Both are fallible. You’ve zeroed in on one of Poindexter’s fundamental traits when you describe him as “the tireless innovator and tech-evangelist” who thinks he can resolve huge conflicts with “the addition of a few new lines of code.” He has the deep faith in technology necessary to allow a system like his. And, of course, he believes in TIA’s fundamental goodness because he designed it! Poindexter tended to dismiss a lot of his critics as politically motivated, and many of them were. But he also failed to understand how reasonable people could disagree with him. How, for example, they could look at the logo for TIA’s parent organization and shudder at its utter creepiness. To him, it was a “neat” design.

All that said, I still think that his ideas on privacy were far ahead of the times, and still are, and that we have disregarded them at our peril. You mentioned the passage from the book in which I suggest that we should have kept Poindexter right where he was, “as the lead visionary and chief proponent of a radical new way of thinking about how to secure people’s lives and their rights.” I also wrote that the government should have closely scrutinized his work and kept it limited to research—which was unclassified at the time. Minds like his don’t come along very often, and I see no problem with cautiously and wisely taking advantage of what they have to offer. Imagine if they’d ended up ditching the data-gathering and analysis tools and only kept the privacy technology. That would have been a victory for liberty in its age-old fight with security. But caution and wisdom are in short supply in this murky spy world, as evidenced by what happened to TIA. Our leaders broke it into pieces, hid it at the NSA, and let privacy twist in the wind. You don’t have to support TIA or Poindexter to be outraged by that.

I share your skepticism about technical regimes and their ability to keep mistakes from happening. I write about this at the end of the book, when the NSA’s massive e-mail sweeping system is unleashed to operate legally and ends up sucking in the messages of thousands of innocent American bystanders in cyber space. Officials didn’t discover this until well after the fact, even though we’ve all been led to believe that those minimization procedures and other related systems are keeping our communications safe. But, as I said at the outset, I’m an optimist by nature. There’s just so little good news in this beat sometimes, and I have to cling to something: a bold and risky idea, yes, but one that holds the promise of a better way of protecting us—from all threats.