The NSA's outgoing deputy director, Chris Inglis, has given a wide-ranginginterview to NPR, where host Steve Inskeep asked about the practice of collecting and storing information on the telephone calls of virtually all Americans. That program requires money, manpower, and time. It is politically controversial. And a presidential review doubted that it stopped any terrorist attacks.
So has it been worth the costs? Inglis, who incidentally claims that it played a role in stopping one terrorist attack, says yes. "I think we as a nation have to ask ourselves the policy question of what risks do we want to cover," he said. "Do we want to cover 100 percent of the risk? Or do we want to perhaps take a risk that from time to time something will get through? 9/11 was the single execution, it was the execution of a single plot with multiple threats. And about 3,000 people lost their lives that day. That's one terrorist plot coming to fruition. If that is an acceptable cost, if we can say, we can take the risk that we'll miss something, then we don't need to have all of the tools that cover these various seams."
That is a worrisome answer. It displays just the sort of attitude I warned about in "Counterterrorism and the Totalitarian Temptation." A signals-intelligence agency charged with anticipating attacks from state actors can focus surveillance on a small group of foreign elites. In contrast, virtually any individual could carry out a terrorist attack of some sort. If a signals-intelligence agency attempts "to cover 100 percent of the risk," its leaders will constantly be intruding more deeply into the privacy of citizens, because there is, in fact, no 100 percent solution, only ever-increasing-because-always-inadequate attempts at total-information awareness. (Even Vladimir Putin, who transgresses against privacy and civil liberties far more than would be permitted in the U.S., can't eliminate the terrorist threat.) In fact, later in the interview, Inglis seems to contradict his earlier answer and acknowledges that covering 100 percent of the risk is imprudent:
INSKEEP: You're dealing with, you know, billions of communications around the world.
INSKEEP: Do you actually feel that you have the technical capability to monitor all the communications that you need to monitor? Or a sufficient number of them?
INGLIS: If the answer at the end of the day has to be a hundred percent confidence that we know all threats to all things at all times, of course not. We don't have that sort of god's eye view. We don't have that omniscient capability. And so there's a reasonable balance. The Europeans actually have a nice turn of phrase for this. Our European counterparts say that when you try to achieve the right balance between security and privacy, you need to think in terms of necessity and proportionality. Right?
Do you have some necessity to essentially incur upon, right, the otherwise private affairs of individuals of interest to you? And if you do, have you done that with certain—have you done that with the aspect of proportionality such that only in proportion to the nature of that threat? And that's really the nature of how we apply instruments of national power like intelligence. You need to make sure that you have, at the end of the day, achieved some balance in that regard. We are neither omniscient nor unknowing. Right? We try to find that sweet spot in between.
That answer is much more reasonable.
Let's apply it to Inglis' earlier question: Should the NSA operate in a way that covers less than 100 percent of America's terrorism exposure, potentially risking another attack on the scale of 9/11? Even when phrased in that most emotionally manipulative way, the answer is, "Yes, of course it should." To forgo certain counterterrorism efforts and "risk one terrorist plot coming to fruition" is only to acknowledge the hard reality we cannot make ourselves invulnerable to terrorism, especially if we're to retain any privacy or protection against an all-knowing state. Failing to accept that reality ends in what Eben Moglin calls the “procedures of totalitarianism.”
The dangers of the 100 percent threshold and the absurdity of invoking it become even clearer when we think of every other risk that the U.S. government guards against. Auto accidents and firearms both kill far more innocents than terrorism. Americans' preference, revealed in actual policy, is to bear risks in those realms orders of magnitude greater than they face from international terrorism.
But terrorism is psychologically scarier, and Americans are less willing to hear their leaders speak about it candidly and rationally, so few elected officials will acknowledge that if the NSA is charged with eliminating 100 percent of the risk due to terrorism—as some say it is—privacy and civil liberties are being infringed upon. Inglis is right that we, as a nation, have to ask ourselves what risks we want to cover, and we've already decided on certain answers as a country: We want to guard against the risk of government infringing on the rights of the people, so our Constitution disallows general warrants, presumes that voters are aware of the policies approved by the people they're charged with reelecting or ousting from office every two years, and calls for particularized suspicion. Within the letter and spirit of those constraints, all sorts of things can and should be done to reduce the risk of mass casualty terrorist attacks. But the risk cannot be eliminated.