After Edward Snowden revealed himself as the source of leaked top secret documents that exposed the National Security Agency’s sprawling surveillance programs, he said his biggest fear was that nothing would change.
It was a fear that seems at first quite unfounded.
One year after Mr. Snowden released the documents – providing a steady drumbeat of press accounts detailing NSA programs hoovering up Americans’ telephone data, tapping into social media like Google, Facebook, Yahoo, as well as tapping into undersea cables and spying on allies’ cell calls – the world has changed.
Relations between the US and its allies have gone from mostly warm-and-fuzzy to frosty. White House efforts to rein in China’s massive economic cyber-espionage program directed at US companies have hit a wall. American tech companies are in full damage-control mode facing hostile European regulators and a furious public.
From the standpoint of Snowden’s stated objectives, the biggest gain from the leaking of the documents is in government transparency. Amid polls showing public privacy concerns, some lawmakers are pushing for surveillance constraints – and the White House seems to be going along. But what’s less clear is just how far such gains will go, or how permanent such shifts will be, cyber-security, foreign affairs, and civil liberties experts told the Monitor.
Fighting to regain the public’s trust, the White House has ordered documents released, while Congress mulls limits on telephone data collection. Government transparency advocates are abuzz over what they say is the most significant leak since Daniel Ellsberg released the Pentagon Papers to the media.
“The impact has been electrifying,” says Steven Aftergood, director of the non-profit Federation of American Scientists’ Project on Government Secrecy. “In response to Snowden, the government itself has declassified more top secret intelligence records about ongoing intelligence programs than it has ever done in its history. It’s not superficial. It’s quite amazing.”
At the same time, however, a US campaign to get nations to embrace an “open” Internet and not permit government control – has been seriously undermined by the NSA revelations. And the NSA’s ability to track terrorists and spy on adversaries has sustained damage, too, US officials say, though it’s not clear how much, outside experts argue.
“From the US perspective, the overall impact so far is clearly a net negative,” says Adam Segal, a senior fellow at the Council on Foreign Relations. “Beside the fact that serious NSA technical capabilities have certainly been shown or demonstrated to the Chinese and Russians, other long-term effects on cyber-space governance are affected, and the underlying question of US legitimacy in shaping the future of the Internet weakened.”
Even civil libertarians, who from the beginning hailed the Snowden revelations for shining a light on what they declared to be a gargantuan attack on individual privacy, are today unsure of how serious or lasting gains in government transparency and personal privacy will be.
“We don’t know yet what the impact will be, the story keeps changing,” says Elizabeth Goitein, co-director of the Liberty and National Security program at the Brennan Center for Justice in New York. “The public and lawmakers realize this was serious, and the people cared about it. It wasn’t just a typical news cycle.”
The House last month approved legislation to rein in the scope of NSA surveillance, which had been extended after the 9/11 attacks under the USA Patriot Act. The new measure, the USA Freedom Act, has provisions that appear to prohibit bulk collection of domestic phone call data. The Senate has yet to vote on the bill.
But some say the bill has been “watered down” with wording inserted at the last minute that could permit the intelligence community to do an end-run around phone data surveillance limits, she and others note.
“At the last minute, they held these closed door talks between the administration and House leaders – and they gutted the bill,” she says. “They decided they weren’t open to that much reform. So it’s no longer clear at all what effect the bill will have on collection of Americans’ phone records.”
Steps to restore public trust
To allay the public’s fears over government surveillance policies, the White House has ordered intelligence gathering practices reviewed and revised, phone records held by industry not government, and pledged a new openness by declassifying thousands of secret documents.
The number of pages released through formal declassification in response to Snowden’s revelations is roughly double the number of pages actually leaked by Snowden through the press, says Mr. Aftergood of the Federation of American Scientists. Some 1,000 to 1,500 formerly secret documents were leaked to the press by Snowden, he says. Meanwhile, well over 2,000 more have undergone formal declassification and release by the government.
It includes everything from NSA internal procedures, guidance, and training materials to Foreign Intelligence Surveillance Court decisions, to previously classified reports to Congress.
“Basically the government had a realization that disclosure could serve its own interests, could help to correct perceived errors, provide context, and help build credibility,” Aftergood says. “This is good even if it is self-interested.”
Impact on businesses
It’s far from clear, however, how much damage to public trust that added transparency will repair. For US social media and other technology companies, the damage to their business prospects is serious and may be growing with the uncertainty over the long-term effects of Snowden’s revelations on the future of cyber-space, some say.
A Harris poll in April found that two-thirds of adult Americans who are at least somewhat familiar with the NSA revelations, said technology companies had violated the trust of users “by working with the government to secretly monitor communications of private citizens.”
With even more severe public attitudes in Europe, lawmakers there are expected to enact heavy new regulatory requirements on US tech companies.
Google Chief Eric Schmidt earlier this year declared himself “outraged” at news reports of NSA snooping on his company’s networks. That reaction was relatively mild compared with his company’s security engineers, two of whom reportedly exploded with profanities when they saw in the newspaper a hand-drawn NSA diagram depicting how the agency was intercepting Google data. The result: Google and Yahoo are furiously encrypting that previously vulnerable link – slamming shut that flow of information to the NSA.
“There’s been a very real and growing concern in Silicon Valley that they are losing competitive advantage to European companies that simply tell customers that their systems are not subject to the same spying US companies are,” Chris Finan, a former Obama administration cyber-expert, told the Monitor in January. “It’s a serious problem that if not dealt with could do long-term damage to a key US industry.”
Impact on cyber-security
Rampant stockpiling of cyber-vulnerabilities for weapons and spying may also be changing – or not. After the NSA was forced just last month to deny press reports that the agency had used the Heartbleed Internet vulnerability in its spying, senior White House officials said the Obama administration will soon begin a new evaluation process that more routinely reveals, rather than keeps hidden, the majority of cyber-vulnerabilities, thereby boosting the nation’s cyber-defenses.
“The first-order impacts [of the NSA spying revelations] still seem not as bad as we feared with a big dip in transatlantic trust but perhaps not as much direct catastrophe as we feared,” says Jason Healey, director of the Atlantic Council’s Cyber Statecraft Initiative. “The boost in transparency from the White House has been long overdue. With issues of cyber and intelligence so buried for the last decade, it was a breath of fresh air that Obama's intelligence policy wasn't just declassified but in fact unclassified.”
But he’s not so sanguine that the US government has learned its lessons on surveillance overreach.
“I suspect they feel that they have dodged the worst and may even be in the mood for further risk seeking,” he says. “For example, there's little in the current Congressional bills [that] really live up to the moment we're facing.”
Even those who cite major gains in transparency are worried about their permanency. In his first major speech on cyber-security, Secretary of Defense Chuck Hagel promised more transparency by the National Security Agency, calling for a “more open dialogue” about NSA activities and citing a need to honor “our nation’s tradition of privacy rights.”
But in speaking at the “first-ever live broadcast” from NSA headquarters at Fort Meade, Md., Secretary Hagel also called for more investment at the Pentagon’s new Cyber Command and development of “full-spectrum” offensive cyber-capabilities. Such gyrations give pause to those hoping for more transparency and government bending to privacy concerns.
“Even now, the path of least resistance for government would be to revert to past practices,” Aftergood says. “Director of National Intelligence James Clapper has said on a number of occasions that the government would have been better off if it had disclosed the practice of bulk collection and not waited for it to be leaked. If he really means that, it’s a lesson that could be applied to other programs, like the drone program. We’ll just have to wait and see.”