How to Fix the NSA Mess

If the Internet is ever to be trusted again, the EU needs to set a new standard that limits surveillance

  • Share
  • Read Later

The Summer of Edward Snowden has given way to a Winter of Mistrust. The revelations from the former NSA contractor triggered all manner of responses—vocal support, shrugs, cries of outrage, and dismay. But now that he’s settled into legal limbo in Moscow, we’re left to confront what may be his most dismaying revelation: the basic expectation of private communications on the Internet is now commonly seen as fiction. The already fragile trust that supports the global Internet—the greatest marketplace of ideas and commerce the world has ever enjoyed— has taken a heavy blow. Though people may not share the same view of Snowden, most of us share a common interest in finding a way back to trusted communications online. The question is how.

(MORE: Edward Snowden Gets a Job in Russia)

Of course, Snowden hasn’t told us much that most people in the business of technology or law enforcement didn’t already suspect was happening. Many nations follow the same logic for conducting digital surveillance. If it is legal, technically possible, and affordable—it’s happening. As for U.S. intelligence agencies, we learned the intersection at the heart of that Venn diagram features a very large area of activity. But the muted response from most of the world’s governments (with the exception of Brazil and Germany) suggests they weren’t that surprised either—or have been enjoying cooperation with the NSA. Snowden’s documents helped demonstrate the difference between what governments will tolerate from one another—in secret—and what the public will tolerate from other governments in the light of day.

The irony for Snowden is that his professed goal in releasing the documents—to protect the free and open Internet from mass surveillance and technical balkanization in pursuit of security—has perhaps never been more in jeopardy. In fact, his revelations may have made things worse. There may now be more recognition and agreement that the current balance between security and liberty has come unmoored from democratic values. But the prevailing responses to this epiphany have not steered things back towards guarantees of the rights of citizens on the Internet. Many nations have simply shrugged, confirmed in their belief that the digital world is ruled by the Lord of the Flies. Others—most notably in Brazil and in some European capitals—have responded by a turn inward towards “technological sovereignty.” For supporters of Internet Freedom, neither one of these outcomes is positive. We are headed towards a world in which the logic of intelligence agencies— “trust no one”—contaminates the Internet and degrades its social and economic value to the world.

(MORE: The Future of the Internet: Balkanization and Borders)

The way back from this abyss is not a magic formula of technical solutions or digital Maginot Lines around national Internets. The only answer is a steady march through difficult politics. First, we must have a public debate about these issues. Second, we must come together to devise common standards. Third, we expect Europe will have to lead this process, and present a unified case to the U.S. Brazil’s threats have the spirit of righteous outrage but would not produce the right policy or produce change at the international level. Europe has the right incentives and geo-political influence to lead—if it can get organized.

To begin, Europe has to put its own cards on the table. We know a lot about the NSA now and their closest partners at the British GCHQ. But the same facts about how the European intelligence systems work remains unknown. You can’t protest against Washington’s secret surveillance systems that target foreigners if you’re doing the same thing yourself. A new study points out that Europe and the United States are more alike than you’d think when it comes to surveillance law and policy, even if the scope of their practical capabilities is different.

We need the courage of strong convictions here for two reasons. One, it would prompt a declaration of what a new standard of digital surveillance should look like (a return to “necessary and proportionate” under a strict oversight regime). Second, it would blaze a path for domestic reform that sets an example for what others should do. Surveillance will not go away.  It is a critical tool of law enforcement and counterterrorism, but its growing power in the Internet age must be circumscribed.

Germany is a logical choice to lead this work because of its own history with totalitarianism in the 20th Century and its strong cultural support for privacy and limits on state control over individual liberty. And with recent reports that Chancellor Angela Merkel’s phone may have been tapped by the NSA, the political pressure for answers will grow. If Berlin lifts up the banner, Europe could organize itself around a new policy of restricted surveillance practices that are applied to all citizens of the EU—actually enforcing what they are already theoretically bound to do in protection of privacy under the European Convention on Human Rights.

If the EU united around a new standard, it would almost certainly count the global Internet industry as an ally, led by the titans of Silicon Valley. These companies are caught in a tug-of-war between governments and customers and would jump at the chance to be a part of a solution. Together, they could join forces with a growing chorus among civil society groups in the US and around the world that change must come sooner than later to Washington.

The old adage about history repeating itself is ringing in our ears. This road through hard politics is more or less what the European Parliament embraced as the path forward after the last major scandal over electronic surveillance—the exposure of the Echelon program in 1999. The final report and recommendations from Brussels were issued to member states in July of 2001. These were not dissimilar to what must be done now, but the events of 9/11 swept all of that aside. Just as President Obama has declared his intention to end the war on terror, he should also take a strong interest in leading an effort to reset his policies on surveillance to restore the balance between security and liberty—and in so doing, restore some of the trust that the Internet has lost.

Ben Scott is Senior Advisor to the Open Technology Institute at the New America Foundation and directs the European Digital Agenda program at the Stiftung Neue Verantwortung in Berlin. Georg Mascolo is the former Editor-in-Chief of Der Spiegel is now a visiting scholar at the Weatherhead Center for International Affairs at Harvard University. Scott and Mascolo recently co-authored a paper called Lessons from the Summer of Snowden. This article was originally written for New America Foundation’s WeeklyWonk

4 comments
bill4
bill4

The "titans of Silicon Valley" are part of the problem. They are concentrating traffic to their sites. Don't ask them to undermine their own business plan. It won't happen.

The solution, if one presents itself, will come from the Open Source community. 

Email is a known security disaster right from the start. It needs to be replaced with something that has security as a first priority. Search engines need to be wrested from their corporate entities and handed over as open source projects where everyone can inspect the code. 

People need to realize that Facebook, Twitter, etc are a gold mine for digital snoops and the mere fact that corporations want everything to go on to their "clouds" is an indication that they want more, not less control over everyone's data. Putting your information up on a cloud service is insane, but that just proves that the average person is unconcerned with security as these services are growing.

Penttijuhani
Penttijuhani

An aspect of importance in fixing up the "citizen right" on both sides of the Atlantic, other oceans, would be the realistic definition of the problem. Thus far that has not been done; the Snowden´s information is not really anything new. The USA resources in collecting and conserving have been rather known, like the number of the persons engaged to do the job. The first question is thus: is it necessary? It has not been really even debated.

Secondly. In practice all of the intelligence organisations have used, and used in questionable ways the USA services. In practice the political leaders and high officials have the custom of saving themselves from risks by "the creation of conspiracies" with the help of, say, CIA or Pentagon. Yet they all have laws saying that it is a crime to do that with any "foreign country." It is at times both a treason and a serious case of a misuse of public power. There the CIA on the front page of the local daily is the standard explication.

In practice also a few more details of cases of that kind are needed for a meaningful debate. Why not get them from the humanistic and legal beauties like Sweden? Or from a country in a tight corner like Finland. It would offer the Soviet or Russian extension.  If the individuals are to win their proper rights, individual cases should be presented as examples.