Yesterday I attended a conference at the Hoover Institution on “Intelligence Challenges.” I also spoke on a panel in the morning about Civil Liberties. A version of my prepared remarks is below. Ben Wittes has an interesting post on the event.
____________
The public now realizes that the U.S. Government has powerful surveillance capabilities, and that it is using those capabilities. While lawyers bicker over language, no question that by the standards of regular English usage, the U.S. government is engaged in mass surveillance: David Cole’s review of Glenn Greenwald’s book No Place to Hide summarizes some of the statistics:In a one-month period last year, a single unit of the NSA collected data on more than 97 billion e-mails and 124 billion phone calls from around the world; more than 3 billion of those calls and e-mails were collected as they passed through the United States. As of 2012, the agency was processing more than 20 billion telecommunications per day. In a single month in 2011, the NSA collected 71 million calls and e-mails from Poland alone. Given the government’s hunger for and capacity to ingest data, we’re left with questions: Is this authorized? For at least some of these programs the answer is no. The government’s interpretation of section 215 which underlies its bulk collection of call detail records is contrary to all expectation, despite a FISA judge’s stamp of approval. No one thinks that a statute authorizing collection of “relevant” information authorizes collection of all information. Is this data collection useful? The Privacy and Civil Liberties Oversight Board (PCLOB) asked what the metric is, and its not clear how we should be assessing surveillance programs, never mind whether we’ve met that standard. Repeated indications in the documents and in experience strongly suggest that, at least at this point in time, our capacity to collect far outstrips our ability to understand. Information is not intelligence is not good public policy. Useful for what? We talk about privacy versus security, but increasingly people understand that’s a false dichotomy. The government’s now defunct program to collect Internet transactional records was useless, but it really invaded our privacy. You can make airplanes more secure by locking the cockpit door, which sacrifices no one’s privacy. In sum, we need both. This insight is all the more important when you have a nuanced understanding of security. Is security absence of terrorist threats? Is it the ability to protect your trade secrets from thieves? Is it the ability to organize for human rights without getting killed? Its all three. Security is contextual, depends on whom you are talking to, and who you are worried about attacking you. Its important to notice when things you might do to maximize one kind of security could negatively impact another. Are there rules, and do they prevent abuses? Immense pressure on law to play a safeguard that technological impossibility and economic infeasibility used to play. Information is power, and today’s law lets government collect an immense amount of information, then depend on back end rules and regulations to prevent abuses. Yet, each of the three most controversial domestic surveillance programs, the FISA court critiqued NSA for failing to follow its rules, for years. In one of those cases, the judge found the lapse also violated the Fourth Amendment. Of course we don’t know what other abuses there are. No transparency on how the information is used, even when it is passed to criminal authorities for prosecution. One Snowden disclosure suggested that the government looks for information that political radicals were watching porn online, so that they can be discredited. Former NSA head Stewart Baker called this tactic “dropping the truth on them” instead of a bomb. Very catchy. Except that in the 6 examples of dossiers compiled against radicals, the men were not necessarily terrorists, or even dangerous. One was a 9/11 truther, which is a political point of view unfortunately held by a double digit percentage of the U.S. population. Secrecy is a serious problem. We have secret counterintuitive interpretations of law, and secret complex minimization procedures that reasonably educated people can’t understand. And lurking just outside the conversation are all the alternative technological and legal authorities to collect that are unconstrained by even those minimization procedures. This secrecy has a second problem beyond legitimacy: unintended downstream consequences. NSA is hacking the network, messing with encryption standards, putting backdoors in American manufactured routers, working with GCHQ to suck data off of Internet company data center transfers. This is terrible for US companies that do business overseas, or have overseas users. IBM is spending billions to build data centers overseas. MSFT lost Brazil govt as a customer. Its hard to estimate the economic effect of this lost of trust, but it is in the tens or hundreds of billions. Economic well being is an important national interest. But behind the closed doors, those interests got thrown under bus. Other Important values got lost, including how Internet security overall would suffer from vulnerabilities introduced for intelligence purposes and how US hypocracy would help China and other oppressive regimes push for more readily surveillable and censorable nationalized Internets. This is what happens in an echo chamber. Focusing on one kind of security has meant other kinds of security are on the chopping block, and other public interests, privacy, the power balance between the government and the governed, and the American economy, now suffer. Secrecy isn’t all or nothing. The government has a legitimate interest in keeping targets and sources secret. But the secrecy about what our laws authorize our intelligence agencies to do must end.