National Security / Politics / Technology

The Risks of Substantive NSA Reform

In the wake of Edward Snowden’s unsettling disclosures last year about the extent of government surveillance on Americans, the Obama administration and Congress made it imperative to restore public trust in the National Security Agency (NSA) as well as the government in general.

The result was the Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-Collection, and Online Monitoring Act, otherwise known as the USA Freedom Act.

The bill was first introduced in Congress in October 2013, with the aim of limiting the NSA’s bulk metadata collection practices, which were established under the Patriot Act of 2001. The original version of the USA Freedom Act passed by the Senate sought to ban the NSA from collecting bulk records on its own, and instead to delegate the role of data storage to telephone companies. The agency would then only have access to it with permission from a special federal court.

While this may sound appealing (after all who likes the idea of the NSA snooping around and listening to our private phone conversations?) it could actually create more security concerns.

“Systems at the NSA are built to withstand intrusions by sophisticated adversaries… Phone companies generally aren’t up to the same standards, so it may be easier for outside hackers or rogue employees to compromise the data,” according to Nathan A. Sales, former deputy assistant secretary of homeland security.

The issue of data security in turn raises the question: what does the NSA actually do? It engages in data mining, which involves discovering patterns in phone and Internet records that could be a sign of terrorist activity.

So no, the NSA does not actually spend its time carefully sifting through every American’s emails and listening to phone conversations with prying ears. In fact, most of its surveillance activities are individualized queries, investigating specific people who are linked with terrorist activity. Also, the NSA only collects metadata, which for phone records would be the number called, the duration of the call, and the time the call was made. It does not include the audio content of the call itself.

Last month, the House of Representatives overwhelmingly approved an amended version of the bill, which many claim was significantly ‘watered-down.’ A major point of debate was the language itself, which critics contend is too broad and contains loopholes for the NSA to exploit.

One example is the continued exclusion of a special advocate in the Foreign Intelligence Surveillance Court (FISC) who would represent the general public. This means that when the NSA requests approval to collect data from targets in the U.S., it does not face any adversarial resistance.

Civil liberty groups argue that this is a violation of the American legal tradition and an infringement of individual liberty. The House bill addresses this concern by requiring the appointment of external lawyers, although the FISC judges can refuse these lawyers if they provide a written explanation, which is kept confidential, of why the public should not be represented.

I agree that the judicial process in the FISC isn’t emblematic of fairness or democracy. However, one has to also consider the unpredictable time constraints the NSA operates under. The presence of an opposing counsel would most likely involve numerous, lengthy hearings that would cause delays in the collection of valuable and urgent information.

Other major critics of the House bill have been tech companies. In a letter to the Senate entitled Reform Government Surveillance, nine major tech firms, including Facebook and Google, expressed their concerns for customer privacy and argued for greater transparency about government demands for user information.

It’s interesting how these multibillion-dollar businesses claim to be champions of user privacy when their targeted ad-based revenues are a byproduct of their access to user preferences and purchasing habits. As Steven Levy notes in his article, How the NSA Almost Killed the Internet’, there is one basic but essential similarity between the NSA and tech firms: they both operate by amassing huge amounts of user data.

“Google, Facebook, and others argue that they can use that information to improve the lives of their customers far in excess of any discomfort that may come from sharing that data. The NSA believes that it’s necessary to draw on that information to prevent a replay of 9/11 or worse.”

Although more transparency in the NSA’s processes and the FISC hearings is desirable, it ultimately undermines the role of the agency. The more it engages in public debate and discloses details of its operations, the more it compromises the security of the country.

The bill is currently under review by the Senate Judiciary Committee. While critics of the amended version may urge for stronger language that restrains the NSA’s powers, it is crucial to proceed with caution. The guiding principle should be allowing the NSA the flexibility to continue doing its job of protecting the country from terrorist threats. In the meantime, it is necessary to dispel the exaggerations of NSA ‘snooping’ that are often reported in mainstream media.