Saturday, June 8, 2013

NSA Explains PRISM Program

USA Today (h/t Instapundit) reports on a statement issued by the NSA to describe the PRISM program. According to the statement:
"Over the last week, we have seen reckless disclosures of intelligence community measures used to keep Americans safe. In a rush to publish, media outlets have not given the full context — including the extent to which these programs are overseen by all three branches of government — to these effective tools," Clapper said.

"PRISM is not an undisclosed collection or data mining program," Clapper said in a fact sheet that accompanied his statement.
The system manages foreign intelligence information collected under Section 702 of the Foreign Intelligence Surveillance Act, he said. "The authority was created by the Congress and has been widely known and publicly discussed since its inception in 2008," he said.

The program has yielded results, including providing insight into a terrorist organization's strategic planning efforts, intelligence about weapons of mass destruction proliferation networks and information about potential cyberthreats, the fact sheet said.
"This insight has led to successful efforts to mitigate these threats," the fact sheet said.
The statement goes on to mention that Section 702 had been subject to extensive public debate.

There are certain problems with the "public debate," portion. First of all, the Patriot Act was not subject to extensive public debate when it was first passed. And we know that laws are very rarely subject to the same debate and scrutiny when they are re-authorized or amended.

Second, and more important, there was no true public debate because the capabilities and scope of Federal intelligence was not (and is still not) understood. You cannot have an intelligent discussion of surveillance if you do not know capabilities. Back in the days of simple pen-registers to capture the telephone numbers called from a single telephone, the capabilities were so limited that it did not seem unreasonable to allow the government to collect such information without warrants. Now, we learn, the NSA can and is vacuuming up detailed information on millions of people.

Third, the NSA statement sidesteps the issue that the NSA, FBI and FISA court conspired to bypass laws designed to limit the NSA from conducting domestic surveillance.

Obviously, there have been numerous articles on the political blow-back in the U.S. However, (again via Instapundit), some people are looking at the potential economic blow-back:

According to the document, a bizarrely low-budget internal PowerPoint from the NSA, this Prism surveillance program could give the NSA access to email, video chat, VoIP conversations, photos, and stored data from the participating companies. Unlike the call data collection program, this program focuses on mining the content of online communication, not just the metadata about them, and is potentially a much greater privacy intrusion. James Clapper, the director of national intelligence, said in a statement that the Prism program "could not be used to intentionally target any U.S. citizen"—a statement that, given the nature of how data mining is done, should do little to allay the fears of civil libertarians.
Let's say we take Clapper at his word: How much should we worry about a program that is aimed at monitoring the digital communications of foreigners? We should worry quite a bit, because this issue goes far beyond just respecting the civil liberties of non-Americans.
Think for a second about just how the U.S. economy has changed in the last 40 years. While a large percentage of our economy is still based in manufacturing, some of the most ascendant U.S. companies since the 1970s have been in the information technology sector. Companies such as Microsoft, Apple, and Google are major exporters of information services (if you can think of such a thing as "exportable") through products such as Gmail, iCloud, Exchange, and Azure. Hundreds of millions of people use these services worldwide, and it has just been revealed to everybody outside the U.S. that our government reserves the right to look into their communications whenever it wants.
If you lived in Japan, India, Australia, Mexico, or Brazil, and you used Gmail, or synced your photos through iCloud, or chatted via Skype, how would you feel about that? Let's say you ran a business in those countries that relied upon information services from a U.S. company. Don't these revelations make using such a service a business liability? In fact, doesn't this news make it a national security risk for pretty much any other country to use information services from companies based in the U.S.? How should we expect the rest of the world to react?
Here's a pretty good guess: Other countries will start routing around the U.S. information economy by developing, or even mandating, their own competing services. In 2000, the European Union worked out a series of "Safe Harbor" regulations mandating privacy protection standards for companies storing E.U. citizens' data on servers outside of the E.U. For U.S. companies, that means applying stronger privacy protection for European data than for our own citizens' data. And now there is considerable reason to believe that Prism violated our Safe Harbor agreements with the E.U.
Has it come to this? Are we really willing to let the fear of terrorism threaten one of the most important sectors of the U.S. economy? Frankly, I expect the Prism program to fall apart on its own, not because of public outcry but because the companies that participated will now see it as a toxic association that could threaten their status in fast-growing foreign markets. If U.S. intelligence agencies try to compel participation through the courts, I expect companies such as Apple and Google to start putting up a legal fight—not just because Prism is bad public relations, because it's bad for business.
What the FBI, NSA, and others in our government (and many other governments, for that matter) don't understand is that a robust economy and business market can only thrive on trust. One of the reasons that U.S. companies and stock markets have traditionally been able to attract more investment than those in other nations is the transparency required by U.S. law, U.S. accounting standards (GAAP), and the stock exchanges. Openness assists trust. But some types of trust rely on the parties trusting that communications and information is secure and undisclosed. For instance, our legal system relies not only the belief and trust in an impartial and fair legal system, but that communications with legal counsel are privileged and undisclosed. Doctors and psychologists need their patients to be frank and honest (something that I fear will be undermined by Obamacare). And information technology relies on confidential and secure communications. Something that the NSA programs have now demonstrated is not possible in the United States. Good job, guys.

No comments:

Post a Comment