The Snowden leaks have sparked heated debate, if not widespread outrage in the United States, as more and more stories come out that indicate the NSA has both a much wider range of capabilities than most Americans had previously believed and that these powers have been used on a large scale to collect different types of information about Americans’ communications. (The Guardian has the best reporting I think on the NSA story – it can be found here.) In this debate in the U.S., the NSA’s credibility and competence has been thrown into question. The FISA secret courts that were suppose to act as a check on the NSA to protect Americans’ privacy do not seem to have been much of a check at all. The NSA – although seemingly quite competent at creating a system to collect the world’s communications – has proven far less capable at maintaining command and control over its own administrators. Snowden was a NSA contractor that was able to sneak out of the U.S. with large amounts of top secret data without the NSA even seeming to realize. The NSA still does not seem to know exactly what he took. We do not know if there are other Snowdens out there, or could be in the future, who might use information they take for much less public-minded purposes than starting a debate (think insider trading, blackmail, or selling secrets to the highest bidder). NSA agents, perhaps predictably, have already been revealed to have used the NSA’s surveillance tools to spy on love interests.
The U.S. debate has largely focused on the extent to which the NSA spies on U.S. citizens in the United States. Yet, obviously this is missing a major point. The NSA is spying on the other 6.8 billion people on the planet with whatever discretion it sees fit. There are no FISA courts checking this spying. No need for a warrant. If your not American, in most cases the only thing preventing the NSA from reading your email is that, well, your email probably isn’t that interesting and it takes resources to read emails.
So why should we care? Hasn’t the U.S. government spied on other governments for decades? Don’t other governments spy on each other and on the U.S. government? There’s nothing new here – all is fair in international relations.
Yet, the NSA spying program seems different. Sure, in the past, countries sent a few spies into other countries, they tried to cultivate secret informants, maybe implant some microphones into the embassy of a foe, but by and large they didn’t, and couldn’t, spy on ordinary citizens in other countries. This has changed. The Americans, the British, the Chinese, and likely a few others can now engage in widespread electronic espionage targeting whoever they deem fit. They can much more easily gather information to blackmail citizens of other countries to take actions against the interests of their own government, they can engage in corporate espionage, and if it came to it they could use these powers in potentially paralyzing electronic warfare. And there is always the risk that this power could be hijacked by terrorists.
As more countries, with varying commitments to civil liberties, gain surveillance capabilities an immediate concern is that they will abuse this new power against their own citizens. A collection of over 250 NGOs including Human Rights Watch and several Indian organizations recently put out a statement of principles on how human rights should be applied to surveillance programs. These principles are applicable to the interception of both domestic and extraterritorial communications and worth reading.
I think what’s important to see in this struggle for the protection of privacy and the regulation of communications is that it will have to be part of a global movement. Getting the balance right is not an easy problem to solve and it throws up many conceptual and logistical challenges. How do we frame who is a reasonable target for surveillance by a foreign government (or a domestic one)? How do we ensure some degree of transparency and accountability of governments’ surveillance efforts? How do we create meaningful remedies against undue surveillance both domestically and across borders? How do we build privacy into the architecture of the web itself in a thoughtful and meaningful way? Yet, I think we are also uniquely up to solving these challenges. Despite all the genuine horrors and discouraging stories we see on the nightly news, the world has never been as peaceful, wealthy, or educated as it is today. It would be tragic if we decided at this moment in the world’s history to set up surveillance states that spread distrust and paranoia, discouraged free speech and dissent, and threatened to undercut the social fabric of a world that so many have fought so hard to make an open and tolerant place.
(Update: The Hindu has another article out today on NSA snooping detailing how the NSA has not been just picking up meta-data on Indian communications, but “listening in” on Indian conversations at the highest levels of government – including discussions about politics and India’s nuclear and space programs. The article points out that Indians, like all foreigners, have no recourse or protection from these intrusions by the NSA. It also suggests that some of the spying might be motivated by U.S. corporate interests. Despite their plausible?/self-serving? protests that they resisted the NSA’s intrusions into their users privacy, U.S. tech companies already worry that the NSA scandal will cost them billions as non-American users become suspect of their products. Revelations like these in India and Brazil may complicate trade more broadly between U.S. companies and other countries as governments fear that U.S. companies are gaining an unfair advantage through NSA spying – note: these accusations don’t have to be true to have broader trade ramifications, such an improper commercial relationship just needs to appear plausible.)