By Jack Shafer
(Reuters) - At several recent junctures, the U.S. government has publicly sought to expand its power and control over the electronic privacy of its citizens. At each point, the government was roundly foiled by the public and the majority of the political class, which rebuked it. But that has evidently never stopped the government from imposing its will surreptitiously. As the reporting of the New York Times, ProPublica, and the Guardian about the National Security Agency's programs exposed by Edward Snowden showed once again yesterday, when the government really wants something, it can be temporarily denied but rarely foiled.
In the early 1990s, computer scientist and activist Phil Zimmerman created an encryption program called Pretty Good Privacy, or PGP for short, to block the government and other snoopers from reading the emails and files of users. To retard PGP, the government targeted Zimmerman with a criminal investigation for "munitions export without licenses" after the program appeared overseas, explaining that the program's encryption exceeded what U.S. export regulations allowed.
Zimmerman and his allies eventually won the PGP showdown, as did privacy advocates in the mid-1990s, defeating the government's proposal for the "Clipper chip," which would allow easy surveillance of telephone and computer systems, and again after 9/11, when Congress cut funding for the Defense Department office in charge of the Total Information Awareness (TIA) program, a massive surveillance database containing oceans of vital information about everybody in the United States.
But the journalistic record proves we can't trust government's white flag of surrender. In the case of TIA, the government abandoned the program's name but preserved the operation, as Shane Harris and others reported seven years ago, giving it new code names and concealing it in places like the NSA. The documents Snowden stole from the NSA show the government capturing and analyzing much of what TIA sought in the first place.
Yesterday's Times-ProPublica-Guardian pieces revealed the government accomplishing its PGP and Clipper chip goals by similar subterfuge. The NSA has "circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems," reported the joint ProPublica and Times article. The agency spends hundreds of millions a year in its work "with technology companies to 'covertly influence' their product designs" to make end-user communications more visible to its eyes, reported the Guardian. At Microsoft, the NSA coerced its way into pre-encryption access to the company's email service, its Skype phone system, and SkyDrive, its cloud storage service.
The NSA's techno-dodges give civil libertarians a choice of two large pitches on which to throw their fits. Should they be more angry about the national security bureaucracy first seeking the public's consent to drink from the national information stream and then, when told "no," ignoring the thumb down? Or is the greater outrage the fact that the vast and secret surveillance program was established at all, and not how it was established? As a fit-throwing civil libertarian, I intend to alternate from one field to the other. On even days I'll scream about the basic outrage. On odd days, I'll stamp my feet over the "you asked for permission, I said 'No,' and you went ahead and did it anyway" transgression.
Who made the U.S. government's decision to bootleg its expansive surveillance system into place? To compromise the Internet and the devices we use to connect? To intentionally weaken the existing security systems by installing secret "back doors," thereby making us all more vulnerable to a hostile cyber-attack by foreign powers or individuals who discover them? To reverse the popular will - or least the politically possible - without any further discussion? That last move would smack of totalitarianism, except that totalitarians make no pretext about needing the consent of their citizens to rule.
If you think I'm playing civil-libertarian Chicken Little about how small compromises can fissure and can suddenly grow big, consider the example of Edward Snowden, who stole the tens of thousands of pages revealing the NSA's surveillance practices and architecture. But Snowden didn't have the right to view all of them. As NBC News reported last month, he used his power as a system administrator to exploit design weaknesses in NSA internal systems (which NBC News calls "antiquated") and assume the electronic identities of top NSA officials. These officials were authorized to view the more sensational documents, and once Snowden donned the mask, he could view them, too. Ordinarily, NSA employees can't copy data off of computers, for the obvious security reasons. But because Snowden held administrator rights, he could and did and then distributed copies to journalists. According to NBC News, the NSA employs 1,000 system administrators.
Can somebody explain to the NSA that Snowden has merely done to the NSA what the NSA has been doing to U.S. citizens and business for decades? Snowden deceitfully ignored the legally binding promises he made to the NSA; the NSA similarly runs roughshod over both the letter and the spirit of surveillance legislation (and systematically lies about it, something Snowden doesn't do). Snowden stole secrets; the NSA steals secrets (and encryption keys, according to yesterday's reports), only at a more colossal level. Snowden took it upon himself that he, not the NSA or his government, knows best; the NSA and its governmental partners believe they know best; Snowden creatively exploited the technical weaknesses in the computer matrix to accomplish his goals; so does the NSA.
Everything Snowden knows about following the rules he learned from the NSA. Somebody, somewhere in the agency must be perversely proud of what he's done.
(Jack Shafer is a Reuters columnist. The opinions expressed are his own.)