Donate for the Cryptome archive of files from June 1996 to the present

14 August 2013

NSA Deputy Director on NSA Core Values 2009-13

Related: NSA/CSS Strategy and Core Values

Video of Inglis answering these questions at the URL below.

Date Posted: Jan 15, 2009 | Last Modified: Jan 10, 2013 | Last Reviewed: Jan 10, 2013

NSA/CSS Core Values with NSA's Deputy Director, John C. Inglis

Hello, I'm Chris Inglis, the Deputy Director of the National Security Agency. Thank you for visiting with us on I'd like to spend a moment talking about NSA's core values – core values that are important to us because, as federal servants, we know that at the end of the day, it's not simply important that we deliver something of value to the nation, but it's also very, very important that we've done it exactly the right way.

Our core values, I hope you wouldn't be surprised, are respect for the law, honesty, integrity, and transparency.

Those values are important to us, public servants, members of the NSA workforce, because each of us takes an oath of office to the Constitution, and the Constitution that we take an oath of office to is one, as you know, that speaks not simply to national security, but to all the values that we hold near and dear – privacy, civil liberties, the right to free speech. All of those values are things that then govern the way we do our business as much as what we deliver at the end of the day. Because we're Americans too – we come from the same communities, we go to the same schools, we raise our families in the same communities that you live in. And what you care about, we do as well.

Q1. What is more important – civil liberties or national security?

A1. I'm often asked the question, "What's more important – civil liberties or national security?" It's a false question; it's a false choice. At the end of the day, we must do both, and they are not irreconcilable. We have to find a way to ensure that we support the entirety of the Constitution – that was the intention of the framers of the Constitution, and that's what we do on a daily basis at the National Security Agency.

Q2. What does "compliance" mean?

A2. The word compliance has many meanings, but at the National Security Agency, we try to effect that the following way: we first hire people who understand that lawfulness is a fundamental attribute. We ensure that the people that we bring enjoy the values that we hold near and dear. We then understand what the rules are that pertain to our business, and we try to master the spirit and the mechanics of those rules, in all of the procedures that we bring to bear. We ensure that there's accountability, such that when people take certain actions, when they apply certain authorities, that, at the end of the day, there's a check and a balance on that, to make sure that it worked out exactly the way we intended. And then, as a matter of course, we report on our activities. When, on occasion, we do make a mistake, we report that, and not simply to ourselves, but to those who oversee us, both within the Executive branch and the Legislative branch, and when necessary, to the courts themselves.

Q3. What does "respect for law" mean at NSA?

A3. Respect for the law at NSA means that we understand both the spirit and mechanics of the law, and that we fully embody in our actions a respect for both.

Q4. Given the nature of today's communications, how does NSA ensure that it is legally conducting its SIGINT mission?

A4. Given the nature of today's communications, the pervasive convergence we see in those communications, where everything is connected to everything, NSA has to ensure its compliance through a variety of mechanisms. We first work very hard to understand the nature of the telecommunications domain. We also work very hard to understand what our explicit authorities are in traversing that domain in the hunt for foreign intelligence. And finally, we, from the moment we design our systems, to employing those systems, to sorting through, sifting through what we might get from those systems, ensure that at every step of the process we worry not simply about what we've obtained, but whether we had the authority to obtain it and whether we've treated it in exactly the right way.

Q5. What type of oversight is in place to make sure Agency employees don't cross the line when it comes to the rights of US citizens?

A5. The oversight that's in place to make sure that the Agency does not cross the line, that it is entirely lawful in the conduct of its activities, is multifaceted and overlapping. First we ensure that we hire employees that have a respect for the law. We don't hire just anyone; we're not simply after people who have technical competence; we want to make sure we hire people who enjoy our values, who will support fully the Constitution. Second, we put procedures in place to ensure that people understand what the rules are and that there's accountability to stay within those boundaries. Finally, we report our activities, not simply to ourselves but to overseers within the Executive branch, the Legislative branch, and when necessary, the Judicial branch, and so that there is a full transparency to all those who provide oversight, and we do enjoy a rich oversight at the National Security Agency.

Q6. What are the rules for retaining data on a US person?

A6. So, (I'm) often asked the question about, "what are the rules for retaining data on a U.S. person." I'll answer that question, but the more interesting question is, "what are the rules that allow me to get that data in the first place?" Those rules are very carefully constructed; we have to have explicit authority, not implied authority, but explicit authority to go after anything in cyberspace, and therefore, if I was to target communications, I need to make sure that I can trace that authority back to an explicit law or court warrant. At that point, I have to make a decision as to whether this in fact was responsive to the explicit authority that I had; I may collect information that's incidental to that. It may have seemed to me up front that I would get information responsive to my authority, but I didn't. I have an obligation to purge that data, I have an obligation to not retain that data. So that at the end of the day, those things that I've gone after I simply didn't have the authority for, but it's the authority plus… it played out just the way I had imagined, I got exactly what I was authorized to get, and I retain only that data.

Q7. How is NSA transparent?

A7. (I'm) often asked the question about, "How is NSA transparent?" Some might read that question to be, "Does NSA put all of its secrets in the public domain?" Of course we don't. There are secrets we hold that you would want us to keep, secrets that the President should know, that people who stand in harm's way should know, but that would be a danger if we released those to our adversaries. But at the same time, we must remain transparent. And the way we do that is we ensure that there is external oversight that is rich - some might say pervasive – across the National Security Agency, and that we are fully responsive to helping them understand what we do, how we've done it, and what the results are. And in that way, they then in turn can turn to the American public and say, "We know what they do, we know what resources they bring to bear, we know what authorities they bring to bear, and they have been transparent to those of us who have the authority and responsibility to ensure."

Q8. What is NSA's intelligence mission?

A8. The United States, of course, has many organizations conducting intelligence. Sometimes those distinctions are based on the discipline that's brought to bear, whether it's human intelligence or imagery intelligence or, in our case, signals intelligence, and sometimes those distinctions are based upon the domain within which that intelligence work takes place. NSA, of course, is a signals intelligence organization; we conduct intelligence by looking for the communications of our adversaries. The second, and very important, distinction is that NSA is a foreign intelligence organization. The intelligence that we are authorized to collect, and that we report on, is intelligence that bears on foreign adversaries, foreign threats, more often than not, located therefore in foreign domains.