Photo by Eli Meir Kaplan.
Practicing at a large law firm for 39 years may not seem like the most natural lead up to serving as General Counsel of the National Security Agency, but Glenn Gerstell certainly has had no regrets since being sworn into the position in August 2015.
The former Milbank Tweed Hadley & McCloy partner and Columbia Law grad was a perennial Lawdragon 500 member for his prominence in handling complex transactions within the telecommunications industry. Working at the forefront of that practice enabled Gerstell to develop an expertise in infrastructure, cybersecurity and communications issues. He also had a background in public service by serving on the D.C. Homeland Security Commission and the National Infrastructure Advisory Council, among other positions.
Also crucial to Gerstell’s preparation for the role was his deep experience in managing lawyers and law offices. He headed Milbank’s global communications practice, spent 18 years as managing partner of the firm’s Washington, D.C., office, and had also earlier managed the firm’s Singapore and Hong Kong offices.
Of course, managing a diverse team of 100 lawyers for an intelligence agency and serving as the principal legal advisor to NSA Director Adm. Michael S. Rogers – and at a time when the public has heightened concerns over privacy issues – is a different world altogether. Gerstell also coordinates on legal matters with the White House and other government agencies, which he describes as “the most demanding and fascinating” part of his job.
Lawdragon: Please talk a little about how this job came about. After nearly four decades in private practice, what led to your interest in this type of role as opposed to, say, doing something more like a retirement or at least more relaxing?
Glenn Gerstell: I always thought I’d work for a few years in private practice and then go into the federal government as a lawyer in some capacity, since I’d had a long interest in politics and public policy. But my law firm experience turned out to be so varied and challenging – taking me literally around the globe – that I got stuck in a (wonderful) rut and stayed with Milbank Tweed for 39 years. Knowing that the firm’s mandatory retirement age of 65 was just a few years away, I realized that this might finally afford me the opportunity to fulfill my lifelong desire to be involved in government. I knew I didn’t want to simply retire; I definitely wanted to do public service in some form.
Through discussions with friends in Washington, I discovered that during a second term of a Presidential administration, there were always deputies who were seeking to move up to the boss’ job when a vacancy arose, so it was surprisingly hard for an outsider to break into the system at a more senior level. But I got lucky when a friend who was the Pentagon’s General Counsel called me and said I should apply for an upcoming vacancy at the National Security Agency. At first, I thought my friend had dialed the wrong number, but I was encouraged to apply since, although I didn’t have a deep national security background, I did have homeland security experience and international law firm management skills. After a series of interviews, I was selected for the position as the General Counsel of the NSA.
LD: Beyond that, you joined the NSA at a very interesting and challenging time for the agency, in the post-Snowden era and shortly after the USA Freedom Act changed how the NSA could search phone records. Did you have any reservations or concerns about taking this job at that time?
GG: Actually, the fact that the NSA was facing all these challenges made the position almost irresistible. I knew that the agency was still trying to define itself for the public as well as overcome a lack of knowledge, exactly at a time when the demands on the agency were increasing in the counterterrorism and cybersecurity fields. If you’ve spent a career advising clients and solving problems, then the NSA was sure to put your skills and experience to the test. And I wasn’t disappointed in that regard!
LD: In addition to your practice, you also held multiple management roles at the firm. Can you draw some comparisons between your past roles and your present job?
GG: First, on a personal level, while I knew I was making a big change, I have to confess I really didn’t appreciate the challenges of transitioning from being a partner at a private law firm – with its relatively flat organization, great freedom and flexibility to pick your clients and projects and the ability to control your own life – to a federal national security position, in a military hierarchical organization, with almost everything being handled at the top secret level, and where your day is subject to the unpredictable disruptions of global events. That barely touches on the fundamental differences, but it was a complete change, even down to the fact that I could no longer tell my wife almost anything about what I did at the office that day.
Second, the professional experience is unlike anything I’d seen in the private sector. Most significantly, it’s impossible to overstate how rewarding it is to know that you are truly helping (even in a small way) to keep our country and its citizens safe, whether it’s from a cyber attack or terrorist incident. I loved being a lawyer in private practice and especially liked when I worked on financing infrastructure or something that was going to have a positive impact on people’s lives, but it’s just not the same feeling you get when you realize your actions are part of an effort to, say, rescue an American held hostage overseas. So corny as it may sound, it’s really a privilege to be in that position. You’d have to be pretty blasé not to get a kick out of sitting in a classified briefing with the Directors of the FBI and the NSA before a Congressional oversight committee. But it’s not just fun; it’s mostly sobering work with serious consequences, occasionally in situations where there’s no good solution. Everyone is working hard, often passionately, so sometimes the interagency discussions can get a little heated, but in the end we’re all working for the same government with the same goals.
Even though the national security sector of the federal bureaucracy is enormous, one person can indeed make a difference. Of course you’d expect this at the highest levels of the President and Cabinet members, but lawyers throughout the government are often in a critical role to shape the debate and affect the outcome. I recall one situation where to my surprise, after just a few months on the job, an observation I made on a conference call with other components of the Intelligence Community and the White House staff was accepted and wound up being reflected in an important document signed by the President.
LD: What about the process of learning the ropes of the new job, compared to taking on a new deal or client at Milbank?
GG: In the private sector, while I’d have to come up to speed on knowing a new client’s business or the facts of a particular case, again that’s nothing like being immersed in a completely different and technologically complex world of signals intelligence and information assurance. So much of the first year on the job was simply spent learning what the NSA does and how it interacts with the rest of the federal government and our allies around the world.
The NSA has a superb legal department of roughly 100 attorneys, who work in six offices: intelligence law, administrative and ethics law, cybersecurity law, litigation, legislation, and acquisition law. From the names of these offices, it’s pretty obvious what each one does, but you’d be surprised at the breadth of legal issues that come up. We answer questions about everything from real estate transactions to responding to international cyber attacks. I rely on the attorneys in these offices for expertise, since I can’t hope to replicate their knowledge and decades of experience. My job is to manage the legal department, to serve as the principal legal advisor to the NSA Director, and to help coordinate legal aspects of the agency’s engagement with the White House, Congress, and the other departments and agencies. As you might expect, the latter coordination role is unquestionably the most demanding and fascinating.
While the work is totally different from my former job, the skills called for are the same: the ability to think and act strategically and to marshal facts and rationales in a compelling and persuasive way, and having the political sensitivity to know when and how to approach another organization, whether to jointly solve a problem or to get them to accept your position on something. I found invaluable the lawyer’s training to anticipate the other side’s objections, and craft one’s approach and arguments accordingly, and to avoid personalizing or demonizing the other side in professional controversies.
LD: I think people have some ideas, accurate or not, about the type of lawyers that want to join big law firms. What types of lawyers join the NSA? Is there a particular “type” or is there a wide range of lawyers – and how would you assess the pool of talent compared to private practice?
GG: To my surprise, many of the people – lawyers and non-lawyer senior officials – have been at the NSA for decades. The draw of the “mission” is powerful and keeps highly skilled individuals at the agency even though they could earn multiples of their salary at a law firm or in Silicon Valley. I’ve been incredibly impressed with the overall caliber of people at senior levels in the national security sector; we’re fortunate as a country in this regard. At the junior end, we’ve had no difficulty in attracting top law school graduates. For many of them, the chance to work in the national security field, with a lot of responsibility right away, perhaps on matters that are in today’s headlines, is far more interesting than doing due diligence or document production for a law firm as a junior associate. Not that the law firm or in-house company counsel path are bad ones, just that they have a different set of costs and benefits.
LD: Can you discuss what your role will be with the reauthorization of Section 702 of the FISA Amendments Act – both in terms of responding to legal challenges to the provision and what might be your public relations role in explaining the importance of this tool balanced with 4th Amendment privacy rights?
GG: When the new President takes office, he or she will have only 11 months to deal with the fact that one of our country’s most important national security statutes will be about to expire in December 2017. I’m referring to Section 702 of the Foreign Intelligence Surveillance Act, which is one of NSA’s most valuable programs. Simply put, its reauthorization is crucial to our efforts to help keep America safe. The 702 program enables us to conduct electronic surveillance on foreign targets who are located overseas. It has proven critical to helping our government understand international terrorist organizations, and it has led to the discovery of previously-unknown terrorist operatives and plots. For example, a few years ago, we were able to use our authority under Section 702 to intercept emails from an Al Qaeda courier in Pakistan to an individual in the U.S. that discussed bomb making. NSA passed this information to the FBI, who was able to use it to help identify the individual in the U.S. as Najibullah Zazi. The FBI was then able to track Zazi to New York City, where he and associates were planning to detonate explosives on the subway. He was later arrested and pled guilty, and he now awaits sentencing.
Everyone at the agency is very sensitive to the fact that in carrying out the Section 702 program, some communications from U.S. citizens might be unintentionally scooped up. This is called “incidental collection.” NSA has lots of rules and regulations in place about how to handle this type of collection in order to minimize the impact on Americans’ privacy, and the attorneys in my office work hard to ensure that NSA complies with all of those safeguards. It’s also important to point out that the independent Privacy and Civil Liberties Oversight Board reviewed the 702 program in depth and found that, at its core, it satisfies 4th Amendment standards.
Congress wanted to keep the 702 program on a short leash, which is fully understandable given the concerns about the potential impact on the privacy of U.S. citizens, and as a result, the program must be reviewed and reauthorized every few years. My office will play a large role in the reauthorization effort, but it will involve the entire Intelligence Community and DOJ. Attorneys in my office will be heavily involved in discussions with Congress, oversight bodies, civil liberties and privacy advocates, and the public regarding the reauthorization. This public education role can and will include everything from explaining new or changed provisions of Section 702 to identifying and vetting additional information about the program that can be released at the unclassified level.
LD: Can you explain how you interact with other agencies with which you have overlapping security concerns. How does your office fit into and participate in the interagency coordination process?
GG: One of the best parts of my job – which I find the most fun and which I least expected – is that NSA frequently plays a leading role in interactions with other agencies on key national security issues. A good example involves the Privacy Shield agreement, in which we worked with other agencies to develop protections for transferring personal data between Europe and the U.S. These sensitive negotiations were led by the State Department and Department of Commerce, but NSA was heavily involved in the process because of European concerns regarding electronic surveillance. Even though I joined the agency only last year, I was quickly brought up to speed on those negotiations, reviewing drafts of the agreement and participating in interagency policy discussions. Attorneys in my office are now working closely with the Intelligence Community to develop policies and procedures for the implementation of the Privacy Shield agreement, including those procedures for handling surveillance complaints. Privacy Shield was a great example of the type of collaboration that goes on across agencies to ensure that the government takes a unified approach to complex policy issues.
My office also has a voice in interagency policy discussions on topics like encryption, defensive and offensive cyber measures, and the new cyber incident policy. The FBI and DHS, in particular, often ask NSA for technical assistance because of our expertise in cybersecurity issues. We review these requests to make sure that NSA has the authority to assist and that fiscal implications are considered, and to help evaluate the policy implications of the agency’s involvement. My office often assists the agency in determining the best role to take in each situation, and in many cases, we take the lead during discussions with other federal agencies on these high-profile issues.