3 Takeaways - Former Director of National Intelligence James Clapper: The Greatest Threat Facing the World Right Now and Individual Rights to Privacy (#53)
Episode Date: August 10, 2021Former Director of National Intelligence James Clapper discusses the greatest threats, cyber, surveillance, the information being collected on each one of us and individual rights to privacy. Learn ho...w we can protect ourselves against future health or biological threats.Â
Transcript
Discussion (0)
Welcome to the Three Takeaways podcast, which features short, memorable conversations with the world's best thinkers, business leaders, writers, politicians, scientists, and other newsmakers.
Each episode ends with the three key takeaways that person has learned over their lives and their careers.
And now your host and board member of schools at Harvard, Princeton, and Columbia, Lynn Thoman.
Hi, everyone. It's Lynn Thoman. Welcome to another episode.
Today, I'm delighted to be here with former Director of National Intelligence, Jim Clapper.
I'm excited to learn. Actually, I'm scared to learn what keeps him up at night,
how we protect against future health or biological threats,
what information is being collected on each one of us,
and how he sees individual rights to privacy. Welcome, Jim, and thanks so much for being here
today. Well, thanks, Lynn, for having me. It's good to be with you again.
Jim, what do you see as the biggest threats to the U.S.? What keeps you up at night?
Well, in answer to your last question, I spent a long time standing up at night worrying
about things. I try not to do that anymore since I don't have any responsibility for anything. I
think things that concern me, if they don't give me insomnia, well, I think I have to mention
cyber threats. And I think a point of clarification here is cyber per se is not a threat. It is the actors who use the cyber domain who generate a threat.
And of course, as I experienced in 2016, as the country experienced again in 2020,
the Russians continue to interfere in our political processes, most notably elections.
And they have exploited the political divisiveness in this country.
They understand, they have a very sophisticated understanding of our political landscape, so they'll continue to do that.
And the reason they do that, and this I attribute specifically like our political discourse, he sees that as a win
plus for him, which compensates for Russia's considerable weaknesses, of which there are many.
Save for one dimension of Russia that's basically in decline, that one dimension,
of course, is their military capability. And then, of course, in China as well,
poses a threat because of their aggressive espionage, not so much interfering or doing activist things like the Russians do, planning things in social media.
I think the Chinese have a different agenda, which is mainly the exploitation and acquisition of technical information.
And then you have the other two players, Iran, which has gotten more aggressive about using the cyber domain, as well as even North Korea. So the point here is,
we have some huge challenges in this country. For first, just understanding the difference
between passive collection, that is espionage, and doing active things like deleting or manipulating
data so that people question its fidelity.
Well, so far we haven't seen that,
although I think both the Russians around
are perfectly capable of doing that.
That's an important distinction.
There's always an actor.
Cyber itself is not a threat.
We need to agree on cyber norms.
And I say we, probably China, Russia, and the United States. I don't
see that happening in the immediate future at all. We're going to be in the mode of the wild west,
so to speak, in the cyber context for some time to come, I think. But until we have international
norms, it's very difficult to enforce them. So I think what needs to be emphasized in this country in cyber is defense,
and particularly in the civilian or commercial sector.
And as commercial concerns see that as a threat to their bottom lines,
they'll get more and more interested in it.
But there's some fundamentals that we need to practice more universally than we are now.
And the government needs to step up too,
particularly with respect to sharing of threat information.
But that needs to be a two-way street.
Solar winds and the Microsoft Exchange attack.
The next one I'll mention is climate change and its closely related cause of disease.
Of course, we live through or are living through still the impacts of the pandemic and COVID,
and this won't be the last such pandemic that we see.
And this is closely related to climate change, which in some ways, I guess you could say,
transcends all the terrestrial threats that we have, imposes a genuine threat to the globe.
The earth is heating up, water levels are rising, and those are too bad conditions. And this extends
to many other areas. For example, the amount of arable soil that is available on the planet to
feed the growing population of the earth. And so there's all kinds of potential for conflict,
for war occasioned by changes wrought
through climate change.
And again, this is a global issue.
And I really think only the United States
can lead a global effort.
And this, by the way, is one area where perhaps
we can actually have some cooperation
with the likes of China and Russia.
The last one I'll mention is something that does bother me a lot,
and that is what the Rand Corporation has cleverly and aptly called truth decay.
And we have a bad case of this in we need to go to the dentist to do something about the truth decay, if I can stretch the metaphor,
about truth decay in this country, and that is the disrespect of facts, objective analysis, et cetera. And this is really insidious.
It has been going on in this country for some time. It's not former President Trump's fault,
although he certainly exploited it. But this is a serious issue in this country. We cannot agree at the basic fundamental level on what the facts are. That is a real danger to our democracy. And unfortunately, we have people now very much living in very discreet and very different reality bubbles. So I think that's the third area I'd mention is what I'll call truth decay.
Jim, you've talked about many challenges.
Let me ask about them one by one.
You mentioned future health and biological threats.
How do we better prepare for these?
That's a specific question that I'm going to answer generally, and this is prompted by my own experience, where what I found is that Americans and people in general have great difficulty getting their heads around and
preparing for something they've never experienced. And you can look at what happened to us in 9-11.
The threat of Al-Qaeda was well known, that they intended to attack the United States. And I've often fantasized if George Tenet, who was then the director of central intelligence,
let's just say for the sake of discussion, in the summer of 2001, went public and just
told the public, you know, we have a formal enemy here who's bent on attacking us.
And again, just for the sake of discussion, we have some understanding, but not specific, of the nature of the attack.
It might come into your airplanes, crash them into buildings, et cetera.
So accordingly, starting immediately, all Americans must go to the airport two hours early and be subject to search.
And you can't carry liquids in your hand-carried
luggage, et cetera, et cetera, and all these other restrictions.
You can imagine how that would, the reaction he'd get.
He would have been left off stage.
Again, the context, theoretical context I'm suggesting here was before 2001.
People couldn't imagine an attack like what we encountered.
And so it is with biological attacks. Ideally, you'd have a public education program, you'd have exercises involving
the public. We make fun of it now, but not unlike the exercises we had, duck and cover,
that sort of thing, during the height of the Cold War. We probably, in ideal circumstances, need something like that to prepare for a potential
biological attack. But we're not going to do that. There's not the sentiment for it.
I often think back on how the 9-11 Commission criticized the intelligence community for
its lack of imagination. It's not that we don't have imagination. We can conjure up all kinds
of scary scenarios, but getting anybody to believe in them enough to take action,
that's quite a different matter. Jim, you talked about cyber and you talked about solar winds.
The solar wind cyber attack happened after you stepped down as director of national intelligence.
So it did not happen on your watch.
It's been called the Pearl Harbor of I.T. because the government, which is to say the
Pentagon, the Department of Homeland Security, the State Department, the Department of Energy,
the National Nuclear Security Administration and the Treasury were all hacked, as well
as leading private companies like Microsoft.
It was quite an ingenious attack, as the hackers secretly broke into SolarWinds systems and
installed malicious software. And when SolarWinds sent out updates on its software to its clients,
the malicious code was attached and the clients unwittingly created backdoors into their system, which the
hackers then exploited. Do we know what the impact of SolarWinds is? I don't think we do. I don't
think we know yet what the magnitude of that attack, if you want to call it that. And again,
we need to make that distinction I mentioned before about something passive. This is a hugely successful
case of espionage. And we normally don't punish nation states for espionage. Now, you could argue,
well, in the cyber context, you need a new definition and we need to take action and we
shouldn't be so passive. But that is an important distinction. What concern is, though, that the Russians, and this is a fairly well-known technique that they could use,
may have implanted malware for activation later on that would do harm, that would destroy data.
You have the example of the water treatment plant in Florida where there was an intent to harm people. That's what the real
potential danger of SolarWinds is. And the issue, of course, is the Russians very astutely exploited
a weakness in our system where our national security apparatus, specifically NSA and others,
of course, there are all kinds of restrictions and ambitions on them
surveilling domestic institutions, domestic entities in this country.
And it was realized that, and I understand that, and took advantage of it.
And so this is a tremendous challenge for us as, well,
how do we thwart future such attacks?
So I think the first thing is determining exactly what's the magnitude of this attack
and then trying to figure out a game plan for it.
White House has made a great appointment, I think, with Ann Neuberger as the Deputy National
Security Advisor for Cybersecurity and Emerging Technology.
And she's a great superstar.
This administration has good people working the
problem, but it is not trivial. Ransomware is another type of a cyber attack where cities or
hospitals have their information technology hacked and inaccessible to them unless they pay the
hackers ransomware. Can you comment on these types of attacks and
how we can protect ourselves? This is a good example of what I mentioned before about the
need for more aggressive hygiene, more aggressive defense. And this is expensive. It is not cheap.
And I think there is a tendency to sometimes cut corners and not making any
accusations of any specific institution. But you do have to expend the talent and the resources
to ensure that you're buttoned up as tightly as you can be. And importantly, make the assumption
that you will be attacked and perhaps with ransomware in mind, and that you need to have
a plan B. You need to exercise, if this happens to us, what do we do?
We need to have backups so that your data is not resident in one place that can be held
hostage so that you can continue to operate. Well, doing those kinds of basic hygiene things
is not without expense, and people have to understand that. So the first order of business
here is a stalwart defense. Let's talk about the data, the information that is available on all of
us. The Chinese in particular seem to be gathering a lot of information on individuals,
including using widespread video cameras.
Can you tell us about that?
Well, the Chinese have the most oppressive surveillance regime
probably anywhere on the planet
and maybe in the history of mankind.
They go to great lengths to observe their citizens
and their concern, their fear has always been
controlling that huge population in China.
And their very sense of the government, very sensitive about availability of outside information
and criticism of the government.
I'm sure they have per capita more surveillance cameras in any country in the world than China. And so they track their citizens very carefully about their activities and their whereabouts
because they worry about the threat posed to their own existence.
That's a fact of life in China.
I think I personally find it very oppressive to live there.
It is generally believed that private companies, as well as the government,
have detailed information on
most Americans. Companies talk about anonymizing data, but in fact, there's so much data out there
on each one of us that anonymized data can be de-anonymized. Information on people, including
their contacts, their communications, and their physical movements through GPS data from the telephone companies.
And even without knowing the contents of people's conversations, data can tell us, for example,
who's having an affair with whom based on the frequency and timing of communications and GPS
data on people's locations. And data can also tell us if a woman is pregnant, that can be determined based on calls
to a gynecologist, an appointment with a doctor, and orders for prenatal vitamins. Can you tell us
more about what data is available on each of us and how you see the balance between safety,
security of the U.S. and U.S. citizens' rights to privacy? I think you've described, by way of some very stark examples, the nature of information that's
available to all of us. And once you create an electronic footprint, you know, you have a mobile
phone, you use a computer, you shop online, any number of activities that are revelatory of you
and your activities, your behavior pattern, your pattern
of life. I personally, I try to be sensitive to that, but I've just written it off. It's just,
this is the price of living in this technological environment that we find ourselves in. And we've
become so dependent on the internet and internet related technology that it ruins our lives.
My whole life revolves around the iPhone.
And so it always struck me in the way people would react to something that the government was doing
and information that the government was gathering, even inadvertent,
where in contrast to many people with no concern about what they share,
either intentionally or not with
commercial entities.
That contrast always amazed me.
Now, the government can do things to you, put you in jail, take your money, et cetera.
So I see the point.
I think there is, in a security context, there is important dimension to all this.
It's something for each individual citizen to think about.
And that is, to what extent are you willing to sacrifice some of your civil rights and privacy
for the common good? Before the pandemic, I was visiting a lot of colleges and universities,
and this issue would come up. And I asked the college kids, if you're driving, do you stop
at stop signs and red lights? Do you go to the
airport two hours early and go through security? If you go to the off-campus bar and you're carded,
do you produce your driver's license or other ID to prove your age? The point is, these are things
we do for the common good. So to the extent that the government, for whatever reason, and they do
it for a good reason,
conflicts with what some people construe as their civil rights and privacy,
what's for the national good is safety and security.
So this is a fundamental issue that each individual citizen has to decide for him or herself,
if I'm going to live in this modern society, I guess I have to give up some of my privacy and civil liberties, not only in a commercial context, but
just to exist, but as well for perhaps
the government. And we never really kind of wrestled that issue to the ground.
There's a wealth of information out there on all of us.
And one side comment I'll
make about this is the effect this has on intelligence gathering. Everyone leaves an electronic footprint or creates one and expands one early in life,
long before you become an intelligence officer.
So this is turned upside down, the whole notion of living the cover identity.
Just one relatively comparatively small impact of the impact of technology on all of our lives. Are there any protections on privacy
that you think that individuals should have
from either private companies or from governments?
It's always in the fine print,
but normally commercial entities will explain
the terms and conditions
and their privacy commitments and all that.
But most people, and I'm one of them,
scroll through it and go to the bottom and say,
I accept without thinking, frankly, or taking the legalese that you see in these agreements to your
lawyer. And even if you did, okay, you just don't avail yourself of that particular service.
That's the sacrifice that I think many people make is convenience and ease, as opposed to worrying too much about loss of privacy.
Because like I said, I think that train left the station a long time ago for all of us.
Let's talk about signals intelligence and human intelligence.
We seem to be really good at geospatial imaging and other fact-based intel.
Can you tell us about our capabilities?
To some extent, that's quite good. And you're right to make that distinction when you're
looking for objects. Now, I used to say when I was director of NGA, the National
Diversification Intelligence Agency, that everybody and everything has to be someplace.
That truism, I think, works the advantage in the intelligence community.
And so our capabilities are quite good and getting better, I can tell you.
But where we do have the traditional challenge has always been in discerning plans and intentions.
In other words, what's in somebody's mind?
That is much harder.
So what I would call technical intelligence, that is the ability to find objects,
even track the location of people or groups of people.
And we're pretty good at that.
But determining what's on somebody's mind,
what their intentions are, what they're going to do,
that's much harder because you have to have some proximity,
some access to key people.
And that often is not impossible, but it's difficult to come by.
So there's a contrast there between the technical intelligence capabilities represented by signal intelligence and what we call geospatial intelligence.
Human intelligence is still important, still crucial, and we expend a lot of resources at it, but it's hard.
Jim, before I ask you for your three key takeaways,
is there anything else you'd like to discuss that you haven't already touched upon?
Well, maybe there is one, and that is just the general clinical conditions in our country and the divisiveness that I've never seen, and certainly in my lifetime. And I'm not sure how
we're going to get out of this hole, but I certainly hope you do.
And I just say that as a citizen, it's very concerning to me.
So what are the three key takeaways that you'd like to leave the audience with today?
Cyber threats, the way to overcome them or to address them is, first and foremost, the staunch stalwart defense.
And that applies both institutionally
to the government,
institutionally to companies and other entities,
and it applies to us as individuals.
So all these attacks we hear about are terrible,
but we each have a responsibility
for our own cybersecurity
and to the extent that we are part of an institution
for helping those institutions.
I think climate change is a transcendent threat for the globe.
And if there's anything that can drive countries to work together,
I believe it's climate change and profound threat that it poses to mankind.
I don't mean to be overdramatic here or melodramatic,
but I believe that,
and we need to hurry up and do something about it because the rate of the earth heating up,
the rate of sea level increases is accelerating. This is a profound danger for the globe.
The third takeaway, I guess, is to recognize truth decay, to me, is a big threat, particularly in this country.
And it emphasizes the importance of critical thinking. And as I've been joining college
students, don't believe everything you see, read, and hear on the internet. So I guess those would
be my three takeaways. Jim, this has been terrific. Thank you so much for our conversation today.
And thank you also for all of your work in the intelligence community and as Director of National Intelligence in
keeping us all safe. Thanks, Lynn. Thanks, Rob.
If you enjoyed today's episode and would like to receive the show notes or get new fresh weekly
episodes, be sure to sign up for our newsletter at 3takeaways.com or follow us on Instagram, Twitter, and Facebook.
Note that 3takeaways.com is with the number three. Three is not spelled out. See you soon at
3takeaways.com.