Frame Game

The Taming of the Spook

A secret history of the NSA surveillance program shows it’s gotten better, not worse.

NSA Director Keith Alexander (right) and former NSA Director Michael Hayden (center) greet Sens. Edward Kennedy, Arlen Specter, and Patrick Leahy at a July 26, 2006 hearing on the Foreign Intelligence Surveillance Act

Photo by Mark Wilson/Getty Images

On March 24, 2009, the National Security Agency’s inspector general issued a 51-page draft report on the President’s Surveillance Program, the warrantless authority under which NSA had collected phone records and email since 2001. This year, the report, classified as top secret, was leaked to the Guardian by NSA defector Ed Snowden. On Thursday, the Guardian published it.

The Guardian’s correspondents, Glenn Greenwald and Spencer Ackerman, see the report as further evidence of runaway government surveillance. They note that the program extended data collection to U.S. persons, that its use of email metadata went beyond billing records, and that surveillance continued after President Bush left office. “NSA collected US email records in bulk for more than two years under Obama,” says the Guardian’s headline.

But in many ways, the story told in the report is really about the mellowing of the surveillance state. An ill-defined, unilaterally imposed, poorly supervised spying operation was gradually brought under control. The surveillance program didn’t just become domestic. It became domesticated.

In its early days, the program ran wild. It was authorized solely by the White House. According to the report, “The Vice President’s Counsel drafted the Authorizations and personally delivered them to NSA.” Crucial conversations about the program’s formation and organization were undocumented. Nobody from the Department of Justice was in the loop. Nobody from the Foreign Intelligence Surveillance Court was told until January 2002, and no court personnel other than the chief judge and a single law clerk was informed until four years later. At the outset, only four members of Congress were briefed. The NSA’s own inspector general didn’t find out about the program until August 2002, because, as the agency’s counsel explained, “the President would not allow the IG to be briefed sooner.”

Why was this project unchecked? Some of the blame lies with Dick Cheney’s authoritarian protector complex and his obsessive secrecy. But much of the chaos, the report suggests, arose from the panicked intensity of the 9/11 aftermath. Another attack was feared at any moment. Expanded surveillance, in hopes of stopping it, was assumed to be short-term. Everyone was worried about security, not privacy. Within days after 9/11, major communications companies, on their own initiative, began contacting NSA to offer help. The program’s first authorization, signed by Bush on Oct. 4, 2001, specified that the surveillance would be permitted “during a limited period.” At that time, nobody expected it to be continuously reauthorized. According to then-NSA director Michael Hayden, that’s one reason why, for nearly a year, the NSA’s inspector general wasn’t told about the program: It wasn’t really perceived as a program.

Over time, the surveillance expanded in some ways. It was used against the Iraq Intelligence Service in 2003 and was later extended, through “contact chaining,” to some Americans. But the larger trend was restraint. First came internal worries. Hayden accepted the program’s legality but didn’t like its hyper-secrecy. He pressed the White House to inform Congress and the FISC. According to the report, “By August 2002, General Hayden and the NSA General Counsel wanted to institutionalize oversight of the Program by bringing in the IG.” Surveillance of Iraqi intelligence officials, initiated in 2003, was halted after the collapse of Saddam Hussein’s regime.

The first big blow came in March 2004, when DOJ’s Office of Legal Counsel concluded that one of the program’s collection methods, involving bulk Internet metadata, was illegal. When the White House tried to circumvent that finding, several DOJ officials, including then-Deputy Attorney General James Comey, threatened to quit. At that point, Bush backed down. According to the report, “the President rescinded the authority to collect bulk Internet metadata and gave NSA one week to stop collection and block access to previously collected bulk Internet metadata.” The Guardian cautions that ultimately, the DOJ rebellion “did not end the IP metadata collection … It simply brought it under a newly created legal framework.” That’s true. But the new framework made a difference. By forcing NSA to involve the FISC, DOJ brought a judicial overseer to the table. NSA had to answer questions from the court’s advisers. When the court wasn’t satisfied, it could veto or restrict the surveillance. The court’s initial order, issued in July 2004, for the first time “specified the datalinks from which NSA could collect, and it limited the number of people that could access the data.” Thereafter, the court, not the president, had the power to let the authorization expire every 90 days.

In June 2005, DOJ and NSA began to plan the transfer of other NSA surveillance authorities to the court. Six months later, that process was blown open: The New York Times exposed Bush’s “warrantless eavesdropping.” The Times story ignited an outcry and forced NSA to open the program to broader review. One communications company that had been giving the NSA its metadata under presidential authorization told the government to get a court order. In January 2006, the new NSA director, Keith Alexander, finally briefed all members of the FISC, not just the chief judge. In May 2006, the court agreed to authorize NSA collection of “business records” (phone metadata) but “limit[ed] the number of people that could access the data and required more stringent oversight by and reporting to DOJ.” The court caused a 73 percent reduction in the number of foreign targets scrutinized by the NSA, and it rejected the agency’s request for broad collection of domestic communications content.

In January 2007, the President’s Surveillance Program officially ceased. At that point, according to the report, “delivery of email and phone-call content to NSA from the major telecom companies ended.” In 2008, Congress passed the FISA Amendments Act. That law, as the Guardian and other critics note, facilitated NSA surveillance. But it also mandated the NSA Inspector General’s report. In 2009, Obama took over the White House and began to tighten the oversight. Briefings were extended more widely to Congress. In 2011, bulk collection of Internet metadata stopped.

That doesn’t mean phone or Internet surveillance has ended altogether. It hasn’t. It doesn’t mean such programs won’t be abused or that they’re sufficiently supervised. But it does suggest two things. First, contrary to libertarian dogma, government surveillance doesn’t always expand. Bureaucratic forces—rules, politics, personal integrity, and finite resources—tend to impose limits and layers of oversight.

Second, contrary to government dogma, leaks are a crucial part of this ecosystem of restraint. Without that December 2005 Times story, there’s no January 2006 briefing of the full FISC, and the program’s reliance on presidential rather than court approval surely would have continued for more than a year. Without Snowden, Congress wouldn’t be reexamining the NSA or filing bills to keep the agency in check. And we wouldn’t be able to read the inspector general’s report in the Guardian.

That’s what I learned from reading this history of the surveillance program. For the most part, the government has tried to do the right thing. Little by little, it has made progress in cleaning itself up. And Snowden, for all his flaws, is part of the cleansing.