Former NSA Director Michael Hayden: Rand Paul Is Wrong About the NSA

Senator Rand Paul is always sincere, often compelling, and occasionally flat out wrong. From time to time, he can also be a bit irritating when he talks and acts like he is the only one in Washington who has read, understands, or cares about the Constitution of the United States.

The senator demonstrated all these characteristics over the past week as he fought against Section 215 of the USA Patriot Act and its putative replacement, the USA Freedom Act, which the Senate approved today. There are several issues involved here, but the senator has focused on NSA’s acquisition, retention and use of American metadata—the number making a call, the number called, the time and the duration of call—to fight terrorism.

First, on the constitutional issue, Senator Paul is wrong. The controlling legal authority here is a Supreme Court case decided in 1979, Smith v. Maryland, where the court held that metadata is not, repeat not, constitutionally protected. Since metadata is actually information gathered by the phone companies for their own purposes, the court ruled that we have no reasonable expectation of privacy here even when the data is shared with the government.

Things change, of course, and given advances in surveillance technology, a future court might indeed change its mind, but right now Smith v. Maryland is controlling. I have my own issues with Roe v. Wade and hope someday that the court will overturn it, but in the meantime I recognize that it is the law of the land.

Precisely because metadata was not constitutionally protected, we explored its uses after 9/11 to see if it could help prevent the kind of attack we had just witnessed: an attack on America from within America by terrorists who were directed and controlled from overseas. The Joint Inquiry Commission, a combined group of the House and Senate intelligence committees, sharply criticized NSA for being too timid in pursuing the one kind of terrorist communication they said should have been our highest priority: terrorist communications one end of which were in the United States.

Metadata offered us the most operationally effective and most privacy protecting method of actually detecting these kinds of calls. If we had a database of American phone activity, we could investigate whether—as we discovered new terrorist phone numbers—any terrorists were in contact with people inside the United States. It was actually all quite straightforward, and in my personal experience gave us important leads that we used to help keep America safe.

The process was tightly disciplined. NSA analysts had to have a “reasonable articulable suspicion” that a seed number—the number used to query the massive database—was associated with international terrorism. The number of people at NSA authorized to make such a query was never more than a couple dozen. The rate at which the database was queried varied over time, but was generally several hundred times a year, on average less than once a day.

A lot of urban legends have grown up alleging what NSA does with this metadata. Some say the agency mines it with powerful algorithms to establish relationships between Americans and their psychiatrists or their abortion providers. Others say that NSA can point and click on any numbers in the database and recover the contents of Americans calls. By the way, if NSA did that it would be violating not just the laws of the United States, but the laws of physics since all the data in this program is provided by the phone companies and they do not, repeat not, record American phone calls.

Actually, once you get past the people with tinfoil on their heads (and, admittedly, a few others), even the most ardent critics of the metadata program do not claim that there has been any abuse of the program or that the program has been used in any way other than for the purposes for which it was first organized.

And, for those purpose it is been successful, even though I would never claim that this effort (or any other effort) provided us with a silver bullet. Intelligence doesn’t work that way; actually, it is rather boring. Like other programs, the NSA metadata effort produced threads which we could combine with other threads to create a fabric which often enabled us to create very important tapestries.

Strikingly, Barack Obama who campaigned in 2008 as the anti-George Bush decided (once in office and briefed on the program) to keep this effort up and running. Even more strikingly, 338 members of the House of Representatives voted in the USA Freedom Act to allow NSA to continue to access American metadata. All that would change is that the telephone companies would hold the data rather than transferring it to NSA and, then, NSA would access the data after first obtaining a court order.

To be fair, it remains to be seen whether or not this approach will be as effective, accurate, and agile as NSA holding the metadata itself. I have my doubts. The companies certainly will not hold the data as long as NSA did and, indeed, the law doesn’t compel the companies to hold the data at all. We will also have to see whether or not contact chaining across multiple databases can be done efficiently by the companies.

But in a democracy public opinion matters, and even though I thought that the Patriot act was lawful, effective and appropriate, I recognize that being politically sustainable is a critical attribute to any national security program. So I’m willing to give the USA Freedom Act a try.

What puzzles me is why a serious man like Senator Paul refuses to do so.