Argument

It’s Been a Year Since Snowden, and Nothing’s Really Changed

It’s Been a Year Since Snowden, and Nothing’s Really Changed

It’s been a year since we woke to media reports on June 5 that the National Security Agency (NSA) has been sweeping up the phone records of everyone in the United States. The news was a shock — but as it turns out, it was also only the beginning. In the following months, we’ve seen a mountain of other revelations: of breathtaking data hauls that collect billions of Internet communications from around the world, gag orders that bar companies from warning their customers of privacy violations, spying on world leaders, and even systemic efforts by the U.S. government to break and undermine commercial encryption software.

What we’ve seen far too little of over the past year is any real change. In the wake of the Edward Snowden leaks, the United States has denied some of the allegations, and disclosed — under pressure — a tiny bit of information about some of its programs. But very little has been done to rein in the surveillance itself. The few proposed reforms we have seen have been so watered down that none come close to adequately restraining the government’s capacity for mass electronic surveillance.

But first, a brief review: In the past year, we’ve learned that not only is our telephone data collected, our Internet communications are also under watch. Stunning amounts of data are being collected under the government’s interpretation of the Foreign Intelligence Surveillance Act (FISA). U.S. Internet companies turn over the content of communications like texts, emails, videos, and chat messages under Section 702 of FISA, which authorizes the warrantless collection — inside American borders — of communications containing "foreign intelligence information," a term defined to include essentially anything about the foreign affairs of the United States — so long as at least one person on the end of the communication is located outside the country.

According to a recently disclosed 2011 FISA court opinion, roughly 250 million Internet communications were acquired under Section 702; as of April 5, 2013, there were 117,675 active "targets." Those targets, by the way, don’t have to be individuals. Under guidelines previously secret but disclosed by Snowden, they can be "facilities" or "places," too — meaning each target can potentially rope huge numbers of people into the dragnet. All of this collection has been happening under gag orders that prevent the companies from speaking publicly about it or informing their customers in any meaningful way.

In addition, the government has been making ample use of so-called National Security Letters (NSLs) — a form of administrative subpoena that gives the FBI and other agencies the power to compel companies to produce, without judicial approval, many of the same records, such as telephone and email subscriber information, that require a FISA court order under other laws. This NSL authority was expanded after September 11, 2001, under the Patriot Act; today, the FBI issues nearly 60 NSLs per day — all of which place the companies that receive them under gag order. 

At the same time that the United States has been forcing companies to turn over data here in the United States at the front end, it has been reportedly collecting their customers’ information without their knowledge, by tapping into the main global communication links of Google, Yahoo!, and other companies overseas. The administration is reportedly relying on Executive Order 12333, which authorizes surveillance activities outside the United States, in order to tap into these lines, and is collecting millions of records daily, including metadata, text, audio, and video — an effort that Google Executive Chairman Eric Schmidt called "outrageous." It has intercepted packages of technology equipment en route to customers in order to install malware or backdoor-enabling hardware before the equipment reaches its destination, and has been systematically undermining encryption standards and creating backdoors in commercial encryption software.

Finally, in one of the most recent disclosures, in March, we learned that under a program called "Mystic," the NSA records "every single" telephone conversation taking place in an unnamed country. Later reports would reveal that the recording was actually taking place in two countries — the Bahamas and Afghanistan — and that Mystic is also collecting metadata in other countries such as Mexico, the Philippines, and Kenya.

This is likely still just the tip of the iceberg. The reporting thus far has only covered about 1 percent of the documents Snowden turned over to reporters, according to the editor of the Guardian. Just a few weeks ago, Glenn Greenwald, who was first to report on the Snowden documents, said many more stories were still to come

What has changed as a result of a year’s worth of revelations? Not much. The best of Congress’ reform proposals, the USA Freedom Act, is focused on ending the bulk collection of American phone records, not the mass collection and indiscriminate surveillance practices abroad that affect far more people, and include the collection of the actual content of Internet activities and phone calls, not just metadata. This is presumably because lawmakers believe their constituencies are concerned more about their own privacy rights than those of foreigners. But this shortsighted approach ignores the broader global economic implications and backlash that will inevitably result from failing to pay due respect to others’ rights outside U.S. borders.

And even the USA Freedom Act was recently so watered down by pressure from the White House, which holds the threat of veto power, and the powerful intelligence community, that it’s not clear if even it will actually modify anything. The weakened version, approved by the House last month, changed, among other things, the definition of terms to allow for collection of much more data than what was proposed in the original bill. It is now up to the Senate to restore some of the
original bill’s stronger provisions.

In January, President Barack Obama announced some measures that would restrain U.S. surveillance practices abroad. These measures were a step in the right direction: They announced plans to put limits on the retention and dissemination of collected data, and to apply these limits equally to all persons, regardless of nationality. However, not only did the White House not explain how or when these measures would be put in place, more importantly, it did not put any real limits on the collection of the data to begin with. The administration seems to have the impression that mere collection of data is not in and of itself a problem and that, with these reforms, which speak only to how the data will be used and shared, it is on the path to redemption. In sum, most of the collection will continue unabated, and the privacy rights of the millions of people who are not Americans will continue to be routinely and indiscriminately invaded.

Prior to these disclosures, the United States was considered a world leader in promoting Internet freedom. It made it a signature part of American foreign policy and spent millions of dollars supporting new tools to protect the digital privacy of human rights activists globally. But the last year has deeply undermined global trust in U.S. leadership in this area, not to mention its commitment to the rule of law and transparency in government.

If this trust continues to erode, it will have huge ramifications for U.S. business and foreign-policy interests. Technology companies are already losing billions of dollars and overseas customers who want their data stored away from the snooping eyes of the U.S. government. Studies estimate a loss of between $35 billion and $180 billon to the U.S. cloud computer industry over the next three years. And U.S. diplomats are now at a distinct disadvantage when negotiating economic and foreign-policy agreements abroad. The leaks have dealt a blow to America’s standing when criticizing countries with repressive regimes, who threaten fundamental rights such as freedom of expression and association — rights that Washington purports to hold dear. Hypocrisy does not sell.

It’s time for both the president and Congress to wake up to the damage these programs wreak on U.S. prestige and security and get serious about meaningful reforms. We need reforms that will end mass collection of personal data — not just for Americans, but for millions of people around the world accused of no wrongdoing.