Illustration: Harry Campbell
Thanks
to Edward Snowden, we've learned a lot over the past few months about
the breathtaking scope and depth of US government surveillance programs.
It's going to take a while to digest all the details he's disclosed,
but in the meantime it might be a good idea to step back and ask some
pointed questions about what it all means—and what kind of country we
want to live in.
What keeps the NSA's capabilities from being abused in the future?
With only a few (albeit worrying) exceptions,
Snowden's documents
suggest that today the NSA is focused primarily on foreign terrorism
and mostly operates within its legal limits. But the agency has built an
enormous infrastructure that sweeps up email, phone records, satellite
communications, and fiber-optic data in terabyte quantities—and if
history teaches us anything, it's that capabilities that exist will
eventually be used. Inadvertent collection of US communications is
required by law to be "
minimized,"
but even now there are plenty of loopholes that allow the NSA to hold
on to large quantities of domestic surveillance for its own use and the
use of others. And there's little to keep it from covertly expanding
that capability in the future. All it would take is another 9/11 and a
president without a lot of scruples about privacy rights.
What kind of independent oversight should the NSA have?
Right now, oversight is weak. There are briefings for a few members of
Congress, but the NSA decides what's in those briefings, and
one leaked report
revealed that the agency has set out very specific guidelines for what
its analysts may divulge to "our overseers." That caginess extends to
the FISA court charged with making sure NSA programs remain within the
law: In a
2011 opinion
recently released by the Obama administration, the court noted that the
NSA had misled it about the specific nature of a surveillance program
for the third time in three years.
No organization can adequately oversee itself. If the NSA is allowed
to decide on its own what it reveals to Congress and to the courts, then
it's under no real oversight at all.
What happened to the Fourth Amendment?
Back in 1979, the Supreme Court
ruled
that although a warrant is required to tap a telephone line, none is
needed to acquire phone records. This means that police don't need a
warrant to find out whom you've been calling and who's been calling you.
Whatever you think of this ruling, it was fairly limited at the time.
Today it's anything but. The NSA now sweeps up records of every single
phone call made in the United States under the authority of Section 215
of the
Patriot Act,
which gives it power to obtain any "tangible thing" that's relevant to a
terrorist investigation. Did Congress mean for that section to be
interpreted so broadly? Rep.
Jim Sensenbrenner (R-Wis.), one of the authors of the Patriot Act, doesn't think so. But the NSA does, and the FISA court has backed it up.
Another law,
Section 702
of the FISA Amendments Act, allows the NSA to obtain access to vast
categories of online communications without a warrant. It's supposed to
apply only to foreigners, but via
errors and loopholes plenty of Americans end up being targeted too. In fact,
one of the loopholes specifically allows the agency to use domestic data collected "inadvertently" if it shows evidence of a crime being or "
about to be"
committed. This provides a pretty obvious incentive to gather up bulk
domestic communications in hopes of finding evidence of imminent
activity. And the practice isn't limited to national security cases: The
Drug Enforcement Administration, for example, has a
special division dedicated to using intelligence intercepts in drug cases, a fact that it routinely conceals from courts and defense attorneys.
What all this means is that the traditional constitutional
requirement of a particularized warrant—one targeted at a specific
person—is fast becoming a relic. In the NSA's world, they simply collect
everything they can using the broad powers they've been given, then
decide for themselves which records they're actually allowed to read. Is
that really what we want?
Does all this surveillance keep us safer?
There's no way to know for sure, since virtually everything about the
NSA's programs is classified. But shortly after the publication of the
first Snowden documents, the head of the NSA
told Congress that its surveillance programs had "
contributed"
to understanding or disrupting 50 terrorist plots—10 of them
domestic—since 9/11. That amounts to less than one domestic plot per
year. Of the handful he described, the most significant one involved a
Somali immigrant who sent a few thousand dollars back to fighters in Somalia.
When you narrow things down to just the NSA's collection of domestic
phone records—perhaps its most controversial program—things get even
shakier. In 2009, a FISA court judge who had received detailed reports
on the program
expressed open skepticism
that it had accomplished much. And two US senators who have seen
classified briefings about all 50 plots say that the phone records
played "
little or no role"
in disrupting any of them. If this is the best case the NSA can make,
it's fair to ask whether its programs are worth the cost, either in
money or in degraded privacy.
What about corporate surveillance?
Government eavesdropping isn't the only thing we have to worry about.
We're also subjected to steadily increasing data collection from private
actors. It's true that, unlike a government, a corporation can't put
you on a no-fly list or throw you in jail. But there are at least a
couple of reasons that corporate surveillance can be every bit as
intrusive as the government variety—and possibly every bit as dangerous
too.
First, if Target can analyze your shopping habits to figure out if you're pregnant—
and it can—another
company might figure out that you're in the early stages of Alzheimer's
disease and then start badgering you to buy worthless insurance
policies. Multiply that by a thousand and "targeted advertising" doesn't
seem quite so benign anymore.
Second, there's nothing that prevents the government from buying up
all this information and combining it with its programs into an even
bigger surveillance octopus. That was the goal of the Orwellian-named
Bush-era program known as Total Information Awareness. It was officially
killed after a public outcry, but as we now know,
it never really went away. It just got split apart, renamed, and dumped into black budgets.
Even the NSA itself is in on the action: The
Wall Street Journal
reported earlier this year that the agency collects more than just
phone records and data packets. Via internet service providers and
financial institutions, it also gathers web search records, credit card
transactions, and who knows what else. In addition, the NSA has long
maintained a deep collaboration with the leading-edge data mining
companies of Silicon Valley. And why not? As the
New York Times put it, both sides realize that "they are now in the same business."
Can we save privacy?
I call this the "
David Brin
question," after the science fiction writer who argued in 1996 that the
issue isn't whether surveillance will become ubiquitous—given
technological advances, it will—but how we choose to live with it. Sure,
he argued, we may pass laws to protect our privacy, but they'll do
little except ensure that surveillance is hidden ever more deeply and is
available only to governments and powerful corporations. Instead, Brin
suggests, we should all tolerate less privacy, but insist on less of it
for everyone. With the exception of a small sphere within our homes, we
should accept that our neighbors will know pretty much everything about
us and vice versa. And we should demand that all surveillance data be
public, with none restricted to governments or data brokers. Give
everyone access to the NSA's records. Give everyone access to all the
video cameras that dot our cities. Give everyone access to corporate
databases.
This is, needless to say, easier said than done, and Brin
acknowledges plenty of problems. Nonetheless, his provocation is worth
thinking about. If privacy in the traditional sense is impossible in a
modern society, our best bet might be to make the inevitable
surveillance more available, not less. It might, in the end, be the only
way to keep governments honest.