Responses To NSA Snooping: Security, Litigiousness And A Little Profanity
Back then, hardly any big-name firms produced “transparency reports” outlining how many law-enforcement inquiries they received, and many hadn’t even taken the lesser step of publishing the guidelines governing their responses to those queries.
And even when they pushed back against government curiosity, they didn’t bother telling us about it. Google, Yahoo and Microsoft had all decided to require warrants before turning over stored e-mail to law-enforcement investigations—an interpretation of the Electronic Communications Privacy Act’s loose provisions only upheld by one circuit court—but didn’t disclose that until early 2013.
And then the agency charged with cracking the digital security of American adversaries elsewhere found itself thoroughly “p0wned” by contractor Edward Snowden.
Snowden’s exposure of the National Security Agency’s PRISM scheme for data queries and a massive phone-metadata-collection effort soon enough set off a rush to publish transparency reports—Facebook, Yahoo and most recently Apple have followed the lead of Google, Twitter and Microsoft.
Then we began learning that some of these firms had also been fighting national-security overreach for longer than imagined—by way of them petitioning the Foreign Intelligence Surveillance Court for the right to disclose more details about their responses to these data demands. That contingent now includes Apple, Dropbox, Facebook, Google, LinkedIn, Microsoft and Yahoo.
Since 2011, the Electronic Frontier Foundation has graded the digital-liberties efforts of major tech firms in annual “Who Has Your Back?” reports. This spring’s is already obsolete. “There would be many more stars than we currently have on the chart,” said EFF staff attorney Nate Cardozo on Friday.
(The paucity of the EFF’s gold-star endorsements for major telecom firms, however, will look even worse if the telcos keep acting as if this is somebody else’s problem, not something they have sometimes been paid to maintain.)
The latest rounds of Snowden-sourced news, however, show an NSA unwilling even to play by the generous rules that govern mechanisms like PRISM. In September, we learned that the folks in Ft. Meade, Md., have spent years coverty subverting widely-used encryption measures.
A month later, the Washington Post reported that the NSA had crossed another line by tapping overseas fiber-optic cables to collect entire streams of information flowing between U.S. firms’ data centers—routing around the ban on the NSA collecting data on American citizens in the U.S.
And to judge from the glib descriptions of this “MUSCULAR” program in leaked presentations, the NSA is outright giddy about outmaneuvering the dot-coms.
Learning that they’ve been compromised so thoroughly, and that the NSA can be so smug about it, has pushed tech firms to make major security upgrades.
Yahoo, for example, is finally moving to make session-wide encryption the standard for its Web-mail service. Google, meanwhile, has gone a major step further by encrypting the links between its data centers—leaving the NSA’s taps receiving only static, at least until the wizards there can defeat that scrambling.
It’s also led to the spectacle of individual Google employees using their employers’ own social network to say what they really think about the NSA. That’s been some arresting testimony, from Google+ chief architect Yonatan Zunger’s June declaration that “We didn’t fight the Cold War just so we could rebuild the Stasi ourselves” to engineer Brandon Downey’s more recent, pithy and profane “F**k these guys” and Mike Hearn’s equally angry endorsement of Downey’s stance.
Any one individual’s views need not reflect an employer’s policies any more than Snowden’s principles match the NSA’s.
But allowing this kind of speaking out (see also Microsoft’s opening itself up to employee blogging a decade ago) shows a healthier corporate culture than the average Silicon Valley reign of secrecy at all costs.
And since some of these tech firms have more recently moved beyond advocating more transparency to coming out in support of meaningful curbs on the NSA’s reach, it seems that the executives at the top who speak in more measured sentences share their employees’ outrage.
You could brush aside all this behavior as self-serving moves to clean up Big Tech’s image. But if such an unclean motivation delivers more secure services, sustained legal resistance to the NSA’s “collect it all” overreach and the use of corporate political leverage for a worthy cause, I’ll take it.