Three Guiding Principles for NSA Reform

APImages/Oliver Berg

Edward Snowden, the Booz Allen Hamilton contractor who leaked the details of top secret National Security Agency (NSA) surveillance programs could have tried to remain anonymous and avoid the consequences of his actions. That he chose not to, instead recording a lengthy interview explaining his motives and worldview, is remarkable for a modern-day leaker. While his supporters complain that the subsequent focus on Snowden has directed attention away from his leaks, his decision—and his moral calculus—are actually central to the public debate that’s erupted.

Rather than petulantly whine that it’s unfair to examine the motives of a man desperate to justify himself, we should instead grapple with why Snowden chose to leak. The programs he exposed prompted a steady roar from civil libertarians, transparency activists, and reporters. It also prompted remarkable pushback from progressive Senators like Al Franken, who felt the program was legal and necessary.

What Snowden wanted to do—prompt a national conversation about secrecy and privacy—is happening. While our legal system will determine his criminal liability, in the meantime there is a clear need to public debate exactly what we should expect from our government in terms of privacy and security.

This debate causes me deep discomfort. I spent my 20s working in various capacities for the Defense Department, first as a database developer and later as an intelligence analyst. I still take seriously the papers I signed legally binding me from ever deliberately exposing secrets I had access to, and I can see clear harm that might result from ill-considered exposure—especially by a 29-year-old IT worker who’s never had to grapple with the real-world consequences of such decisions. At the same time, I also now work as a journalist, which means I care deeply about educating the public about the government and how it functions, along with caring about open debate and the free flow of information.

Those two halves of my life—the one filled with government secrets and the other with the transparency ethos of journalism—do not coexist easily. When I worked for the Pentagon as a contractor much like Snowden, I was allowed to write publicly about some topics. I was also viewed with suspicion by many coworkers who assumed that I would improperly disclose secrets (to the best of my knowledge, I never did). My solution to that tension was, eventually, to leave—first to work for a think tank and then, more recently, as a writer. 

In leaving, I had the opportunity to debate and explain things in a way I never had as a contractor. I even testified in the Senate in 2011 about the many structural flaws inherent in intelligence contracting and overclassification. Clearly, not much has changed since then: We still face a fundamental moral choice, as a society, about how we want to approach the difficult challenges of security and privacy.

It’s clear that at least a significant portion of the country is unhappy with how expansive the government’s surveillance capabilities have become, and how reliant the government still is on private contractors. Yet the need for surveillance and security has not diminished. Can those competing impulses be balanced in a better way? Can the NSA be reformed to be more in line with society’s competing desires for safety and privacy?

Extreme positions, like disbanding the agency as a whole, are unlikely to ever happen. Realistically, this debate should be about reform and new choices. While some don’t think reform is necessary, the outcry suggests something needs to change.

Yet, to even begin the discussion of reform, we have to grapple with why things got to where they are. One document published in the Guardian shows a Foreign Intelligence Surveillance Act (FISA)  court order for Verizon, the telecommunications giant, to hand over phone metadata (telephone numbers, call length, and location). The Supreme Court ruled in 1979 that the Fourth Amendment does not protect such metadata. Similarly, the PRISM data-mining program, which automates access to Internet company databases, was, misreporting aside, publicly discussed as a software platform used by the military and intelligence community for many years.

The NSA carries out this surveillance with the full knowledge and consent of all three branches of government. Over the last decade, Congress has passed and reformed laws to grant the administrations of George W. Bush and Barack Obama vast surveillance powers. They even granted corporations retroactive immunity for illegal conduct they felt should have been legal, like the NSA’s warrantless wiretapping program exposed by The New York Times in 2005.

The courts, too, have agreed with this long march toward a surveillance state. The rubber-stamp of a FISA court no longer carries much weight amongst civil libertarians. But the FISA Court once strongly separated domestic law enforcement and foreign intelligence operations due to abuses in the 1960s and 1970s.  In 2002, the U.S. Foreign Intelligence Surveillance Court of Review publicly removed the “FISA Wall.”  Normal courts, too, routinely uphold secrecy laws and protect intelligence programs from lawsuits.

While the process took a long time, the government was essentially responding to the American people’s demands for such powers. Surveillance usually polls well, though recent numbers suggest growing discomfort with the practice. But altering the intelligence apparatus and reigning-in the NSA requires difficult choices by the public that will almost certainly challenge our current notions of privacy and personal security.

A wide range of officials, from surveillance skeptic Senator Al Franken to NSA chief Keith Alexander, have said NSA programs have stopped several terrorist attacks. Assuming those statements are true (Director of National Intelligence James Clapper is facing allegations that he misled Congress on counterterrorism activities), then scaling back the NSA would involve letting some number of terrorist acts slip through.

Put simply, the public is neither debating what sort of privacy it is comfortable with (apart from “more”), nor is it considering a debate on how much security it wants (apart from “more”). But that is exactly the kind of debate that needs to happen.

With that in mind, here are three principles for changing the laws and policies that govern intelligence collection.

1. We must reconcile with the need for data collection

Americans, as a whole, have no idea how much data the federal government already collects about them. To administer programs like Medicaid and Social Security, for example, the federal government collects information about your medical history, tax payments, salary, and housing. The IRS knows how much money you make, the TSA knows everywhere you fly to, and your entire financial history is a single credit check away. Americans, as a whole, accept these tradeoffs because of the services we get in return.

Yet the vast data-collection needed to deliver these services is not described as “surveillance.” Americans are comfortable giving the government such personal and potentially damaging information on the assumption that it will not be abused. Viewed in this light, worries over phone metadata seem almost precious in comparison. If there is to be a debate about the government’s data collection, then let us have that debate.

2. We should revise old laws and rulings

The Supreme Court case Smith v. Maryland, from 1979, allowed the police to collect phone metadata because the "petitioner voluntarily conveyed numerical information to the telephone company." In other words, because we voluntarily give information to phone companies, collecting that data later doesn’t violate our protection from unreasonable searches. The same concept could be applied to the PRISM program that manages data-collection from Internet companies. No one compels us to hand over our data to Google, Apple, or Amazon. We choose to do that, and we help them build enormous databases of our personal information that can be queried later.

If that sounds ridiculous in today’s world—unlike 1979, today it is impossible to live in without a telephone or Internet connection—then let’s revisit that ruling (the ACLU is trying to do just that with a lawsuit). Querying private databases necessary for daily life should constitute an unreasonable search. The reality is that most of our laws governing electronic conduct were written 20 or even 30 years ago—long before the World Wide Web, where you’re reading this article, even existed. It is past time to update them—and the legal reasoning around them—to account for modern life.

3. We need to make new choices about openness and security.

In 2011, Ben Wittes, a senior fellow in Governance Studies at the Brookings Institution, wrote a provocative paper about the “crude balance” people imagine between liberty and security. He proposed that, in fact, greater surveillance in some instances would increase liberty by making certain public goods, like playgrounds or the Internet, safe from malicious actors. The line he draws is not about protecting privacy, per se, but rather about protecting the freedom to be in public and use public services with a reasonable expectation of safety.

The idea of surveillance enhancing both security and freedom (if not privacy) is one we should certainly debate. But more than that specific idea, Wittes raises the possibility that privacy and security are not necessarily a zero-sum equation we must be constantly fighting to keep in balance.

Within the government, too, there needs to be a new debate about how open they must be, and how that might affect security. Laws that enable broad surveillance power, like the Patriot Act, FISA Amendments Act, and others, should be reopened to public debate. Secret legal argumentation for behaviors Americans do not support must end. There will be operational tradeoffs, but if that is the choice the public wants to make—and increasingly that seems to be the case—then we must make it.


The public also needs to come to grips with its intolerance for risk. The country, as a whole, asked Congress to build these new powers for the government; they voted for the same Senators who retroactively legalized wiretapping, and they re-elected two presidents whose zealous conduct in counterterrorism policies sparked enormous public outcry.

Even today, when congressmen and senators complain that the national-security apparatus is too large or too powerful, they are derided as weak, loving our enemies, and wishing for America to fail. Hill staffs are terrified to remove language authorizing aggressive security measures, because if an attack does sneak through, their bosses will be hammered in the press, possibly even thrown out of office. An event as random and unpredictable as two Americans using common household goods to bomb a marathon sparked blanket coverage condemning the FBI for not reading their minds and failing to connect obscure dots.

The previous decade of ever-expanding security for increasing powers has hit a ceiling of public acceptance—the intelligence community has reached the limits of public trust. If the government wants us to trust it with the power it has, then it has to behave in a trustworthy way with it—no more secret courts, no more secret laws, and no more secret legal memos authorizing summary executions. So far, it has not.

There is a real danger that in the rush to “fix” the NSA, we will be left with a system less effective, less secure, and less attractive than what we have today. It is vital we start the reform debate by settling the fundamental issues that brought us here to begin with: the public choices we make about our privacy and security.

You may also like

You need to be logged in to comment.
(If there's one thing we know about comment trolls, it's that they're lazy)