Sensationalizing Cyber Surveillance

As we adapt our laws to technology, we struggle to strike a balance between national security and privacy. As we do, we tend to thrash back and forth between extreme policies such as the Computer Fraud and Abuse Act of 1996 criminalizing researchers and hackers to the Patriot Act of 2001, criminalizing everyone else!

If we begin with first principles, I’d guess that as a society most of us would find the following to be a reasonable starting point for resolving this issue: in light of threats from criminals, terrorists and geopolitical rivals, our government agencies should conduct whatever surveillance they need to, so long as they do not violate our constitutional rights in any way. Chipping away at the Constitution is far more dangerous to us as a precedent than any external enemy. But once we establish that imperative, we want the FBI and NSA to do their jobs as well as they can, with all the tools at their disposal.

Unfortunately, many journalists, bloggers and other pundits prefer to stoke the fires of fear. Conspiracy theories, after all, are a time-proven way to increase clicks, grow one’s twitter following, and sell books. Yesterday’s report of Verizon’s compliance with a court order to provide meta-data on phone calls, and today’s allegations that NSA’s PRISM program has had free rein on the data stores of the largest internet services, have presented just such a golden opportunity (e.g. BIG BROTHER IS HERE), and now the floodgates are open!

PRISM raises tough questions about the need for transparency in our government agencies, but it is unproductive to be reactionary and polarizing, since these qualities mask the best solutions. And there probably has never been a more prolific source of security and privacy solutions than my friend Bruce Schneier, whom I’ve backed as an entrepreneur, whose books I’ve read more than once, and whose words have guided me as an investor. But even Bruce slipped into sensationalism when he posted an article today on The Atlantic titled What We Don’t Know About Spying on Citizens: Scarier Than What We Know.

Bruce compels the reader that we need better disclosure, but I believe he goes a bit too far in several respects. “The NSA received…everything except the voice content: who called who [sic], where they were, how long the call lasted,” writes Bruce. But that seems inaccurate, since the NSA has not received any personally identifiable information of the callers. For that, they need a court order.

“We know [the FBI] can collect a wide array of personal data from the Internet without a warrant,” but so can Google and thousands of other internet companies who track everything we do; the FBI do any less? Bruce asserts that the FBI can use the microphone in our smartphones to bug a room, if they have a warrant; but why shouldn’t the FBI use smartphones to effect a warranted bugging?

“We know that the NSA has many domestic-surveillance and data-mining programs with codenames like Trailblazer, Stellar Wind, and Ragtime,” Bruce writes, “deliberately using different codenames for similar programs to stymie oversight and conceal what’s really going on.” But I cannot find any evidence that these codenames — typical for all government projects — were invented specifically to stymie oversight.

For a balanced view of the facts and issues, I recommend Joshua Foust’s blog post, and I leave you with this conclusion from today’s Washington Post editorial:

In the days after the Boston bombings, many asked why the government didn’t connect the dots on the Tsarnaev brothers. Now, many are asking why the government wants so much information about so many Americans. The legitimate values of liberty and safety often compete. But for the public to be able to make a reasonable assessment of whether these programs are worth the security benefits, it needs more explanation.