By: Gautam Narula
In June 2013, The Guardian, a British newspaper, began reporting on documents leaked by Edward Snowden, a contractor for the National Security Agency (NSA). The documents highlighted the scale and magnitude of the NSA’s domestic and international surveillance efforts by revealing the existence of three new programs. The first, Planning Tool for Resource Integration, Synchronization, and Management (PRISM), mines stored communications data from the largest technology companies and services, including Apple, AOL, Facebook, Google, Microsoft, Skype, Yahoo!, and YouTube. The second, XKeystore (XKS), allows the NSA to search and analyze foreigners’ internet data. The third, Tempora, is an online and telecommunications surveillance program run by the British Government Communications Headquarters whose data is shared with the NSA. For the first time, outsiders have a glimpse of the extent of the NSA’s surveillance and analytical powers.
The NSA has been using the phone and email data it has collected to create complex “graphs” detailing Americans’ social connections, a practice forbidden until officials lifted restrictions on it in 2010. The agency’s Sigint Enabling Project works with major internet companies to undermine privacy by inserting backdoors into encryption algorithms, exploiting flaws in encryption chips, and working with manufacturers to create security vulnerabilities within their hardware. The NSA has also coerced technology companies into giving up their encryption keys or providing direct access to communications data, and has used its influence stealthily to introduce weaknesses into encryption standards followed by software and hardware developers worldwide. Under a program codenamed Bullrun, the NSA has focused on cracking widely used encryption practices and protocols, like Secure Socket Layer, virtual private networks, and the encryption used on 4G phones. “Who knew in 1984,” a leaked NSA slideshow on iPhone vulnerabilities crows, “[Steve Jobs] would be big brother and the zombies would be paying customers?”
Government officials have been quick to defend the surveillance programs. President Obama argued that, “these programs are subject to congressional oversight and congressional reauthorization and congressional debate.” In an interview Obama flatly stated, “there is no spying on America,” and argued that the Foreign Intelligence Surveillance Court, also known as the FISA Court, provided sufficient oversight of the NSA’s surveillance activities. James Clapper, Director of National Intelligence, told a Senate committee in March that the NSA does “not wittingly” collect data on millions of Americans. NSA Director Keith Alexander told the House Intelligence Committee that “these programs, along with other intelligence, have protected the U.S. and our allies from…potential terrorist events over 50 times since 9/11.” In an interview, Alexander asserted that there was no alternative to the mass collection of Americans’ communications metadata to prevent terrorist attacks. He also claimed the Snowden disclosures had caused “significant and irreversible damage” to national security.
The Electronic Frontiers Foundation (EFF), a digital rights advocacy group, has challenged Obama’s claim that the FISA court has provided sufficient NSA oversight. In a blog post on its website, the EFF argued that the NSA circumvented the FISA court by acting as if “it had the authority to search the telephone records database in order to obtain the ‘reasonable articulable suspicion’ required to investigate those numbers. Essentially, they were conducting suspicion-less searches to obtain the suspicion the FISA court required to conduct searches.” In 2011, the FISA court rebuked the NSA for “the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program.” The EFF argued that the court “cannot serve as an effective check on the NSA, because it’s wholly dependent on the representations that the NSA makes to it.”
Obama’s congressional oversight defense has been challenged by members of Congress themselves. Virginia Republican Representative Morgan Griffith and Democratic Representative Alan Grayson provided documents to The Guardian showing that their repeated requests for more information from the House Intelligence Committee had been denied. In an interview with Chris Hayes on MSNBC, Democratic Senator Richard Blumenthal of Connecticut noted that “the revelations about the magnitude, the scope and scale of [surveillance]…were indeed revelations to me.” After the disclosures revealed the NSA was receiving an ongoing feed of the communications data of millions of American Verizon customers, Clapper admitted that his previous statement, given under oath to members of Congress, was false.
The disclosures have had a chilling effect on American technology companies. Marissa Mayer, CEO of Yahoo!, nervously stated in an interview that she could not release more information about how the company interacts with the NSA because it would result in incarceration. Facebook, Google, Microsoft, and Yahoo! have all filed suit with the FISA court in order to release more information to the public. RSA Security, an American networking and computer security company, told customers to stop using a long recommended encryption algorithm after leaked documents showed the NSA secretly introduced vulnerabilities into it. In September, Google began encrypting all of the keyword searches on its search engine while DuckDuckGo, a search engine that claims to not record any user information, saw its search volume increase 50 percent in the eight days following the first NSA disclosures. Lavabit, a privacy-oriented email service used by Edward Snowden, shut down rather than comply with a court order to hand over its encryption key to the federal government. “Without Congressional action or a strong judicial precedent,” wrote Ladar Levinson, Lavabit’s owner, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
What does the future of the internet look like in the face of a massive, hidden surveillance apparatus that operates on its very backbone? According to Google executive chairman Eric Schmidt, the real danger is that “other countries will begin to put very serious encryption…to essentially split the internet [and make it] country specific. That would…really break the way the internet works.” A September poll from the Pew Research Center found that 86 percent of Americans had taken steps to remain anonymous online. A July poll from Pew showed that for the first time since 9/11 more Americans were concerned that the government “had gone too far in restricting civil liberties” (47 percent) than they were with the government “not going far enough to protect the country” (35 percent). The NSA has circumvented or cracked much of the encryption and privacy measures that makes the modern internet possible, like those used for e-commerce, banking, online communication, and user authentication. In its efforts to make our nation safer, the NSA has made the internet a more dangerous place.
Rather than providing any answers, the Snowden documents only raise more questions. How can we have an open and honest debate about balancing safety and privacy when Google isn’t even allowed to tell us how many NSA data requests it receives each year? How do we know our information is safe online when the most widely used protection mechanisms are vulnerable? How can we function as a democratic society when government officials have repeatedly deceived the public about the nature and scope of these programs? “That’s the worst thing about the NSA’s actions.” writes cryptologist Bruce Schneier. “We have no idea whom we can trust.”