Courage, Integrity and Accountability at the CIA

The following is one of a series of chapters Government Executive is excerpting from a new book, Building a 21^st Century Senior Executive Service, published by the National Academy of Public Administration and edited by Ron Sanders, vice president and fellow at Booz Allen. Click here for more information about the project.

Throughout my career, I have had the privilege of working  with literally hundreds of senior civilian leaders—members of the Defense Intelligence Senior Executive Service when I was Director of NSA; executives of the intelligency community’s Senior National Intelligence Service, which I helped create as Principal Deputy Director of National Intelligence; and finally, executives of the CIA’s Senior Intelligence Service when I was director of CIA—through  some of our nation’s most challenging times.

The challenges facing our nation may have changed over time, but they are certainly no less difficult today. Thus, while those of us who were on the front lines of the Cold War may have confronted a world more dangerous than today’s, none of us have lived and led in a world more complicated or immediate.

What does that mean for senior leaders in government? What special traits will be required for success in the future? Over the course of my career in public service, I have had the opportunity to see senior civilian officers (yes, that’s how we see them in the IC, as officers, with all that that label connotes) at their very best, more often than not in high-stakes, life-or-death situations, and I’ve had a chance to reflect on what makes them successful.

A Different Kind of Leadership Challenge

In my “second life,” the one beyond government, I am often asked to speak publicly about global threats. I usually begin by reminding the audience that, as bad as things seem to be, I have actually seen the world more dangerous than it is today. I remind them of the Cuban Missile Crisis, of Soviet and American armor facing off at Checkpoint Charlie in Berlin, and of the U.S. going to DEFCON 3 during the October 1973 war in the Middle East.

So, we have seen it more dangerous, but we have never seen it more complicated, nor have we ever seen it more immediate. And by immediate, I don’t mean that we just get to see it on the evening news. I mean that events in faraway places have concrete, fast-arriving, and often unanticipated impacts on our own space. I also suggest that this reflects an entirely new flavor of threat, with the empowerment and interconnectedness of modern technology allowing groups and gangs and even individuals to create the kind of evil effects we formerly associated only with malevolent nation-states. Frankly, and here I am probably not surprising anyone, our federal bureaucracy is ill-equipped to handle the agile, multiple, omnidirectional, and nuanced dangers of the modern age.

When discussing national security issues at the highest levels of government, we more often than not don’t even have the right people in the room. Our national security structure was hardwired in 1947, as we harvested the lessons of the last great war of the industrial age and organized ourselves to deal with a repeat of that same kind of conflict. So it is no surprise that the industrial age’s power ministries—departments like DOD and State and agencies like CIA—are often ill-equipped to handle today’s security issues.

But the challenge is even more fundamental. Bureaucracies were developed to handle the complexities of the industrial era. Their layered hierarchies were created to break work down into manageable chunks and to make complex efforts synchronized and controllable, their results stable and predictable. Controlled. Stable. Predictable. Not exactly a formula for the speed and agility and adaptability we need for the kinds of dangers we now face. The world is now networked, and networks routinely beat hierarchies. However, as badly needed as it might be, I don’t expect a major restructuring of our government anytime soon. We will make incremental changes, to be sure, but we are going to be stuck with legacy organizational structures and philosophies for a long time. That puts an incredible (and often unfair) burden on senior government executives who have to lead in such an environment: Create results for the greater good even in the face of flawed and outdated structures and processes.

As a young military officer, I was told that success in a career of service was defined (up to a certain point) by doing things right; in other words, it was about efficiency. Beyond that point though—typically defined by a measure of seniority—achievement was better defined by doing the right things; in other words, it was about effectiveness and final outcomes. It was about true leadership. Today’s world has made that even truer, and that puts a great premium on courage…and above all on a wisdom to see larger issues in their true context. We each have to find those qualities—wisdom and courage— within  ourselves. Reflecting on my own time in government, it’s clear to me, at least in retrospect, when I most acted with those virtues and when I didn’t. Three instances—think of them as leadership case studies—come to mind.

Wisdom to See and Speak the Truth

In 2007 the CIA inspector general finished his review of the rendition and detention of Khalid el-Masri, a German citizen who had been detained by Macedonian authorities on New Year’s Eve 2003 because his passport appeared suspect and his name matched a terrorist associated with the 9/11 Hamburg cell. A few weeks later he was turned over to CIA and taken to a black site for interrogation based on the analytic judgment of a senior officer in the al Qa’ida cell in the agency’s Counterterrorism Center.

El-Masri was the wrong man. He had a clouded past, but he was not the Khalid el-Masri we were pursuing. The passport checked out, and it wasn’t long before interrogators knew that this was a dry hole, intelligence wise. He was released in late May of 2003.

There were lots of issues here. One was the time (weeks to months) it took to release el-Masri once CIA knew his true identity. Another was the manner of release: dropped on a road in the Balkans with no apology and little compensation. Finally, there was the public relations disaster (and later diplomatic storm) when el-Masri predictably went public with his story of confinement and claims of abuse. But none of those formed the core issue in the IG report. The issue there was the IG’s recommendation that I form an official Accountability Board (a kind of professional jury used by the agency to determine personal responsibility when things go bad) to judge the behavior of the senior analyst who had launched this chain of events.

I declined, and that declination later became part of the Senate Select Committee on Intelligence’s (SSCI) partisan December 2014 report on detentions and interrogations, the one that characterized CIA as a rogue and unaccountable agency. Actually, it was a pretty easy call. The analyst was among the best al Qa’ida watchers we had. She had been doing this since well before 9/11, and her knowledge was encyclopedic. So I’m not sure whom I would have gotten to second-guess her judgment. I certainly was not prepared to do so.

But there was a bigger question, and it had to do with the nature of intelligence and the near absolute inappropriateness of applying a law enforcement mentality to its conduct, although that is now the reflexive habit of American public discussion. We make much in American courts about our willingness to let the guilty go free to protect the innocent. Benjamin Franklin summarized it: “It is better 100 guilty persons should escape than that one innocent person should suffer.” But that is a process of assigning guilt and meting out punishment after an evil has been done, with time not a factor, and with beyond a reasonable doubt being the appropriate standard of proof.

None of that applies to intelligence, where the evil is pending, time is always critical, and the objective is to enable action even in the face of continued doubt. Absent clear malfeasance, if I would have disciplined an analyst for a false positive (thinking someone was a terrorist when he wasn’t), the institution would have digested the lesson in the most perverse way: That is, that the most important thing is to avoid false positives (you’ll be punished for those) even if it means a few true positives slip through (bad things might happen, but probably not to you).

What might be admirable for a judicial system is unconscionable for an intelligence agency charged with protecting the American public. My job was to create circumstances where we got more of both the positives and the negatives right…and not to incentivize one at the expense of the other. And the one message I could not afford to send to our analysts was, “Take hard jobs and make tough choices, but if you f*** up, we’re coming after you.”

After all, we still wanted to get the other Khalid el-Masri.

I suppose I could have had that wrong. But it seems so clear to me—as much now as it did then—and I’m glad I closed the matter out then and there. Others could whine and opine. But only I could just act and move on—if I would have the courage do so. So it took two kinds of courage. Courage on the part of the analyst to make a tough judgment call. And courage on the part of her leadership to protect her willingness to do so. Some may be tempted to chalk that episode up as less about wisdom or courage and more about my protecting my own tribe. Which is what the Democrats on the Senate Intelligence Committee pretty much accused me of in 2015.

Admittedly, the instinct to defend my institution and its people made that call easier, but it was still the right call. And there are plenty of times when the right answer cuts across the grain of the home culture.

Doing the Right Thing…Even If It Is Distasteful

Take balancing security and liberty. Lord knows that intelligence has its issues with the press. In June 2008 a reporter for the New York Times was finishing a piece highlighting a CIA analyst-turned-interrogator who had great success with Khalid Sheikh Mohammed. It was an interesting story, but the Times was insisting on using the true name of the CIA officer. He wasn’t under cover, but we believed that the use of his name would invade his privacy and might jeopardize his safety. Besides, he had refused to be interviewed for the story, so this looked like one of those “we can talk with you or we can talk about you” conundrums that public officials often face.

Two days before the Times was going to publish the story, Defense Secretary Bob Gates retired me from the Air Force after 39 years of service; this is a very big deal in the military,  and I was entertaining the Hayden family clan who had arrived from Pittsburgh, Chicago, and other points under a large tent in my backyard at Bolling Air Force Base. I broke away from the party to call the Times’ managing editor, and our conversation went like this: “[Your reporter] is a good enough writer that he can do the story without  naming names,” I told the editor. “You don’t need to do this.” I guess I didn’t show enough fire. The editor later described my effort as “doing it out of respect for [the officer] and his family’s concerns more than a concern the CIA had.” Probably true, but hardly disqualifying. Later, after the Times put the officer ’s name out there, its public editor said that doing so did not put him in any greater danger than the scores of others involved in counterterrorism whom the media had identified.

Let me rephrase that in an unkind way: The media does this all the time. What’s one more, one way or another? The reporter who wrote the story is actually a very conscientious correspondent, but some writers are hopelessly driven by an agenda, personal or otherwise. Other reporters are not so much agenda-driven as simply following the general trend in coverage of American espionage, which is to say that they take the story to the darkest corner of the room. And there always seems to be a quotable official from some nongovernmental organization or think tank or even a disgruntled agency “former” eager to show them the way.

Then there is the choice of terms. Routinely labeling activities or documents as “torture” flights or memos buries the very point of contention in a casually used but defining adjective. The same could be said of “domestic surveillance” or “assassinations.” They are useful catchphrases, but they are not always accurate and often oversimplify complex issues. They are conclusions masquerading as narrative. I would also argue that some of what claims to be journalism isn’t about keeping the public informed, but rather about keeping the public titillated—espionage porn, if you will.

When intelligence officials see unarguably classified information in the press, we are required to file what is called a crimes report. In 10 years working  at the highest levels of the IC, I probably directed, participated in, or was at least aware of scores of such reports. In all that time, I saw one case make it to a courtroom: the leak of Valerie Plame’s identity as a CIA officer—and that was about perjury rather than unauthorized disclosure. Since I left government, though, investigations have become more robust. So robust, in fact, that even I have been uncomfortable with some of them. It’s not that real secrets haven’t been revealed. They have. Sources have been compromised, and journalists, of all people, should understand the need to protect sources and relationships. But the investigations have been very aggressive, and the acquisition of journalists’ communications records has been broad, invasive, secret, and—one suspects—unnecessary.

I have always been uncomfortable with the government’s reliance in these cases on the Espionage Act, a blunt World War I statute designed to punish aiding the enemy. It’s sometimes a tough fit. The leak case against a former NSA employee brought under that Act collapsed of its own over-reach in 2011. In a subsequent case, former CIA case officer Jeffrey Sterling was accused of leaking details of CIA covert action against Iran’s nuclear program. I was long out of government when a jury finally rendered a guilty verdict, but when the case first began during my tenure as CIA Director, the U.S. Department of Justice (DOJ) had asked me, “How much classified information are you prepared to reveal at trial to get a conviction of Sterling?”

By then unauthorized leaks had become so routine that I decided to break with tradition (which was to be cautious) and simply told DOJ, “Whatever it takes. Just tell us what you need.” The cumulative effect of previous, cautious, and individually correct decisions to guard against further disclosures at trial had fostered a climate of impunity on the part of those revealing legitimate secrets. Note that there was no claim to whistleblower status here, either. Failed, clumsy, or even stupid covert actions aren’t a crime.

Much later, as this case was being contested in 2015, I was interviewed by 60 Minutes. Jim Risen, the New York Times reporter who had written the story, seemed to be facing jail time if he did not expose Sterling as his source. I still had strong feelings about the case. As National Security Advisor in the George W. Bush administration, Condi Rice had convinced the Times to scotch the story, but Risen put it in his 2006 book, State of War, anyway.

So I wasn’t sympathetic at all to what Risen had done or what he had written. It was irresponsible and caused real harm to the safety of the nation, and I said so. But I also said that redressing this particular harm by compelling Risen to reveal his source might cause even greater damage to American freedoms if it chilled a free press. I think I surprised the national TV audience when I said that if I had to choose, I was willing to sacrifice secrets, but not the First Amendment. This time the big picture was really big, beyond my narrow portfolio as an intelligence officer. But to me as a citizen, the First Amendment remained sacred, even when it was being abused at the expense of legitimate intelligence activities.

Leadership as a Disruptive Force

I would like to think I always got the big picture right and acted boldly on it, but of course I didn’t. While I was at NSA, I aggressively hired from the outside to create cross-currents within  our own culture. I was being intentionally disruptive (and it was the right decision), and I’d do it all over again…just more so. My new chief financial officer came from an investment firm. We got our new IG via an advertisement in the Wall Street Journal. We created the position of senior acquisition authority and filled it with a Navy official with 35 years of acquisition experience. The chief information officer came from the Federal Trade Commission (and NASA). The chief of legislative affairs had been an executive assistant on the Hill for 5 years. Working through a member of the NSA Advisory Board who was a Hollywood Academy Award winner, we recruited our new Chief of Research from the R&D department at Disney Imagineering.

At the time, though, I didn’t think there was sufficient expertise in the private sector to delegate mission responsibility to newcomers from the outside, so I didn’t do so. Wrong decision (or maybe insufficient courage). In any event, I missed an opportunity since American industry was already breaking new ground in what came to be called the cyber domain. Only later, as I learned more, did the strong parallels became apparent. I was broadly right, and I had been bold, but I hadn’t been bold enough. I should have known better and been even more willing to be disruptive.

I also know now that I was too cautious during my first year at NSA. We knew that IT was a problem; no one could even explain the system to me. But NSA was a national treasure and my first task had been to do no harm. I moved slowly. I studied things.

Then 10 months in, the agency’s IT network collapsed. At that moment, satellites and earth-bound collection points around the world were still intercepting communications, their vast take—telephone calls, faxes, radio signals—still pouring into memory buffers. But once in hand, the data froze. We couldn’t move the data. Nobody could access the data. Nobody could analyze the data. For all intents and purposes, NSA was brain-dead. The blackout gave me clarity: No course of action I could set out on would  be as dangerous to the Agency  as standing still. From the outside looking in, I think that applies to a lot of today’s situations.

So that’s my offering to today’s government executives, even as they labor mightily to make a difference in largely outmoded institutions. Work hard to get the big picture—the really big picture—right. Work to achieve the broadest possible perspective. And then act, even in the face of opposition, personal or organizational risk, indifference, or just plain inertia. No need to be vindictive  or arrogant about it. In fact, true humility is a real enabler of change. But act you must. Boldly. The times and your oath require it of you.

Gen. Michael V. Hayden (United States Air Force, retired), is former director of the Central Intelligence Agency, principal deputy director of National Intelligence, and director of the National Security Agency.