Why Wasn't the NSA Prepared?

Contingency planning is critical to covert operations, and the NSA's failure to anticipate or effectively mitigate its recent leak is inexcusable.
Keith Alexander banner.jpg
NSA Director Keith Alexander answers questions at a hacker conference on July 31, 2013. (Steve Marcus/Reuters)

In the coming weeks, Congress and the civilian defense leadership will have to ask a lot of questions about the National Security Agency's surveillance programs, and how to reconcile them with privacy concerns. But they will also have to ask a more basic set of questions: Why on earth wasn't the NSA prepared for this? Why didn't the intelligence agency's leadership have a plan to deal with the global outcry that would follow the leak of classified Internet surveillance programs?

Contingency planning is a critical part of every military operation, and is even more important for secret or covert activities. The Central Intelligence Agency and Special Forces Command examined every possible thing that could go wrong on the raid to kill Osama bin Laden, for example, and had clear plans to deal with any ensuing fallout. Although it has an intelligence mandate, the NSA is a Defense Department organization, and the director of NSA is a 4-star general. As such, it is troubling that the NSA appears to have no plan in place for how to respond once its spying program was made public and plastered on the front pages around the world. Instead, the best defense General Alexander could offer a room full of security professionals at the Black Hat convention, almost two months after the leak, was an explanation of FISA courts and the successful prosecution of a San Diego cab driver who sent money to a Somali militia.

The NSA leadership had ample warning signs that leaks were possible, and that public reaction in the U.S. and around the world would be overwhelmingly negative. In 2003, Congress shut down Admiral Poindexter's 'Total Information Awareness' program after concerns that building massive databases of electronic transactions generated too many privacy concerns to justify the anti-terror benefits. After Bradley Manning turned over classified State Department and Defense Department data to Wikileaks, the entire security establishment should have been on notice that sensitive programs could be disclosed.

The warning signs about fallout from the NSA Internet surveillance were even clearer: Senators Ron Wyden and Mark Udall publicly raised concerns about the program as far back as 2011, and directly communicated their worries to General Alexander in 2012. Yet leaders in the signals intelligence community appear to have paid little attention to how disclosure of these programs might impact anything other than U.S. intelligence efforts.

The disclosures have caused quite a bit of trouble. Our relationships with our allies have been tested, as global anger following the initial reports demanded a political response. Other priorities of the administration have been put at risk, from critical trade bills about digital goods, to American leadership in securing an open Internet free of government control and interference.

But perhaps the greatest fallout may come from the NSA's failure to safeguard the trust and reputation of American technology companies.

A 2009 Inspector General report details how NSA leadership understood concerns of private companies about legal liability, but what about the broader reputational risk?

When initial reports of the PRISM program asserted that there were backdoors and direct data access in some of the most important tech companies in the world, the firms' awkward denials were justifiably met with skepticism. They couldn't fully deny the charges without disclosing certain classified details, and the only affirmative statements they could make had to be cleared with the government first, which ultimately led to all of the companies issuing statements that included curiously similar phrasing, further fueling paranoia. By the time the record was corrected, over a week later, the damage had been done. Even if the surveillance programs are legally constrained and ostensibly target only a small number of suspects, the companies are perceived as being complicit in a massive, American government dragnet.

Presented by

Allan Friedman is a fellow and research director at the Center for Technology Innovation at Brookings. He's also the co-author, with Peter Singer, of the forthcoming book Cybersecurity and Cyberwar: What Everyone Needs to Know.

The Best 71-Second Animation You'll Watch Today

A rock monster tries to save a village from destruction.

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register.

blog comments powered by Disqus


The Best 71-Second Animation You'll Watch Today

A rock monster tries to save a village from destruction.


The Case for Napping at Work

Most Americans don't get enough sleep. More and more employers are trying to help address that.


A Four-Dimensional Tour of Boston

In this groundbreaking video, time moves at multiple speeds within a single frame.


Who Made Pop Music So Repetitive? You Did.

If pop music is too homogenous, that's because listeners want it that way.


Stunning GoPro Footage of a Wildfire

In the field with America’s elite Native American firefighting crew

More in National

Just In