Hey, NSA, Get Off of My Cloud
Every week seems to bring another revelation about the National Security Agency’s global panopticon. And each disclosure makes it harder to extend the agency the kind of trust and latitude that good intelligence work requires.
The latest leak is a whopper. According to documents former intelligence contractor Edward Snowden provided to the Washington Post, the NSA has infiltrated the overseas “cloud” networks through which Yahoo Inc. and Google Inc. move their petabytes of data, which includes users’ e-mail. Because the collection is conducted abroad, it’s subject to less oversight than the agency’s previously revealed programs are. The intrusion is all the more curious because the NSA can already access both companies’ accounts under U.S. court supervision.
NSA Director Keith Alexander responded to the revelations tellingly. “We do not have access to Google servers, Yahoo servers,” he said at a Bloomberg Government conference, conveniently eliding exactly what the agency does have access to. That’s the kind of obfuscation the public should no longer tolerate, because the consequences of letting the NSA do whatever it wants are becoming clearer by the day.
Consider just one effect of the steady drip of disclosures: on American businesses. A previously disclosed NSA spying program could cost the U.S. cloud computing industry as much as $35 billion by 2016, according to one estimate. That may seem high -- you’d have to believe that companies would be so spooked about surveillance that they’d be willing to forgo the many advantages that U.S. cloud services offer -- but it’s looking more realistic by the day.
And the economic damage could soon spread. The NSA’s snooping has infuriated U.S. allies, and it may complicate trade negotiations with the European Union. U.S. technology companies shouldn’t be surprised if their products become less popular abroad with foreign customers fearful of surveillance, or if they’re subject to far more stringent privacy regulations overseas. Foreign governments may also start requiring companies to store data collected about their citizens locally or taking other protectionist steps for which the NSA revelations provide convenient cover.
In the U.S., the Snowden controversy has also complicated negotiations to pass cybersecurity legislation -- an essential and mostly unrelated effort to protect the country’s vital systems from intrusions by hackers, terrorists or disagreeable nations. Progress on such a law, already fraught with partisan hostility, looks that the Senate Intelligence Committee will be tied up with surveillance concerns. Talks on proposed privacy language and information-sharing provisions are also sure to grow more contentious.
That suggests another consequence of this never-ending saga: The NSA’s snooping is eroding trust in the U.S. government at a time when the threats of the digital world are burgeoning and American leadership is essential. Cybersecurity, where the U.S. has singular expertise, is just the start. The State Department’s efforts to promote freedom online will be harder to take seriously. Repressive countries seeking to tighten their control over Internet governance will be emboldened. And the open architecture of the Internet that the U.S. has long advanced and attempted to safeguard could come under threat.
Was there no one in the NSA who might have realized how its actions would look to the world, or was that merely a second-order concern? It’s hard to say which answer would be worse.
At any rate, Washington is finally taking notice of just how out of control the NSA’s policies are. Bipartisan legislation that would curb the agency’s ability to collect domestic phone data is now making its way through Congress. And President Barack Obama has proposed a few small reforms, such as installing a privacy officer and appointing outside experts to review the agency’s intelligence collection.
Yet the NSA has no shortage of oversight; the oversight system simply doesn’t work. The chief judge of the Foreign Intelligence Surveillance Court, which is supposed to supervise the agency’s spying programs, has admitted that the court lacks the ability to independently verify privacy violations. Even as the NSA’s oversight staff quadrupled from 2009 to 2012, its infractions grew more frequent.
A better solution would be an expansive and transparent investigation into the agency’s activities modeled on the Church Committee, which investigated intelligence abuses in the 1970s. In a similar spirit, Congress should empower technology companies to disclose more information about government requests for data, as they have requested.
Yes, intelligence agencies require a lot of leeway to do their work. But each new disclosure about the NSA shows that it seems to overreach at every opportunity. Restraint doesn’t appear to be in its DNA. It’s up to Congress to provide it.
To contact the senior editor responsible for Bloomberg View’s editorials: David Shipley at email@example.com.