Homeland Security Implications of ISIS Attacks

Friday, December 18, 2015
Charles Platiau/Reuters
Robert Bonner

Senior Principal, Sentinel Strategy and Policy Consulting; Former Commisioner, U.S. Customs and Border Protection (via NY videoconference)

Jamie Gorelick

Partner, WilmerHale; Former Deputy Attorney General, U.S. Department of Justice (via DC videoconference)

Michael Hayden

Principal, Chertoff Group; Former Director, Central Intelligence Agency and National Security Agency (via DC videoconference)

Dina Temple-Raston

Counterterrorism Correspondent, National Public Radio (via NY videoconference)

Experts discuss the vetting of refugees, the implications for immigration policy, and the role of the NSA and intelligence community in the aftermath of the recent ISIS attacks in Paris, Lebanon, and elsewhere.

TEMPLE-RASTON: Hi, there. Thanks for coming today. We have a full house here in New York. I hope you have a full house there in D.C. My name is Dina Temple-Raston. And I am the counterterrorism correspondent for National Public Radio. So I’ve been busy, and as have today’s panelists, watching what’s been going on in Paris, and Brussels, and San Bernardino.

So what I’d like to do is briefly introduce the panel. And we’ll talk for a little while and then at 1:00 we will—no, sorry—at 1:30 we’ll go—we’ll go for questions from the audience. So you can get that ready. So here, sitting with me in New York, is Robert Bonner. He’s a senior principle at Sentinel Strategy and Policy Consulting. He’s the former commissioner of the U.S. Customs and Border Protection. So we’ll have lots of questions for him about visas and waivers and things like that. In D.C. we have Jamie Gorelick, who is a partner at WilmerHale, and—there’s a wave—and the former deputy attorney general with the U.S. Department of Justice. And finally, almost a fixture here at the Council on Foreign Relations, we have General Michael Hayden, who’s a principle at the Chertoff Group and the former director of the CIA and the National Security Agency. And we’ll have some questions about encryption and other things like that for him.

OK. So let’s start. And we’ll start here in New York because we’re live here. Mr. Bonner, let’s talk about the difference between large-scale attacks and the more recent attacks we’ve seen in Paris, and in particular San Bernardino. What kind of countermeasures can ameliorate something like San Bernardino?

BONNER: Well, let me start off by just saying that we’ve got two different kinds of attacks that have taken place in the recent past. I mean, the one that actually spurred this program was the large-scale terrorist attack in Paris. And so I think one of the assessments that I think that we probably had already made, but certainly should make, is that ISIS is engaging in asymmetrical warfare against the countries that it views as its enemies. So it’s not content just to stay within its territory in Syria and Iraq, and protect and expand that territory and other territories within the Middle East. It’s not content just to use the Internet to help radicalize singleton lone wolf kind of terrorists that are in place in countries like the U.S., but that it is carrying out large-scale terrorist attacks by individuals who have been trained—not only radicalized, but trained in warfare and terrorist tactics in Syria and in Iraq.

But the large-scale terrorist attack is the one, I would submit, that we need to be most concerned about. San Bernardino I think maybe is an example of—appears to be, by the way, very recent interesting article in The New York Times today based upon the arrest of an aider and abettor to the couple that carried out the San Bernardino—

TEMPLE-RASTON: That’s Enrique Marquez, the friend of Sayed Farook.

BONNER: Yeah, Farook. In any event, yes, and there it appears—we weren’t sure—but it now appears clear that that was an inspired terrorist attack. And by the way, inspired at least in part by al-Awlaki and his sermons and lectures coming out of Yemen over the Internet that radicalized Farook, and we’re still not quite clear how Ms. Malik—exactly her journey to become a jihadist terrorist. But it is more of the not-large-scale terrorist attack that—it still managed—by the way, they managed to kill, which is a terrible tragedy, 14 people. But a large-scale terrorist attack, the type of Paris—the Paris attack where you had 130 people that were slaughtered, Mumbai, Madrid, by the way, 191 people, multiple simultaneous, well-planned terrorist attacks executed, by the way, generally by a half a dozen or more foreign-trained terrorists.

That presents the kind of terrorist attack that I would say is most consequential and therefore we want to make sure we prioritize and focus our efforts as a government, and with other governments, on preventing that. Obviously we need to try to also prevent the San Bernardinos, the Chattanoogas, the Garland, Texas, and so forth. But I got to tell you, by the way, at the end of the day, no matter how good the FBI is, and they are good, if you’re talking about singleton, lone wolf, radicalized terrorists being able to carry out—kill a number of people, that’s going to happen. And it’s extraordinarily difficult to prevent. I applaud the efforts of the Bureau to date in thwarting as many attacks as is has.

TEMPLE-RASTON: Now, General Hayden, let me ask you a quick question which has to do with whether you see this distinction between cells and lone wolf attacks—cell being Paris, lone wolf being something like San Bernardino. Are there ways to stop lone wolf attacks if, for example, conversations about an attack are actually taking place over dinner in an apartment, like it was in San Bernardino?

HAYDEN: Sure. You can reduce their likelihood. You can reduce the likelihood that even if attempted, even if successful, the number of fatalities is reduced. Oh, I agree totally. You know, this is below a threshold at which you can have any realistic expectations that your law enforcement or security services can get this to zero. These kinds of things will continue to happen. I think they’re accelerated, Dina, by what we see in the Middle East. You’ve got the inspiration coming out of ISIS that’s acting like the hand of God carrying out the will of God, and a narrative that is genuinely underpinned by their battlefield successes.

So as we were talking, you know, in our discussion a few minutes ago, in addition to whatever tightening we might be comfortable with—and there is tightening we would not be comfortable with and should not do—but whatever tightening we might be comfortable with here—I use the phrase in the goalmouth, you know, between the 18-yard line and the goal—we need to kick the ball up-field. We need to get the ball up in the offensive zone where rather than restructuring our society because of this danger, let’s do a little reconstruction out there, right? And this is a case where the physical destruction, the kinetic fight, actually has a powerful ideological impact.

Very often, in my life experience, kinetic success carries with it ideological burdens. You know, it might actually make the long, deep fight a little harder to do. But in this case, I actually see a convergence. Imposing battlefield defeats on these folks undercuts their theological underpinning. And therefore, you get a victory not just tactically but strategically.

One additional comment: I totally agree with the analysis that what happened in San Bernardino was kind of what we were expecting from ISIS, kind of the Charlie Hebdo level, maybe Charlie Hebdo plus. Paris was a little surprising, or at least surprising to me. It showed a growth in ISIS ambition and sophistication and reach that was coming down at us, frankly, at a rate faster than I had—I had anticipated. It was a bit more al-Qaida-like in that it was centrally directed and complex with multiple parts, albeit al-Qaida light compared to what al-Qaida has done and would like to do. So in one sense, you know, we now have to deal with both ends: the increasingly sophisticated, complex attack—which, frankly, we’re better at stopping—and then the newer spontaneous attacks, which actually might just be the cost of doing business.

BONNER: I agree with General Hayden, though, on one point—really on all those points, but the one I really underscore is that, you know, this isn’t just about defense, right? It’s not just about defending against these attacks. The best defense here is a good offense. And the offensive strategy against ISIS, of course, is a subject for a whole nother program, so we’re going to be focusing on the fact that when you’re on offense, though, you still have to—you have to prevent these asymmetrical attacks by the enemy that wants to strike you in your homeland, and that’s what they were able to do against the French in Paris. It’s what ISIS was able to do against the Russians by taking down a commercial airliner over the Sinai and the like, so—and that’s the one we have to—we have a good chance of preventing that. We are actually doing better than most people think I think in terms of our ability to prevent that kind of attack in the U.S. But there are undoubtedly room for improvement.

TEMPLE-RASTON: Right. I should just stress that it’s far from clear that San Bernardino really had anything to do with ISIS beyond a posting on a Facebook page just minutes after the attack started that said in broken English that Tashfeen Malik supported and pledged bayat to Abu Bakr al-Baghdadi. So I do—the criminal complaint in this case is absolutely fascinating. And you see this is almost all the way up until the end something very typically al-Qaida, right? Al-Awlaki was involved, AQAP—one of the shooters wanted to go and join al-Qaida’s army in Yemen. So the—I think everybody was very early to talk about this being an ISIS case, and I think we may find out it’s a tangential one.

BONNER: I’d say ISIS-inspired is what it appears to be at this point.

TEMPLE-RASTON: Yeah. It’s very much tangential.

BONNER: Or maybe even al-Qaida,

TEMPLE-RASTON: Inspired—I would go more with—yeah. Yeah.

BONNER: Or we could be—we should be more broadly because apparently, Farook was radicalized going back to as early as 2007.


So let’s talk a little bit about the way you combat something like this. And Jaime, I wanted to ask you this question: What—there’s been a lot of commentary on the role of the State Department and whether or not they should be checking social media before they let somebody in the country. What are your views on that?

GORELICK: It’s not something I’ve studied, but I do think that we are—surprisingly, for a country that invented social media—not great at it. We’re not great at surveying it, and we’re not great at doing it. And that’s stunning to me that the enemy here is way better at—certainly at using social media to foment and inspire. And we don’t have, to use Mike’s terminology, a counter-narrative. We don’t have the same power in that space that we should.

And I think—you know, I don’t mean to answer a question you—which was not the one you were asking me --


GORELICK: —but the two go hand in hand. I think you have to have a greater sophistication in government, helped by our pretty sophisticated private sector, to figure out what is happening out there and utilizing that. I mean, as Robert said, when you have an asymmetric war, which is what we’re in—and we said this in the 9/11 Commission Report—you know, your best tool, your very best tool is intelligence. And so you’ve got to use it where you can. You have to put proper boundaries on it and the like, but you have to use it.

TEMPLE-RASTON: So a couple of years ago I was on a fellowship that—I was looking at the idea of big data and intelligence. This was a little before the Snowden revelations. So this next question is both for Jamie and for General Hayden. Do you see big—how do you see big data analytics being used in this space? If you have all these people on social media, if you have to troll such a large amount of information, how can that be used in this space to try to prevent these kinds of attacks?

HAYDEN: Sure. Look. In this context, Dina, the concept of big data and how you—how you—how you want to use it I think just follows the path what we would call disambiguation, all right? You’ve got masses of data, and you want to go from the universe of data points into very specific, actionable things. And we’ve actually gotten fairly good at that in terms of disambiguating identities so that we can target someone either for action or for collection or—so he or she doesn’t—so he or she doesn’t get on an airplane, right? And so we do that. And, you know, we need to perfect that and use it better and expand it as part of the big data sea with the social media information.

But I’ll just offer—it’s not a contrarian view but a complementary one: An awful lot of what passes now for analysis in the American intelligence community is targeting. It is disambiguation. It’s going from the mass to the specific: It’s him. All right? That might be at the cost of broader strategic appreciation for what’s going on. I said at Aspen last summer, and I’ll paraphrase it, you know: Dang, did you guys miss ISIS or what? You know, was that a policy problem or an intel problem? It was probably a mix. But I offered the view that we may have been so busy as an intelligence community, OK, chopping down trees over here with great care we weren’t chopping down the wrong trees that we kind of missed the second-growth forest coming up over here.

So big data is good. We got to do that, perfect the disambiguation. But I have to tell you, instinctively, Dina, when I hear that, that other—that other fight kicks in immediately. But don’t forget you need to give your policymakers deep-reach, nuanced, strategic appreciations so that you’re not—you’re not forever in a loop where all you’re doing is arresting or killing people.

GORELICK: Yeah, let me—let me add to that. Big data is being used by every American company to really great ends. We are capable of analyzing huge amounts of data, and citizens today generate huge amounts of data in a way that we didn’t even five years ago and certainly not 10 years ago. So the ability to analyze, to use machine learning, to keep ourselves smart about what is happening out there, whether it is the micro or the macro, is critical. And we’ve got to use it.

Now, to be sure, when the government starts looking at lots of data, you know, alarms go off about what the protections are against the misuse of that data. I would rather focus on what the protection should be than say it’s too dangerous and we should be hands-off, because it is one of our key tools. And if we are blind to what is buried in the data, we are not going to be as effective in protecting our country. And I, as somebody who grew up in the civil liberties community, I would rather take the time to build a system that works appropriately than I would risk, take the risk of not doing that and having the American people be so afraid that they wholesale throw out civil liberties. That’s the real risk here, and we have to appreciate that when we talk about the massive pendulum swings that we’ve had in this country between security and privacy.

HAYDEN: Dina, could I just add one real—

BONNER: I’m not going to call this—

HAYDEN: Oh, I’m sorry, go ahead.

BONNER: If I could, I’m not going to call this big data, but I think one of the most important things that we did in—shortly after 9/11 was to essentially pause at the question of how could we use data more effectively that we had to better identify a small fragment of people that might pose a terrorist threat to the United States and might attempt to enter the United States from abroad and pose a terrorist threat. And of course, if you’ve got great intelligence, then they’re on the terrorist watch list, and of course, we will identify anybody on the terrorist watch list, not only when they enter JFK but before they board an airplane at Schiphol Airport or Charles De Gaulle.

But the real problem that I thought a lot about, and what we did something about, was the issue of, well, how do you narrow down the haystack, though, of those very really under 1 percent of people—and they are foreign nationals; some of them are now foreign fighters that are trained in Syria—but how do you identify the potentiality that somebody might fall under that category and then use border search authority, which is the—and border questioning authority, which is the broadest law enforcement authority that any agency of our government has—that’s Customs and Border Protection—how do you use that, then, to engage those small fragment of people in sophisticated counterterrorism questioning to determine whether or not they, in fact, do pose a risk—and, if they pose a risk, to deny them entry into the United States? And what’s what we’ve been doing since shortly after 9/11. That’s using a lot of data. Whether that’s big data, it’s a lot of data. It’s through the Automated Targeting System, which is part of the National Targeting Center that was set up by Customs and Border Protection. And so now not only can we identify the small fragment of people that might pose a threat, and then to ask them some questions before we allow them into the United States because, if you’re a foreign national, you have no right to enter the U.S. But in that small group of people—and by the way, it’s hundreds per year we deny entry, which means that they are put on an airplane and sent back.

Now, the other thing we’re able to do now—and this has been since the underpants bomber, as they call him Australia, Abdulmutallab—since that time, we’re actually able to do this intervention before they get on an aircraft at a foreign airport, like Heathrow and so forth. And CBP actually has teams of officers there to do the counterterrorism questioning of the people that we determine are potential terrorists. So they don’t even get onboard the aircraft if we believe—if we assess them to be a security risk. We simply tell the airlines, don’t board that person. And that—if they’re a Visa Waiver person, then they have to go to the U.S. consulate to get a visa and be subjected to an actual interview, counterterrorism interview, by State Department consular officials.

TEMPLE-RASTON: So one of the things that surprised me post-Paris was how there was such a debate about Syrian refugees and them coming in, not just into Europe but into this country as well. Two of the Paris attackers, as far as we know, allegedly came through Greece, possibly with fake Syrian passports to come in. So let me start with General Hayden just quickly, and I think you had a comment about the last question as well that you didn’t get to make. Do we need to worry about the Syrian refugees?

HAYDEN: I’ll get to that. Let me just do the other quick comment to reinforce Jamie’s earlier point about what you do with big data. American industry discovers many things.

I was on a panel a year or two with Keith Alexander, my successor at NSA, and Eric Schmidt from Google, and we were talking about the NSA metadatabase—you know, the phone bill thing up there. And Eric was just going on and saying, look, I understand why these guys want to do it. You run powerful algorithms against this database, you establish relationships, you learn this, you learn that, it goes on and on. And Keith and I were looking at one another and saying, well, Eric, you’re right, but we don’t do that. (Chuckles.) You know, the use of that—even that database was very narrowly circumscribed to simply querying whether a known terrorist number has ever had a phone call that ended in the United States. So you got this—


HAYDEN: —unreal separation where the private industry takes it as a given you would do it this way, and we’re, whoa, no, no, not so much.

With regard to the refugees, sure, there’s no requirement to be stupid along with being generous. (Laughter.) So my short summary would be simply that I would advise the chief executive to speak like and act like Mother Teresa and then, before the meeting broke up, to grab whoever’s filling my chair now, pull them aside, poke his finger into his—into his sternum, and say, and you, you make sure nothing bad happens. We can do both. We’re talented—we’ve got talent at this.

TEMPLE-RASTON: Should we be worried about them, the Syrian refugees?

HAYDEN: There is a danger.

TEMPLE-RASTON: Isn’t it harder to get in?

HAYDEN: Yeah, there is a danger. We should be prudent about it. But, you know, just simply saying it ain’t going to happen is actually destructive of our security, not just destructive of our character.

BONNER: This is another example of overreaction in our country, and—which is—which we see after, I think, every terrorist attack. And Congress almost always overreacts. It’s axiomatic.

But, look, first of all—(chuckles)—the fact of significance I don’t think was that there were a couple of people with Syrian passports that came into Europe that way. The fact of significance was that there were foreign terrorist fighters who were Belgian citizens, citizens of—French citizens, citizens of other countries who had fought and been trained in—by ISIS, and had European passports and were able to come freely back into anywhere in the EU, and within the Schengen Agreement, any country of Schengen. That’s the more—(chuckles)—that’s the more scary data point, if you want to look for one, than the refugees, because the refugees—look, we’re able to—it’s a long process. We are capable of vetting. Look, it takes astute counterterrorism questioning. It takes what General Hayden said, a president who tells the Department of Homeland Security secretary, you know, make sure somebody that is a security threat doesn’t get in. But that process takes time. There is—there is vetting. There’s certainly the opportunity to make sure that the refugees that we do admit do not pose a security threat to our country.

But the Visa Waiver Program, I think, actually poses more of a threat because we had—the estimates are 5,000 Western Europeans—French, Belgians, U.K.—that have gone off to Syria and are fighting for ISIS. I mean, some of them are going to be killed and that sort of thing, but now we know ISIS is intent on sending some of these people back asymmetrically to attack countries in the West. OK, so that’s the more, I think, fact of concern.

I do think, by the way—I’ve told you a little bit about the fact that we do have some protections in the Visa Waiver Program. Congress just strengthened these protections by making it clear to the Europeans that if they want to stay in the Visa Waiver Program they’re going to have to share information with the United States, with U.S. authorities, with respect to their own citizens who have gone off to fight with ISIS, and they are going to have to have the capability of knowing who they are. And that’s an intelligence issue, but let me just say I’m not too impressed with what our EU colleagues are doing with respect to even having the data that we need to help protect not only them, but ultimately to help protect the United States.

TEMPLE-RASTON: They weren’t sharing that information before, if someone went to go and fight in Syria?

BONNER: You know, look, there’s some sharing on the intelligence to levels, but the fact is they don’t—they don’t—let me—if you’re a German citizen, you’ve been to Turkey for six months, you come back into Germany, they don’t even know you’ve returned to Germany. You know, there’s a random checking, occasionally, of passports in the international airport of Frankfurt of their own citizens. Or you could fly into France. You could be a German who was radicalized and trained there. I’m just saying they’re so far behind in terms of actually having a system to protect their own borders. And it’s not just Schengen; I mean their external borders, which are protected by the weakest nations of the EU—Greece and Bulgaria.

You know, the second-largest land border port of entry in the—in the world, actually—(chuckles)—is Kapitan. Where is that? It’s between Turkey and Bulgaria. Second-largest, by the way; the first-largest is San Ysidro on Mexican border, San Diego.

But their external controls in terms of border controls and using border authority are almost nonexistent, and so they don’t even have the data to share with us in many instances.

TEMPLE-RASTON: Right. Abaaoud, who is the so-called brain behind the Paris attacks, was on a watch list. He was one of the most wanted men in Europe, and he came back and forth several times between Greece and was traveling between Brussels and France. So—and Germany. So that’s a(n) example.

Let’s talk a little bit about encryption, because everyone seems to be wanting to talk about end-to-end encryption not just in the San Bernardino case, but also in the Paris case. Jamie, should phone companies be required to respond to process?

GORELICK: I think every citizen, and that includes corporations, should be required to respond to process. I mean, I—you know, I’m speaking personally. My law firm represents many technology companies, and I understand there’s another point of view. But we have legislated that in the—in CALEA, which was a statue passed when I was deputy attorney general and implemented then, which basically said to phone companies: you have to create the technical wherewithal so that if a court, on a finding of probable cause, says we need this information, that that can be executable. And right now, what our technology companies are saying is that is commercially very problematic for us, and therefore we are going to offer encryption across the board. And it’s true for, as you put it, telephone companies—that is, anybody in telecommunications; there are also any number of apps.

I mean, this is a—this is a hard trajectory against which law enforcement is working, and it is very difficult. And my view is this is not going to be perfect, but we should enable our—the people who are there to protect us to get information where there is a lawful reason for getting it, and everyone else should be free to keep their secrets. But the—but bad guys, whether it is a child molester or a terrorist, should be able to have their communications discovered in a lawful process.

TEMPLE-RASTON: Right. And someone with a slightly different view may be sitting next to you, but let me have a slightly more—

GORELICK: You’re being ironic here, right?


GORELICK: You can hear it. You can feel it. And you can’t see him, but he’s vibrating over here.

TEMPLE-RASTON: I can’t see him squirming, but I can feel it from here. (Laughter.)

General Hayden, let me just sharpen that question a little bit and ask you. So, the FBI Director James Comey said that he thought that this wasn’t a technological problem, the end-to-end encryption. It’s possible to have a way that you could search that. But in fact, it is a business decision that Silicon Valley companies, just to pick on them, are making that as a business decision. Can you talk a little bit about that?

HAYDEN: Sure. I think at the end of the discussion it’s both. It’s a combination of technology and business. And the fact of the matter is, creating a door for the government to enter at the technological level creates a very bad business decision on the parts of these companies, because that is by definition weaker encryption than would otherwise be available. And so you really don’t have to split that baby. Both of those realities—both of those realities are true.

If I were Jim Comey, I would have his point of view, all right? But I’m not, and I never was, and I don’t expect to be. (Laughter.) This is more a law enforcement issue than an intelligence issue, all right, because, frankly, intelligence gets to break all other sorts of rules, and to cheat, and to use alternative paths. And so I’m saying that to say that I’m going to speak in kind of absolute terms, but I get Jim Comey’s point of view.

TEMPLE-RASTON: Yes, we’ll he’s—you get to break rules not in the United States. He’s responsible for us.

HAYDEN: I got it. I understand. (Laughter.) But it’s—I’m trying to be a little sympathetic, but it doesn’t change my basic arguments—(laughter)—which are—which are the following: I don’t think it’s a winning hand to attempt to legislate against technological progress. I think the world gets to this place and the fact that you chose to criminalize it here in the United States does not stop it from happening. So that’s one reality. So I just don’t think it’s worth the candle.

The second point of view is, even in the security lane, right—even in the security lane I think I can still win the argument. It’s not as easy as that one. It’s a much closer call. I get that. But even in the security lane, I think Americans’ safety and security and liberty is better secured with the highest level of technological capacity of secure communications, even though there is a cost to pay in terms of some specific law enforcement questions. I’m joined in this by Mike Chertoff, former secretary of homeland security, and Mike McConnell, another DNSA.

Mike Chertoff’s phrase is: We don’t normally require citizens to organize their lives for the convenience of law enforcement, OK? Mike McConnell’s point of view—and Mike’s lived the story. Mike lived through Clipper Chip—recall back in the ’90s, where we were going to guarantee that in the chip there would be a way in? And Mike—using the same arguments that Director Comey is using—Mike fell on his sword and he lost. Mike will tell you now, and thus began the greatest 15 years of electronic surveillance in the history of the National Security Agency. We’ve figured out ways to get around it.

Now, before any civil libertarians here want to come up to me afterwards and get my autograph, all right—(laughter)—let me tell you how we got around it: bulk data and metadata. (Chuckles.) All right? And so there are—there are tools that we can use at the intelligence level, not easily available at the law enforcement—

GORELICK: Yeah, I would just say that there—if you are responsible for domestic safety, it is a—it’s a really hard argument to swallow that, don’t worry about it, because we can find out stuff outside the United States. That’s number one. Number two, it is not true that we don’t legislate to require people to organize themselves so that they can respond. We have all kinds of requirements on businesses, that they have to be able to respond to certain inquiries that law enforcement makes. So my view is it’s of a peace with that.

BONNER: Let me just say—I want to—I want to clearly associate myself with the Jamie Gorelick/Jim Comey view of this issue, by the way. (Laughter.)

GORELICK: Thank you, Robert.

BONNER: Perhaps that’s my old Justice Department background. But you know, we faced a very similar issue. I was talking to Jamie about it earlier, when—you know, technology does change. But the cellphone companies back— this is, like, only 15—maybe 20 years ago, max.

GORELICK: Twenty years ago.

BONNER: They were building out their switches, right? And they were building them out—they didn’t have any portal for court-authorized wiretaps to be able to intercept a phone call where there was probable cause to believe that a crime had been committed or was being committed, and that the user of this phone was committing that. And so this act—I mean, Congress passed legislation that mandated the cellphone companies basically to build in portals for law enforcement use so they could access—with appropriate court order and authority.

And so I’m telling you, look, if there is a potential terrorist in the United States, we have probable cause to believe that terrorist is in communication with another terrorist in Yemen or someplace else in the United States, and they’re conspiring to carry out a terrorist attack in the United States, I want to be able to go present that evidence and get a tap onto that cellphone, or those cellphones that are being—are being used, or the electronic communications that are being used to transmit those messages.

And I think that, with all due respect to General Hayden who I greatly admire, the fact that we don’t have that capacity now because there are Internet companies who want to sell privacy to everybody, even to criminals and terrorists, is if not outrageous, it’s inappropriate.

TEMPLE-RASTON: Well, yeah. I guess the argument also would be that if we require United States companies to do it, there will be companies elsewhere that wouldn’t. And so—

BONNER: You mean other countries?

TEMPLE-RASTON: Yes, in other countries.

BONNER: You know, like China.

TEMPLE-RASTON: Not necessarily.

BONNER: I know the argument, but—


BONNER: I think the Chinese will do it anyway, as a price of doing business in China.

GORELICK: The Chinese are likely to do it, yeah. The Chinese are likely to do it, as are the French and the Germans.


GORELICK: So I don’t think the mood in France right now is too hospitable to the notion that you can sell encryption technology that will prevent the French from exercising lawful process to get access to that information. Let’s see.

TEMPLE-RASTON: Yeah, I agree with that. So what I’d like to do—

HAYDEN: I just have to take personal pleasure in the thought that Europeans are now in favor of really good surveillance. (Laughter.) What a change in view.

GORELICK: Yes, me too. I agree with that. There is—there is something—there is something very satisfying about that.

TEMPLE-RASTON: OK. So I’ve eaten a little bit into the question time for our members, and I apologize for that. Just a reminder as you stand up to ask a question that this is on the record. And please wait for the microphone and speak directly into it. And then state your name and your affiliation. And limit yourself to one question that is actually a question. And then, Jamie, you are in—you are in my role there in D.C. So give me a high sign if you’d like to—we’ll alternate between questioners. OK.

Let me start with this gentleman here in the front.

Q: I’m standing. I’ll state my name, Herbert Levin. I’m a Council member.

I have one question: Shouldn’t the head of NSA, by law, be a civilian confirmed by the Senate, as the FBI and CIA directors are? Isn’t this much too an important role—with all due respect—much too important to leave to the generals?

BONNER: I’ll leave that question to General Hayden.

GORELICK: Yes, so will I. (Laughter.)

HAYDEN: I think that’s mine. (Laughter.) Actually, there’s some mistakes in the premise of the question. The director of NSA is, indeed, confirmed by the Senate. The process is through the—Armed Services Committees as opposed to the Intelligence Committee. But it is a Senate confirmation, as are all three-stars. There is no requirement for the director of CIA to be a civilian. And in fact, I was director in uniform for, I think, 32 of the 36 months that I was director. The issue—and, finally, NSA, beyond its first initial being N—and I get that, all right?—is also a combat support agency of the Department of Defense, and that does drive it in the direction of a uniformed officer.

But you’re right, there may be changes. Right now, most importantly, the director of NSA is also the commander of U.S. Cyber Command. I don’t think that can continue forever, all right? It’s just—it’s not too much power; it’s too much work, all right? And so, as Cyber Command matures, then you’ll separate the two jobs, at which point you might want to give some thought—since you now have a Cyber Command out there with a uniformed four-star—you might want to give some thought with breaking with tradition and using a career NSA civilian as director of NSA. So I think there’s room to maneuver here.

GORELICK: So, Dina, we can take a question here in D.C.?

TEMPLE-RASTON: Yes, please.

GORELICK: Yep, you. Yes, please, microphone over there.

Q: Audrey Kurth Cronin, George Mason University.

The panel began by arguing that we need to get off the defense and go onto the offense. But this is not just a U.S.-ISIS, or even a European-ISIS problem. It’s a very complicated regional problem. In some respects, what’s happening in the U.S. and Europe is the smallest element of it. So what does going on the offense mean?

GORELICK: Mike, you want to start off on that?

HAYDEN: Sure, since I put that out, but I know you’ve got thoughts.

There is a—there is a powerful kinetic element to this. And this is just not me with 39 years of military experience. I firmly believe that in this war, the kinetic and the ideological element are really conjoined in ways that I have not commonly experienced in terms of breaking the narrative—hand of God, will of God, join the cause and so on. So I think that’s very important.

Beyond that, though—let me go further down my politically incorrect routine here today—I do think this about Islam, all right? It’s not about all of Islam, and it’s certainly not about all the Muslims. But there is a serious struggle within one of the world’s great monotheisms. It’s not a struggle you and I can determine with our Judeo-Christian, European or African background. It has to be resolved within Islam. I think we have to recognize that—I think Richard Haass’ rough approximation that this is Islam’s equivalent of the 17th century and the 30 Years’ War and all that has a lot of elements of truth in it. I was heartened this morning to listen on “Morning Joe” to Yousef al-Otaiba, the Emirati ambassador to the United States, who really talked about modern moderate Islam that is just not about beating these guys down but creating a different vision for the Islamic world. That’s something, again, we can’t control or determine, but to the degree we can support and influence, I think that’s the winning hand.

MS. GORELICK: Dina, back to you.

TEMPLE-RASTON: So in the back there with the blue shirt. There you go. That gentleman there.

Q: Craig Charney from Charney Research.

General Hayden stated that we needed to go on the offensive. I’m wondering what that actually implies. You know, we’ve kept 10,000 troops in Afghanistan, and that’s been too few. We had a hundred thousand in Iraq; that was too many. That implies some kind of military commitment in between. In addition, there is the old Powell rule, the pottery barn rule: If you break it, you own it. And we discovered that there is a fairly extensive amount of reconstruction required in these societies. Obviously, we’re prepared to take actions here in the homeland; are we really prepared to take the kind of—make the kind of commitments that are required abroad to stem this tide?

GEN. DEMPSEY: Yeah, let me give you a corollary of General Powell’s rule: If it gets broken, we appear to own it, all right? (Laughter.) Seriously. I mean, give you three models: The involvement of Iraq, where we broke it, but we were really involved and didn’t end so happily. The involvement in Libya, where we tried to split the difference: That didn’t end very happily. And the involvement in Syria, where we’re barely present at all: That’s not ending very happily either. And so I’m not so sure that the controlling element here in terms of things going bad is how much we are or are not involved at any point in the process.

I do think the—I am convinced that the right number for the American residual force in Iraq was not a round number, all right? It was not zero. And not because those Americans would sweep across and defeat ISIS but because the political commitment those Americans represented kept the cork in some very powerful ethno-sectarian models. And once we were—we were gone, we allowed to set in motion things that were not our fault and we did not create but have moved us in the direction we are now in.

There is no one in my experience other than maybe Lindsey Graham calling for American maneuver units in the—in the Syrian desert. But 3,500 underresourced, overregulated and late—to need American forces is not the solution. There are many choices between the Iraq occupation and what we’re doing now that I actually think have a reasonable chance of making the situation better, although it would’ve been easier to make the decision—easier to make the situation better one year ago, two years ago, three years ago or four years ago. The only bright side I can give you: it’s easier to do it today than it will be a year from now.

BONNER: I don’t want to engage on the beauty ——

GORELICK: When we pulled out, we also lost our—

BONNER: Excuse me. I don’t want to engage on the beauty of hindsight here and all of that, but I do think if we’re concerned about asymmetrical attacks in the United States and large-scale terrorist attacks and on our allies—and I think we should be—then it’s very important that the U.S. play a role in defeating ISIS in its own territory. And I think there are a lot of likeminded countries here, including a good many Sunni Arab countries, that have a—that share our interests, and France and U.K. and even Russia. So I think the real key here is, you know, how do we—can this be done?

By the way, I ask you, can it be done without U.S. leadership? I think I’ll leave that as a rhetorical question. But if it can’t, then—I mean, we have to be engaged, and we have to have a broad strategy in which we, with a lot of other countries, lead the effort to essentially remove ISIS. Because as General Hayden is saying, I mean, it’s important to defeat them and to remove them because it also—a part of the—their ability, quite frankly, I think to attract and finance themselves and that sort of thing is the fact that they are holding a sizable chunk of territory in Syria and Iraq. So I think we do need to do something about it. But obviously, it’s a question that’s being debated and worthy of debate.

TEMPLE-RASTON: Jamie, are there other questions there?

GORELICK: There are. Yes, there are. People are literally jumping out at us. (Laughter.)

Q: My name is Christopher Graves, chairman of Ogilvy Public Relations.

We bemoan the fact that there is this insidious, persuasive power of this confluence of an extremist narrative in social media. And you said earlier, Ms. Gorelick, how we’re failing at that side. Here is my question to you: We know in communications there is—it’s a big myth that there is one message that persuades everybody. Otherwise, you know, Bernie Sanders and Trump followers would all be on board for the same message. When you look with—inside the great spectrum that we’re talking about in terms of creating a counter-narrative, what have you learned so far from big data, from intelligence, and from your experience works and doesn’t work as an effective counter-narrative?

GORELICK: Well, A, I would answer that question this way: I am not the expert on what the counter-narrative is, and I am not convinced that we in the U.S. government are taking advantage of the best minds in the United States to develop that counter-narrative or to implement it. That was my point and my worry. I mean, we are operating as if we don’t have the best minds in the country, in the world, on big data and on media. So, really, it was no more than that.

I do think that the anti-Muslim rhetoric is a disaster for our national security, and we have to be able to figure out how to get our message conveyed in a way that underscores our values. I mean, when we wrote the 9/11 Commission Report, we talked a lot about the benefits of leading with our values. And we are just not doing that with as—with all the tools in the—in the toolbox.

So I don’t have the answers. But I do know that we are not getting the input from the right places, and we are—you know, Mike says, you know, you—you know, you—we don’t—we shouldn’t be dumb. Here, we’re dumb. We are not being smart about using those tools. And that’s all—only point I wanted to make.

I have—you know, we’ve got a couple of other questions here. Can I go to a second one?

TEMPLE-RASTON: Yeah. We have a couple of—we have actually quite a number here, so—but I’m going to be gracious. You go ahead.

GORELICK: Are you going to be taking the ones that are jumping out of their seats in New York first? Go ahead. We’ll come back. Go ahead.

TEMPLE-RASTON: OK. How about this gentleman here in the—in the blue tie?

Q: Hi. It’s Harvey Rishikof with the American Bar Association and Crowell & Moring. Hi.

So my—and hello, Audrey; that was a great question.

My question is, given the experience on the panel—we’re going to have a new administration coming in a few months, and what would be the organizational changes you would recommend to an incoming president that you think are a big priority given the threats that we’re confronting and the organizational structure we’ve evolved? And what would be the best that you would give to them in a few minutes? I’d be curious to hear what you guys—I’m sure people who like to hear what you have to say.


GORELICK: Well, let me just—let me—

BONNER: Well, I thought I’d start, Jamie, since I actually was—

GORELICK: Go ahead.

BONNER: —involved in the biggest reorganization of our government since post-World War II, which was the Homeland Security reorganization. I confess to be, as Acheson said, present at the creation but not necessarily responsible for every decision that was made. (Laughter.)

But I think there actually is a question in my mind whether or not we needed to restructure as massively as we did. But at this juncture, having done it and not wanting to go through another reorganization, I would not suggest any massive or significant reorganization of the Department of Homeland Security or its alignment with the Justice Department or other agencies. I mean, there are questions. For example, why wasn’t the FBI, the principal counterterrorism agency domestically, why isn’t it in the Department of Homeland Security? And there are some practical interesting reasons for that, and I’m not going to go into them now. But, I mean, the FBI should in DHS, but it—for a lot of reasons, that’s not going to happen.

But there is one small—I guess small-bore item that I would say. And that is that when Customs and Border Protection was created, which was the merger of all the frontline border agencies of the United States to form one single border agency for our country—and, by the way, it does make us more effective and more efficient in terms of discharging the border function.

But when that was done, at the same time, all of the special agents, the investigators, if you will, of U.S. Customs were taken out and removed from Customs and Border Protection, and they were put into an agency called ICE. And it was a little bit—my analogy, and I see Commissioner Kelly out here in the audience—but my analogy is it was a little bit like taking the New York Police Department, separating off the detective units of the NYPD, and then expecting them to work together in terms. And they do need to work well together. So that isn’t working very well, and I think we ought to relook at the issue of essentially reintegrating the Office of Investigations, the detectives, back into Customs and Border Protection.


HAYDEN: It’s Mike, from D.C. I’m sorry.

GORELICK: You know, so let me just say two things. One is, I think that our instinct to reorganize the boxes every time something goes wrong is not a great one. I was there at the creation of the Energy Department. I watched the creation of Homeland Security. I understand why each of those occurred. You know, I think we need to examine that instinct, because it does set back quite a bit the execution against mission when you—when you do that. I think that the creation of the director of national intelligence after some rough spots has actually been quite effective. So I wouldn’t change that.

Here’s what I would do. We talk a lot about private-public partnerships. We do not do them very well. We, our national security, sits on a bed of privately held assets. And we have basically left those privately held assets on their own. There are a couple of mandates here and there, but we don’t protect—we don’t protect them, and we don’t utilize them in a real partnership. We have to get over the notion that private is private and public is public, and figure out mechanisms by which we can help each other in both sectors. We have been miserable at it, and that has caused all manner of vulnerabilities in our society that I think could be fixed if people who are experienced and people of goodwill put their minds to it.


HAYDEN: Yeah, I’ll reinforce what Jamie just said. This is beyond—that’s a dotted line, that should be a solid line, you know, in terms of organizational charts. But I do think we have fundamental challenges dealing with the new flavor of security threats. Our security establishment was hardwired in 1947. And it harvested all the lessons—very well—it harvested all the lessons of the last great industrial conflict in history. OK? We are hardwired to defend you against malevolent state power. And we’ve just spent 52 minutes talking about current dangers and never whispered anything to do with malevolent state power.

We are badly organized for the world in which we find ourselves. To reinforce Jamie’s point, we even have the wrong people in the room. And because we have the traditional power ministries in the room, you have got the intelligence community and the Department of Defense now tasked and taxed with doing things that are—that are well-beyond their wills.

GORELICK: Well, and against their nature.

HAYDEN: Right, against their nature. So I think it’s—again, not—you know, by the way, I really appreciate you saying reorganization of my guys was OK, your thing was a problem. (Laughter.)

GORELICK: Nobody touched the Justice Department.

HAYDEN: So I agree, we don’t need to be moving boxes around. But the fundamental approach to security, we are designed to go here, and the threats are coming this way. And all the arguments we’ve been having with ourselves, frankly, have been about trying to adjust a security establishment going this way and make it go this way.

Kill the enemy. We’re in war. What’s that look like? Targeted killings. Oh, I’m uncomfortable. Capture the enemy. We’re in war. What’s that look like? Guantanamo. Whoa, you’re really making me uneasy now. I mean, I got it. You got all that espionage stuff. Why don’t you intercept their communications? That’ll be cool. Learn their intent. What’s that over here? Everything Edward Snowden told you about for two and a half years. The arguments we’re having with ourselves have to do with our beginning attempts to restructure a national security apparatus designed to do one thing and apply it to another. Long-term project, but critical to final success.

TEMPLE-RASTON: And do you have a suggestion on how to fix that? (Laughter.)

HAYDEN: Not yet. (Laughter.)

GORELICK: So we have another question here in D.C. (Laughter.)


Q: Atsa Youni (ph).

I want to address your question, what are counter-messages. And I think there is only one: it’s Sistani. It is the moderate Muslims who reject violence, because when we send instead people to talk to them about Kant and Locke, it’s not a good conversation starter with the extremists. But when you said, that’s what the prophet really said, you can get at least a buy-in. But these men are doing it because the State Department found from one court case it doesn’t allow it to deal with religion, and instead it says we have to sell them Kant. So reorganization suggests you should allow to work, not marginalize the Sistanis of the world.


If allow me one more sentence, I’m surprised of the people who talk about the Chinese are going to make end-to-end encryption. I’m wondering how many Americans would want to rely on the Chinese not putting in a back door there, or try to hold up their end-to-end encryption to the light and see if it’s kosher. (Laughter.)

GORELICK: Yes, well, they’re going to put end-to-end encryption in place that has firmly and overtly a back door in it, so—but does anyone have a—do either of the panelists have a comment on Professor Atsa Youni’s (ph) comment about how to deal with this intra-religious war?

HAYDEN: Yeah. I think it’s right and I tried to suggest it earlier. You got Sistani with this quietist view, as opposed to Vari Rafaki (ph) across the Shatt al-Arab in Iran. And, yeah, we—again, we have to be careful. The tighter we hug it, the more difficult we make it for them. But can we—can we enable them to do this? I think there is—there is a task for us, though. Someone asked a question about the counter-narrative? Let me tell you want the narrative is, all right? And this is—this is from al-Qaida, to ISIS, to Wahhabism, to a certain extent to the Arab Islamic street. And the narrative is they have been born into a world of unrelenting hostility towards Islam from the Judeo-Christian West.

And you and I know that not to be true. But that’s what they believe the narrative is. To reinforce Jamie’s point, we’re really doubly stupid when we say things that reinforce that incredibly false narrative. So that is one thing in our control. The other things, that’s to do with the prophet and the holy Koran and those people who follow it.

TEMPLE-RASTON: Do you have something to say about that?

BONNER: No. I don’t think I do.

TEMPLE-RASTON: OK. Jamie, do you want to call on someone else there, in D.C.?

GORELICK: Anybody else jumping out of their seat?

TEMPLE-RASTON: We’ve got some people here, I just wanted to give you—

GORELICK: OK, go ahead. Go ahead.

TEMPLE-RASTON: This gentleman back here in the blue shirt? Thank you.

Q: Hi. Ralph Rosenberg with KKR.

I’m curious in the political arena whether or not any of the three of you have heard any credible strategy from any of the candidate for president—Republican or Democrat—to effectively handle the issues that we’ve been addressing today.

BONNER: Well, I’ve got to say, first of all, I’ll just admit an element of bias here because I am supporting Jeb Bush, and I think he articulated a pretty good strategy in his Citadel speech for the—for the offense. But I’m not—I’m not a political guy. I’ve always—I’m a policy person at heart. And so you know, a lot of the rhetoric that’s going on out there is, you know, silly season, really. But I think there are some—you know, there are some thoughtful, good ideas that are being advanced by at least a few of the Republican candidates and by Mrs. Clinton.

TEMPLE-RASTON: General Hayden?

HAYDEN: Yeah. I’m an advisor to Governor Bush too. (Laughter.) So I love the Citadel speech as well. And frankly, Secretary Clinton’s speech, I think at the Council—


HAYDEN: —was also—

GORELICK: Magnificent, I would say. (Laughter.)

HAYDEN: Was an adult—was an adult conversation, OK? And somebody who actually spent a lifetime of having to go do this stuff, you know, words like carpet bombing, all right, they’re offensive to anybody who actually knows what that means.

TEMPLE-RASTON: Jamie, you just want to go with brilliant? (Laughter.)


TEMPLE-RASTON: Yes? OK. (Laughter.)

GORELICK: No, no. Look, what I would say is Secretary Clinton put some really good ideas on the table in a very important speech, well-attended by people who were listening. And it barely gets any coverage because real ideas are just not permeating in the—in the season that we’re in. I mean, you could call it silly season, but it is actually much more disruptive than that.

HAYDEN: It really is disruptive and harmful. It made America less safe.

TEMPLE-RASTON: The gentleman right here. In the front here.

Q: I’m Farooq Kathwari from Ethan Allen Interiors.

I was—my question is the unintended consequences of our own actions, even the way we are shaping the debate that has been just discussed. With all due respect, earlier there was mention the fact that there were attacks on San Bernardino, Paris, Madrid, even Mumbai, but the fact is that every day hundreds of Muslims are being killed by these—this cult, by the criminals in Afghanistan, in Iraq and Syria, Pakistan, Africa, and that is not mentioned. And I think we have to, in my view—my question is really this question of the debate taking place by the political to the media is helping I would—I would call ISIS and that cult as criminals.

TEMPLE-RASTON: I think that was a point that I think everyone has been making on the panel. Let me just tweak your question ever so slightly and ask you, because ISIS is killing so many Muslims—this was eventually what ended up being Zarqawi’s undoing. Can that happen again without American boots on the ground?

BONNER: I think it’s important, by the way, to bear in mind, I mean, ISIS is essentially al-Qaida of Iraq, or al-Qaida of Mesopotamia rebranded. I mean, this is the organization that was part of al-Qaida. The leader was Zarqawi, who is no longer with us. But nonetheless, you know this is—there’s a direct line. I mean, this is really al-Qaida, a manifestation of al-Qaida. There was clearly a falling out between bin Laden and Zawahiri and al-Qaida and Zarqawi—


BONNER: —that really related to killing fellow Muslims, particularly fellow Sunni Muslims.

But look, I mean, it’s not that we’re oblivious to it, but I mean, we’re—if you look at the subject matter of our panel, I mean, defense does start at home. You want to secure your homeland first. Then, if you can do something to actually make the world a better place in the Middle East and solve some of those issues, that would be great. And part of that, I think, is removing ISIS, by the way. I mean, I think there’s a very shared interest by people in the region, including a good many, you know, peaceful Sunni Muslims.

TEMPLE-RASTON: I’m going to have to leave it at that because we always try to end on time here at the Council. I’d like you to thank our panel, please, for joining us. (Applause.)

GORELICK: Dina, thank you from—thank you from D.C.

HAYDEN: Thanks, Dina.


Top Stories on CFR

United Kingdom

CFR experts discuss the results of presidential elections in France and the United Kingdom, as well as what to expect from the 2024 NATO Summit in Washington, DC.

Election 2024

Each Friday, I look at what the presidential contenders are saying about foreign policy. This Week: Republicans are gathering in Milwaukee next week optimistic about their chances in November.  


The surprising shift to the left in snap elections has broken the far-right populist fever in France, but now a crisis of governability looms in Paris that has further weakened President Emmanuel Macron’s grip on power.