FORT MEADE, Md. (Reuters) - The U.S. government should have publicised the existence of a programme that vacuumed up in bulk Americans’ telephone call data before its existence was leaked by former contractor Edward Snowden, the National Security Agency’s deputy director said on Tuesday.
Richard Ledgett, who is retiring next month, said in an interview with Reuters that disclosing the secret programme would have been difficult. But, he said, doing so might have mitigated the damage done by Snowden.
“That’s one where I might have to say, yes,” Ledgett said in his office at NSA headquarters in Fort Meade, Maryland. “That’s one where maybe it would have been less shocking when Snowden did what he did.”
Ledgett’s comments, which echo the sentiments of some former top U.S. officials, come as the U.S. intelligence community is stepping up efforts to convince Congress to reauthorize other controversial surveillance programs.
Those programs allow intelligence agencies to collect vast amounts of digital communications from foreigners living overseas, but incidentally scoops up the communications of an unknown number of Americans.
The programs, authorized by Section 702 of the Foreign Intelligence Surveillance Act, expire on Dec. 31 unless Congress takes action.
Ledgett said that the NSA, whose mission is to intercept adversaries’ communications while protecting sensitive U.S. government networks, had learnt from the Snowden experience.
“We’re being very open about the (Section 702) programme, and will be,” he said.
Privacy advocates have repeatedly demanded that the government share an estimate of how many Americans are ensnared by programs authorized under Section 702.
Intelligence officials have declined to do so. But Ledgett, in remarks earlier Tuesday at a forum sponsored by the Aspen Institute, said “yes” when asked if an estimate would be provided before year end.
Snowden’s revelation of the bulk telephone data programme - which captured information about calls such as the numbers and time stamp, but not their actual content - prompted congressional hearings and court battles.
In 2015, Congress passed a law replacing it with a more limited system while installing new transparency measures over U.S. surveillance activity.
U.S. officials argued that the programme was lawful, and aimed at finding violent militants or other adversaries in communication with allies inside the United States.
In the 50-minute interview at the NSA’s large campus outside Washington, Ledgett expressed concern about the vulnerability of U.S. critical infrastructure to cyber attack by another nation.
“All of the major cyber threat actors that we worry about have efforts in place, have that capability,” he said.
“Can you take out a traffic system? Absolutely. Can you take out comm(unication)s systems? Absolutely. Can you take out gas and oil distribution, and energy distribution systems? Absolutely you can. ... We’re more vulnerable than most.”
He also gave a small insight into the secret cyber battles playing out globally, around-the-clock.
In late 2015, he said, an unclassified U.S. government computer network was penetrated by another nation, and the NSA was called in to help.
In the past, when an adversary realized they had been discovered, they would withdraw. “Like a turtle, touch them and they pull in their shell,” Ledgett said.
“What happened here was, they fought back. So it kind of became a hand-to-hand combat thing,” he said. “We’d remove their malware. They would deploy new malware, even though they knew we were in the system. They were just trying to get around us.”
He declined to name the attacker or the computer system involved.
Additional reporting by Dustin Volz; Editing by Lisa Shumaker