Jeff Elkins

Privacy Negotiator

Civil liberties advocate Ari Schwartz walks a fine line between tracking and protecting citizens as White House cyber director.

In 2011, Government Executive spotlighted a handful of emerging leaders, including Ari Schwartz, the first-ever National Institute for Standards and Technology Internet policy adviser, who hailed from the privacy activism world. He went on to advise three Commerce Department secretaries on developing voluntary cyber standards in accordance with a landmark executive order. Then during the heat of the anti-surveillance movement, he was named to the White House National Security Council staff to instill civil liberties into cybersecurity and signals intelligence policies. Today, Schwartz, 43, has emerged. He is the White House senior director for cybersecurity. Senior Correspondent Aliya Sternstein recently looped back with Schwartz to discuss balancing the needs of operatives and privacy-
conscious citizens, along with raising kids in the smartphone era. 

Do your old colleagues at the Center for Democracy and Technology civil liberties group give you a hard time about working with “the spies?”

They’ve never referred to me as “the spy.”

They don’t see you as having gone to the dark side?

They see me as a person who can answer questions about what is going on. I think they see me as helpful in that way. I would love for you to ask them that. I would like to know the answer too. I think that’s really one of the worst things that happens in Washington—when something gets reported or [comes out] through the rumor mill, and they hear the worst of it first, rather than hearing it from the people who are trying to put it together.

What information are you personally most concerned about keeping private? 

I have a family and I have kids, and I think of a lot of things in my personal life—
relating to my children—as being very private and personal. It concerns me if information like that were to get out. I think communications—when taken out of context—often can raise a lot of concerns, so I do worry about what companies and what the government does with communications and making sure that it is used properly and that personal privacy is being protected. I am worried about [my 7-year-old and 10-year-old] getting on Facebook, but that’s a couple of years away. They don’t have phones. They have iPods. But my 10-year-old says everyone has a phone, except for him.

How has the discussion about privacy changed at Commerce and the NSC since the leaks by ex-intelligence contractor Edward Snowden about mass monitoring of U.S. phone records and foreign online communications? 

Privacy had always been a major issue, but certainly I think that the disclosures have really heightened those issues. The president was very clear in his Jan. 17 speech about the direction that we’re headed
in [when he announced a directive to hone data collections]. Since then it’s been more about implementing those things the president pointed to—building privacy protections for non-U.S. persons in particular. 

Your communications on social media, couldn’t they be swept up in some of these signals intelligence activities? 

I’m a citizen just like everyone else. It depends on what type of collection it is. Under [the directive], we have these areas where bulk data still can be collected. They are a very limited set of areas. I think it would exclude many of my communications and other private citizens’ communications, but I don‘t think it completely rules that out. It’s not out of the question at all.

Have you changed your online habits?

It’s almost as much from breaches, more so than government, but I think it’s related. Using two-factor authentication and using security tools are things that I did before and that I continue to stay up on. Especially right now, with breaches in particular, I think using multifactor authentication is just essential for everybody. I think a lot of celebrities found that out the hard way from the Apple breach that happened recently.

Is it hard for you to keep quiet about White House privacy initiatives, like the new executive order requiring two-step identity verification for government charge cards? 

It changes so quickly that I find even at times where I’m allowed to tell somebody, and then I tell them, then it changes and I have to call them back. That seesaw makes it so there is a natural tendency to want to hold off until you are certain that something is actually going to happen before you start telling people. That’s something I’ve learned in my four years in government. You don’t want to get people’s hopes up. It’s better to let people know that you are working on something, and give them a broad outline to get feedback from them without saying which direction the policy is going in.

Do you feel like you have made sacrifices to get where you are?

It is a demanding job and I, of course, make sacrifices for my family time because of that. But there is an awareness, if that’s the case. Particularly [National Security Adviser] Susan Rice has been really, really good about making clear that family has to come first. There are a lot of times when there is information that we’re getting on classified systems and we have to come into the office. That’s certainly not the case in nonprofit. 

Do your kids grasp the gravity of your job? 

They do. They get to come to the events at the White House. So, they get some fun out of it as well. But I think there is an understanding that I’m doing a serious job trying to protect the country and
our liberties. 

Have your kids met the president? 

They have not. But my oldest son came to Take Your Kid to Work Day and they had a question-and-answer session with the first lady. My younger one was four months too young for that, so hopefully this year he’ll get to go. There are some things they get to do that other kids would dream of doing. The first lady at that session, she said, “You know, I realize that sometimes your parents don’t get to come home for dinner and sometimes they don’t get to make it to all your soccer games,” and she kind of was apologizing to them for the sacrifices that I make, which I appreciated.

What has been the most fulfilling experience for you in the new job?

Everywhere I go, people thank me for the work we did on the cybersecurity framework and how it got better over time. The trust from the private sector to keep it voluntary; from the privacy groups, we hear that they are glad we were able to keep the Fair Information Practice Principles in the document despite the heavy pressure that we got from industry. When you start to see announcements related to and around cyber insurance, that’s pretty fulfilling because that was the original goal, to build it into the marketplace without a regulatory effort. Just like [with the proviso] “Do you have smoke alarms?” for fire insurance, which is built into most regular business policies.

Do you expect to leave anytime soon? 

It’s interesting because these undergraduate college students, they say, “Oh, my dream is to work at the NSC,” and it was never my dream to work at the NSC. But now that I am here, I see why it is people’s dreams. If you want to work on formulations, if you want to work on the hot national security issues, there is not a better place to be.