Did Thomas Drake Include Privacy Concerns in His Complaints to DOD’s Inspector General?
I’ve been reviewing the docket on Thomas Drake’s case to see whether it touches on the privacy concerns Drake had about NSA’s post-9/11 activities.
It appears it doesn’t, even while there was an ongoing dispute about whether or not Drake will have access to the materials he submitted to the DOD Inspector General in support of claims that the ThinThread program operated more effectively than the Trailblazer program that Michael Hayden chose to enrich SAIC with instead (the Judge ruled that material would be admissible, but not a formal whistleblower defense, which Drake wasn’t trying to do anyway).
There are a couple of reasons why the silence, in the legal filings, about privacy concerns is interesting (aside from the fact that it’s a focus of Jane Mayer’s article.
First, because the two-sentence summary of the conclusion of the DOD IG Report on Trailblazer and ThinThread that the defense provides in a filing doesn’t address privacy.
In 2004, after more than a year of fact-finding, the Inspector General issued its initial audit findings. In a report entitled, “Requirements for the Trailblazer and Thinthread Systems,” the auditors concluded that “the National Security Agency is inefficiently using resources to develop a digital network exploitation system that is not capable of fully exploiting the digital network intelligence available to analysts from the Global Information Network . . . (T)he NSA transformation effort may be developing a less capable long-term digital network exploitation solution that will take longer and cost significantly more to develop.” The NSA continued to support the “less capable” program and its successor.
Which suggests the IG Report may not have addressed the claim that, in addition to being less efficient at “connecting the dots” than ThinThread, Trailblazer also offered none of the privacy protections ThinThread had.
That’s important because the government argued that Drake couldn’t claim to be a whistleblower because, by 2007, the issues at hand were resolved. They’re arguing both that any whistleblower claims would be mooted because Turbulence, Trailblazer’s successor, integrated “significant portions” of ThinThread, and that the debate was “over” by 2007, when Drake was (according to the indictment) serving as a source for Baltimore Sun reporter Siobhan Gorman.
In or about December 2004, the DOD IG completed its audit of [Trailblazer], including the allegations raised in the complaint letter. The NSA responded in August 2004 and February 2005, stating that based on the judgments of NSA’s experienced technical experts, the allegations were unfounded. Nonetheless, NSA agreed to incorporate significant portions of [ThinThread] into [Trailblazer] as a result of the DOD IG recommendations, thus largely mooting the issues raised in the complaint. In addition, starting in late 2005 and early 2006, the NSA transitioned away from [Trailblazer] to [Turbulence], another corporate architecture solution for Signals Intelligence collection.
Just as importantly, by 2007, the timeframe of the charges in this case, there was no imminent harm faced by the defendant, because [Trailblazer] had incorporated elements of [ThinThread], and also because NSA had transitioned away from [Trailblazer] to [Turbulence].
The defendant’s actions had no impact in the debate regarding the efficacy of [Trailblazer and ThinThread], because NSA had begun transitioning to [Turbulence] by 2006. Put simply, the debate was over.
There’s a lot going on in this passage. Obviously, the government is trying to claim that since Drake was allegedly collecting information for Gorman in 2007, he couldn’t claim he was whistleblowing.
Mind you he was not claiming he was whistleblowing, in the legal sense. He was only trying to get the IG materials to prove that’s why he collected three of the documents he’s accused of willingly keeping; basically, he’s arguing that if he overlooked three documents out of 5 boxes worth originally collected for the IG–and did not retain the really classified materials–that he basically just overlooked the three documents, rather than willfully retained them.
And the government is playing funny with dates. After all, they say Drake served as a source for Gorman from February 27, 2006, to November 28, 2007. The key story about ThinThread Drake served as a source for was dated May 18, 2006. And one of the charges accuses Drake of obstruction for shredding other documents. So not only is the 2007 date bogus because it igonores debates ongoing in 2006, but the government suggests that either Drake would be guilty for illegally retaining information, or obstructing an investigation. Moreover, Drake maintains he inadvertently included the three IG-related documents in the several boxes of unclassified materials, so the fact the debate was over is pointless.
Moreover, the successor to Trailblazer, Turbulence, was suffering from the same management problems Trailblazer had, as the defense notes just after citing the IG Report. The government wants to pretend the shift from Trailblazer to Turbulence ended the complaints about management problems, but it didn’t.
The program the NSA rejected, called ThinThread, was developed to handle greater volumes of information, partly in expectation of threats surrounding the millennium celebrations. Sources say it bundled together four cutting-edge surveillance tools. ThinThread would have:
* Used more sophisticated methods of sorting through massive phone and e-mail data to identify suspect communications.
* Identified U.S. phone numbers and other communications data and encrypted them to ensure caller privacy.
* Employed an automated auditing system to monitor how analysts handled the information, in order to prevent misuse and improve efficiency.
* Analyzed the data to identify relationships between callers and chronicle their contacts. Only when evidence of a potential threat had been developed would analysts be able to request decryption of the records.
In other words, privacy was just one of three ways ThinThread was better than Trailblazer, according to Gorman’s sources.
But that’s not the aspect the government seems to address. That is, the government seems to be saying that, because Turbulence adopted some of the approaches of ThinThread that made it more efficient at analysis, Drake can’t complain. The suggestion is (though we can’t know because of the secrecy) privacy is not, like efficacy, an adequate reason to blow the whistle. Neither privacy, nor the Constitution.
And that’s interesting for two more reasons. First, because the government references a notebook of documents Drake provided that had nothing to do with the IG Report.
There was, for example, a notebook of documents provided by the defendant, many of which had nothing to do with the IG’s audit, but this notebook was destroyed before the case began, and after the IG completed its audit.
Is it playing games with the scope of the audit? That is, did Drake provide materials on privacy, which the IG didn’t include within the scope of its report? If so, the IG’s destruction of the notebook, in violation of DOD’s document retention policy, is all the more interesting.
Then, finally, the debates about privacy continued into 2007 and 2008. In August 2007, specifically, Mike McConnell nixed a Democratic version of the Protect America Act because it required the government to tell FISA judges what the plan for minimizing US person data is and allowed the judges to review for compliance. Debates on how to fix PAA continued throughout the fall and into the following year, with Russ Feingold and Sheldon Whitehouse both trying to make real improvements on the minimization requirements.
The government seems to want to say that Drake’s privacy concerns aren’t a valid whistleblowing concern. Because, I guess, government officials aren’t allowed to whistleblow about citizens’ rights.