The drip-drip-drip of information related to the leak of classified surveillance information by former National Security Agency contractor Edward Snowden has re-focused the debate about balancing liberty and security in an increasingly interconnected, digital world.
We now know, for example, that the NSA has basically cracked almost all routine Internet encryption, including SSL — the same technology that you rely upon when you submit your online banking information or log in to your insurance company. The NSA has some sort of agreement with all the major domestic tech companies and can effectively subvert pretty much all smartphone security. It’s even been alleged that the NSA has deliberately tampered with standards and coerced large commercial security venders to plant secret backdoors.
Are you OK with this? Are you OK with a government that feels justified in breaking or bending the law to sweep up protected information about U.S. citizens? Are you willing to nod respectfully to President Obama when he smiles and says, “Let me be clear: Trust me!” Do you believe a government that screwed up the Affordable Care Act and laughed about shovel-ready jobs while the IRS targeted ideological opponents will somehow be pure as the wind-driven snow when it comes to citizen metadata in the hands of the FBI, CIA and NSA?
(Hint: Apparently, intelligence operatives illegally peering at ex-lover files occurred often enough that it was given a humorous inside-the-NSA code name of “LOVEINT.” Think about that.)
Take, for context, the security theater that occurs at every airport in the United States. American citizens, possessed of an inherent right to travel, are nevertheless subjected to sundry humiliations like shoe removal, nude body scans and invasive luggage searches. Unless, of course, you feel like paying the Transportation Security administration $85 and agree to being fingerprinted. The rationale? To protect Americans from terrorism. The reality? You have better statistical odds of being struck by lightning while being infected by the Ebola virus than you do of perishing in an act of terrorism. The TSA’s response is wildly disproportionate to the risk, but we nevertheless take off our shoes and belts at the airport — and sometimes witness children, the elderly and disabled veterans be subjected to humiliating personal searches — just to look like Uncle Sam is being effective.
You know how you saddle-break a horse? Start by throwing a blanket over its back. Let it adjust. Then add a saddle. Adjust. Then a bridle. Adjust. Then sit on top. Adjust. Before you know it, the horse thinks the rider is a natural extension of itself, even though horseback riding is — from the horse’s perspective — a raw deal. TSA is saddle-breaking Americans to accept an intrusive security regime. We should all be wary of that.
There’s an old saying: To a man with a hammer, every problem looks like a nail. To a man with a security clearance and a defense contract, every problem looks like an opportunity for paramilitary-style surveillance operations with cool code names and the feelings of importance that come from being on Big Brother’s inside. The most significant philosophical problem with America’s current surveillance fixation isn’t whether it’s effective: It’s whether the folks manning the security state understand that there’s more than one way to skin a cat.
American-style security remains averse to human risk, so it relies on a dragnet. Instead of putting boots on the ground — in neighborhoods, or in hostile zones — America’s guardians prefer to suck up data and then pretend that they can divine meaning out of it. We’re masters of collecting everything but understanding little. Yet time and again, the default response to a public threat is to build yet another agency, pilfer ever more data, inconvenience Americans ever more directly … and without any real, obvious payoff. So, we hoover up the data, fire up the drones and pretend like it’s effective. We do that, in lieu of sending cops on the street, spies in the field and Tomahawks into the terrorist caves.
Al-Qaeda’s still here. And thanks to them, we have the TSA. Want to bet whether al-Qaeda would be around today if 9/11 had happened to the Israelis? Or the Chinese? Or the Russians?
Think of the current Intelligence Community like a project manager at your place of employment. The goal is a good outcome, but the process can unfold in myriad ways. Some PMs balance research with experimentation. Others obsess about information and are reluctant to act outside of authority. Others still rely on relationships to muddle through. There’s no one right way to run a project — just like there’s no one right way to protect a country — but some methods admit to better relative balance than others. Right now, Uncle Sam’s instinct seems to be to avoid direct confrontation and instead play with numbers. There are plenty of advantages to this strategy, but there are some real downsides, too.
So what would a well-balanced security regime look like?
- Airline travel would restore a bit of sanity. Cockpit reinforcement pretty much solved the pre-9/11 hijacking problem. Add armed sky marshals to the mix, to maybe two-thirds of flights — or better yet, provide some degree of combat or weapons training to flight crews — and the problem is solved without citizens having to surrender their nail clippers and bottles of water. Sure, I’ll be X-rayed to make sure I’m not bringing loaded firearms in the passenger cabin, but beyond that, extra security is more illusion than salvation.
- Citizens should enjoy a right to anonymity — not just from the government, but also from commercial data aggregators. I own my data. I own my data profile. Neither the government nor private companies should be allowed to collect information about me beyond what I explicitly authorize, or beyond the minimum requirements of reasonable laws. Companies like Axciom and Radaris and Facebook and Google and the like, which spy on online transactions and pattern-match consumer behavior to create elaborate dossiers about individual citizens — ought to be very, very strictly opt-in.
- Encryption should be impervious to sweeps by government agencies. If I want to encrypt my hard drive or send secret email, so what? Who’s business is it, anyway? Slyly suggesting that only criminals or terrorists use encryption is a clever bit of misdirection, but it’s patently false, too. As a matter of law, I as a citizen am entitled to security in my communications. That’s baked into the Fourth Amendment. If you think I’m breaking the law, investigate. Note, however, that investigation isn’t just electronic surveillance. It’s also sending a cop on the beat.
- The “officer safety” rationale for SWAT-style policing must be put out to pasture. Reason magazine has done some yeoman reporting about the increasing reliance of domestic police agencies to go full-SWAT on even routine warrant service. Barge in the wrong house, shoot the family dog, and say, “Well, it was all for officer safety.” That’s bullshit. Police officers aren’t overlords; they’re citizens, too. And they need to play by the same rules as everyone else. Including regarding videotaping.
- Intelligence-gathering operations should favor HUMINT over SIGINT. America seems to think it can enjoy supremacy without blood loss. That error will someday come back to bite us in the butt — the first terrorist organization or foreign government that learns how to hack the NSA basically cuts us off at the knees. Americans are masters of signals intelligence — Internet monitors, spy satellites, drones — but we suck at connecting the dots (remember the “Saddam has WMD” line?) through experienced human intelligence. Our personnel, who aren’t all that deeply embedded in hot spots around the world, lack subtle clues borne of cultural familiarity to help sift the wheat from the chaff. We need to get out from behind the computer monitor and spend more time infiltrating agents into terrorist cells and hostile governments.
- Routine monitoring must meet minimal safety requirements and be routinely scrubbed. Stuff like RFID-tagged license plates ought to be off-limits. DNA databases, too. Traffic cameras — useful for real-time monitoring — should be erased after a brief period (12 or 24 hours). There’s no good reason to maintain vast archives of data about citizens. Any suspected wrongdoing may generate a warrant to segregate some archival data, but beyond that — delete it. Permanently.
Security isn’t something that can be erected, like a moat. It must be nurtured with good sense, expert judgment and tactical flexibility. America’s systems today are a case study in why the Maginot Line failed to protect the French in 1940: Just when you think you’ve built strong enough safeguards to keep the bad guys at bay, they find a way around … and when they do, you’re utterly unprepared for the consequences.
America can do better. We can have better security policies that don’t impinge upon citizen liberty. The question is, Will we do the right thing, even though it’s harder, or do the convenient thing that’s less effective but easier to demagogue?