Updated by Endah
Why Obama’s NSA Reforms Won’t Solve Silicon Valley’s Trust Problem
- By Steven Levy
- 4:18 PM
President Barack Obama delivers remarks at the Justice Department in Washington, D.C. Photo: Pete Marovich/Bloomberg via Getty
When Barack Obama announced his reforms of National Security Agency surveillance programs today, few people were as interested as Larry Page, Mark Zuckerberg, Tim Cook, Marissa Mayer, and Steve Ballmer.
And the president knew it. The official order he released as he spoke — Presidential Policy Directive/PPD-28, which laid out the changes he was making — included a bow to the tech giants. High up in the document, he acknowledged that the nation’s intelligence-gathering activities risk “a potential loss of international trust in U.S. firms [and]…the credibility of our commitment to an open, interoperable, and secure global Internet.” In the battle to balance national security with vital civil liberties, the tech industry has suffered the most severe collateral damage, as trust in its products has indeed eroded. Today the president had the opportunity to cut Silicon Valley a break.
So what did the tech companies get?
As expected, they will have more freedom to disclose the number and the nature of requests from the government for data related to national-security concerns. So we can expect more detailed transparency reports from the companies showing that they only provide a fraction of their information to the government.
Additionally, the secret Foreign Intelligence Surveillance Court will add members with expertise in civil liberties and technology and will declassify more of its decisions.
And the president announced that for the first time, the U.S. would grant privacy protections to overseas individuals similar to the ones that people in the U.S. already enjoy. He specified that the government would access that information only when it felt that a target threatened national security.
The State Department will add a “senior officer to coordinate our diplomacy on issues related to technology and signals intelligence.” The tech companies undoubtedly hope that this as-yet-named official will launch a diplomatic effort to forestall the attempt of some nations to require that their citizens’ data be held locally. This so-called Balkanization could spoil the open nature of the Internet and make it hard if not impossible for businesses to operate globally.
But don’t expect celebrations in Silicon Valley — their blues in the wake of leaks made by former NSA contractor Edward Snowden are far from over. Generally, the Obama reforms tweak or constrain existing surveillance programs. But the overseas customers of U.S. companies aren’t micro-analyzing the protections the NSA takes when it accesses customer data: They are incensed that the U.S. collects the data the first place.
The president is not going to give up programs that collect bulk data — the haystacks that NSA chief General Keith Alexander insists are necessary to locate the deadly threats from enemies who may attack the U.S. Though Obama’s directive dictates limitations on how the government can use the databases it amasses, the program itself will continue. (Doing otherwise, Obama says, would irresponsibly leave us vulnerable.)
The Internet companies had hoped for an assurance that we would never see an email equivalent to the massive program that collects the metadata — phone numbers, time and duration — of all phone calls made in America. That assurance didn’t come. (Though according to the president’s new general guidelines, such a program might be debated publicly before it was implemented — and perhaps that debate could end things right there. If not, one would assume that if such a program emerged, the new restrictions on the phone metadata program would at a minimum apply to an email version.)
Obama said very little about NSA programs that create or exploit “back doors” into private databases or transmission channels. The Snowden revelations included documents outlining a startling array of programs that use popular technology products as a means to stealthily collect information. In the aggregate, these shed doubt on the products and services of US companies — and the Internet in general. This outraged the tech world. The president’s review panel had a lot of suggestions on this matter, particularly to address allegations that the NSA had lobbied to weaken encryption standards or used secret software vulnerabilities to gather information — at the expense of security in general.
But the President didn’t take on that issue. The tech companies have been beefing up their security to fight the NSA’s incursions, and Obama gave no indication that they could relax on those efforts. The security teams at Google and Yahoo will continue to make it a top priority to fortify their defenses against government intrusion.
In short, while Silicon Valley got a number of concessions, its core problems with NSA surveillance appear to remain. So it’s no surprise that a consortium of tech companies (including Google, Yahoo, Microsoft, AOL, LinkedIn, Facebook, Twitter, and Apple) perfunctorily thanked the president for “positive progress on key issues” and tactfully said that “to keep the momentum going” on those issues and ones not addressed, they’ll keep working with the administration and the legislature. In other words, they will fight like hell for measures that go farther in limiting the NSA.
There was one twist in the president’s speech. He announced the formation of a major review panel to figure out where the government stands on impact of big data on privacy. To be headed by longtime presidential adviser John Podesta (who worked on crypto policy in the Clinton Administration), this effort will look at both government and private sector activity.
This could be helpful to Silicon Valley. Part of the panel’s mission is to reach out internationally to help coordinate global regulations and standards for privacy. US companies are begging for such diplomatic efforts, especially in Europe, where privacy rules are much more restrictive and make it tough for Google, Facebook, and other companies to create products and advertising models that exploit user data.
On the other hand, the study might take a dim view of those very practices. Over the years various efforts from Google, Facebook, and others have drawn sanctions from the government. But a tough review might lead to a more sweeping conclusion that tech companies must change their approach, or recommendations for more regulation or legislation. The president himself sent a zinger to the tech companies in his speech, implying that their hands were not exactly spotless: “The challenges to our privacy do not come from government alone,” he said. “Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes; that’s how those targeted ads pop up on your computer or smartphone.”
Maybe the president is sending a message to both the NSA and the Internet companies — a message that the tech industry doesn’t want to hear: We’re in this together.