New questions have arisen about what, exactly, the government hopes to surveil. On Monday, Kenneth Wainstein, the Assistant Attorney General for National Security spelled it out. At the breakfast yesterday, Wainstein highlighted a different problem with the current FISA law than other administration officials have emphasized. Director of National Intelligence Mike McConnell, for example, has repeatedly said FISA should be changed so no warrant is needed to tap a communication that took place entirely outside the United States but happened to pass through the United States.
But in response to a question at the meeting by David Kris, a former federal prosecutor and a FISA expert, Wainstein said FISA's current strictures did not cover strictly foreign wire and radio communications, even if acquired in the United States. The real concern, he said, is primarily e-mail, because "essentially you don't know where the recipient is going to be" and so you would not know in advance whether the communication is entirely outside the United States. Ryan Singel at Wired magazine thinks there's something to this. "That would make sense," he writes, "since email doesn't go directly to a device in most cases, it goes to a server that holds the email until the recipient(s) come to pick up the email -- which could be and often is from different parts of the world -- think of any business traveler."
And indeed, that would seem to be a big problem. Back in August 2007, an extremely large, bipartisan majority in Washington sought to make an extremely small, technical change to FISA to account for the fact that the NSA can't know, a priori, where the recipient of a call will be located: Under the theoretical terms of the agreement, the NSA would be allowed to listen to calls of foreign origin making their way through a U.S. switch. If the recipient happened to be in a foreign country, surveillance could continue unmolested. If the recipient happened to be located in the U.S., then the NSA could either continue surveillance with a warrant, or minimize the data.
The email situation is, as Singel points out, much more complex. But there's another reason to think that Total Email Awareness is the goal of this FISA fight, and that is that Director of National Intelligence Mike McConnell has said so himself. In a lengthy New Yorker profile last month, McConnell described the coming surveillance wars to reporter Lawrence Wright:One day in May, at a meeting with the President and several cabinet members, McConnell asked for authority to wage information warfare against the tech-savvy insurgents in Iraq. First, he described the three aspects of information-warfare operations. Computer-network exploitation—that is, the theft or manipulation of information—is done by the N.S.A. Computer-network attacks are the province of the Department of Defense. The third element, computer-network defense, was not the specialty of any agency. According to someone who was in the Oval Office, McConnell then said, “If the 9/11 perpetrators had focussed on a single U.S. bank through cyber-attack and it had been successful, it would have an order-of-magnitude greater impact on the U.S. economy.” The President blanched and turned to the Secretary of the Treasury, Henry Paulson. “Is that true, Hank?” he said. Paulson said that it was. The President then charged McConnell to come up with a security strategy, not only for government systems but also for American industry and private individuals.
One proposal of McConnell’s Cyber-Security Policy, which is still in the draft stage, is to reduce the access points between government computers and the Internet from two thousand to fifty. “The real question is what to do about industry,” McConnell told me. “Ninety-five per cent of this is a private-sector problem.” He claimed that cyber-theft accounted for as much as a hundred billion dollars in annual losses to the American economy. “The real problem is the perpetrator who doesn’t care about stealing—he just wants to destroy.” The plan will propose restrictions that are certain to be unpopular. In order for cyberspace to be policed, Internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving government the authority to examine the content of any e-mail, file transfer, or Web search. “Google has records that could help in a cyber-investigation,” he said. Giorgio warned me, “We have a saying in this business: ‘Privacy and security are a zero-sum game.’ ”
With the cyber-security initiative, McConnell is asking the country to confront a dilemma: Americans will have to trust the government not to abuse the authority it must have in order to protect our networks, and yet, historically, the government has not proved worthy of that trust. “FISA reform will be a walk in the park compared to this,” McConnell said. “This is going to be a goat rope on the Hill. My prediction is that we’re going to screw around with this until something horrendous happens.” [Emphasis mine] I'll make some inquiries about this, but at a glance the FISA fight may just be a bankshot way for McConnell to kick off his sweeping internet spying program while bypassing, for now, the proverbial goat rope.