An old proverb warns us to choose our enemies carefully, for that is who we will become. It seems to have come to pass in the world of cyberespionage.
It has been awhile since we heard much about how foreign powers, notably China, hack into our computers to steal commercial and government secrets, harass their adversaries and probe for weaknesses. It turns out we have been doing most of those things ourselves - and we are probably better at it than they are.
As a result, the U.S. government, with the help of some of its allies, has probably inflicted more damage on the American technology industry than any combination of foreign governments and organized crime outfits have managed. American-based technology firms now face a compromised ability to promise their customers, domestic or international, that their data is ever truly secure. One of our most vital national industries has been undermined, at home and especially abroad.
Last week The New York Times and ProPublica partnered with The Guardian to publish the latest chapter in the unfolding National Security Agency scandal. The article described how the NSA, along with its U.K. counterpart the Government Communications Headquarters (GCHQ), systematically defeated the major, mainstream tools protecting the privacy of everyday communication on the Internet. The Times’ disclosures show that the NSA was doing exactly what we feared foreign governments - especially China - would do, by inserting backdoors into surveillance software and security gaps into key hardware, and by bullying technology companies into collaborating with government spies.
Now we know, at least to a large degree, why British authorities detained David Michael Miranda, threatened The Guardian, and gratuitously smashed some of the newspaper’s computers. These were the fruits of desperation and extralegal attempts to suppress further information about what the GCHQ, and its big brother the NSA, has been doing for the past 10 to 15 years. It also helps explain the U.S. administration’s desperation to catch Edward Snowden and to recover the information he had already leaked to journalists. Authorities wanted to know which parties to try to coax or coerce into suppressing the information that had not yet been released. As the extent of that information’s repercussions become clear, it isn’t hard to see what they were trying to keep locked down.
The Guardian responded to GCHQ’s efforts by indirectly availing itself of the U.S. Constitution’s First Amendment in partnering with The Times and ProPublica. The news organizations’ collaborative story reveals, among other information: a 10-year, systematic effort by the NSA to undermine and exploit encryption technologies; $250 million yearly expenditures on working with technology companies, either willing or coerced, to influence their product designs; and a GCHQ effort to find ways into encrypted traffic on Hotmail (now rebranded Outlook), Yahoo, Facebook and Google.
The story mentions that intelligence officials “asked” The Times and ProPublica not to publish the article. They properly refused. One of the documents makes clear that the public is not the only audience the NSA is attempting to avoid; unlike some classified information, the anti-encryption program known as “Bullrun” would have “NO ‘need to know.’”
These anti-encryption and surveillance practices have gone on for many years, under presidents from both parties. It shows every sign of being a major scandal. Journalists have provided us with a start, but now we are left to ask a series of vital follow-up questions.
Who authorized these programs? Once they existed, who knew about them? Who is going to be fired? Who is going to jail?
A good place to begin is with a question The Times did not answer: Which officials, exactly, asked the newspaper to withhold this story? To continue this line of inquiry, we must wonder: Does Attorney General Eric Holder know what has been going on in the NSA? Did his predecessor? Did either President Obama or former President George W. Bush know? Who authorized the NSA to bully companies like Google and Microsoft? What threats and pressure tactics did they employ to do so? Under what legal authority?
The bottom line is that Snowden was right to sound the alarm. The surveillance state that has evolved in the Internet era far exceeds anything that U.S. citizens, or their elected representatives, have agreed to support. Essentially, the government has taken the position that it can steam open every letter Americans send, photocopy the letter’s contents, scan the copies for key words, and pursue the senders that it chooses to fully investigate as a result - all without telling its own citizens a thing about it. That’s an assertion of powers that have been employed in the past by organizations like the KGB, the Stasi and the Gestapo.
ProPublica, in defending its decision to publish the story, took its analogy from science fiction rather than from history. “Suppose for a moment that the U.S. government had secretly developed and deployed an ability to read individuals’ minds,” wrote Stephen Engelberg, ProPublica’s editor-in-chief, and Richard Tofel, its president. “Such a capability would present the greatest possible invasion of personal privacy. And just as surely, it would be an enormously valuable weapon in the fight against terrorism.” As ProPublica argues, any use of such a capability should not be kept secret, regardless of secrecy’s tactical advantages. Safeguards for the capability’s use would need to be developed and discussed, which secrecy would make impossible. The NSA’s surveillance program represents a similar threat to civil liberties, and it needs such a discussion. But we can’t discuss it if none of us know - or, in the NSA’s eyes, need to know.
We like to think that our government at least took wrong actions for the right reason, and created these programs in our country’s defense. But the fact is that our best defense historically has been a system of checks and balances that has endured for 200 years. Either some members of the executive branch, former and current, have chosen to override these checks and balances, or security agencies have decided to exempt themselves from effective oversight in the interest of what they perceive as the common good.
If federal investigators can spare some time away from their attempts to throw bankers in jail over the financial crisis, the rest of us could use their help. An arm of the government that believes it is a law unto itself is a much more serious threat to our national welfare and global standing. This scandal warrants thorough investigation.
We need to know.