Official surveillance and the illusion of privacy
The United States intelligence community confidently explains to the American people that we face a world of unprecedented threats; that the modern tools of warfare are mobile phones, laptops, Facebook profiles and Internet chat rooms. To protect us they need access to every data element generated or touched by a potential terrorist or enemy actor. Any attempt to block their efforts to fully penetrate the datasphere is characterized as aiding the enemy, or at least making America more vulnerable. But arguments in support of the surveillance state suffer from critical weaknesses of sorts philosophical, political, technical, legal and operational. We hardly need to establish that the principle of government “total information awareness” is flawed in each area in order to determine that it is deeply contrary to the interests of society. And this contrariness is ultimately the crucial point: ubiquitous monitoring itself damages society by weakening our defenses, degrading public trust in government and violating the fundamental philosophical principles of our political system.
Legal jurisprudence has long purported to protect Americans from unwarranted intrusion by federal agencies. Posse comitatus protects us from unfettered military power; Roe v. Wade established a strong right to privacy, not only in abortion rights, but against many forms of government overreach. The Supreme Court ruled that police couldn’t use thermal imaging to see inside our homes without a warrant. Cops couldn’t place GPS devices on our cars or on our person and track our movements without due process and just cause, nor could they tap our cellphones and listen indiscriminately to our conversations without the approval of at least one judge. It’s widely known that the intelligence agencies we aim against foreigners were prohibited from digging through the trash of American citizens. It was easy to accept the illusion that we were safe from the surveillance trappings of a police state within our cocoon of legal rulings and constitutional protections. We even had the repeated assurances of our highest officials -- the government did not spy on American citizens, did not tap our phones, did not snoop on our e-mails (Risen, p1). Rigorous legal processes were in place to protect against any even inadvertent capture of information about Americans. As a candidate criticising the surveillance policies of the Bush administration, then-Senator Obama announced that “We need to find a way forward to make sure that we can stop terrorists while protecting the privacy, and liberty, of innocent Americans.” (Houck, p1)
So it was an earth-shattering discovery for many when Edward Snowden revealed that the government indeed did all of these things, and much more. The feds forced all of the largest tech companies, household names each, to provide direct and uninhibited access to all of their data. Virtually every cell phone call in America was tracked, researched, catalogued and retained. The same was true for every e-mail, every text message, every Facebook in-box and LinkedIn inmail message (Esposito, p1). Even online games were not immune; government agents penetrated the World of Warcraft game and searched chatter about grinding for virtual gear, looking for potential terrorist threats (Lejacq, p1). The American people were faced with incontrovertible proof that high-level officials had lied to Congress, later excused by officials as “erroneous statements.” (Risen, p1). Protections had in fact been proposed by NSA officials designing surveillance software, known as ThinThread, to ensure that information about Americans remained anonymized until warrants were obtained. But NSA officials chose to spend many times as much money on an identical snooping program with one major difference - no data was concealed, no matter the source (Farivar, p1) (Nakashima).
Embarrassed officials, charged with dealing with the mess created by the Snowden leaks, justified secret monitoring programs as essential for national security. They argued that the American people had no right to knowledge about the surveillance being conducted on them, and that the fight against terrorism justified secret government intrusion into our lives. The intrusion was not without safeguards, they argued; in a strident press release, national security director James Clapper declared that broad surveillance efforts operated “within the constraints of law” and were subject to “strict restrictions” imposed by the FISA court and the U.S. Justice Department (Roberts, Ackerman, Branigan, p2). But these salves were short-acting - it was soon revealed that the strict rules had been violated many times by federal agents, whether to snoop on cheating spouses, or spy on ex-girlfriends, or intrude into the privacy of personal and professional rivals. Moreover, the vaunted role supposedly performed by the federal courts was exposed. The FISA court, charged by law with monitoring secret government surveillance, had reportedly been fully won over by compelling arguments by the White House and the Justice Department, among other federal agencies, in support of the complex structure of surveillance programs. So won over that not once in years had the Court rejected a single application from the government for permission to spy on Americans (Lichtblau, p2-3) (Leonnig, p2). What legal wizardry did the Bush and Obama administrations employ for this achievement? Your guess is as good as any: the legal arguments are classified (Farivar, p2) (Rosenthal, p1). That is worth repeating… The legal logic used to justify depriving American citizens of privacy and due process are too secret to be shared with the public. The result is a Congress and executive administration with historically low approval ratings and historically high public distrust of government and law enforcement.
It’s a truism of modern computing that crowds and clouds are capable of incredible accomplishments. The many variants of Linux operating systems, Wikipedia, and even the Anonymous collective are compelling high profile examples of collaborative action achieving amazing results. The ecosystem that constitutes the data security industry in the United States is another example. At a security conference for self-described hackers recently, a programmer and security expert unveiled an Android app that could access and gain control over the autopilot controls in a commercial airliner flying at cruising altitude. Around the world hundreds of programmers immediately worked to close the security looped the presenter had discovered (Gross, p1-2). This is only one of a thousand examples that occur each year; much like an academic community, the computer security experts of the world tinker and discover problems, announce them to their peers, scrutinize the proposed solutions, and then return to tinkering. The result is a process of continuous improvement in security that is largely successful in keeping up with the rapid pace of software and hardware development.
The goal of the information security industry is to ensure the integrity and privacy of data and communications for private citizens, public organizations and businesses around the world. But the interference of governments regularly jeopardizes global information security; no less an authority than the United States Cyber Command, principally led by officials of the National Security Agency, have identified the involvement of government-owned Chinese technology firms as a major risk. The U.S. government announced that it was concerned that Chinese firms, including tech giant Huawei, could illicitly compromise the integrity of crucial networking hardware and thereby use the devices they sell to American firms to steal critical economic and military secrets (Wagstaff, p1). The American announcement led to a sharp downturn in sales of Huawei equipment in the United States and throughout Europe -- clearly, few wanted to risk giving any government unfettered access to sensitive data. Yet revelations by Bradley (now Chelsea) Manning and Edward Snowden, as well as the enterprising journalistic efforts of investigators like Glenn Greenwald, make it plain that the U.S. government is perhaps the worst culprit in the world when it comes to intentionally compromising information security. We learned that the N.S.A intervened in the shipment of computers and other equipment to foreign embassies, foreign offices of executive government officials and even the European Council. The equipment was modified to provide backdoor access to the N.S.A. and then shipped on, with the recipients none the wiser. The N.S.A forced one of the largest American providers of security solutions, RSA, to compromise a universally used encryption protocol to allow the NSA to easily decrypt communications using the protocol (Glaser, p1-2). Keith Alexander, a retired general and the former director of the National Security Agency, admitted that the agency collected and exploited security flaws in commercial software and hardware products. In an interview with the Australian Financial Review, Alexander said “To ask NSA not to look for weaknesses in the technology that we use, and to not seek to break the codes our adversaries employ to encrypt their messages is, I think, misguided.” He further asserted that the NSA does not “erode the defenses of U.S. communications, or water down security guidance in order to sustain access for foreign intelligence.” (Greenberg, p1). Yet disclosures about NSA practices, which Alexander has condemned as detrimental to national security, make it clear that the NSA has interfered to preserve and even insert exploitable security flaws into the American and global technological ecosystem. As Harvard fellow and renowned security expert Bruce Schneier writes, “We have one infrastructure. We can't choose a world where the US gets to spy and the Chinese don't. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone. And I'm tired of us choosing surveillance over security.” (Schneier, para 3). Revelations about US surveillance have sent shockwaves through the security industry, and forced companies with sensitive trade information to invest millions in deep security analysis of their software and equipment to search for government back-doors. Research conferences have been canceled, keynote speakers withdrawn or terminated, and once open and collaborative efforts to address security problems have become closed and suspicious (Glaser, p1) (Brustein, p1). The result is that the greatest engine of innovation and development in security technology has become inhibited, burdened by distrust and resentment. Our government’s efforts to establish supremacy by ensuring no system was secure against them have made us all more vulnerable to intrusion (Ball, Borger & Greenwald, p1-3).
It should not be challenging to conclude that the enormous and nearly all-encompassing surveillance project undertaken by the various American intelligence agencies is pervasively counter-productive. The social and civil institutions that represent our best hopes for security superiority are perhaps irredeemably damaged by the corrupting influence of government intrusion. The ties of trust and respect that lead citizens to report threats to the government and that permit the government to take action when necessary are eroded beyond repair for many. And finally we can’t help but believe that this is not how our government was intended to work. By the people, for the people - this should mean that no administration should consciously choose to mislead the people, disregard our collective wishes and then shrug and return to business as usual when their disdain for democracy and the authority of the people is revealed.
Soltani, Ashkan, and Craig Timberg. "Tech Firm Tries to Pull Back Curtain on Surveillance Efforts in Washington." Washington Post 17 Sept. 2014
Schneier, Bruce. “Fake Cellphone Towers Across the US.” Schneier on Security. 19 Sept. 2014
Nakashima, Ellen. “Former NSA executive Thomas A. Drake may pay a high price for media leak.” Washington Post. 14 July, 2010
Lichtblau, Erik. “In Secret, Court Vastly Broadens Powers of NSA.” New York Times, 6 July 2013.
Leonnig, Carol D. “Secret court says it is no rubber stamp; Led to changes in US spying requests.” Washington Post 15 October 2013
Sanger, David and Chen, Brian X. “Signaling Post-Snowden Era, New iPhone Locks Out NSA.” New York Times. 26 Sept 2014
Risen, James. “Lawmakers Question White House Account of an Internet Surveillance Program.” New York Times. 3 July 2013
Rosenthal, Andrew. “How Can We Debate Secret Law?” New York Times. 2 July 2013
Esposito, Richard and Cole, Matthew and Schone, Mark and Greenwald, Glenn. “Snowden docs reveal British spies snooped on Youtube and Facebook.” NBC News. 27 Jan 2014.
Lejacq, Yannick. “NSA’s virtual waste of time? Spying in ‘World of Warcraft’ is harder than you think.” NBC News. 12 December 2013
Glaser, April. “After NSA Backdoors, Security Experts leave RSA for a Conference They Can Trust.” Electronic Frontier Foundation. 30 Jan 2014
Brustein, Joshua. “NSA Stay Away: Hackers Disinvite Snoops From Conference.” Bloomberg Businessweek. 11 July 2013
Wagstaff, Jeremy and Lee, Lee Chyen. “Huawei security chief says embracing its hacker critics.” Reuters. 31 Oct 2012
Farivar, Cyrus. “The executive order that led to mass spying, as told by NSA alumni.” Ars Technica. 27 Aug 2014
Sledge, Matt. “Government Claims Americans Have No Right to Challenge NSA Phone Surveillance.” Huffington Post. 22 November 2013
Gross, Doug. “Hacker says phone app could hijack plane.” CNN 12 April 2013
Ball, James and Borger, Julian and Greenwald, Glenn. “Revealed: how US and UK spy agencies defeat internet privacy and security.” The Guardian. 5 September 2013
Roberts, Dan and Ackerman, Spencer and Branigan, Tania. “Clapper admits secret NSA surveillance program to access user data.” The Guardian. 7 June 2013
Houck, Caroline. “Barack Obama on surveillance, then and now.” Politifact. 13 June 2013.
Greenberg, Andy. “Formner NSA Chief Defends Stockpiling Software Flaws for Spying.” Wired.com. 7 May 2014.