John Ashcroft was the attorney general of the United States from 2001 to 2005; both the Patriot Act and President Bush's warrantless domestic surveillance program were implemented during his tenure. This is the edited transcript of an interview conducted on March 12, 2007.
Take me back to 9/11 and the days immediately thereafter. You talk in your book [Never Again: Securing American and Restoring Justice] about working day and night to give law enforcement more clout. What was your focus? What was your thinking? What was your priority?
9/11 provided a new central organizing theme, if you will, of my life. It was a new polarity, and it was to prevent follow-on attacks. ... We had been caught flat-footed by these attacks; they were not expected. And we had a hard time believing that unless we just did everything possible, that we would be able to defer or default or disrupt or otherwise prevent follow-on attacks. ...
I was in the air at the time of the attack. ... I went virtually straight from the airport to the SIOC [Strategic Information and Operations Center] headquarters at the FBI. ... There were no unworthy strategies at the time. We needed to be covering as many bases as possible in the context of information, which was spotty at best and sometimes misleading.
Another person in a strategic spot said [of] that day, "We had a lot of information, but we didn't have any intelligence that was any good." This sense of being information-starved or blind and deaf, was that a concern?
We really didn't know what had happened yet. ... We were trying to make sure that planes were landed. We didn't know if there were other plots under way. ... You wanted to do what you could to make sure that there were no additional acts of violence. You're trying to assemble information or to find out what information was available about terrorists in the country.
I learned pretty quickly that most of our terrorism [investigators were] assigned to local offices and that we didn't have the kind of coordinated, integrated terrorist information and intelligence operation at the heart of things. Early on it became very apparent that there was a reluctance to share information fully even between the FBI, say, and me, the attorney general. Some people were worried that because I was justice-oriented and prosecution-oriented that, if I were to get intelligence information, there might be this contamination that had been thought to be prohibited between intelligence information and prosecution information.
So we didn't have a coordinated list of all the cases, of all the people who were suspects in the terrorist world. What information we had was broken between agencies that didn't communicate with each other. …
All of these factors sort of contributed to, frankly, the appearance that we had less information than we actually had, because it wasn't information that was maintained in an accessible way, and it wasn't information available across agencies. So we had puzzle parts in the hands of various individuals around the community of government, but we didn't have the integrated capacity to assess those puzzle parts in an effort to see what fraction of the total picture we might actually have.
… What were the critical elements that you felt needed to be put together? ...
9/11's on Tuesday, and by Saturday and Sunday we pretty much had the Patriot Act put together. This really wasn't the creation from whole cloth of a new set of authorities; it was assembling a quilt, a patchwork of authorities that were already available in various other enforcement authorities. For example, the ability to follow [a] specific telephone had been the traditional wiretap authority. In what was called the roving wiretap authority, developed to fight drug deals and organized crime in the late '80s of the last century, we had the ability to follow the caller, not the specific phone, and this gave us the capacity to do a much better job in those arenas. That ability had not ever been accorded in the terrorist community, in the fight against terror.
So we stitched together a variety of provisions that had been available in the fight against other kinds of criminal activity and that were not yet available [to fight terrorism]. And that's one of the reasons the constitutionality of the provisions was quite well-established and hasn't ever been successfully challenged: ... [T]hese things had already been understood and had been tested as they were parts of other law enforcement authorities, but had not been made available in the fight against terror.
So what you're doing is, you're getting things like roving wiretaps, national security letters, this kind of thing. ...
Well, the national security letter had been available long before the 2001 Patriot Act, but yes. ... You had a variety of tools like the so-called roving wiretap, available in other parts of the law, now made available for the fight against terror.
... What are you trying to do? …
Well, there's a paradigm shift from prosecution, which is the way you re-create the past and prove what happened in court, to prevention, which is the way to anticipate the future and disrupt it before the scenario comes together.
When the president turned to me within hours really after 9/11, a day or so, and said, in my direction, anyhow, he said, "Never let this happen again" -- now, not letting something happen is different than proving something happened. The old business of the Justice Department to be able to prosecute the criminal and declare victory is not good enough when you lose 3,000 people and the criminals purposefully extinguish themselves in the perpetration of the crime. Prevention means disrupting a scenario before it actually all comes together. Prosecution is proving that it happened in court and who is responsible. We had to move from that old modality of proving what happened to preventing something from happening because of the costs of the scale of destruction that came with a mass-destruction event like 9/11. We can't allow that.
That sounds almost like a cultural shift, a mind-set shift. It sounds like it's more than passing laws and changing bureaucratic rules. Is that right? …
It is a massive cultural shift. It requires a great deal of initiative. The volume of information that must be handled, that must be managed, that must be understood is exponentially greater to assess the potentials of various threats that are coming in together as compared to proving a specific incident in the past. ...
I have a sense that you wanted to ramp up the FBI in particular.
Well, the FBI needed to lead this investigation. It was the largest investigation in the history of the universe [Operation Pent Bomb], and we needed to learn from that investigation how we could prevent a reoccurrence of this tragedy. And it needed to shake the lethargy out of individuals.
You know, it's pretty easy to investigate bank robberies. It had been the historic role of the FBI. ... We needed to shift some of our resources toward defending the country because that's where the new threat exists, and it was a national priority for the culture, and it needed to be a top priority for everyone inside the bureaucracy of the justice community.
... What was the importance of changing the guidelines, and why did you make it so personal to come out in public and talk about it two or three times?
The FBI had been living in a rather limited world almost, in a setting where blinders were on the bureaucracy. My grandchild could look on the Internet for things that were out there, available in public, but the FBI really wasn't allowed to follow and make inquiry on the Internet for things that were available for public record, for jihadists' sites and for bomb-making instructions. I thought it was important that we be at least as conversant as an average citizen could be, and a number of the old guidelines which had limited what FBI agents could do were inhibitors in a significant way. Not only that; they sort of communicated a culture of serious limitation and restraint that was undue and unhealthy.
... Just a few moments ago you said there was an exponential growth in the amount of information that you needed to access, process, analyze. Why is information so important, and what was it you were trying to get done there?
Well, first of all, we needed to coordinate the information that was available to the federal government but was fragmented and wasn't being shared. Very important. ...
So yes, we needed information; we needed it shared; we needed information shared between state and local authorities and the federal government. It became clear to me that if we were going to defend America properly, we needed to integrate the effort between the feds -- those of us in Washington, a lot of whom with their feet on the desk -- and the state and locals who had their feet on the street. That's where important information is generated. ...
The regulations on what the FBI could observe, what the FBI could follow in terms of its inquiry on the Internet, all of these things together provided a culture that was so restrained that it was going to make difficult the use of information to disrupt and prevent terror.
Did you and the people around you have a sense that there was a lot of information available in commercial databases … that wasn't being used?
Well, it's pretty clear that there is a lot of information, and so much of America is undertaken in commercial terms based on transactions for which records are kept, that it would be helpful, if you needed to follow an individual or find an individual, if you could develop an awareness, the same kind of awareness that's used for people in the commercial setting. If we could use it governmentally, it could be very helpful to us.
So that means using whatever LexisNexis or ChoicePoint has ... available from credit records, bank records, that kind of thing?
The kind of thing that people use to sell soap and the kind of thing that people use to make appeals in the mail, the kind of thing that people use to market I think could also be used, and [I] thought then and still do believe can be used to help defend the country.
We saw one memo that came out shortly after you were revising guidelines that said, in effect, to the FBI, now you can use ChoicePoint to your "heart's content." Was that what you were striving for, in effect?
Well, what I was striving for is now you can use a variety of sources to defend the country. Personal references about "to your heart's content," I don't know that I made those, and I don't think I would want to make those. But I would want to say that there are a lot of resources that perhaps have not been fully utilized that we needed to fully utilize. You have to remember, I was trying to energize the public as well as the law enforcement community. I was trying to energize the culture to be alert, to provide us with information that might help us understand what we could do to thwart the next attack. ...
What is a national security letter? ... Who uses it, and what for?
The national security letter is used to get business records from individuals or institutions, ... like banks or credit card companies, and the information ideally is used to prevent terrorist activity.
And what did the Patriot Act do? It somehow expanded the potential use and reach of those national security letters.
Well, a security letter is basically elaborated as a tool of prevention rather than a tool that's specific in focus on prosecution or a more narrow view of a specific event. It's designed for things related to terror that might be valuable in preventing or disrupting terrorist activity that would happen in the future.
So if you're using a national security letter against terrorism, it's a much broader thing than if you're using it for prosecution, where it's more targeted. Is that right?
I think that would be fair to say. … I think the national security letter provides a basis, in the fight against terror, for a broader reach for information that could be used to prevent criminal or terrorist activity, rather than just to focus on a specific prosecution which would be designed to prove that something had happened in the past.
So it's an important tool?
The national security letter is an important tool. It's important in substantial measure because you don't want to alert individuals who are involved in certain kinds of activity that you are looking at their activity, because they can change the way in which they're doing things and avoid being observed. And very frankly, for a terrorist to be able to change from an observable activity to one that's unobservable might be the difference between being able to prevent an act of terrorism and not being able to prevent the act of terrorism.
So the national security letter has a provision of secrecy attached to it?
It has a provision that requires confidentiality on the part of the recipient of the letter, saying that the individual whose records are being observed is not to be told about the observation of the records.
So if I'm a bank or an airline or a credit card company or a phone company, and I get a national security letter asking for records on a whole bunch of people, I can't say anything about it.
Yeah, that's correct. You're not to divulge the fact that this inquiry has been made.
Now, one of the things that was done in the Patriot Act, as I recall, was to empower the FISA [Foreign Intelligence Surveillance Act] court to issue orders for law enforcement agencies, particularly the FBI, to obtain these kinds of records. Isn't that right?
The FISA court is a court that provides authority for members of the government in national security measures against foreign powers or agents of a foreign power, to observe their activities without telling them that their activities are being observed.
And one of the things in the Patriot Act was that [it] amended the powers of the FISA court or it gave them additional authority?
Well, the FISA court has had this authority for quite sometime, but things like the roving wiretap, which had not previously been available in that setting, were made available in that setting, so that if terrorists were to use a specific telephone and throw it away, it used to be that you had to go back to the FISA court and get an order for the new phone. Under the Patriot Act … the coverage could switch from phone to phone so that the ability to observe the behavior or to witness the communications would not be defeated by the act of throwing away phones. ...
So that was one change. But there were other changes, were there not, that enabled the FISA court to issue orders giving the FBI authority to go get business records, the kind of thing you were just talking about? Am I correct?
I believe that's correct.
... What was your thinking about going to the FISA court with this terrorist surveillance program?
Well, we used the FISA court dramatically, and the number of petitions for the FISA court skyrocketed after 2001 and during the last half of 2001. But the FISA court had been a relatively active agency of the government even before that.
There were problems in the FISA court. When I first became attorney general, the chief judge of the FISA court came to me and said that he was concerned about the quality of some of the work presented to the court, and we spent a great deal of time developing a system that would give the court greater confidence in the quality of what was being presented.
The FISA court is an ex parte court. In other words, the person whose interests are the focus of the court is not before the court, so there is an extraordinary need for there to be accuracy and to have great care and quality of work being done there. And the court is sensitive to that, has been, and I hope it will always be.
Did you ever talk with Judge [Royce] Lamberth about ... doing the terror surveillance program, the president's program, through the FISA court rather than without warrants?
I talked to Judge Lamberth about the business of the FISA court, and items which I felt were appropriate to bring before the FISA court as attorney general, I brought those items before the FISA court.
Did you [go] before the FISA court before the warrantless wiretapping began in the United States under the president's program? …
I don't have any further comments to make about what I did. I think I stated clearly what I did with the FISA court.
People have said to us that the FISA process … was broken, that it didn't keep up with modern communications; ... that you couldn't do what you needed to do in the war against terrorism in terms of monitoring communications through the FISA process. Do you share that thinking?
The FISA court was never intended to be exclusive or all that could be done to defend the country in time of peril. It was, at its enactment, an effort to try and bring a way of handling circumstances that was safeguarded and that had the supervision of federal judges in the process. I think it succeeded at that.
Now, there were obvious deficits in the capacity of the FISA court to operate, and that related to technology, and the idea of the roving wiretap, again, is the best example of that. It needed to be updated; it was updated in the Patriot Act. There were other things that came as a result of the FISA court and its rulings, and other courts and their rulings, which divided the intelligence community from the law enforcement community, and they needed revision and renovation. ...
Are you saying that the FISA process and the FISA court was outdated technologically and legally in the war against terrorism in the 21st century?
I think the FISA court was outdated technologically, and I think its insistence on a wall of separation, which was later overruled by the FISA Court of Review, indicates that it was misunderstanding the law and separating inappropriately. ...
[Former National Security Administration director] Gen. [Michael] Hayden has said that the FISA court or the FISA process wasn't adaptable, wasn't flexible enough. [Do you agree?]
If people think the FISA court provided all of the authority that a president would ever have to defend the country, I think it's pretty clear that it's not adaptable enough; it's not flexible enough.
The FISA court [was] intended to be a court that would deal with foreign powers and agents of foreign powers. Now there are a variety of other potential threats to our nation's existence that from time to time may require other kinds of activity. That other kind of activity has been undertaken by presidents from the very beginning of the republic and certainly during my lifetime. I know in World War II President Roosevelt was involved in very significant, for instance, monitoring of phone calls. Virtually all international calls were monitored in World War II, not just the kinds of limited calls that have been announced as being monitored in this administration.
Did you find Judge Lamberth flexible when you brought these kinds of issues to him? I mean, these are issues of paramount concern for American national security.
You know, the judge and I had a good relationship. It was good enough so that when I disagreed with him, when the FISA court said that the Patriot Act had not successfully destroyed the wall between intelligence and prosecution, I signaled that I expected to resolve that difference by appealing the FISA court's decision. There were a number of people in the Justice Department whose counsel was: "Oh, don't dare appeal anything of the FISA court. We have to work with them on a regular basis. They'll be affronted by the fact that we have sought to set aside their ruling and decision."
I signaled to the court that I thought the way mature people resolved decisions, disagreements like this was to use the legal process for an appeal, and I did, and I'm grateful that the appellate [court], what's called the FISA Court of Review, came down rather significantly in favor of the wall having been destroyed. Or, frankly, they came down saying that the wall was never really a legal imperative in the first place but that the wall would be lowered as a result of their decision and the Patriot Act. ...
Once the Court of Review delivered its opinion -- as I recall, that was in late 2002 -- at that point would it have been possible to take the terrorist surveillance program and put it under the FISA court instead of having it operate without warrants?
There are a variety of things that every administration charged with the defense of the United States needs to do to defend the country, and I believe that administrations would want to and do generally try to do as much as they can when they have the comfort of a court like the FISA court that can add not only to the authority of the president, but can add the value of judicial review. I think that it's important to consider that and to do that whenever possible.
I guess the question comes up in particular now because ... if it's possible to work the program through the FISA court, … wouldn't have that been possible right from the start, or at least from early on?
I'm not prepared to comment on that.
I said I'm not prepared to comment on that. "Because" is a request for an additional comment. I'm just not prepared to comment on it.
OK. There was a period, we're told, it's been reported, that either Judge Lamberth or Judge [Colleen] Kollar-Kotelly [of the FISA court] had sent some complaints to the Justice Department that some of the information in the warrants was "tainted," as they used the word, tainted information obtained through warrantless wiretapping in the applications for FISA warrants. Is that an issue that you got involved in?
I don't really remember.
It may have been around this period when you were hospitalized and Mr. [James B.] Comey was your deputy and Jack Goldsmith was running the Office of Legal Counsel. They raised some questions about the implementation or the legal basis of the terrorist surveillance program. And [Bush's Chief of Staff] Andrew Card came and visited you in the hospital to ask you to sign off on the program as it was being renewed?
I remember being in the hospital. I know that from time to time there were discussions between people in the administration and the Justice Department, but I'm not prepared to make further comment.
Was their concern about the program and its implementation?
We always sought during my tenure at the Justice Department to maintain strict compliance with both statutes and the Constitution. And there was always concern that we would do the right thing and do those things in accordance with the law. I wouldn't want to say that there was more concern at one moment than another. ...
But it would have to be something very unusual if this was a program that you were signing off on every 45 or 90 days, renewing it. When it gets to a point where your deputy, Mr. Comey, and you in the hospital, approached by Mr. Card, are not prepared to sign off on it, it would have had to be a significant concern. What was your concern?
We constantly were evaluating the way in which information and other things were being conducted, with the view toward making sure that we did whatever we did in the framework of the law and within the limits established by the Constitution. For me to go beyond that is something I'm not prepared to do.
OK. But whatever the problem was, you were able to resolve it?
I believe that the activities undertaken during the time when I was attorney general, of which I was aware and about which I was informed, were undertaken within the limits and framework and the authority and the duty and the responsibility as defined by the statutes and the Constitution. …
You're talking about the strategy of pre-emption, prevention of another attack and not just prosecution for something that's happened. ... Does that mean that there's a much broader information gathering that has to be done in order to try to find the bad people among us?
I think there are a couple of things happening in the culture. I think there is an elevated demand or aspiration for privacy, and I think there is a need for being able to use information. I don't know that there's any more information that needs to be developed but may need to be used.
By the government.
Used by the government, yes, and there is a sense in which these two demands of the public, one for so-called privacy, because I think it's beyond privacy. People actually want to be anonymous; they want to be able to do things in public that no one remembers. Look at the Las Vegas advertising that says. "What happens here, stays here." ... [There is also] this need to have information that can prevent massive calamity and tragedy. They're a little bit like rivers of aspiration that are on a collision course, and how at the confluence of those we accommodate those two demands is a very serious challenge. ...
But if government agencies like the FBI and other intelligence agencies are increasingly accessing commercial data banks … does that mean that as individuals our circle of privacy is shrinking; we're going to have less privacy in the future?
Well, you have to define what you expect in terms of privacy, and the information in that respect is already shared in a lot of ways with all kinds of agencies and people who pay for the information when they buy it from those who collect the information.
If it can be used to send out coupons for pizzas or to promote cereal or else to send direct mail pieces advertising automobiles, maybe some of that ought to be able to be used, especially if properly safeguarded, in the context of defending the United States from serious attack. I think Americans are willing for that to be the case, but they want the safeguards to be operative and robust, and I think that's probably the way in which we'll accommodate the demand for protection at the same time we have a demand for privacy.
... [I]s it the nature of the war we're in and the process of gathering information that lots of us are going to have information gathered on us, sifted and then maybe eventually thrown away?
I guess I just have to ask the question: When a warning comes in, when there is intelligence that there might be an attack, do you want to sit back and wait for the attack so we can identify specific individuals who conducted it and prosecute them, or do you want to try and disrupt or prevent an attack? So that we are, instead of in remediation and trying to make up for thousands of people that died, wounded or injured, do we want to prevent? I think if you have prevention as your goal and you have reasonable suggestion that there may be an attack, you expect things to be done, and I think you want a system which has the capacity to do those things but [also] to safeguard the information which is developed in those settings from being inappropriately used or maintained. ...
... As you were gearing up the machinery and the energy and the culture of the Justice Department and the FBI, did you worry about possible abuses, a slippery slope down the road?
Well, one of the important aspects of the Patriot Act is that it is replete with safeguards: You have regular reporting to the Congress on a twice-a-year basis; you have the inspector general of the Department of Justice doing regular reporting; and you have a private cause of action written into the Patriot Act so that individual citizens could sue to correct abuses. The Patriot Act has this trifold safeguarding that most laws don't have at all, and so it's pretty clear that we wanted not just to have a more robust authority to develop information; we wanted to have a more robust capacity to safeguard the information and to correct any abuse of the information or any mishandling of the information or any even potential mishandling. And it's important to try and, by regular assessment, to understand if there are problems and correct them without damage or injury rather than to wait for a serious problem to exist that has damage or injury associated with it.
This past spring, the inspector general of the Justice Department reported that there were lots of mistakes, abuses, some violations of law by the FBI in the use of national security letters, that one in six of them was improperly issued. What's your response to that?
I would first commend the inspector general. That's why it was written into the law, and I am grateful for the fact that the director of the FBI has stepped forward to say that these abuses or problems or the lack of internal controls will be remedied on a structural basis. I'm not privy to the details of what has happened or how or when, but that's the reason there was robust safeguarding in the Patriot Act. And obviously some of the kinds of things that were mentioned go far beyond the scope of the Patriot Act and go into other arenas. But the kind of internal auditing that's done by an independent official like the inspector general is one of the valuable safeguards that's there, and his observations ought to be understood clearly, and the defects that are raised ought to be the subject of remedy.
A lot of this happened on your watch as attorney general. Does this say that even with somebody like yourself who wants to control these things, that once you get this kind of an effort going in a massive way, it's very difficult to control against abuses?
It says that if you work hard at controlling against abuses or the potential [for] problems, you can find them, and hopefully, as appears to be in the case here, you find them without any real damage being done to individuals.
But you think you can control it against abuses?
Well, obviously you can build structure which will minimize the risk of problems. And you're dealing with human beings. You always have the potential, even in courts, of making a decision that might not be correct, so you have appellate courts. The point is that you need to reduce the risk of problems. You do that with structure and supervision, and I think the kind of structure and supervision built into the Patriot Act operated here and is helpful.
So you think it went too far or was just right, or do we have to accept a certain rate of error, an intrusion on privacy?
I don't think we accept any rate of error, any intrusion. We try to maximize our capacity to protect the public and at the same time minimize the risk that any information would be collected improperly. Now, information that is improperly received by the government doesn't always result in abuse. Some of the things cited by the inspector general were that businesses sent too much information to the government, information beyond that which was requested. Well, there needs to be a provision and an understanding in the government [of,] how do we handle it when someone sends us more than we asked for? And working out the way in which a program is implemented, those kinds of procedures are developed. …
He did talk about too much information being provided by businesses, but he also said the FBI had terrible records. They didn't follow up with subpoenas to the emergency letters they were supposed to send; their databases were not up to date. So he wasn't even sure that he had all the abuses. … The question is if five years later, you wind up by looking back at 140,000 or so national security letters, and one in six is improperly issued, and you have a lot of problems by the inspector general himself in chasing down the information, how can we be sure that things are OK in terms of our privacy?
First of all, you know they're going to be better when the inspector general brings these items to the administration and says these need correction. And in some measure, you know that there aren't serious widespread damages, because we don't have a trail of victims. So together you say we should do what we can; we should remediate the pathologies that have been exposed. We've got professionals looking at this. That's why you get this kind of report. We need to take action and go forward. You don't abandon the idea of defending the nation or providing the kind of capacity to disrupt terror, because the costs are simply too great.