Another misperception involved the review group’s view of the efficacy of the Section 215 program; many commentators said it found no value in the program. The report accurately said that the program has not been “essential to preventing attacks” since its creation. But that is not the same thing as saying the program is not important to national security, which is why we did not recommend its elimination.

Had the program been in place more than a decade ago, it would likely have prevented 9/11. And it has the potential to prevent the next 9/11. It needs to be successful only once to be invaluable. It also provides some confidence that overseas terrorist activity does not have a U.S. nexus. The metadata program did exactly that during my last days at the CIA this summer, in the midst of significant threat reports emanating from Yemen. By examining the metadata, we were able to determine that certain known terrorists were most likely not in phone contact with anyone in the United States during this specific period of concern.

Personally, I would expand the Section 215 program to include all telephone metadata (the program covers only a subset of the total calls made) as well as e-mail metadata (which is not in the program) to better protect the United States. This is a personal view; it is not something the review group opined on or even discussed. Such an expansion should, of course, fall under the same constraints recommended by the review group.