A new book describes reform efforts within America’s growing surveillance state—and advocates for further change to protect citizens’ privacy while maintaining security.
Before serving as an intelligence official in the Bush and Obama administrations, Timothy H. Edgar—a senior fellow at the Watson Institute for International and Public Affairs at Brown University—defended privacy rights as an American Civil Liberties Union lawyer. A cybersecurity expert, Edgar published his new book, Beyond Snowden: Privacy, Mass Surveillance and the Struggle to Reform the NSA (Brookings Institution Press, 2017), this week.
The title refers to Edward Snowden, the former Central Intelligence Agency employee and National Security Agency (NSA) contractor who, in 2013, leaked the existence of several mass surveillance programs, including the bulk collection of American telephone records, and revealed details of web surveillance programs. Congress is debating this year whether to renew the legal authority for these programs.
Here, Edgar shares specific recommendations for reforms and his thoughts on why America should become a leader in surveillance reform:
Do you think most Americans understand what Snowden brought to light and what is at stake with the NSA’s mass surveillance programs?
I think on a broad level that people do, because they understand that their privacy is at risk in the digital age, but they are perplexed about how mass surveillance works.
The US has built a mass surveillance state that threatens the privacy of everyone in the world, but our surveillance laws are out of date. Long before Snowden came along, we were debating these issues inside the government. A major reason I wrote this book was to make that debate more accessible to the general public.
What rules and laws guide intelligence agencies on communications and privacy? What makes them out of date?
The first and most important rule is the Constitution—mainly the Fourth Amendment, which protects us against unreasonable searches and seizures. Second are federal laws, like the Foreign Intelligence Surveillance Act, which are designed to implement those rights. And third are executive branch oversight rules that apply to NSA personnel.
The problem is that all these laws were originally based on analog technology and on a world before globalization. They provide little protection for metadata—when a call was made, to whom and how long it was, or the routing information that applies to digital communications like e-mail—as opposed to the content of calls or messages—what was said. They make it easy to scoop up the communications of foreigners outside the US because the law is based on a faulty and outdated assumption that Americans’ privacy isn’t affected very much by “foreign” surveillance.
These kinds of distinctions really are relics from the 1970s. Today the world is both digital and transnational. Drawing lines between different kinds of personal data and between Americans and foreigners is both more difficult and more arbitrary than it was 40 years ago.
How does digital technology complicate distinguishing between domestic and foreign surveillance?
To talk about spying on foreigners or spying on Americans is too simplistic in the 21st century, when data may be in one country while the target of surveillance is in another. In the book, I describe this phenomenon as transnational surveillance. In these programs, the NSA uses a secret court order to compel communications providers inside the US to get communications that it believes belong to foreigners outside the US.
I argue that those are not really foreign surveillance programs because the NSA is collecting data within the US, many communications of Americans are being swept in, and other agencies can query that database to find out about Americans.
But these programs are not quite domestic surveillance either, because they are nothing like an FBI wiretap of somebody inside the country. Transnational surveillance looks at targets outside the country, but whose communications are flowing over the internet inside the US, or are being stored by American technology companies.
What I did in the government was to help design a new system of oversight for transnational surveillance. A big part of what I’m trying to figure out in the book is: How did we do? And the answer is very much still being debated. This year, Congress will consider renewing the legal authority for transnational surveillance of the content of communications.
Do you think the objectives of civil liberties advocates and the national security establishment can be reconciled?
As a civil liberties activist who went into the intelligence community and tried to reform the NSA’s mass surveillance programs and came out again, I would say the two groups have more in common than they sometimes realize. Civil liberties advocates and the intelligence community want to achieve the same broad goal: gather intelligence with safeguards and protections for privacy and civil liberties. But it’s difficult to have a real conversation about mass surveillance without the transparency we’ve had in the last few years.
In the book, you credit President Barack Obama’s administration for launching a transparency drive. What did the administration do?
A lot of people don’t realize that the public learned as much if not more about NSA surveillance from the government’s own efforts than it did from Snowden. Under Obama, the intelligence community put a huge number of declassified documents on the public record, including thousands of pages of Foreign Intelligence Surveillance Court opinions, plus new details about surveillance in an annual transparency report and through its website, IC on the Record.
The transparency drive the Obama administration launched to defend itself is in many ways more important than the unauthorized transparency of the original Snowden leaks.
In the book, you describe reforms to mass surveillance made by Obama and President George W. Bush. Are there specific reforms you’d like to see enacted?
I’d like to strengthen the Foreign Intelligence Surveillance Court. This secret court has done a pretty good job at what it was set up to do in 1978—review wiretaps—but it isn’t well-equipped to review transnational surveillance and big programs of metadata collection. We should give individual federal judges technologists, magistrates and personnel with technological expertise that can help them oversee the complicated programs that they’re being asked to approve.
Also, technology can be used in partnership with the law to protect our privacy. The law punishes misuse of data, but cryptography can offer guarantees against misuse in the first place. We can require the NSA to use available, scalable encrypted search methods so it can extract from bulk databases just the particular pieces of information it can lawfully obtain, leaving everything else protected. Major advances in just the last few years makes this possible, but the public must demand that the NSA use them to achieve our broader goal.
What is that broader goal?
The US needs to go from being a leader in surveillance to a leader in surveillance reform. We have a strong tradition of protecting privacy through our institutions and founding documents, though right now our laws are too weak to protect our privacy in a digital, transnational age. A leadership role would help ensure a stronger and more robust intelligence capability across the democratic allies that the US depends on.
Because of Snowden, we now know about mass surveillance. The question is: What we going to do about it? Beyond Snowden is one attempt to answer that question.