Authors: Bruce Schneier
Data and Goliath (25 page)
I gave more examples in Chapter 11. In general, we get to decide how we’re going to
build our communications infrastructure: for security or not, for surveillance or
not, for privacy or not, for resilience or not. And then
everyone
gets to use that infrastructure.
I
n the wake of Snowden’s disclosures about NSA surveillance, there has been no shortage
of recommendations on how to reform national intelligence. In 2013, President Obama
set up a review commission on surveillance and national intelligence; that commission
came up with 46 NSA policy recommendations. In 2014, 500 organizations, experts, and
officials worldwide, including me, signed the International Principles on the Application
of Human Rights to Communications Surveillance, often called the “Necessary and Proportionate”
principles. The US Congress has debated several bills offering minor reforms; one
or two might have passed by the time you read this.
In this chapter, I look at both national security and law enforcement, and make general
policy recommendations, rather than detailed legislative prescriptions. Some of these
are easily doable, and others are more aspirational. All of them are where I think
government needs to go in the long term.
I am not arguing that governments should never be allowed to conduct surveillance
or sabotage. We already give the police broad powers to invade citizens’ privacy and
access our data. We do this knowingly—and willingly—because it helps to solve crimes,
which in turn makes us safer. The trick is to give government agencies this power
without giving them the ability to abuse it. We need the security provided by government
as well as security
from
government. This is what documents like the US Constitution and the European Charter
try to do, it’s what the warrant process does, and it’s what fell out of balance in
our mad scramble for security against terrorists after the 9/11 attacks.
International Principles on the Application of Human Rights to Communications Surveillance—Summary
(2014)
LEGALITY:
Limits on the right to privacy must be set out clearly and precisely in laws, and
should be regularly reviewed to make sure privacy protections keep up with rapid technological
changes.
LEGITIMATE AIM:
Communications surveillance should only be permitted in pursuit of the most important
state objectives.
NECESSITY:
The State has the obligation to prove that its communications surveillance activities
are necessary to achieving a legitimate objective.
ADEQUACY:
A communications surveillance mechanism must be effective in achieving its legitimate
objective.
PROPORTIONALITY:
Communications surveillance should be regarded as a highly intrusive act that interferes
with the rights to privacy and freedom of opinion and expression, threatening the
foundations of a democratic society. Proportionate communications surveillance will
typically require prior authorization from a competent judicial authority.
COMPETENT JUDICIAL AUTHORITY:
Determinations related to communications surveillance must be made by a competent
judicial authority that is impartial and independent.
DUE PROCESS:
Due process requires that any interference with human rights is governed by lawful
procedures which are publicly available and applied consistently in a fair and public
hearing.
USER NOTIFICATION:
Individuals should be notified of a decision authorizing surveillance of their communications.
Except when a competent judicial authority finds that notice will harm an investigation,
individuals should be provided an opportunity to challenge such surveillance before
it occurs.
TRANSPARENCY:
The government has an obligation to make enough information publicly available so
that the general public can understand the scope and nature of its surveillance activities.
The government should not generally prevent service providers from publishing details
on the scope and nature of their own surveillance-related dealings with State.
PUBLIC OVERSIGHT:
States should establish independent oversight mechanisms to ensure transparency and
accountability of communications surveillance. Oversight mechanisms should have the
authority to access all potentially relevant information about State actions.
INTEGRITY OF COMMUNICATIONS AND SYSTEMS:
Service providers or hardware or software vendors should not be compelled to build
surveillance capabilities or backdoors into their systems or to collect or retain
particular information purely for State surveillance purposes.
SAFEGUARDS FOR INTERNATIONAL COOPERATION:
On occasion, states may seek assistance from foreign service providers to conduct
surveillance. This must be governed by clear and public agreements that ensure the
most privacy-protective standard applicable is relied upon in each instance.
SAFEGUARDS AGAINST ILLEGITIMATE ACCESS:
There should be civil and criminal penalties imposed on any party responsible for
illegal electronic surveillance and those affected by surveillance must have access
to legal mechanisms necessary for effective redress. Strong protection should also
be afforded to whistleblowers who expose surveillance activities that threaten human
rights.
I’m largely addressing the US, although the recommendations in this chapter are applicable
elsewhere. In the US, the president can implement some of these recommendations unilaterally
by executive order, some
require congressional approval, and others require the passage of new legislation.
Other countries have their own separation of powers with their own rules. In many
countries, of course, implementing any of these recommendations would require radical
changes in the government.
LESS SECRECY, MORE TRANSPARENCY
Since 9/11, the Bush and Obama administrations have repeatedly maintained that an
extreme level of secrecy is necessary to prevent the enemy from knowing what we’re
doing. The levels of secrecy we saw during World War I still make sense. Tactical
facts can be very valuable for a limited time, and important to keep secret for that
duration. And sometimes we need to keep larger secrets: our negotiating positions
with other countries, the identities of foreign agents, military planning, and some
areas of national intelligence. Getting back to the important difference between espionage
and surveillance, our systems of espionage require a lot more secrecy than our systems
of surveillance do.
However, we can be more transparent in many areas. Compare the intense secrecy surrounding
NSA surveillance with a very similar domain where we routinely manage quite well without
a lot of secrecy: police and crime-fighting. The Fourth Amendment regulates the police’s
ability to conduct surveillance, and all the court rulings surrounding it are public.
Criminals can read up on all of this, or hire a lawyer who understands it, and then
create a detailed manual on how to precisely exploit any loopholes in the law. There
are many loopholes, and plenty of defense attorneys who know their way through them.
Yet police work continues undeterred, and criminals are routinely arrested and convicted.
More generally, almost everything about police and crime-fighting is public. We know
the budgets of all our nation’s police forces. We know their capabilities. We know
how effective they are. We know what they do, and how well they do it. We don’t know
the identities of undercover police officers, but we know generally how they’re used
and what they can and cannot do. All of this is public, known by those of us who grant
the police powers over us as well as those of us who want to commit crimes. Yet the
police regularly manage to solve crimes.
This demonstrates that the current level of secrecy we have in counterterrorism is
excessive. It applies a military level of secrecy to what has always been a domestic
matter. Terrorists are not smarter and more formidable than organized crime. Terrorists
don’t cause more damage or kill more people; we just fear them more. We need to transfer
the traditional law enforcement transparency principles to national security, instead
of increasing the secrecy surrounding law enforcement, as we have unfortunately begun
to do. We have to design systems that keep us safe even if their details are public
and known by the enemy. Secrets are harder to keep today, so we’re better off limiting
their numbers.
In the 1980s, the US gave up trying to keep cryptography research secret, because
all that did was put our mathematicians and engineers at a disadvantage with respect
to their peers in other countries. More recently, the US has abandoned attempting
to block research on creating biological viruses, because someone somewhere will publish
the information regardless of what we do. Military thinkers now realize that many
strategic military secrets are harder to keep because of the ubiquity of satellite
imagery and other technologies. We need to think the same way about government secrecy
surrounding surveillance.
Transparency laws for surveillance already exist in the US. The original 1968 wiretap
law mandated extensive public reporting on the government’s use of wiretaps. The annual
wiretap reports are over 200 pages long, and contain an enormous amount of detail.
This made it possible for people to verify what the FBI was doing, and ensure that
the agency wasn’t abusing its authority. The problem is that when other surveillance
authorities were expanded after 9/11, no similar reporting requirements were established.
We need to fix this.
The US government should publish detailed, unclassified descriptions of the scope
and scale of intelligence gathering. It should publish the legal justifications for
all intelligence programs. It should publish information on the type and amount of
data collected under those different authorities, as well as details of minimization
procedures and data retention rules. And it should declassify all general opinions
of the FISA Court, which oversees NSA surveillance under FISA and the FISA Amendments
Act. The names of the people and organizations being monitored are legitimately secret;
the rules under which organizations operate are not.
MORE—AND BETTER—OVERSIGHT
To rein in NSA surveillance, we need much better oversight over both national intelligence
and law enforcement.
Strategic oversight comes first. The NSA has justified its actions by pointing to
congressional oversight. Its leaders claim that agency staff merely follow the laws
that Congress passes or the orders the president signs. According to one official
press release, “NSA conducts all of its activities in accordance with applicable laws,
regulations, and policies.” This is not true. In fact, it is deeply disingenuous.
We know from recently declassified FISA Court opinions, especially those written by
Judge John Bates, that the NSA frequently made misrepresentations to the court, did
not follow minimization requirements, and regularly exceeded its legal authorizations.
The NSA has gamed the rules governing congressional oversight to ensure that no actual
understanding or critical review happens. Documents the NSA provides to Congress are
either propaganda pieces designed to convince or jargon-laden documents designed to
confuse. Members of Congress can’t remove those documents from the secure room they’re
stored in, nor can they remove any notes they make. They can only bring along security-cleared
staffers to help them understand the meaning and significance of the material, but
few lawmakers employ staffers with both a top-secret clearance level and appropriate
expertise. Additionally, they’re lobbied heavily by the NSA. Senator Ron Wyden has
stated that senior intelligence officials repeatedly made “misleading and deceptive
statements” in congressional hearings. Senator Dianne Feinstein, chair of the Senate
Select Committee on Intelligence and a longstanding supporter of government surveillance,
regretfully concluded that her committee “was not satisfactorily informed” by the
intelligence community about its activities. Congressman Alan Grayson of Florida called
congressional oversight of the NSA a “joke.”
In 2014, I was invited by six members of Congress—members from both parties—to brief
them on the NSA’s activities. Because I had reviewed many of the unpublished Snowden
documents, I knew more about the NSA’s activities than they did. How can our democracy
survive when the best
information Congress can get about what the NSA was really doing comes from me?
On the other hand, many legislators don’t want to perform the oversight function assigned
to Congress. Some of this reluctance stems from a desire for plausible deniability.
It’s politically safer to let the executive branch make the decisions, then let it
take the heat when something goes wrong. There’s also political risk in standing up
to law enforcement. Few congressional committee members actually venture into that
secure room.
The NSA interprets its authority very aggressively and self-servingly. In Chapter
5, I discussed the three different authorities the NSA uses to justify its surveillance
activities: Executive Order 12333, Section 215 of the PATRIOT Act, and Section 702
of the FISA Amendments Act.
Executive Order 12333, the 1981 presidential document authorizing most of NSA’s surveillance,
is incredibly permissive. It is supposed to primarily allow the NSA to conduct surveillance
outside the US, but it gives the agency broad authority to collect data on Americans.
It provides minimal protections for Americans’ data collected outside the US, and
even less for the hundreds of millions of innocent non-Americans whose data is incidentally
collected. Because this is a presidential directive and not a law, courts have no
jurisdiction, and congressional oversight is minimal. Additionally, at least in 2007,
the president believed he could modify or ignore it at will and in secret. As a result,
we know very little about how Executive Order 12333 is being interpreted inside the
NSA.