The NSA's outgoing deputy director, Chris Inglis, has given a wide-ranging interview to NPR, where host Steve Inskeep asked about the practice of collecting and storing information on the telephone calls of virtually all Americans. That program requires money, manpower, and time. It is politically controversial. And a presidential review doubted that it stopped any terrorist attacks.
So has it been worth the costs? Inglis, who incidentally claims that it played a role in stopping one terrorist attack, says yes. "I think we as a nation have to ask ourselves the policy question of what risks do we want to cover," he said. "Do we want to cover 100 percent of the risk? Or do we want to perhaps take a risk that from time to time something will get through? 9/11 was the single execution, it was the execution of a single plot with multiple threats. And about 3,000 people lost their lives that day. That's one terrorist plot coming to fruition. If that is an acceptable cost, if we can say, we can take the risk that we'll miss something, then we don't need to have all of the tools that cover these various seams."
That is a worrisome answer. It displays just the sort of attitude I warned about in "Counterterrorism and the Totalitarian Temptation." A signals-intelligence agency charged with anticipating attacks from state actors can focus surveillance on a small group of foreign elites. In contrast, virtually any individual could carry out a terrorist attack of some sort. If a signals-intelligence agency attempts "to cover 100 percent of the risk," its leaders will constantly be intruding more deeply into the privacy of citizens, because there is, in fact, no 100 percent solution, only ever-increasing-because-always-inadequate attempts at total-information awareness. (Even Vladimir Putin, who transgresses against privacy and civil liberties far more than would be permitted in the U.S., can't eliminate the terrorist threat.) In fact, later in the interview, Inglis seems to contradict his earlier answer and acknowledges that covering 100 percent of the risk is imprudent:
INSKEEP: You're dealing with, you know, billions of communications around the world.
INSKEEP: Do you actually feel that you have the technical capability to monitor all the communications that you need to monitor? Or a sufficient number of them?
INGLIS: If the answer at the end of the day has to be a hundred percent confidence that we know all threats to all things at all times, of course not. We don't have that sort of god's eye view. We don't have that omniscient capability. And so there's a reasonable balance. The Europeans actually have a nice turn of phrase for this. Our European counterparts say that when you try to achieve the right balance between security and privacy, you need to think in terms of necessity and proportionality. Right?
Do you have some necessity to essentially incur upon, right, the otherwise private affairs of individuals of interest to you? And if you do, have you done that with certain—have you done that with the aspect of proportionality such that only in proportion to the nature of that threat? And that's really the nature of how we apply instruments of national power like intelligence. You need to make sure that you have, at the end of the day, achieved some balance in that regard. We are neither omniscient nor unknowing. Right? We try to find that sweet spot in between.
That answer is much more reasonable.