Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/235053
C Cyber security ow lens of gh the narr u at this thro thing to I just look n't tell any If ld ness, I wou he citizens ce effective possible. T lligen er inte at was nev asonable ody. But th t least a re a anyb ve to have eir behalf. mocracy ha doing on th f a de o t you are idea of wha I do. The traditional approach – and I recognize that technology has really changed this – is that each nation had its own laws as to what constituted privacy. Ours is anchored in our Fourth Amendment, which protects Americans against unreasonable search and seizure. The Fourth Amendment is not an international treaty – it applies to Americans, those in the United States and permanent legal residents of the United States. That seemed to be just fine through the first 55 or 60 years of the National Security Agency, which was founded in 1952. Now there are shifting standards globally as to what constitutes a legitimate expectation of privacy. And we are now involved in a global debate as to what those standards should or should not be. Happy for the debate, but I'm not prejudging outcome here. It remains a world of sovereign states and a world of enduring dangers, and signals intelligence is an incredibly valuable way for a state like mine to learn the plans and intentions of those who might mean harm. Q What should be the role of oversight? Certainly in this country there is a strong sense that it has been insufficient. You have got to define the terms of reference. In most countries, to the degree they debate this, the debate is about what security services do domestically, not what they do abroad. And the really interesting thing about what is happening now – interesting and somewhat frightening for an American – is that this debate which began about what our security services are doing "domestically" – the metadata program, the Prism program and so on – this is now a debate about what our foreign intelligence services do against foreign targets. That's really uncharted territory. Q Is part of the problem that we have an all hazards approach versus a risk-based one, that with each incident – reported or otherwise – we feel the need to expand the security requirements to protect ourselves? I had 39 years in the air force and in the first half of my career we were worried about the Soviet Union. I can't find a civil libertarian who would raise a finger about the NSA trying to intercept Soviet high command communications emanating out of Moscow trying to go to an ICBM unit out beyond the Urals. That was a dedicated network, a known enemy. The 2013 version of that is al-Qaeda emails co-existing on a world wide web with your communications and mine. And free people have to decide: do you want these security services to provide you what they were providing when the threat was that one, but in today's world? If the answer is, yes, then you are going to have to admit the reality that they are not going to be going after isolated communications 18 DECEMBER 2013/JANUARY 2014 www.vanguardcanada.com on dedicated networks, they are going to be bumping into your stuff. The real question becomes: Can I trust them to go after the other stuff and even though they may bump my stuff, they won't do anything that makes me uncomfortable? Q Does the nature of the technology and the fact that so much "intelligence" is open source change how we need to think about the problem? Let me answer that question by making the problem bigger. I was head of CIA after I was head of NSA. I had an advisory board and I gave them hard questions. One of the hard questions was: Will the United States be able to conduct espionage in the future, inside a broader political culture that every day demands more transparency and more public accountability from every aspect of national life? They went away and studied that problem and came back after six months and answered: We are not sure. We are at a fundamental moment here in terms of the traditional ways that sovereign states have defended themselves in the past with their intelligence services. Look, and I really mean it, just tell us what the rules are. You have to understand that if you draw the box real small you are probably going to be a little more in danger than you would otherwise. But just tell us where the box is. Q Do intelligence agencies then need to become better at telling their stories, despite that need for secrecy? How does an agency tell its success stories in that context? That's a real problem. If I just look at this through the narrow lens of intelligence effectiveness, I wouldn't tell anything to anybody. But that was never possible. The citizens of a democracy have to have at least a reasonable idea of what you are doing on their behalf. And I think quite clearly what has happened in the last number of years is, if intelligence services expect public support, they are just going to have to tell more of their story to their own citizens. That will shave some points off operational effectiveness, but the trade off there is that if you don't do that, you won't get to do anything because your citizens won't have a sufficiently high level of confidence in what you are doing. So we are going to have to be more forthcoming. That is ahistorical for us. General Hayden was a keynote speaker at the 1st Digital Economy Congress, "The Challenges and Opportunities for Cross Border Data Flow," hosted by Reboot Communications in San Diego in November. Reboot will hold its 15th Annual Privacy and Security Conference February 5-7 in Victoria: www.rebootcommunications.com