The attack was life changing. Experts warned of the looming threat, but we remained unprepared to face it. When it struck, its impact was lethal, killing many and affecting us all. Sound familiar? For many of us working on national security issues, the COVID-19 pandemic evokes vivid memories of 9/11.
The 2001 attacks motivated me to re-enter public service. In 2002, I left the job I loved as the privacy and technology attorney for Marriott International, to join the CIA’s Office of General Counsel. Three years later, I joined the newly created Office of the Director of National Intelligence (ODNI) as its first Civil Liberties Protection Officer, a position I was privileged to hold for 14 years.
At ODNI, I witnessed the herculean efforts taken to streamline, integrate, and enhance our national security capabilities. We sought to create a whole-of-government approach to identify, prevent, and respond to the ongoing threat that had harmed us so badly on 9/11. The government made mistakes along the way, but in the ensuing years, it has made dramatic progress in protecting the nation from terrorism.
As in the days after 9/11, the current challenges stemming from COVID-19 seem unprecedented. But the parallels are striking. The current crisis has already claimed more lives and the death toll continues to climb, but the threat then seemed dire as well. We overcame it and learned some valuable lessons along the way that should guide our response to the current crisis.
Update the Legal Framework in a Focused, Balanced Way Based on Demonstrated Need
In the wake of 9/11, the government sought and developed new authorities and programs to aid in the response to future terrorist attacks. Two approaches generated an enormous amount of controversy. First, the government interpreted existing laws in creative and novel ways to apply them to new and different situations in a manner that was viewed as contrary to the drafters’ original intent. For example, in the years following the 9/11 attacks, the government presented to the Foreign Intelligence Surveillance Court—and the Court repeatedly approved—a particularly broad interpretation of the term “relevance” in the applicable statute, which enabled the government to collect telephony metadata (call detail records) in bulk from phone companies (albeit with strict privacy safeguards on querying and use). When disclosed, this program created a crisis of public confidence in the Intelligence Community (IC). It was significantly cut back by President Barack Obama in 2014, and was terminated by the USA FREEDOM Act a year later.
Second, the government proposed—and was granted—a swath of new authorities, in the form of the USA PATRIOT Act. Some of those provisions were relatively uncontroversial, but others raised strong public concerns, in part due to the perceived rush to pass the legislation.
We should not shy away from updating our legal framework as necessary, but we must do so in a focused and balanced way, based on a demonstrated need and clear understanding as to how the new authorities fit the need. It is tempting to “go big” and seek the broadest possible authorities even if there are no plans for how to use them. Such proposals may well raise a host of concerns, arouse suspicions, and generate unnecessary controversy. It is far better to focus on the specific changes we know we need, and to counterbalance new authorities that intrude on privacy with robust protections and multilayered oversight.
This is particularly important as one thinks through the possible interest in data sets that can be used to track the movements of people that have tested positive for COVID-19 and to identify those with whom they have been in contact. More digital data about our personal lives is available than ever before, particularly to the private sector. To date, the focus in the United States has been on gathering aggregated, anonymized data sets to assess trends in disease spread. But given the seemingly enormous potential that access to such data holds for public health responses, the U.S. may at some point seek to amend existing laws or enact new ones to enable greater access to data of interest.
Should a compelling case be made, and such a new collection program implemented, safeguards should be put in place, including back-end limitations on access, dissemination, and retention, and a sunset clause for any new authorities. Effective oversight also should be built into the program, such as the sorts of provisions that national security professionals are quite familiar with. For example, offices like the one I used to lead at ODNI—the Office of Civil Liberties, Privacy, and Transparency–should be empowered to provide advice and monitor compliance within their agencies at the Federal and state levels. Moreover, an independent executive branch body like the Privacy and Civil Liberties Oversight Board should provide oversight of such programs. In addition, inspectors general should examine implementation efforts to ensure they comply with the law. And Congress could and should use all its considerable powers – including those of oversight and the purse — to keep the executive branch on track.
Manage Complexity by Clarifying, Sharing and Playing to Our Strengths
The sheer complexity of governmental systems after 9/11 posed huge hurdles. Counterterrorism responsibilities were spread out among a range of federal agencies, which tended to operate within their own silos. Policy, cultural, and legal barriers hampered sharing of information and resulted in redundant capabilities in certain areas and coverage gaps in others. Very quickly, the federal government had to establish ways to interact with relevant outside entities (e.g., state, local, and tribal government) while respecting everyone’s authorities and without crossing legal lines.
The bureaucracy for responding to a pandemic is similarly complex. Major agencies have important (and seemingly overlapping) responsibilities, such as the Centers for Disease Control and Prevention, the Food and Drug Administration, the National Institutes of Health, the Surgeon General, and the Federal Emergency Management Agency. And the dividing line between federal agencies, on the one hand, and state, local, and tribal agencies, on the other, is even more dramatic.
After 9/11, the federal government engaged in a major reorganization to respond to some of the information-sharing gaps, among other reasons. This reorganization created the ODNI, where I have spent over a decade working. It established the National Counterterrorism Center (NCTC), bringing together the information, expertise, and capabilities of agencies within the community and across government. In addition, states established “fusion centers” to coordinate responses to a variety of threats, by co-locating representatives of law enforcement and public safety agencies with one another and with appropriate Federal agency representatives.
As we think through responses to COVID-19, there may too be a push for reorganization as a solution. But while such restructuring can be helpful, it can also be distracting and consume inordinate amounts of time and resources. The key is to clarify roles and responsibilities–finding ways for agencies to share information and integrate capabilities, while still focusing on what they do best. For example, the NCTC worked in part because it was designed to synthesize and coordinate the important work being done at each agency, not to replace it.
This approach could be helpful now. Putting career professionals in regular contact with one another through physical or virtual “centers” could establish the trusted relationships that are so important to coordinating responses while leveraging each agency’s strengths. In fact, several state fusion centers are now helping their states coordinate responses to COVID-19. This is the kind of model than can, and, as needed, should be updated.
Be Transparent
A dramatic difference between the government’s response to 9/11 and the current crisis involves secrecy. Years after those attacks, the national security community paid the price for excessive, even if well-meaning, secrecy. When the bulk telephony metadata program was disclosed, the public reacted with suspicion and outrage. The IC experienced a crisis of public confidence not only within the United States, but also among our foreign partners.
We learned our lesson. Secrecy has always been—and will always be—essential for intelligence. If our adversaries know our sources and methods, they will change their behavior, eliminate intelligence sources, and avoid detection. But excessive secrecy can damage the public trust we need to carry out our missions. For the past few years, with great effort, leadership commitment, and the dedication of many intelligence professionals, the IC has made dramatic strides toward improving transparency. For example, the IC has posted volumes of documents about its surveillance programs on IC on the Record; has gone beyond statutory requirements in providing rich statistical information about the use of its authorities; and has included privacy and transparency as one of its key objectives in the National Intelligence Strategy. Our transparency efforts were recently acknowledged by members of the Privacy and Civil Liberties Oversight Board.
The enemy we are fighting today is not a terrorist organization or a hostile foreign government. Secrecy has no place in the war against that virus. Indeed, transparency is one of our most important weapons. The public needs to have accurate, reliable information at its fingertips so that we can keep ourselves and everyone else in our community safe, particularly the most vulnerable.
Transparency is also essential for earning and retaining the trust the government needs to carry out its activities. If it requests new authorities, or if it seeks to interpret existing laws in new ways, it must do so openly and publicly, engaging directly with civil society, to work through the challenging issues that are sure to arise.
Only if we approach the task with transparency, care, and thoughtfulness can we hope to establish the sort of sustainable, trusted framework we need to prevail over the current threat.
The views expressed here are those of the author and do not necessarily reflect the views of the Office of the Director of National Intelligence or the U.S. government.