Dec 30

Dec 30 Fixing the NSA: Getting Real About What Really Matters

David Brin’s essay A blue ribbon panel recommends fixing NSA: what’s cosmetic and what might work provides some refreshingly insightful food for thought. I don’t agree with everything he says but like his attitude which is basically “let’s get real about what really matters.”

Brin wants to make sure that at least some of the people involved in decision-making represent the public’s interests and aren’t pulled from the same old government-industry-revolving-door population as is now the case. Brin also seems to say that characters like Manning and Snowden — besides having done us all a “public service” by demonstrating how broken the current processes are — represent a part of our culture, largely media induced, that naturally mistrusts government and other forms of authority.

As far as online privacy is concerned the genie is out of the bottle, he says. I agree. I also agree we have to continue to pay lip service to things like limiting access to metadata and requiring more safeguards regarding potential FISA court behind-closed-doors shenanigans. Brin doubts the efficacy of such initiatives and suggests that requiring more layers of court orders won’t solve matters unless the process and the people involved become more visible and transparent.

How that can be accomplished is where the difficulty arises. How do we make the process and people involved in security-related communication oversight and monitoring more accountable while still keeping secret what needs to be kept secret? While I think it would be good to have public representatives more involved in the now-secretive FISA types of deliberations, I also think such an approach would be insufficient to address our current problems. An important point made by Brin is that many of the secret dealings revealed by Snowden and Manning were not, by some definitions, strictly “illegal.” That definitional fact is a fundamental problem that is exacerbated by having legal “oversight” outside of public view.

Brin’s suggestion for institutionalizing oversight by independent individuals who are explicitly charged with representing the public’s interest is at the core of his suggestions. It’s also an approach that would be vulnerable to manipulation or subversion by political interests. Even if it’s possible to recruit such individuals from outside the typical ingrown military industrial complex that currently runs the US security establishment, questions then arise as to (1) how such individuals would be selected and (2) which “public” are they to represent?

We’ve seen how politicized and polarized the selection of U.S. Supreme Court justices is. Wouldn’t the recruiting of Brin’s independent oversight agents be fraught with similar drama? Even if that were to happen, though, how bad would that be?

I detect both cynicism and realism in what Brin writes. Maybe one logical extension to the current FISA process would be to have court representatives represented “real time” in individual cases. (What comes to mind are the court officers from Minority Report that oversaw Tom Cruise’s “precrime” assessments” via two-way video. Is that what we are moving towards?)

In my opinion the two most important suggestions Brin makes for balancing of security and transparency (note I did not say “privacy”) are (1) providing public insight into how processes are actually managed and (2) involving in these processes trusted individuals charged with representing the publics interest regarding government access to personal communications.

Part of making the process more transparent includes the public’s knowing (1) how often and for what reason are details of personal communication sought by the U.S. government from the companies that sell us telecommunication services and (2) how do these companies respond to such requests?

I’d also like to know, along with how often our own government asks for citizen communications details, how often are unauthorized access and “hacks” into our communications channels occurring and where are such attacks coming from?

I’m of the belief that, as bad as the U.S. Government might be about “snooping” into our own communications and the communications of citizens in other countries, the likelihood also exists that other governments are doing the same things to their citizens and to us. I don’t say that to excuse our own government’s behavior but to suggest that demonizing the U.S. government without also mentioning what’s going on elsewhere is one-sided, incomplete, potentially hypocritical, and out of touch with how irrelevant artificial political boundaries are to digital communications.

Without knowing the details of both “what we are doing to ourselves” as well as “what they’re doing to us” our ability to realistically manage and oversee our own behavior will continue to be incomplete, especially if we try as Brin suggests to at least partially “open up” the processes by which we balance security and freedom from government intrusion.

Related reading: