The Internet Security Illusion
Call Edward Snowden what you will: traitor, hero, or simply a naive young man. Maybe he’s all three. At the recent South by Southwest Interactive conference, he was both subject and object, clarifying some of the defining public-policy challenges of the digital age even as he illustrated the difficulty of resolving them.
Snowden, a fugitive who began leaking documents about the National Security Agency’s surveillance operations last year, spoke via video feed before a large and largely sympathetic crowd in Austin, Tex. He exhorted technology companies to better protect their users, called for more oversight of the NSA, and inveighed against bulk surveillance.
Nothing new there. But he also conveyed two deeper lessons—one wittingly and one not. The first is that security on the Internet is often illusory. Cybercriminals can exploit and create security flaws as fast as the private sector can close them—and so can the NSA itself. As Snowden noted, even as the NSA was trying to protect Americans from online threats, it was working to introduce weaknesses into security tools such as encryption.
It may well be that the nature and architecture of the digital economy will permanently redefine notions of privacy and security. And it’s undeniable that Internet companies have some responsibility for protecting their users from unwarranted snooping, as Snowden says. But the kind of information the NSA has been collecting is much the same as that which consumers voluntarily divulge to technology companies every day. And it’s the same information those companies routinely sell to advertisers. That won’t change anytime soon.
The second lesson stems from Snowden’s mere presence—or, rather, lack thereof—as his comments were beamed to the audience in Austin from a site in Russia. For all the NSA’s legendary secrecy, all it took, in the end, was a young security contractor with an overdeveloped sense of indignation and some technological know-how to expose its methods to the world. Hardening cyberdefenses and using tools such as encryption are well and good, but such systems are only as trustworthy as the people who use them.
If Snowden deserves credit for anything—and that will be easier to apportion if he returns to the U.S. to make his case in a court of law—it’s for starting a debate about surveillance that even President Obama has said is important. Technology changes the details of this debate, but not its parameters. If Americans, as citizens, want the NSA to curtail its mass surveillance, they can demand that change from Congress. And if Americans, as consumers, want to stop digital enterprises from collecting and selling so much of their data, they can demand that change in the marketplace.
As always in an age of technological flux, such changes will bring plenty of unforeseen consequences. They will carry costs as well as benefits. The challenge lies not so much in identifying the trade-offs as in striking a balance between them.