Andrea Buchanan ’15
A year ago, Edward Snowden rocked the foundational trust of the public with when he exposed documents that showed that the phone records of millions of Americans had been collected by the National Security Agency (NSA). Snowden’s disclosures also exposed that the U.S. was spying on foreign leaders, as well as tapping into U.S. internet companies, such as Google and Facebook, to collect data. Though the U.S. government took steps to calm the public and reassure them that their privacy was not being breached, the NSA and the issue of cyber security have become prominent fixtures of concern in minds of Americans.
Snowden’s revelations started with phone data but have since spurred deeper investigation into other forms of digital communication, mainly the internet. A panel sponsored by the New America Foundation titled “National Insecurity Agency: How the NSA’s Surveillance Programs Undermine Internet Security,” effectively captured the feelings of insecurity that many Americans now feel towards the internet and the federal government in general. The event, which included opening remarks from both Congresswoman Zoe Lofgren (D-CA) and Congressman Alan Grayson (D-FL) and a panel composed of several policy experts, highlighted the concerns that both businesses and the public share in regards to national security. Panelist Amie Stephanovich, Senior Policy Counsel at Access, emphasized the fact that the NSA actually has two missions: surveillance and information assurance, and security. What was made clear during the course of the discussion is that it is obvious to the American public that surveillance is part of national security and that is the job of the NSA. But what is often forgotten is the security component of the NSA’s mission. At what point does surveillance breech security? Does the NSA fulfill one goal better than the other?
Bruce Schneier, a security technologist and author who is a fellow at OTI and Harvard’s Berkman Center for Internet and Society, does not seem to think that the NSA does a good job balancing its two objectives. Schneier stated, the NSA “undermines fundamental trust to achieve security,” specifically in reference to the NSA’s use of “backdoors” in widely used technology programs that allow the NSA to “eavesdrop” on users of any kind. The fact that the NSA has the ability to have backdoors built in for them to spy and gather information demonstrates how large the reach of the NSA really is and how far they are willing to stretch the constructs of surveillance to fit under the guise of security.
Possibly one of the more recent discoveries about the NSA is that no one is safe. When the Patriot Act was signed in 2001, the public generally accepted wide sweeping surveillance measures because it believed that it was more important to spy and stop terrorists before something like the tragedy of 9/11 occurred again. After the Snowden revelations – over a decade after the attacks of September 11 – the public has become increasingly outraged at the government’s surveillance overreach. What has changed in that time? Well for starters, most people do not believe they are terrorists and should not be targeted. And while the NSA might agree that the overwhelming majority of citizens are not terrorists, it is easier for them to cast a wide surveillance net over everyone rather than focusing their efforts on a targeted population. Schneier emphasized this point during his speaking points on the panel, and also noted that with its power over companies and ability to take advantage of vulnerabilities in software security, the NSA is willing to compromise the privacy of everyone in order to make their target larger.
A recent article in the Washington Post echoed Schneier’s points. The Post’s four-month investigation discovered that most of the information captured by the NSA serves little to no purpose for the NSA nor does it constitute a national security threat. This calls into question the effectiveness of the NSA and their current strategies to combat cyber threats at the expense of the American people.
Since the Snowden revelations and more recent disclosures by media outlets and whistleblowers have shed new light about the true tactics of the NSA, Congress has decided to act to increase security for the average citizen. Recently, on July 8, 2014, the Cyber Information Sharing Act (CISA) was cleared from the Senate Intelligence Committee to be debated by the full chamber. However, in an article by The Economist, the CISA bill does little to corral the surveillance powers of the NSA or other government agencies. The article also notes that the bill could allow for collected information pertaining to cyber-threats to be used for other purposes “including things such as criminal cases that have nothing to do with the original cyber-threat.” Mark Jaycox of the Electronic Frontier Foundation, who is quoted in the article, points out that “any cyber security bill must acknowledge what we’ve learned by incorporating robust privacy protections,” a statement that would be agreed upon by all of the panelists of the aforementioned New America Foundation panel.
In today’s modern age, the cyber arena is widely considered the fifth domain of warfare and has the potential to become the most debilitating. It is true that our cyber security measures need to be on point and effective. However, compromising the privacy of everyone through the overreach of federal government agencies does little to build strength and trust from those that are supposedly being protected. Furthermore, the NSA’s current tactics are arguably unconstitutional- a possible violation of the 4th Amendment, which ostensibly protects all Americans from “unreasonable searches and seizures.” Constitutional questions pertaining to cyber security will undoubtedly be posed to Supreme Court in the near future.
The New America Foundation panelists advocated for political action, as changing the cyber security laws and the domain of the NSA will require existing laws and policies to change. We are living in a world where we now have hundreds of passwords to remember to log into our digital lives – our emails, bank accounts, social media, and everything else. There’s a reasonable amount of surveillance we can accept, but it is not unreasonable to believe that when we key in our password, we are unlocking our digital private vault just for ourselves, and not opening the door for a cyber Big Brother to be watching our every move.