What drew you to RAND?
I was at a point of satisfaction with my government service—both what I contributed and what I experienced. My hope in coming to RAND was to be able to continue to leverage what I learned to further policymaking and strategic thinking about hard national security problems. In government, I worked on a number of national security issues that frequently were more crisis management and response—cyber issues, counterterrorism issues, or response to unauthorized disclosures. Coming to RAND allowed me to take a much-needed strategic step back, to really think about the lessons learned and what that might mean for a strategic approach moving forward.
My government experience very much is shaping my RAND research. One project I'm working on is focused on countering violent extremism and making recommendations on how programs that do so might be evaluated effectively. Another is on helping the government find solutions to the significant challenges with the current classification system—from classification, to overclassification, to declassification, to leaks and unauthorized disclosures. A third project is looking at how attitudes toward privacy might shift over time globally, and how that might affect governmental and national security interests. Truly, it has been a very natural fit to combine my government experience with RAND's research capabilities to offer well-researched, objective recommendations for policymakers to consider.
Before joining RAND, you helped coordinate the government's response to unauthorized disclosures by Edward Snowden. Has the leak changed how the government handles sensitive information?
In the wake of the Snowden disclosures, the U.S. government bolstered insider threat programs, announced reforms to certain intelligence programs, and issued additional guidance to the intelligence community on parameters for conducting surveillance. And in the wake of the data breach suffered by the Office of Personnel Management in 2014–2015, the government launched a cybersecurity 'surge' to bolster security measures protecting similar sensitive data on other government unclassified systems. But no system or protective measure is likely to be 100 percent foolproof. A determined adversary may well get access to sensitive information again despite increased security. Looking to that future, it is important for the government to prioritize efforts to better protect sensitive information in a responsible manner through technology and policy, and to ensure the custodians of Americans' secrets are trustworthy through effective and modern screening processes.
How does one balance intelligence, privacy, and security?
The challenges to balancing intelligence, privacy, and security are many—they span domestic privacy concerns, international affairs, counterterrorism, and commercial-sector trust and profitability. There's no one-size-fits-all approach. A government cannot govern if it doesn't have the faith and trust of its citizens. And today, a government also cannot conduct the intelligence activities it must without encountering commercial sector technology that we all use to communicate, connect to the internet, measure our health, and conduct our daily activities. In a world where technology is changing capabilities and raising more privacy and security questions faster than government policy can address them, balancing privacy and security will have to be a continual process of dialogue with the public; good governance and risk management; and evolving law, policy, and oversight parameters.
What comes next for you?
The challenges we face in the national security realm are very complicated. If I can offer some measure of helpful research to address them—informed by my experience at the Pentagon, the National Counterterrorism Center, and the National Security Council—then I will feel like I'm contributing to the solution and enhancing national security overall.