Some thoughts about Snowden: A middle ground

I thought it would be useful to write down my thoughts on the past months’ disclosures from Edward Snowden, the contractor who made off with and has leaked a vast trove of classified NSA documents. The main reason for doing this is to help gel my own opinions, but it may be interesting to others as well. The Snowden situation is very complex, and as you will see I can’t label him as either a hero or a traitor: he is a little of both, or a little of neither.

On one hand…

The idea that our government is secretly collecting, in bulk, information on millions of American citizens and storing it is very troubling to me. This strikes me as the sort of thing that the Fourth Amendment to the Constitution was trying to prevent. While it’s true that law enforcement is easier and that we may be “safer” with more intrusive surveillance, our freedom depends on our ability to go about our business without constantly having to consider how that might “look” to the government. Our ability to freely associate with others is threatened when metadata collection catalogs whom we communicate with, and in turn with whom those people communicate, perhaps unbeknownst to us. And the existence of a vast trove of information about average Americans invites confirmation bias when someone is suspected of wrongdoing. Who hasn’t done something that, to a third party, might seem suspicious?

I’m also very concerned about reports that NSA may have influenced companies and others to weaken the security of their products. Anything that makes it easier for the NSA to perform surveillance potentially makes it easier for our adversaries, both nations and commercial interests, as well. Weakening US-based suppliers of products and services exploits them, eroding their trust and putting them at a business disadvantage.

And then there is the rhetoric from Washington DC. The tradeoff between safety and surveillance is being distorted by dubious claims of terrorist plots being thwarted. Sen. Feinstein claims that bulk collection is “not surveillance”. Even one of the authors of the PATRIOT Act claims that the Act is being misused.

On the other hand…

I am also very troubled in exactly the opposite direction about other Snowden disclosures. Many of these disclosures have to do with foreign surveillance, exactly what the NSA is supposed to do. Now that these disclosures have taken place, legitimate targets are going to change how they do things and valuable intelligence will be lost.

In particular, a lot of attention has been focused by the press on a catalog of tools from a group known as Tailored Access Operations (TAO). Many of these tools are entirely unsuitable for bulk surveillance: devices like USB cables with tiny transmitters in them are very expensive. These tools have many appropriate uses; they allow the NSA to do the things they are chartered to do. But we do need to make sure that these tools are being appropriately used, and unfortunately trust in the NSA has broken down and oversight is lacking.

Finally…

These disclosures indicate that NSA has gotten lax on its internal security. Sensitive intelligence information, like that relating to surveillance on a foreign head of state, is supposed to be compartmented: available only to a specific set of people who have a demonstrated need-to-know for the information. The fact that Snowden was able to get such a broad array of information indicates that the compartmentalization system either isn’t being used or isn’t working properly.

I am very troubled about mass surveillance of US citizens, and more generally by the erosion of trust between our citizens and our government. Legislative action is needed to more clearly define what is in-bounds and out-of-bounds for the NSA, and the intelligence community as a whole, to do with respect to surveillance of American citizens. But this needs to be backed by real oversight by the courts and Congress.