14 August 2013
NSA Deputy Director on NSA Core Values 2009-13
Strategy and Core Values
Video of Inglis answering these questions at the URL below.
Date Posted: Jan 15, 2009 | Last Modified: Jan 10, 2013 | Last Reviewed:
Jan 10, 2013
NSA/CSS Core Values with NSA's Deputy Director, John C. Inglis
Hello, I'm Chris Inglis, the Deputy Director of the National Security Agency.
Thank you for visiting with us on NSA.gov. I'd like to spend a moment talking
about NSA's core values – core values that are important to us because,
as federal servants, we know that at the end of the day, it's not simply
important that we deliver something of value to the nation, but it's also
very, very important that we've done it exactly the right way.
Our core values, I hope you wouldn't be surprised, are respect for the law,
honesty, integrity, and transparency.
Those values are important to us, public servants, members of the NSA workforce,
because each of us takes an oath of office to the Constitution, and the
Constitution that we take an oath of office to is one, as you know, that
speaks not simply to national security, but to all the values that we hold
near and dear – privacy, civil liberties, the right to free speech.
All of those values are things that then govern the way we do our business
as much as what we deliver at the end of the day. Because we're Americans
too – we come from the same communities, we go to the same schools,
we raise our families in the same communities that you live in. And what
you care about, we do as well.
Q1. What is more important – civil liberties or national security?
A1. I'm often asked the question, "What's more important – civil liberties
or national security?" It's a false question; it's a false choice. At the
end of the day, we must do both, and they are not irreconcilable. We have
to find a way to ensure that we support the entirety of the Constitution
– that was the intention of the framers of the Constitution, and that's
what we do on a daily basis at the National Security Agency.
Q2. What does "compliance" mean?
A2. The word compliance has many meanings, but at the National Security Agency,
we try to effect that the following way: we first hire people who understand
that lawfulness is a fundamental attribute. We ensure that the people that
we bring enjoy the values that we hold near and dear. We then understand
what the rules are that pertain to our business, and we try to master the
spirit and the mechanics of those rules, in all of the procedures that we
bring to bear. We ensure that there's accountability, such that when people
take certain actions, when they apply certain authorities, that, at the end
of the day, there's a check and a balance on that, to make sure that it worked
out exactly the way we intended. And then, as a matter of course, we report
on our activities. When, on occasion, we do make a mistake, we report that,
and not simply to ourselves, but to those who oversee us, both within the
Executive branch and the Legislative branch, and when necessary, to the courts
Q3. What does "respect for law" mean at NSA?
A3. Respect for the law at NSA means that we understand both the spirit and
mechanics of the law, and that we fully embody in our actions a respect for
Q4. Given the nature of today's communications, how does NSA ensure that
it is legally conducting its SIGINT mission?
A4. Given the nature of today's communications, the pervasive convergence
we see in those communications, where everything is connected to everything,
NSA has to ensure its compliance through a variety of mechanisms. We first
work very hard to understand the nature of the telecommunications domain.
We also work very hard to understand what our explicit authorities are in
traversing that domain in the hunt for foreign intelligence. And finally,
we, from the moment we design our systems, to employing those systems, to
sorting through, sifting through what we might get from those systems, ensure
that at every step of the process we worry not simply about what we've obtained,
but whether we had the authority to obtain it and whether we've treated it
in exactly the right way.
Q5. What type of oversight is in place to make sure Agency employees don't
cross the line when it comes to the rights of US citizens?
A5. The oversight that's in place to make sure that the Agency does not cross
the line, that it is entirely lawful in the conduct of its activities, is
multifaceted and overlapping. First we ensure that we hire employees that
have a respect for the law. We don't hire just anyone; we're not simply after
people who have technical competence; we want to make sure we hire people
who enjoy our values, who will support fully the Constitution. Second, we
put procedures in place to ensure that people understand what the rules are
and that there's accountability to stay within those boundaries. Finally,
we report our activities, not simply to ourselves but to overseers within
the Executive branch, the Legislative branch, and when necessary, the Judicial
branch, and so that there is a full transparency to all those who provide
oversight, and we do enjoy a rich oversight at the National Security Agency.
Q6. What are the rules for retaining data on a US person?
A6. So, (I'm) often asked the question about, "what are the rules for retaining
data on a U.S. person." I'll answer that question, but the more interesting
question is, "what are the rules that allow me to get that data in the first
place?" Those rules are very carefully constructed; we have to have explicit
authority, not implied authority, but explicit authority to go after anything
in cyberspace, and therefore, if I was to target communications, I need to
make sure that I can trace that authority back to an explicit law or court
warrant. At that point, I have to make a decision as to whether this in fact
was responsive to the explicit authority that I had; I may collect information
that's incidental to that. It may have seemed to me up front that I would
get information responsive to my authority, but I didn't. I have an obligation
to purge that data, I have an obligation to not retain that data. So that
at the end of the day, those things that I've gone after I simply didn't
have the authority for, but it's the authority plus… it played out just
the way I had imagined, I got exactly what I was authorized to get, and I
retain only that data.
Q7. How is NSA transparent?
A7. (I'm) often asked the question about, "How is NSA transparent?" Some
might read that question to be, "Does NSA put all of its secrets in the public
domain?" Of course we don't. There are secrets we hold that you would want
us to keep, secrets that the President should know, that people who stand
in harm's way should know, but that would be a danger if we released those
to our adversaries. But at the same time, we must remain transparent. And
the way we do that is we ensure that there is external oversight that is
rich - some might say pervasive – across the National Security Agency,
and that we are fully responsive to helping them understand what we do, how
we've done it, and what the results are. And in that way, they then in turn
can turn to the American public and say, "We know what they do, we know what
resources they bring to bear, we know what authorities they bring to bear,
and they have been transparent to those of us who have the authority and
responsibility to ensure."
Q8. What is NSA's intelligence mission?
A8. The United States, of course, has many organizations conducting intelligence.
Sometimes those distinctions are based on the discipline that's brought to
bear, whether it's human intelligence or imagery intelligence or, in our
case, signals intelligence, and sometimes those distinctions are based upon
the domain within which that intelligence work takes place. NSA, of course,
is a signals intelligence organization; we conduct intelligence by looking
for the communications of our adversaries. The second, and very important,
distinction is that NSA is a foreign intelligence organization. The intelligence
that we are authorized to collect, and that we report on, is intelligence
that bears on foreign adversaries, foreign threats, more often than not,
located therefore in foreign domains.