The process of building a contingency plan would have made these concerns and risks explicit to leaders within the NSA. While we can't know how they would have reacted, contingency planning brings in the perspectives of those affected outside the immediate operation and thus supports more comprehensive policy. At the very least, it would have meant a ready plan sitting in a drawer for a faster and more thorough reaction by senior officials to support our companies and allies by correcting the record. Ideally, this planning might also have forced planners to question the value of certain types of surveillance relative to the costs to national interests.
That the leaders failed to prepare would be worrisome enough if the NSA's leadership team was only responsible for signals intelligence. But General Alexander also heads Cyber Command, the new 4000-strong military force responsible for protecting military networks, and attacking the networks of others, the most advanced cyber force in the world. (US cyber capabilities, incidentally, also require cooperation of private firms.) Decisions made about cybersecurity operations will have massive repercussions not only for our immediate defense interests, but the how we and other countries treat cyberspace. If we are seen as being careless, or overly aggressive, it could undermine American technical leadership, harm vital economic interests, and destabilize this new domain.
The solution, for both the immediate NSA context and the longer term concerns about Cyber Command, is to take advantage of the process of contingency planning. Rather than simply having lawyers explore the legal ramifications, contingency planning incorporates some of the adversarial approaches already common to war-gaming and other military planning procedures. Instead of focusing on the tactical alternatives, however, contingency planning in the cyber world involves bringing in voices from other aspects of the president's agenda, including the Departments of State, Commerce, and the United States Trade Representative, to understand the consequences of the disclosure of classified operations. Incorporating these voices into the planning stage avoids the trap of a program approval by the Congress and the White House framed as a choice between security and our other national interests.
Rather than the time-intensive and bureaucratic model of shopping proposed policies around a host of government agencies, it would be far more efficient to bring relevant concerns directly to the attention of NSA leadership under the framework of operational planning, before things end up on the president's desk or the front page.
The leadership of the NSA and Cyber Command will still depend on secrecy, but they cannot simply assume that their operational security will be sufficient. (Edward Snowden has surely shown that much, at least.) They must demonstrate that they can take into account more than just short-term intelligence collection priorities, and can consider the broader political, diplomatic and economic ramifications of their actions.
If they can't, Congress must demand much stronger and more fine-grained oversight of one of the most important aspects of our intelligence and defense establishment