Morell is right that the report did not find the metadata program worthless (and it is noteworthy that he goes on to argue that the program would have prevented the 9/11 attacks). Yet his argument that the review group did not recommend the program’s elimination is either disingenuous or backpedaling away from the report itself.
In its executive summary, the report clearly calls for an end to “government collection and storage of mass, undigested, non-public personal information about U.S. persons for the purpose of enabling future queries and data-mining for foreign intelligence purposes.” Instead, the report calls for such information to be held by a third party, such as a private contractor. This outsources a large part of the NSA’s core business of signals intelligence.
If not exactly elimination, this plan is quite close, preserving just some elements of the program in private hands.
More important than whether the plan constitutes an end to metadata collection, however, is the fact that it is perhaps the worst of all possible worlds. A public-private metadata-sharing protocol would face serious practical and legal obstacles, which is one reason both intelligence officials and industry leaders are opposed to the idea. At the same time, it would increase the risk of future leaks because more individuals (public and private sector alike) would have to be involved in sharing information. After the Snowden affair, it is bizarre that the review group finds putting more information in the hands of contractors comforting.
In addition, the review proposes two additional reforms that could inflict grave harm on U.S. intelligence collection, neither of which is mentioned by Morell in his op-ed. First, the panelists call for extending the protections enjoyed by American citizens and those living in the United States, such as the Privacy Act of 1974, to foreign citizens living abroad. The Privacy Act sharply restricts the government’s ability to collect data on Americans, while giving people the right to access whatever information the government does have on them. The report notes that the Department of Homeland Security already accords these protections to non-U.S. citizens and that the intelligence community is already bound by the Privacy Act in matters like background investigations it conducts on employees. By extension, the report asserts that it would not be too much for the intelligence community to extend similar protections to non-U.S. citizens outside our borders.