NSA_smiley

A hand-drawn emoticon ought to be enough to push Silicon Valley over the edge.

The goading smiley-face sketch on a leaked NSA slide that pinpointed a weakness in the connection points of Google’s and Yahoo’s data centers was published in yesterday’s Washington Post alongside revelations that the spy agency has been doing more than just demanding that tech companies hand over personal data so it can monitor foreign suspects. It has also been going behind their backs to take it as part of a program called MUSCULAR.

PRISM wasn’t enough. The NSA has also been sneaking into Google and Yahoo’s houses to steal all their cutlery.

The MUSCULAR revelation is so far the NSA’s biggest insult to Silicon Valley. When two engineers with ties to Google saw the drawing, according to the Post, they “exploded in profanity.”

Beyond the engineers’ expletive-charged detonation, Google has also issued an official statement of dismay. “We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” Google’s chief legal officer David Drummond said in the wake of yesterday’s report.

The outrage is justified. But it’s not nearly enough. Google and its peers need to do more than demand increased transparency and boost its data encryption efforts. Technology companies, for reasons varying from economic to ethical, need to lead a debate about whether or not such an ongoing intrusion of personal liberty is morally tenable. The US government says the surveillance is necessary to thwart terrorists. Critics have for years been asking if that’s true. Now, Silicon Valley needs to join them.

We have the right to be angry at the fact the NSA has, per the Post, “positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans.” Tech companies and the public alike should also be deeply disturbed by news that, in the 30 days leading up to January 9, 2013, the NSA agents had processed more than 180 million new records, including content such as text, audio, and video.

But what everyone should be more concerned about is that the NSA is ostensibly acting legally. Supporters of the NSA’s surveillance programs defend them by saying they’re aimed only at foreigners. In the case of PRISM, the NSA gets the consent of a FISA (Foreign Intelligence Surveillance Act) court to demand data from Internet companies in the US. However, data collected under MUSCULAR is collected only overseas, for which there are no legal restrictions. That’s just your bog-standard spying.

It’s the bog-standard part that’s troubling, though. That the NSA would have these technical capabilities, and the willingness to pursue the information without the consent of Google and Yahoo, is in line with how a spy agency might interpret its mission. The basic premise of the pro-spying laws – specifically the Patriot Act of 2001, the Terrorist Surveillance Act of 2006, and the Protect America Act of 2007 – is that the government needs to do surveillance to catch bad guys. The laws granted the President authority to conduct broad electronic surveillance of foreigners. The NSA says its surveillance programs fall within what these laws allow.

But laws are subject to abuse.

Over the course of its history, the US has proven more than fallible when it comes to sticking to the word of the law with its foreign surveillance activities. In his landmark paper “The System of Foreign Intelligence Surveillance Law,” Peter Swire points to a number of violations of surveillance laws, as laid out in the 1977 book “The Lawless State: The Crimes of the US Intelligence Agencies.” Swire notes that in the years between 1940 and 1980, US intelligence agencies had, variously:

  • developed more than half a million intelligence files on Americans

  • opened and photographed a quarter of a million first-class letters sent between 1953 and 1973, producing an index of nearly 1.5 million names, and

  • intercepted millions of private telegrams sent via the US under a secret arrangement with three US telegraph companies

In those years, part of the justification for surveillance was McCarthyism and the hunt for Communists.

Similar things are happening today under PRISM and MUSCULAR in the hunt for terrorists. The NSA claims that it targets only foreigners, but it needs only 51 percent certainty that those targets are actually outside the US. That’s pretty much a coin toss. Given the borderless nature of the Internet and the fluidity of international travel, the definition of “foreigner” in these cases seems primed for misunderstanding.

In any case, the security apparatus has in some ways already proven untrustworthy. In March, as Guardian editor Alan Rusbridger pointed out in a New York Review of Books essay about Edward Snowden and the press, Director of National Intelligence James Clapper told Congress that the NSA did not intentionally collect “any type of data at all” on millions of Americans. When that was revealed to be a lie, Clapper explained himself by saying it was the “least untruthful answer” he could give.

So what we are left with are laws that put vast surveillance powers in the hands of an authority that has proven untrustworthy and has abused those powers in the past. Those powers are in turn subject to Congressional oversight that, the Electronic Frontier Foundation has pointed out, is not always effective.

The EFF notes that Representative Jim Sensenbrenner, an author of the Patriot Act, has complained that lawmakers are given classified information and “then forbidden from speaking out about it”; that members of Congress who aren’t on the intelligence committees have had difficulty obtaining documents related to NSA spying; and that the Chairman of the House Intelligence Committee withheld key documents about the NSA’s activities from freshmen members of Congress.

When you mix broad laws open to misinterpretation with flimsy Congressional oversight and a spy agency that overreaches in the name of defeating terrorism, you have all you need to undermine freedom and democracy itself. We expect liberal and libertarian activists to speak out about these betrayals of trust and privacy, but what of the tech companies? Their technologies and bottom lines are not agnostic in this debate. They, too, must ask if these trade-offs are worth it. Chief among the questions they should be asking:

  • Is terrorism such a threat to the United States that it is worth wholesale compromising customers’ data?

  • Should we trust the US government’s assertions that we must sacrifice some personal liberty in the name of national security?

Writing for The Atlantic in 2007, the now-deceased author David Foster Wallace embarked on a thought exercise entitled “Just asking.”

What are the effects on the American idea of Guantánamo, Abu Ghraib, PATRIOT Acts I and II, warrantless surveillance, Executive Order 13233, corporate contractors performing military functions, the Military Commissions Act, NSPD 51, etc., etc.? Assume for a moment that some of these measures really have helped make our persons and property safer – are they worth it? Where and when was the public debate on whether they’re worth it? Was there no such debate because we’re not capable of having or demanding one? Why not? Have we actually become so selfish and scared that we don’t even want to consider whether some things trump safety? What kind of future does that augur?

Soon after the Boston Marathon bombing in April, the Washington Post ran a piece entitled “Eight facts about terrorism” based on a report by the National Consortium for the Study of Terrorism and Responses to Terrorism. The article pointed out that terrorist attacks and attempted terrorist attacks in the US have become less frequent since the 1970s, and September 11, the chief rationale for today’s sweeping surveillance measures, was a big exception. Meanwhile, the odds of an American being killed in a terrorist attack, including overseas, are about 1 in 20 million. “Your odds of dying in a terrorist attack are still far, far lower than dying from just about anything else,” the Post noted.

One might argue that the government’s surveillance efforts have been key to thwarting such attacks. But in 2011, when the surveillance program was firmly in place and the anti-terrorism laws long since passed, there were nine recorded attacks in the US deemed as terrorism. Four of them were unsuccessful: three because bombs failed to detonate, and one by an individual who fired at the White House and was subsequently caught. So the NSA’s surveillance measures can’t keep the US as safe as its citizens might like to think. And even if the attacks were successful, one could argue that a near-total erosion of privacy is too high a price to pay.

Back to Foster Wallace:

What if we chose to regard the 2,973 innocents killed in the atrocities of 9/11 not as victims but as democratic martyrs, “sacrifices on the altar of freedom”? In other words, what if we decided that a certain baseline vulnerability to terrorism is part of the price of the American idea? And, thus, that ours is a generation of Americans called to make great sacrifices in order to preserve our democratic way of life – sacrifices not just of our soldiers and money but of our personal safety and comfort?

These are tough, politically charged questions. Foster Wallace himself wondered if his thought experiment was “monstrous.” But they are questions that have to be asked, and, thanks to Edward Snowden, there has never been a stronger impetus. Until now America’s tech companies haven’t had to grapple with them. It’s high time they did.

Google, Yahoo, and any tech company that deals with data are a central part of the discussion over surveillance. It’s understandable that they have complied with PRISM – they were compelled by the law to do so. But now that they have been embarrassed by an emoticon on a slideshow, they have to act. The NSA isn’t just using them as a conduit for information; it’s deceiving them and stealing their stuff, to the point where it hurts not only their customers but also undermines loftier ideas of liberty, which is supposed to be kind of an American selling point.

Responding aggressively to the NSA’s surveillance activities is not just a matter of protecting the privacy of their own customers, many of whom live overseas. That in itself is important, though, given that the US turned away Chinese tech company Huawei on the grounds that it was too closely tied to Chinese Communist Party, and that its technology could be used to spy on American citizens. American tech companies now find themselves in the similarly unpleasant position of being guilty by association. AT&T is already finding that out the hard way as it struggles to overcome the NSA taint in its efforts to get European approval for its international acquisitions. American tech companies, in other words, are now the Huaweis of everywhere else.

But this is not just a case of protecting business interests. Google, Amazon, Facebook, Yahoo, Apple, and friends are building the future. These companies control and deploy the world’s most powerful Big Data tools, as well as the data itself, being able to see – and to benefit from seeing – connections and trends otherwise visible only to governments.

They are the guardians of the “cloud,” on which the population of Earth is increasingly relying for the protection of their valuable digital goods, ranging from photographs to bank accounts.

They are the developers of biometric security tools, such as Apple’s fingerprint recognition technology on its new iPhone 5s.

They are the makers of the tools and services that integrate with our washing machines, our cars, our garage doors.

They are builders of wearable technology, such as smart watches and smart glasses, that can record life in all its minutiae.

Through their search, tracking, and predictive technologies, they are witnesses to our daily lives.

These companies and their technologies are built on data, and the data is us. If we are to have any faith in the Internet, we have to trust them to protect it. That’s a relationship dynamic that will become only more intertwined as the Internet finds its way into more aspects of our daily existences, from phones that talk to us to cars that drive themselves.

The US’s surveillance programs threaten to destroy that trust permanently.

America’s tech companies must stand up to this pervasive and corrosive surveillance system. They must ask that difficult question: “Is it worth it?”

Few industries or consortiums can match Silicon Valley’s reach or riches. Apple is sitting on $147 billion in cash. Google has about $50 billion. Facebook CEO Mark Zuckerberg put a reported $20 million of his own money into FWD.us, a political action group pushing for immigration reform. Google, Apple, and Facebook already have extensive lobbying operations in Washington DC. When they speak, Congress listens.

But this is more important than immigration reform and cash piles. This is more important than the FTC’s antitrust law against Google, for which the company hired 12 lobbying firms and spent at least $13 million. This is more important than the fight against SOPA and PIPA, for which the Internet companies came together in united opposition, which included a Wikipedia blackout and a special Google doodle to mark the occasion. This is more important than patent litigation reform and immigration reform, in support of which tech leaders have been flying into Washington to meet with the President. Silicon Valley should be pouring more resources into the debate about surveillance than any of those endeavors. It needs to exert the full might of its political muscle in a push for reform. It can’t just be a participant. At this point, it is so intrinsically tied to the NSA and our daily lives that it has to be a leader.

Because this debate, ultimately, is about liberty.

Is the surveillance worth it?

Liberty needs a lobbyist, and that lobbyist has to be Silicon Valley.