After NSA Spying Revelations, US Must Reform Rules on Secrecy and Data


(Christian Science Monitor)

A protester during a rally against mass surveillance near the U.S. Capitol

A protester during a rally against mass surveillance near the U.S. Capitol

photo by Reuters/Jonathan Ernst

by Gregory F. Treverton

November 14, 2013

Some good may come from the fallout over Edward Snowden's revelations that the National Security Agency (NSA) has collected massive amounts of personal communications data in the name of counterterrorism. The leaks may prompt the United States to undertake a needed re-examination of how material becomes classified and how communications data is safeguarded.

First, the way in which materials are branded as secret should be rethought. Because so much is classified, it is harder to protect the few real secrets. As a lifetime national security student and practitioner, who has held top-secret clearances for more than 40 years, I can say that the federal government classifies far too much material. And while the damage caused by the Snowden leaks appears to be significant, other famous leak cases demonstrate that not all documents that are classified are designated as such because their release would cause national security damage.

Consider, for example, the publication of the classified Pentagon Papers in the early 1970s after they were leaked to The New York Times by Daniel Ellsberg, then a researcher at RAND. Their release revealed classified information about US military involvement in Vietnam, but it also showed the competence of its intelligence operations. And former Solicitor General Erwin Griswold wrote in a Washington Post op-ed two decades after their publication that he has “never seen any trace of a threat to the national security from the publication” of the Pentagon Papers.

Also consider WikiLeaks. Some of the revelations referenced in the press were embarrassing, but a lot of the material may not have warranted classification to begin with. Press accounts of the leaked material showed US diplomats doing their job and doing it well.

Most classification has to do either with preserving confidentiality of intra-government discussions or over-caution on the part of classifiers. The first is appropriate but should have a time limit in weeks (not years).

Numerous commissions have concluded that there is no reason for much of classified material to be kept secret. The reason is simple: No one pays any price for classifying (or over-classifying) material, but they might pay a price for not classifying something. Classified means no risk; unclassified means risk. This needs to change – to make it easier to protect the information that really should be kept secret.

The standard category for information should be “unclassified” or classified for a limited period (days or months). To classify information for longer, the burden of proof for would be on the one seeking the classification.

The other area for reform is in the collection and use of Americans' personal data: The FISA (Foreign Intelligence Surveillance Act) courts would become a gatekeeper for NSA access to communications data.

The Foreign Intelligence Surveillance Court (FISC) was created under the 1978 FISA law as an independent institution to oversee surveillance of suspected foreign agents inside the United States. In modern times, terrorism has increased the number of potential targets, and technology has made them more difficult to isolate. Some trolling, searching, and sweeping became necessary. But that entirely upset the balance of oversight. The NSA vacuumed up data, and the FISA court was reduced, in the two instances that have become public, to reprimanding NSA for not following guidelines.

Reform could work like this: A beefed up FISA court holds all the personal data collected, but in an encrypted form. The NSA could then use “digital search warrants” to ask the court for access to specified data sets. NSA and the court could then negotiate over the terms.

Sure, this process would require revamping FISC dramatically, and it probably wouldn't satisfy those most concerned about privacy, but it would provide some limits and some accountability — before the fact, not just after. Most important, it would better protect personal privacy without shutting off the NSA's access to valuable intelligence information.

Gregory F. Treverton directs the RAND Corporation's Center for Global Risk and Security. A former vice chair of the National Intelligence Council, his latest book on intelligence is “Beyond the Great Divide: Relevance and Uncertainty in National Intelligence and Science for Policy” coauthored with Wilhelm Agrell (forthcoming from Oxford University Press).

This commentary originally appeared in Christian Science Monitor on November 13, 2013. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.