6 Ways Tech Companies' 'Reform Government Surveillance' Fails
The headquarters of the National Security Agency in Fort Meade, Md. Credit: National Security Agency
UPDATED with outside comment.
The newly unveiled public-relations campaign by top technology companies urging governments to reform Internet surveillance sounds noble, but other than to reassure foreign customers that American companies aren't the bad guys, it won't achieve much.
"It is time for the world's governments to address the practices and laws regulating government surveillance of individuals and access to their information," states ReformGovernmentSurveillance.com, a website sponsored and signed by AOL, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo.
The same seven companies, plus Apple, placed a full-page advertisement in major American newspapers today (Dec. 9), consisting of an open letter to President Barack Obama and Congress asking the political leaders "to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law."
Neither the website nor the ad mention the National Security Agency (NSA) by name, but the open letter says "the balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution."
"While the undersigned companies understand that governments need to take action to protect their citizens' safety and security," the website says. "We strongly believe that current laws and practices need to be reformed."
The website lists five principles, some directed at foreign governments, that the seven companies would like to see enshrined in surveillance reform:
— "Sensible" limits on governmental authority to collect user information.
— More independent legal oversight of information gathering by intelligence agencies.
— "Transparency about government demands" for information from private companies.
— Fewer government restrictions on "the free flow of information" (i.e. no Internet censorship) and no requirements for "service providers to locate infrastructure within a country's borders" (as Brazil may soon require).
— Standardization of national laws concerning government requests for user information.
It's hard to argue against any of those principles, which are so vague and universally acknowledged that it'd be easy for the NSA and its backers to argue that the agency already espouses them.
"The NSA believes it already complies with points 1-2-3," said Robert Graham, co-founder and CEO of Errata Security in Atlanta. "Point 4 is a direct response to Brazil's proposed laws to relocate data. Point 5 is asking for increased government control."
Furthermore, there are several reasons this ad, website and set of principles will add little to the effort to substantially reform the NSA, and do nothing to spread that effort overseas.
"It's crap marketing, [written] by marketing departments rather than revolutionaries," Graham said. "We don't need reform making it easier for corporations to comply with government surveillance, but a dismantling of the surveillance state."
1)The NSA will continue to find ways around encryption and other forms of communications secrecy.
Finding out things that other people don't want anyone to know is the agency's primary job, and it spends billions of dollars each year cracking encryption. No amount of protest from Silicon Valley will change that.
2) Despite the constant chatter of concern in the highbrow media, there doesn't seem to be a lot of outrage among ordinary Americans about NSA spying.
Nor is there much support among U.S. politicians for limiting the NSA's abilities, which have been carefully designed to be entirely legal. A handful of congressmen on the left and right have called for reform, but the majority will be content to let the status quo continue.
Obama has called for "self-restraint" on the part of the NSA, and he will push for minor changes, such as an adversarial process at the secret court that oversees NSA operations inside the United States. But the essential structure of NSA surveillance will remain the same.
The next president, whether a Democrat or a Republican, will be no different. Libertarians don't win many elections, and few politicians get votes by promising to expand civil rights when none have been demonstrably broken.
3) The NSA will continue to get cooperation from telecommunication companies both here in the U.S. and overseas.
Until Google or Facebook lay their own global fiber-optic networks, they're at the mercy of the telcos, such as Verizon and AT&T, upon whose lines their content travels.
4) The tech companies involved are being hypocritical.
Many of the companies make money by knowing as much as possible about their users, and then selling that information to advertisers.
Facebook and Google know a lot more about, and have much more interest in, the average American than the NSA does. Meanwhile, Microsoft has let the NSA monitor Skype calls.
"I think every single Google employee I follow [on Twitter] just posted the same link about gov surveillance," tweeted Australian security researcher Matthew Dowd today. "Only Google is allowed to surveil!"
5) Vladimir Putin will laugh at this.
The Russians, Chinese, Iranians and North Korean governments don't care about transparency, limits on information gathering or legal oversight. Even friendly countries with substantial intelligence operations, such as France and Israel, will ignore this feel-good manifesto. Why should the NSA or its British partner, GCHQ, be crippled by adhering to it?
6) American tech companies are more worried about losing customers overseas than they are about NSA and GCHQ spying.
In the prepackaged quotations appended to the website, Microsoft's general counsel summed up the true reason for this effort: "People won't use technology they don't trust. Governments have put this trust at risk, and governments need to help restore it."