Clearly, the NSA leaks have been the issue of the week. For me, I think the media’s tendency toward extremism (Snowden is a villain! No, Snowden is a hero!) causes most of the analysis I read to overly simplify the issues raised by the revelations that the NSA has widespread access to internet and telecommunications data. I think there are several issues at stake w/ the Snowden debate:
1) is it legal (moral?) for the US to be engaged in the surveillance activities in which it has been engaged over the last 6-7 years? Specifically, should the US government have access to telecommunications data for calls made in the US (but not the actual substance of those calls) and to the substantive content of internet communication traveling through US servers (if foreigners are the targets of those data scoops)?
2) Even if it is legal, what is the justification for engaging in this sort of activity, and is it worth the cost (equipment, labor, opportunity cost, etc.) 2a) If this activity was/is necessary, what sort of harm was done to our national security infrastructure by leaking our surveillance capabilities?
3) Given that the US is engaged in this sort of activity, should we have a public debate about the legality, scope, and oversight of these actions?
4) If this program was/is essential to our national security, but a public debate about this surveillance is also necessary, what should be done to the man that leaked the information about the program (Snowden)?
Most importantly, though, I think these leaks provide an opportunity for us to look at the bigger picture of what our counter-terrorism activities look like, evaluate why we are doing them, and examine the cost-effectiveness of such programs.
Depending upon which issues an author decides to focus on, you can easily see how one person could argue that Snowden is a hero and another could argue that Snowden is a criminal that deserves jail time without the two authors contradicting each other (or, really, even addressing the same set of issues). I think that ‘Snowden is a hero’ authors tend to focus on the constitutionality of the program and the necessity of public debate about the program—because Snowden raised those issues, he is a hero. The ‘Snowden is a criminal’ authors tend to focus on the damage done to national security—for those reasons, Snowden deserves jail time. My position is a little more nuanced:
1) In general, I am in favor of stronger constitutional protections for privacy—the whole premise of the Patriot Act; the idea of weakening the protections surrounding civil liberties in order to safeguard America against an ill-defined enemy (terrorists?) in a perpetual conflict (War on Terror?) really doesn’t sit well with me. With that said, I’m not a judge, and, to my knowledge, the judges that have examined these programs have determined them to be constitutional. As such, I am sort of operating from a baseline that this program is legal and that the legality will not change any time soon. Stephen Walt articulates the best argument I’ve seen making the case that this sort of surveillance should not be legal—rather than making the case on the basis of a right to privacy, Walt makes the case that the data gathering capabilities of the NSA could potentially limit free speech by intimidating those that might make a stand against current government policy. I think this is a very astute point, but I’m not convinced the courts will shut down the NSA’s current activity on first amendment grounds. Furthermore, I actually think it is kind of a moot point—the technological capability to engage in this sort of surveillance exists, which means that the intelligence organizations in our government will most likely be engaged in this sort of behavior, regardless of whether it is legal or not [is that too cynical of me?]. Perhaps making it legal means that there will be some oversight, rather than the NSA or CIA hiding this program in a basement somewhere, in the secret, without any oversight at all. All told, I’m not a huge fan of the NSA gathering data on everyone everywhere, but the programs are currently legal, they will likely remain legal for the foreseeable future, and given that the NSA will likely be engaging in this sort of activity regardless of whether it is legal or not, perhaps making the legality more concrete in order to make the oversight more robust wouldn’t be the worst thing in the world.
2) Ok, so these programs are legal. From a policy perspective, does that mean we should be engaging in this sort of surveillance? Absolutely not. I see this as an extension of the horribly misguided policy response to 9/11. We have spent trillions (with a T) of dollars over the last 11 years responding to a once-in-a-generation terror attack without any sort of measure of efficacy for all of the money that we are spending. Matt Yglesias is the only person I’ve seen so far to bring up the idea of evaluating the cost-effectiveness of these sorts of programs. I don’t possibly see how, with any fair evaluation, we could say that these programs are cost-effective. To illustrate, let’s try a thought experiment:
3000 people died in 9/11. It was a once-in-a-generation tragedy. Let’s wildly overestimate the capability of terrorists and argue that if we kept our same counter-terrorism and intelligence procedures, expenditures, etc in place after 9/11 as before, we would have had a 9/11 type attack once a year. That means that if all of the measures we put in place since 9/11 prevented another large-scale terrorist attack once per year (again, I think this is likely a massive overestimation of the capability of terrorists), we have saved ~30,000 people over the course of ~ten years. To accomplish this, we have spent $1 Trillion on domestic homeland security ‘improvements’ over 10 years, and another $2 Trillion (with $2-4 Trillion more to come as Veterans return home and access benefits and medical care) on the wars in Afghanistan and Iraq. At the probability of a once-a-year attack with expected casualties on the order of magnitude of 9/11 (3,000), and not accounting for the lives lost in Iraq and Afghanistan, the US spent $100,000,000 per life saved from terrorist attacks over the last 10 years.
To put that in perspective, in 2010, 10,000 people died as a result of a car accident involving the use of alcohol. Assuming that statistic has remained relatively unchanged over the last 10 years, that means roughly 100,000 people have died in drunk driving-related accidents. Let’s say that each of the ~300 million people in the US own a car [clearly an overestimate]. A breathalyzer lock for a car costs $1,000. With the amount of money that we spent on our counter-terrorism activities over the past 10 years, if every person in America owned a car, we could have installed a breathalyzer lock that prevents the driver from starting the car when BAC is over the legal limit on every car 10 times over, thus eliminating drunk driving fatalities and saving 100,000 people over ten years [70,000 more than our current counter-terrorism policies have saved over the last 10 years, given wildly optimistic assumptions about the threat against America and the efficacy of our counter-terror policies]. Thus, even with wildly overstated probabilities of a terrorist attack, our domestic surveillance looks to be incredibly inefficient–so long as we value each American life with the same weight.
There are many other areas causing massive American loss of life on a yearly basis as well–the seasonal flu, gun violence, suicide, cardiovascular disease–if any of these areas had received even a fraction of the money that was allocated to counter-terrorism over the past decade, I find it hard to believe that the lives saved would not exceed, by a wide margin, the number of lives we’ve saved from counter-terror activity over the past decade.
2a) The corollary to my point above—because I do not see our counter-terrorism activities as being all that effective, I don’t think the recent leak harmed our national security in any significant way. The only way it might have hurt our national security would be that if increased scrutiny of the NSA prevents it from developing more robust cyber-warfare defenses and attacking capabilities moving forward…that is, the effect would be indirect (the current controversy surrounds counter-terrorism capabilities, not cyber-warfare capabilities), and it would mitigate our ability to defend ourselves against a state-based cyber attack (presumably from Russia, Iran, North Korea, or China). However, if we limit our discussion to the phone-tracking/internet communication monitoring capabilities currently used to track terrorists, I don’t think that raising awareness about these activities impacts our national security in any significant way. One could also argue that awareness of these sorts of capabilities and activities damages our relationships with our allies–in particular, European countries tend to take privacy issues much more seriously than the US and they do seem to be very upset about these revelations. With that said, I don’t see a little spat between Europe and the US leading to any significant long-term national security issues.
3) I do think that a public debate about these issues is warranted; regardless of where you stand on these issues, it is pretty easy to agree that these are activities that deserve discussion and, if deemed legal, they need real oversight where the overseers (Congress) can be held accountable. The problem with arguing that these activities had oversight prior to the leak is that because no one knew about the activity, no one could hold Congress accountable for their oversight, or lack thereof. (How do I get upset at my Congressman or woman and vote them out for not holding the NSA accountable if the NSA breaks the law when I am unaware that the NSA has broken the law and am unaware that my Congressman/woman is supposed to prevent that from happening). I think the trouble here is finding a balance b/w oversight and confidentiality—‘just trust us’ isn’t good enough from the intelligence community. On the flip side, if we are going to spend all of this money and time and effort developing these systems, we better be damn sure they work effectively; for that there needs to be some obscurity surrounding the methods that the NSA uses, exactly what information they can access, etc. (Or else the targets of their investigations will be able to easily avoid detection, rendering the activity moot). I’m not sure that the balance can be struck—in order to be truly effective, I think that the degree to which the NSA capabilities must remain a secret would, necessarily, prevent effective oversight. As such, this problem seems intractable to me—the degree to which these activities infringes upon privacy merits oversight; the effectiveness of the activity depends on confidentiality, and the degree of confidentiality requires prevents effective oversight. Combine this problem w/ the inefficiency of our counter-terrorism efforts in general, and I don’t really see the case for the NSA surveillance activity.
4) With all of that said, Snowden still knowingly engaged in criminal activity by leaking the information. It’s unclear at this time how many people were aware of these capabilities. However, the program had been deemed legal, and had congressional ‘oversight.’ It was not Snowden’s decision to make to raise awareness about the extent of the surveillance capabilities of the NSA—Snowden’s actions have seriously undermined public confidence in government and our national security apparatus, and there could have been (but don’t seem to be) very consequential reasons that this program was not more widely known for reasons that Snowden was unaware of.** For that, I think Snowden does deserve some form of punishment (exile from the US might be the ticket—prison does seem to be a bit harsh).
As you can see, I think both sides have reasonable arguments—Snowden doesn’t fit neatly into a hero/villain dichotomy; he did something that probably made our country better off, but he will reap the consequences of that—he is more of a martyr than anything else (which seems to fit his personality, based on the reports I’ve read.) This is where the media coverage of the surveillance activity falters—what we should be doing is discussing why we are engaging in this activity, how effective it is, and whether the effectiveness of these programs outweighs other beneficial programs that could be put in place with the incredible amount of money we have spent on the national security infrastructure over the last 12 years. Instead, people tend to focus on the right/wrong moral dichotomy of the choices that a single individual (Snowden) made, which inevitably distracts from the more important issues we should be discussing.
**Interestingly, some of the reports I’ve read seem to indicate that Snowden should not have had access to the documentation to which he did have access:
Among the questions is how a contract employee at a distant NSA satellite office was able to obtain a copy of an order from the Foreign Intelligence Surveillance Court, a highly classified document that would presumably be sealed from most employees and of little use to someone in his position…A former senior NSA official said that the number of agency officials with access to such court orders is “maybe 30 or maybe 40. Not large numbers.”
Of course, the officials making those statements probably don’t realize that back-end tech support guys (w/ admin privileges) have access to lots and lots and lots of data. In theory, you can set up a system where IT’s are cut out of the information loop—in practice, that takes a lot of time and effort (and money); you can easily imagine a scenario where there are security protocols specified, but the companies/contractors actually setting up these systems shirk some of their obligations in terms of back-end compartmentalization of information. This is a situation where the lack of oversight is really a killer—because, really, who is going to audit these companies and ensure that their security protocols are actually being enforced when no one knows about their surveillance activity (meaning there is no incentive to ‘oversee’ them.)