Counterintelligence after Snowden: Brian Kelley Memorial Lecture

by William M. Nolte  |  February 14, 2014  |  PAST EVENTS

On February 7, 2014, William M. Nolte, Former Director of Education and Training at the Office of the Director of National Intelligence, discussed "Counterintelligence after Snowden" at The Institute of World Politics. This lecture was the second annual Brian Kelley Memorial Lecture, sponsored by the Alumni Association and Student Government Association at The Institute of World Politics. The text of the lecture appears below.  A video can be found here. 

Counterintelligence after Snowden
Brian Kelley Memorial Lecture
William M. Nolte 

William Nolte 444x718Let me first of all thank John Lenczowski and the Institute for extending this invitation.  One of the things I stress with my students is that intelligence is an integrity-based profession.  Brian Kelley remains an exemplar of the integrity - and the courage - each member of the intelligence services should hold as a standard for their behavior.  And this lecture gives us all an opportunity to come together both to acknowledge and continue his legacy.

I must note, however, that when Amanda told me that John wanted me to present the Kelley lecture, my first reaction was "This is not a good idea."    I later told Amanda (and John) that I thought it was a really bad idea.  The award, in my view, was established to honor not only Brian but the men and women who have worked, often with great responsibilities and relatively few rewards, in counterintelligence, even to be, as Mrs. Kelley said of Brian, "an expert in counterintelligence.  That I would never claim.

In the end, John convinced me that I was being invited as someone outside the field who has always had the greatest respect for the men and women who have served in the field and who has attempted to advocate for it.  And it's on that basis I am proud to be here this evening.

I struggle with the thought that advocating for counterintelligence should be a challenge.  It is, after all, an absolutely integral and essential aspect of any nation's intelligence services.  Sometimes, to engage my students when we are discussing NSA, I raise the hypothetical that technology has moved to where NSA can only accomplish one of its two component issues:  offensive (or SIGINT) or defensive (information assurance).  Which, assuming the agency could choose, should it opt for?  Most opt for SIGINT.  I'm not surprised.  As a young NSA historian, I once told David Kahn that NSA should be seen as a SIGINT agency, and that comsec  (as we called it then) had receded to become a mere vestige.  It was David who first confronted me with the "What if you could do only one?" dilemma, and if you put it in those terms you'd obviously protect US communications even at the loss of the offensive mission.  Fortunately, we've never been confronted by the "either/or" dilemma.

But as an intellectual exercise, the same question can be posed regarding what I sometimes refer to in class as the "positive" intelligence/counterintelligence dilemma.  What, after all, is the point of collecting and processing all sorts of information, if we cannot protect that information and the sources, methods, and processes that allow us to acquire it?  What is the point of a world-class intelligence structure if we do not match that structure with counterintelligence processes capable of protecting the confidentiality of decisions made - under appropriate constitutional and legal authority - using that information?  The question is often asked whether secret intelligence can take place in a democratic society that places high value on openness.  One question that should be asked is whether a democratic society, having forged, over time and with some tension, rules to regulate and oversee intelligence operations, should permit individuals or institutions to declare themselves above and beyond legal authority.

Even absent the stark "either/or" hypothetical, we are probably in something like the sixth decade in which counterintelligence has been - take your pick - underfunded, under noticed, or even disrespected.  I've never gotten around to researching this, but the reality is, I suspect, that if we could measure the balance between counterintelligence versus that other form of intelligence from the 1920s through somewhere in the 1950s, CI was at least equally resourced, noticed, and respected.  One datapoint on respect from the popular culture is that even into the 1950s, G-Men and military CI agents were heroically going after bad guys in any number of movies.  The "good guys" -- and they clearly were the "good guys" -- were played by people such as John Wayne and  James Stewart.  And they were going after Soviet spies.  

Over the next decade or two, the popular culture changed.    The protagonists were no longer government agents going after spies; more often than not they were government agents run amok.  Sometimes these were rogues, sometimes they were no more corrupt and venal than the agencies for which they worked.

This cultural shift affected more than counterintelligence.  And whether one marks it with the reaction to the Warren Commission investigation or the War in Vietnam, from the 1960s on, the countercultural view that counterintelligence represented an effort to spy on Americans and deprive them of their constitutional rights has been very strong.  Leave aside such howlers as Oliver Stone's JFK, which, to the degree you could follow the bouncing conspiracy, seemed to involve the CIA, the military, the mafia, and General Motors.  Take a look at the Robert Redford/ Barbra Streisand movie, The Way We Were.   At one level it's a love story about two people who just can't resolve their issues, but the backdrop is the conviction that the 1950s represented a period in which innocent Americans suffered repression at the hand of agents of a hysterical witch hunt for communist agents who all right thinking people knew did not exist.  Let's not even deal with The Crucible, a play so didactic and so poorly written that its continued appearance can only be described as a victory of ideology over literature How did we get here?  Well, first of all, we did have that culture shift.  And the changed perception of intelligence and counterintelligence was just part of that.  "Never trust anyone over thirty" was an alternate motto for my generation, right up with "sex, drugs, and rock and roll."  And sometimes these culture shifts become cultural tsunamis, sweeping over everything they touch.  The good news though, is that such tides eventually subside.   I'll touch on that later.

The revisionist or counterculture view of intelligence and counterintelligence would also benefit from a trilogy of poster people: Joseph McCarthy, Richard Nixon, and J. Edgar Hoover.  Could a scriptwriter ask for a better set of boogie men?  Now the reality of course is that truth is often more subtle than Hollywood can handle.  Hoover, to cite one, would probably have been regarded as one of the great figures in 20th century criminology had he resigned somewhere in the 1930s.  But the hubris associated with heading a government agency for half a century inevitably ended in disaster - a disaster that arguably makes having your name attached to the ugliest building in Washington just and proper.  As for Nixon, we well know the strange twists associated with this talented but embittered figure.  His failures notwithstanding, we could leave here for any public library still open and quickly find him associated with cases and events he never touched.

As for McCarthy, his critics often portray him more as an evil aberration than as a representative of a Midwestern progressive movement that often produced a demagogic and irresponsible populism.  As my former professor John Lukacs has long noted, McCarthy in the end probably created more anti-anti-communists than anti-communists.  But he was neither the first nor the last American political figure whose irresponsible rhetoric has distorted important public policy decisions.

My first paying job was in high school, shelving books in the Silver Spring library.  One of the subjects that fascinated me - and slowed the shelving process - was the literature of the atomic spy cases.  From that point on, I read everything I could on the Hiss and Rosenberg cases, among others.  One thing I learned from the start was that half the books described Hiss and the Rosenbergs as secular saints, and McCarthy, Whittaker Chambers, and others as satanic.  The others described McCarthy as heroic and Hiss et al as traitorous villains.

I was working in the history office at NSA in the late 1970s when this false dichotomy was exposed.  I was talking one day with Frank Rowlett, one of William Friedman's first hires.  Mr. Rowlett was well into his 70's at the time, and when I saw his head tilt dramatically I thought he was having a medical emergency.  Instead, he had spotted on my bookshelves Alan Weinstein's Perjury, and he was reading the spine.  "You know Hiss was guilty, don't you?"  Mr. Rowlett asked.  I replied that Weinstein's book certainly seemed to prove that.  To which Mr. Rowlett said, "Ask your boss about Venona."  And then he walked away.

So I asked my boss.  Or rather I asked "What do you know about Verona?" which drew a quick response of  "As in Two Gentlemen of . . . ?  When I told him Mr. Rowlett had told me that "Verona" proved the guilt of Alger Hiss, Mr. Wilson went pale and said  "Omigod!  You mean Venona."  He then got on the phone and asked if I knew someone named Bill Crowell.  I did not, but within a day or so I had met Mr. Crowell and Cecil Philips, probably the last of the Venona cryptanalysts still working at NSA.

In the decade that followed, several attempts within NSA to declassify Venona failed in the face of the conviction that such an action would reveal sensitive sources and methods.  Really?  Sources and methods?  If you use a one-time pad system more than once, you're looking for trouble?

A few years later I was at a conference in Tysons listening to Christopher Andrew and others addressing the role of the CIA in the Truman administration.  At one point in his remarks, Christopher stopped and announced:  "By the way, if you think Ultra changed the historiography of the Second World War, wait until Venona is declassified and revolutionizes the history of the origins of the Cold War."  I immediately left the ballroom, went to the lobby, found a pay phone  (Does anyone in the room need me to explain what that is?), and called Mr. Crowell to tell him what I'd just heard.   Shortly thereafter, Venona was declassified.

With what effect?  Well, with the effect that only the really hard core continue to believe that the Rosenbergs were innocent.  It is still possible to argue that Ethel Rosenberg should not have been executed, but, after all, she's the one who rejected offers to have her sentence commuted.  We also learned that two presidents and a decade of American counterintelligence policy had been tarred with the false accusation that they had conspired in a phony effort to counter a Soviet spy apparatus that did not exist.  It did exist.  And now we know that both camps in the earlier literature had it half right:  The Rosenbergs were guilty, and McCarthy was a demagogue.

Some of the damage to American counterintelligence came from outside.  On the other hand, some of it was self-inflicted.  The phony discussion on the atomic spies cases continued as long as it did because the intelligence community stubbornly refused to declassify material that could have put a significant part of the true story before the American public and the world.  That should be a continuing lesson for all the intelligence agencies: sometimes the secrets we hold involve equities more important than our sources and methods.  In the end, we need to be more alert in acknowledging that we do not so much "own" information as serve as its stewards.  

So where does that leave us with the state of counterintelligence?  I've had several moments over the last decade in which I thought the tsunami mentioned earlier was subsiding.  I was pleased with the creation of the National Counterintelligence Executive, but after a decade, it's clear that NCIX suffers the same authority gap that afflicts the DNI structure as a whole.

I was very excited a few years ago when Jennifer Sims and Burton Gerber published Vaults, Mirrors, and Masks.  Here at last was the potential intellectual underpinning of a movement toward a greater appreciation of counterintelligence.  This movement, alas, has yet to appear.

I was encouraged by the creation of an advanced research agency for intelligence, and I hoped it would lead a "Manhattan Project" on how to do counterintelligence and security in the 21st century.  But that has not happened.  In fact, when I approached IARPA with such a proposal, the lack of interest was apparent.  When I later raised this with a senior NCIX official, not, I should be clear, Michelle Van Cleave, I was told we just needed more CI training.  Maybe someone should try again.

Finally, the Intelligence and National Security Alliance has published a very fine, short paper on CI, but it too has not produced much in the way of momentum. One of my concerns has been that CI (and security) labor under not just neglect but also under old concepts and processes that have solidified into organizational structures and patterns that have outlived their usefulness.  The AFCEA intelligence committee heard a very fine presentation at the time of the Manning/Wiklileaks disclosure by a DOD CI official.  When one of our members asked about some of the very obvious security issues involved in the case, he quickly said ‘You'll have to ask the security people."  When I got back to my office, I called a friend in DOD security who told me the CI people were messing around in what was a security case.

More recently, I sat through a briefing in which I was told that one of the problems confronting the Intelligence Community was finding an appropriate interface between security, IT security, and counterintelligence.  (This was shortly before the Snowden leaks.)  In frustration, I commented that they may as well add information assurance.  I was thanked for that.  But I didn't want to be thanked.  I wanted the panel to acknowledge that the barriers they were struggling with existed significantly because they wanted to fit 21st century realities into 20th century structures.  It's as if Mike Shanahan had said he didn't have a problem with his defense; he just had problems with his lineman, linebackers, and defensive backs.  In fact he had a problem with the whole, and the problems with the parts needed to be seen in that context.

It may not work for every agency and every "int," but I'm pleased that NSA integrated its security and CI components into a single organization years ago.  And I would welcome a more holistic approach, community-wide to the various aspects of our defensive processes and structures. That may not mean a "reorganization" involving structures that mirror NSA's.    That's not only 20th century thinking; it's worse.  It's 19th century industrial thinking.  It is not an accident that we continue, in an increasingly wireless world, to refer to organization charts as "wiring" diagrams.  Metaphors are of course useful and economical, but when we come to see them as realities, they become dangerous.  And the "wired" industrial and bureaucratic patterns emerging from that period are in many respects dangerous.  John Arquilla and David Ronfeldt said over a decade ago that in coming conflicts between bureaucracies and networks, bureaucracies would lose.  And the intelligence community, like most of our government, is more bureaucracy than network.  Let me stress, as clearly as I can, that in the information processes we have seen develop over the last 20-30, and with the continued evolution we should expect to see for the future stretching as far as the eye can see, process is more important than structure.

Let me add a few thoughts on the prospects for reversing the cultural wave that has contributed to our national indifference to intelligence.  First of all, the national discussion raised by the Snowden disclosures is going to continue.  And I don't intend to give Mr. Snowden any credit for this.  One could argue that John Brown "drew attention to the slavery issue."  But who in the United States in 1859 did not know that slavery was an issue tearing the nation apart?  Along the same lines, the Great Chicago Fire led to better municipal building codes, but I don't think anyone ever thought of a statue in honor of Mrs. O'Leary's cow.  

My strong preference remains an orderly thoughtful review of our national security instruments, on the order of the work done more than a decade ago by the Hart-Rudman Commission.  I wrote a piece earlier this year suggesting that the commission's work had been pushed aside by the attacks of September 2001, with one result being that we still have post-1947 structures that have only gotten older.  In addition, we now have a body of post-9/11 legislation that, in the main, shows reals signs of being put together with all the expert craftsmanship that goes with post-crisis legislation.  Little happens in Washington more frightening than the conviction - in the Congress or the White House - that "We must do something!"  We can only hope that at some point the Congress and the Executive branch will find a way to take a hard, comprehensive look at our national security structures and processes in a format more thoughtful than sequestration.

What should such a review include?  First, it should cover, as Hart-Rudman intended, the entire spectrum of our security arrangements.  Second, it could do worse than accept at least a variant of the Hart-Rudman methodology; (1) attempt to define the security environment (or environments) we are likely to encounter over the next 20-30 years; (2) define a strategy for dealing with that environment; and (3) review existing security structures and processes to assess whether they align with both the projected environment and the strategy.

Such an endeavor could serve as the framework for the national discussion or discussions we will have - and should have - over the next few years.  Three components of that discussion should have direct implications for the future of American counterintelligence.  They are: privacy, security, and espionage. 

These issues are among several associated with the challenges facing the national security establishment by a still volatile information environment and a complex operational environment, the complications associated with the latter driven at least in part by the changes in the latter.  Stewart Brand, whom some of you may remember as the creator of the Whole Earth Catalog, gave an interview in Wired Magazine last year in which he said that the most important reality of the last two decades was "The playing out of Moore's Law."  That is an extraordinary statement, but I think most of us would agree it is a top five factor at a minimum.  This almost certainly will slow at some point, but it is hard to see when that will happen.

Privacy.  Let me suggest that the worst mistake the intelligence community could make on this issue is to assume that the recent controversies regarding privacy are primarily about the role of intelligence in challenging our collective sense of what privacy is. Such a review would reflect an insularity that too often festers in classified environments.  Some years ago, when I was at the National Intelligence Council, we were interviewing candidates for a deputy NIO position.  One of the questions we asked each candidate was to name some of the leading external authorities in the field in question.  This particular candidate confidently assured us that there existed no peer experts on the subject area outside the intelligence community.  We found this interesting because we had just spent several hundred thousand dollars on papers and meeting with external experts in the candidate's field.  (The candidate did not get the job.)  In this information environment, secrecy will remain a necessity; insularity, on the other hand, will prove catastrophic.

Despite what some media outlets believe, the privacy issue is not just one of government surveillance.  It is not, in my view, even primarily about government surveillance.  It is about the reality that we in the 21st century will not be able to assume the same expectation of privacy we enjoyed, if that's the word, in the 20th century.  In fact, I would argue that our collective expectation of privacy (and its associated state of anonymity) has been in continuous but not continuously measured evolution for hundreds of years.  This process accelerated in the 19th century with the invention of such devices as the camera, the telegraph, the telephone, and even of cheap, popular newspapers. We have seen further acceleration since that time.

Look again at the popular culture.  How many novels in the 19th century featured a character carving out, with little difficulty, a new identity?  It was a commonplace in American literature (and later film) of the 19th and 20th centuries to find a character wanting to escape something in his (or sometimes her) past by moving west and assuming a new identity.  Whether one was escaping from criminal prosecution, or from lenders, or simply a husband wanting to abscond from family responsibilities, the reality must have been that leaving your troubles behind was relatively easy.

Compare that to the author who put up his own money a few years ago in a challenge to Wired readers that he could go off the web, and the credit cards and other associated technologies that work with it, for three or four months without being discovered.  This was a skilled individual, who had put a great deal of planning into his project.  In the end, nevertheless, within a short period of winning the challenge, he was uncovered.

The reality is of course that a path to reduced (if not eliminated) intrusions on our privacy signature (let's call it a personal stealth program) is not hard to define.  Pay in cash as often as possible; do not own a smart phone (or at the very least turn it off most of the time); do not use or own a GPS device; use the internet as seldom as possible, and then only from a public library or such; if you insist on owning a computer, make it an Apple product.  By all means, if you must use the internet, never allow a service to share your information; delete cookies regularly; change passwords frequently; decline to join a frequent flyer or preferred customer plan; and never use the same password or variations of a single password; and never write down your passwords.

Using that as a baseline, how many of you have more than ten services that require passwords?  How many of you change passwords at regular intervals, not to exceed three months?  How many of you use only strong passwords, with the requisite mix of upper and lower case, alpha, numeric, and special characters?  And how many of you have never written down a password?

I assumed in preparing this that the answer to the last question would be "none of you," proving my point that to a great degree we have made our own decision, whether we think of it in these terms or not, to balance security, privacy, and convenience.  

As I said earlier, part of the Intelligence Community's response to concerns - and they are legitimate -about government surveillance needs to be placing those concerns within this changing privacy context.  Some years ago, Don Kerr, formerly the head of science and technology at CIA, gave several presentations in which he remarked on the changing nature of privacy.  It is always fun to look for those presentations on the internet and see that sites housing them headline them by statements such as "CIA official decries privacy" or "CIA official advocates end to privacy."  As we all know, the right to free speech includes the right to be silly and even stupid.  Dr. Kerr, as many of us know, is a scientist, and a notable one.  As such, he was observing not prescribing, and in this instance he was observing correctly and acutely.

I prepared these remarks before the President announced his response to the recommendations of his advisory panel, but let me make at least two observations.  The first is that the short deadline to find an alternative to NSA storage of the masses of data it collects sounds to me like a lesson from the "Thelma and Louise" school of decision making.   We'll see.  What looks to some as a March deadline could become a cliff.

Secondly, if the options for "reform" of government surveillance can be boiled down to two general paths, regulation and oversight, I hope we put emphasis on the latter.  In my class on cyberpolicy, I used to note with some concern the absence of regulation - domestically and internationally - of the internet.   Now I am, only two or three years later, less confident of that.  I often describe the information environment as having a "Wild West" character.  And of course we'd like to see law and order prevail on a host of issues.   Nevertheless, regulation of something as volatile as the information environment is going to prove, as it already has, extremely difficult.  One danger is that we will regulate a particular technology or implication that goes away in one or two Moore's Law intervals, while either blocking new developments or completely failing to anticipate them.  The case of the Foreign Intelligence Surveillance Act is instructive.  When passed in the late 1970s, when phones were hard wired and very much tied to an individual user, the Act made sense.  By the late 1990s, the technology and the law had drifted apart.  They did so with serious consqeuences (and controversy), later resolved by the updated FISA Act.

Oversight seems to me to offer greater flexibility.  And here I want to add my own view that congressional oversight of US intelligence is one of the great achievements in our intelligence history.  When I came to work at NSA in the late 1970s, I sometimes expected to see people wearing black arm bands decrying the creation of the House and Senate intelligence committees.  I was often told that this was not fair, because other intelligence service - even allied services -- did not have to put up with such scrutiny, and that they would at some point refuse to cooperate with us.  I was even told that the advent of these committees would mean in relatively short time the abolition of NSA

None of that happened of course. And within a few years I had the privilege of briefing the staff and members of the new UK parliamentary oversight committee.  My academic field, I should note, is British history, and I'm as anglophile as that would suggest.   But when you've gotten more than a whiff or two of "not bad for colonials" comments, or been told your quarters at Oxford or Cambridge are in one of the "newer" buildings - say from 1615 - the temptation to finish the briefing by saying "We know you're new at this.  But you'll get the hang of it" was very great.

More importantly, for all those in the intelligence community who still resist congressional oversight and yearn for the "good old days" when Allen Dulles simply negotiated the CIA budget one-on-one with Richard Russell, where would we be now without the courage and leadership of Chairman Mike Rogers, Congressman Dutch Ruppersberger, and Senators Diane Feinstein and Saxby Chambliss, and the clear majority of their committee colleagues from both sides of the aisles in their respective chambers?

So I would not fear excessively some measure of enhanced or modified oversight.   I regret that the Privacy and Civil Liberties panel was allowed to remain unused for far too many years.  They should now have a major role to play in assuring confidence in the adherence of the Intelligence Community to our laws and standards.  I have some reservations about a public advocate at the FIS Court, but only if it is constructed in a way that risks significant delays.  Perhaps this advocacy role could be played by agents of the Privacy Board.  In any event, this could work.  

I should add that I think the Board may have overstepped in declaring current collection programs illegal.  Individuals and groups who do so seem, somehow, to act as if the FISA Court did not exist or that it had taken a sabbatical over the last decade or so.   It is, however, fully appropriate for the Board to suggest that some portions of the post-9/11 legislation were perhaps drawn too broadly.  And that they need a second look.

Amid all the press reports of the last few months, I must mention one.  After months of reporting on NSA's activities, the Post published articles on corporate data collection and the authorities available to local law enforcement to track cell phone and GPS data.  The latter story noted that such authorities operated even without the limits imposed on NSA.   In an earlier newspaper era, it seemed to me this should have led to a decision to "hold the presses."  At the very least I would have thought such news deserved higher placement, even a headline, given the impression left by previous stories suggesting that NSA operated without limits.  (Or the thrust of the Post's earlier "Top Secret America" series that suggested the intelligence community was a fourth branch of government.)

Security.   I'll be brief on this one.  I've already noted that we need to rethink how we define security and its various components, and counterintelligence.  This is not to say they should be centralized or merged into one homogeneous element.  That's always the danger when bureaucracies consider "connecting the dots."  But there is a difference between, to state a classic case, our efforts to integrate the armed services and Canada's disastrous first try at unifying its services.  The point is not to create a single whole, but to ensure communication between the parts.  How to do that should be a major consideration of that Manhattan Project I mentioned earlier.  

Espionage.  This one gets tricky, and I'll mention one possibility that could perhaps be considered in a national conversation on security and privacy, while at the same time stopping far short of endorsing that option.

I give the army prosecutors in the Manning case high marks for attempting to deal with that case within the limits of the 1917 Espionage Act.  That they failed says less about their effort than about the obsolescence of an act passed when espionage, almost by definition, had to mean the passage of classified information with the intent of harming American national security, to a specific foreign power.

The transformation here is not unlike that which made obsolescent key features of the first iteration of FISA.  Why would I want to enlist my services to a foreign power once I realized that action would expose me to the most severe penalties under American law?  Why not just release the information to the world?  After all, as the Internet Society used to say: "The internet is for everyone."  I am not an attorney, but it seems to me that part of our conversation should be to ask whether this provision of the 1917 statute deserves significant review.

Beyond the 1917 Act, moreover, there is Title 18 of the US Code, section 798.  Michelle Van Cleave has dealt with this in a fine article in the Fall/Winter 2013 issue of the Intelligencer.  But for the few of you who weren't reviewing Title 18 over the weekend, let me note its prescription that:

 

Whoever knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States . . . any classified information . . .

 

related to codes, ciphers, or other comint material, shall be fined "or imprisoned no more than ten years, or both."  For whatever reasons, that seems to be a dead letter, but it remains on the books as this audience must know from events of the past week.

Many years ago, I had lunch with Walter Pforzheimer, the legendary advisor to any number of Directors of Central Intelligence.  During that conversation, Mr. Pforzheimer told me that in its earliest days he and a few colleagues had discussed whether to propose an American equivalent to Britain's Official Secrets Act.  After what I think was a relatively brief consideration, they decided it was both unnecessary and unthinkable within the American context.  Remember, even William Donovan's proposal to extend the OSS into peacetime was greeted with fears, in some quarters, that this would become "an American gestapo."

It would be difficult to craft such legislation in a way consistent with our laws, our constitution, and most importantly, our values as a democratic society.  But as I have read story after story over the last few months, revealing not so much evidence of criminal violation of American civil liberties, but of NSA support to the deployments in Iraq and Afghanistan, or of the technical details of drones, I think we have reached a dangerous point.

The Soviet services, in the 1930s, seemed intent on recruiting young government officials, in the hopes they would rise to be senior government officials.  If I worked for a foreign service today, I think I'd put more emphasis on recruiting journalists, who, as far as I can tell, now see themselves fully exempt from laws covering the disclosure of classified information.  If that is true, that their first amendment privileges make them a separate class of citizenry, then we make a mockery of that phrase we heard over and over during the Watergate investigations, namely, that "no man is above the law."

As I've thought about how we would craft an official secrets act, and how to balance key values involving responsible government and freedom of the press, I've thought about positive defenses, including evidence that the information in question was classified not to protect national security, but to conceal crime, malfeasance, or other embarrassing information.

I still cannot bring myself to think we could craft such a law in a manner consistent with our history and deepest values.  There is also that apparent unwillingness to attempt to enforce Section 798 of Title 18.  And I continue to hear from journalists I respect that we must trust them and their editors.  But what if the current climate of "if you have it, run it" had existed in 1944 and disclosure of the plan for Overlord had appeared in papers around the world in May of that year,  leading to thousands of Allied deaths and the collapse of the effort to free Western Europe.  I suspect the clamor for an official secrets act, of a variety that would have done great damage to our constitution and our values would have been unstoppable.  And we would have been poorer, by far, as a nation.

Edmund Burke wisely noted centuries ago that the best defense of virtue is in society and its values.  A society that can defend its values need rely on the state only when necessary.  Even then, the state is likely to be a far less nuanced and less effective guardian.  And so I hope the national conversation we need on privacy, security, and espionage must ultimately depend on a conversation about what we value.  I'm confident that in the end the public will decide that an effective intelligence service, including effective counterintelligence components, aligned with the realities of our time, can be maintained.  "Trust the people," was Randolph Churchill's motto, and it remains a good one.  

From time to time, I hear it said that the relationship between American intelligence and the American public has been broken.  I don't believe that.  Strained certainly.  But not broken.  In part because despite hundreds of news stories about government surveillance programs and "out of control" agencies, little has been disclosed that has not involved programs approved by executive branch authorities (including two presidents), the Congress, and a duly empowered court.  In addition, where breaches have occurred, most of them have been discovered within the community and reported to the appropriate authorities.  The public may wish to see some modifications here and there -- I have heard and read proposed modifications that would cost me not a moment's sleep -- but I do not believe they have seen evidence of the need for a wholesale disruption of the intelligence establishment.  However we proceed, I hope we avoid that temptation to just "do something," and that we understand that if this is a morality play, it is a complex and subtle one.  I can appreciate the concerns of those who fear the creation of a "new protective state," or a "national security state," as I hope they can appreciate concerns regarding national security in a dangerous world.  I mentioned Edmund Burke earlier, and I have long been an admirer.  But I am even more a Madisonian, and I continue to belief in the instruments he and his colleagues left us. 

So where does this leave us in "counterintelligence after Snowden?"  It leaves us in a country governed by an imperfect system that the public and its representatives can change.  One of the values of a Catholic education is a strong sense of original sin, which virtually demands that this world is inherently imperfect and that sometimes the bad guys win.  But in this case, we live in an imperfect country and Edward Snowden lives in Putin's Russia.  Who among us tonight would trade places?

In the meantime, we can continue to count on the dedication and professionalism of the men and women of our counterintelligence and security services.  And we can hope for a day when counterintelligence is accepted here, as it is in Britain, as a full peer of the "positive" intelligence services.  When I see a volume on MI5 such as Chris Andrew's Defence of the Realm, and I think of the prestige MI5 enjoys in that system, I hope that we can someday achieve something comparable.  As I said at the beginning, I continue to advocate for counterintelligence.  For many years, I used to ask NSA colleagues what they would think if I directed one of my best interns toward a career in counterintelligence and security.  I can't tell you how many times I was told that would not be a great career move for the intern in question.

But I've done better than put an intern in the field.  My daughter Christine is not here this evening, and I have to say I never did a thing to press her into joining NSA, let alone the counterintelligence and security organization.  But I am enormously proud of her and the work she does.  I hope she and her colleagues in all our security services understand the centrality of what they do, the full range of intellectual and professional talents they will be asked to bring to bear, and the enormous responsibility we have placed in their hands.  With any luck, the tide will turn and American counterintelligence will once again sit at the center of the American intelligence effort.  That truly would be an achievement and an honor worthy of Brian Kelley.  Until then, I hope the men and women who work in the counterintelligence services see this event as an action taken to honor not just Brian but also them and their service.

Thank you.

Brian Kelley Memorial Lecture 2014

Above: Amanda, President of the Alumni Association; Patricia Kelley, widow of Prof. Brian Kelley; William Nolte; and Lacy Rourke, President of the Student Government Association.