There’s new evidence that Obama lied when he said, “that the United States is not spying on ordinary people who don’t threaten our national security.” According to the latest Snowden disclosures, the NSA has a program, code-named MYSTIC, that allows the agency to record and store all calls made within an undisclosed country, including those made by American citizens.
If this program were going to be leaked at all, the NSA might prefer the information was dribbled out this way. When the disclosures are so vague, it’s hard to know how to respond. There’s no single country that can act the victim or rebuke the United States, as there was when we got caught tapping Angela Merkel’s phone or grounded the Bolivian president’s plane though it wasn’t even within U.S. airspace. With no clear victims, there’s not enough information for a Rand Paul-style class action suit.
But even if there were, author Cory Doctorow believes we can’t keep using an oil-spot strategy to address NSA overreach and abuses. Doctorow argues that information security should be treated like a public health problem, not an individual responsibility:
If I had just stood here and spent an hour telling you about water-borne parasites; … if I had explained that our very civilisation was at risk because the intelligence services were pursuing a strategy of keeping information about pathogens secret so they can weaponise them, knowing that no one is working on a cure; you would not ask me ‘How can I purify the water coming out of my tap?’”
Because when it comes to public health, individual action only gets you so far. It doesn’t matter how good your water is, if your neighbour’s water gives him cholera, there’s a good chance you’ll get cholera, too. And even if you stay healthy, you’re not going to have a very good time of it when everyone else in your country is stricken and has taken to their beds.
Doctorow is hoping web services could switch to something like end-to-end encryption, which would make NSA taps worthless. Any information they’d retrieve from a man in the middle attack—intercepting surreptitiously from the wires directly or by subpoenaing the companies—would just be gibberish. The data would only ever be decrypted on the user’s own computer or phone. We would sacrifice some convenience, but a MYSTIC-style dragnet would be impossible.
Governments object to these countermeasures, since they limit spies’ ability to eavesdrop on the really dangerous people. Australia’s spy agency is currently petitioning its government to expand its powers, as technology and leaks are making it easier for people to understand and evade their current methods.
This kind of response by states puts citizens into an antagonistic, arms race relationship with their government, where ordinary citizens’ only defense is encumbering their systems with proxies and other obfuscation.
It would be better if the president and the NSA could prompt a kind of detente by acting like responsible police officers, subject to oversight and limits, not vigilantes who view any objection or obstruction as potentially treasonous. Cops police better when they wear cameras, and have their authority safeguarded by their accountability.
The Australian spy agency, is, at minimum, requesting power through democratic channels, and thus ahead of the NSA, which has appropriated new powers and whose director allegedly lied under oath about their use. But these requests, when made by any nation, should be paired with better attempts at transparency and oversight, so that citizens can place some measure of trust in their government, rather than exclusively in their choice of encryption.