SAN FRANCISCO — The National Security Agency's telephone-metadata collection program has been completely useless at preventing terrorist attacks, a prominent former government official said yesterday (Feb. 25).
Speaking on a panel at the RSA security conference here, former White House national-security official Richard Clarke refuted the government's claim that 55 possible terrorist incidents had been stopped by the metadata program, called Section 215 after the language in the USA Patriot Act that made it possible.
"I reviewed each case," said Clarke, who worked for President Clinton and both presidents Bush and served on President Obama's NSA review task force. "The 215 program did not influence the outcome of any of those cases. ... All claims of stopping terrorism were bull****."
Former NSA and CIA director Gen. Michael Hayden, a fellow panelist, politely disagreed.
"There are a range of views on that," Hayden said.
But Clarke, who now heads a consulting firm, insisted the program was a waste of time, and unethical as well.
"We were collecting a lot of [stuff] we shouldn't have been collecting and had no need to collect," Clarke insisted. "[Section] 215 is only legal if you take the law and stretch it beyond all understanding of the English language."
Clarke also had harsh words for the NSA's alleged attempt to subvert encryption standards, a hot topic at the RSA conference because the RSA company itself has been accused of cooperating with the NSA to weaken RSA's own commercial security software.
"The U.S. government should not be messing around with encryption standards in a way to weaken them," Clarke said. "If the U.S. government finds a zero-day vulnerability" — a previously unknown security flaw — "its first obligation is to tell the American people so that they can patch it, not to run off to break into the Beijing telephone system."
"The first obligation of government is to defend," he added. "If you find a vulnerability, you should fix it, not try to use it."
Spying on citizens? Moi?
Clarke and Hayden agreed, however, that it was hypocritical for the leaders of friendly countries, where intelligence agencies tend to be more secretive than the NSA, to feign outrage over American surveillance.
"The French criticize us for spying on them," Clarke said. "Laughable."
"We have the most transparent intelligence community on the planet," said Hayden, who now works with former Homeland Security secretary Michael Chertoff's consulting firm. "European parliamentarians know more about American espionage than they do about their own espionage."
"Where does the DGSE live?" Hayden asked, referring to the top French intelligence service. "Do they [European lawmakers] know?"
"When I worked in government," noted moderator James Lewis, of the Center for Strategic and International Studies, a Washington, D.C. think tank, "I never encountered a single country that didn't do internal surveillance."
"Ask foreign governments to have the internal reviews and oversight we have," Clarke said.
"European intelligence agencies knew what was going on" with NSA surveillance, Lewis said. "Many of them even cooperated. The politicians were less clued in, but they shouldn't have been surprised."
Plenty of countries, even friendly ones, routinely spy on American political leaders, the panel members insisted.
"President Obama ran his first campaign on his Blackberry," recalled Hayden, who was CIA director at the time. "So after he got elected, we asked him to borrow it for a day or two. We told him that if he continued to use it unmodified, he would have his emails spied on."
"In Washington, you might have 7 or 8 people on any phone call you make," Lewis said. "You just have to get used to it."
"This is an R-rated movie for adult nations," Hayden quipped.
Following Snowden's revelations of mass NSA surveillance overseas, politicians in Brazil, Germany and other friendly countries called for laws mandating that all data about their citizens held by American companies be held in domestically located servers.
One proposal involves laying a new transatlantic cable running directly from South America to Europe, instead of being routed through North America as most are.
Clarke dismissed such efforts as disingenuous at best.
"They're doing it for commercial reasons," he said. "Localization of data means more business for local companies.
"Your data's more secure in Germany? Really?" Clarke scoffed. "The NSA can't tap a phone cable going directly from Brazil to Portugal? You're gonna buy [products from the Chinese networking company] Huawei instead of American?"
"Europeans have no idea what their own intelligence agencies do," Hayden said. "They think the NSA is the exception."
"We're not unique," Lewis said.
"We're just better," Clarke replied.
Let the sunshine in
All three agreed that the NSA should make public more of its findings and programs — and that the Foreign Intelligence Surveillance Act of 1978 and the court the act set up to issue surveillance orders, such as those involved in the telephone-metadata program, were out of date.
"The NSA over-classifies material," Lewis said. "The '70s oversight structure — the FISA court, for example — doesn't work anymore. We need more transparency."
Clarke added that there should be more civilian oversight of the NSA, if only to guard against possible future abuses.
"We don't have a surveillance state," he said. "But the technology is there for a surveillance state, not just here, but in most of the world. That means we need even more oversight.
"If there's another 9/11," Clarke added, "the American people will demand more surveillance. A future president may decide to turn the surveillance state on. And in the future, once you give up your civil liberties, you may never get them back."
Clarke reminded the audience that Obama's NSA task force this past December issued a list of recommendations for reforming the agency.
"We had 46 recommendations," Clarke said. "I'd like to see all 46 implemented. The president hasn't implemented one.
"But the No. 1 takeway from our report is transparency," Clarke said, adding that more NSA files should be declassified. "Most of what Americans will learn will make them proud."
Hayden noted that several FISA court rulings, formerly kept secret for years, have already been released.
"If you've read some of the declassified FISA court rulings, they're really boring," Hayden said.
"You can kill paranoia with truth," Clarke said.
"And you can kill sleeplessness with FISA court rulings," Lewis replied.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.