310 likes | 321 Views
This talk explores the implications of the President's Review Group recommendations on transparency, oversight, and the governance of secret agencies in an open democracy.
E N D
Law and Ethics Implications of the President’s Review Group Peter Swire Huang Professor of Law and Ethics Scheller College of Business Georgia Institute of Technology March 28, 2014
Overview of the Talk • Intro to Review Group • The central puzzle: how should we govern secret agencies in an open democracy? • History of secrecy and transparency (Watergate) • RG recommendations on transparency and oversight • “Declining Half Life of Secrets” • That is happening • Has big implications for how IC conducts its future business
Creation of the Review Group • Snowden leaks of 215 and Prism in June, 2013 • August – Review Group named • Report due in December • 5 members
Our assigned task • Protect national security • Advance our foreign policy, including economic effects • Protect privacy and civil liberties • Maintain the public trust • Reduce the risk of unauthorized disclosure
Our Report • Meetings, briefings, public comments • 300+ pages in December • 46 recommendations • Section 215 database “not essential” to stopping any attack; recommend government not hold phone records • Pres. Obama speech January • Adopt 70% in letter or spirit • Additional recommendations under study • Organizational changes to NSA not adopted
An Ethical and Legal Challenge • How govern secret intelligence agencies in a democracy? • Thomas Jefferson: “An informed citizenry is the only true repository of the public will.” • Since WWII, enormous growth in IC • Cold War • War on Terrorism • Special concern if the secret surveillance is directed at the citizens themselves • That could threaten democracy
The Watergate Era and Secret Governance • 1960’s + 1970’s: “The Crimes of the U.S. Intelligence Agencies” • “Enemies list” in IRS • Dirty tricks in political campaigns • CIA, NSA, DoD surveillance in U.S. • “National security” domestic wiretaps by J. Edgar Hoover, without judicial review • The Watergate break-in itself was to spy on domestic political opposition, the DNC
Post-Watergate Solutions • Freedom of Information Act expanded • Privacy Act: goal of no secret govt. databases • Government in the Sunshine Act • Foreign Intelligence Surveillance Act 1978 • Domestic wiretaps for “foreign intelligence” but not vague “national security” grounds • Article III judges review each wiretap • Public report on number of wiretap orders • Congressional Intelligence committee oversight • Overall, shift toward transparency & oversight
Secrecy after 9/11 • Surveillance of hard-to-find new targets, the terrorists secret surveillance • Sense of urgency & the Patriot Act • Wars in Iraq & Afghanistan • Warrant-less wiretaps (leaked 2005) • Large database of phone records (leaked 2006) • Snowden leaks beginning in June 2013 • Section 215 domestic telephone meta-data • Section 702 surveillance at targets overseas • The long list of other stories
Section 215 of the Patriot Act • June 2013: surprising that most/all domestic phone records were being collected under “foreign intelligence” authorities • Unclear what other domestic surveillance was occurring • Legislative proposals were pending for greater “information sharing” from private sector to government for “cybersecurity” purposes • Sharing would be permitted “notwithstanding any other (privacy) law”
RG Findings • RG received thorough briefings • Finding: Section 215 had not been essential to preventing any attack • Good news: compliance has improved in NSA since 2008 • Good news: no evidence of meddling with domestic politics
RG Rec 11: Transparency “We recommend that the decision to keep secret from the American people programs of the magnitude of the section 215 bulk telephony meta-data program should be made only after careful deliberation at high levels of government and only with due consideration of and respect for the strong presumption of transparency that is central to democratic governance. A program of this magnitude should be kept secret from the American people only if (a) the program serves a compelling governmental interest and (b) the efficacy of the program would be substantially impaired if our enemies were to know of its existence.”
RG Recommendations on 215 • RG Rec 1 & 5: End current program of government holding the records • A “black box” that is hard to monitor from outside • Prevent mission creep/slippery slope to many bulk databases about domestic activities • Records already held by telcos for 18 months • Go to telcos when have individualized basis for request, with judicial review • President Obama this week proposed legislation, with all of these provisions
Other RG Transparency Recommendations • RG Rec 2: Similar judicial role for National Security Letters, by FBI • Shift toward disclosure far earlier than 50 years • Criminal searches often revealed in 6 months • RG Rec 4 & 7: bulk collection programs narrowly tailored, only with senior review, and public whenever possible • RG Rec 6: commission a meta-data study, to bring greater transparency and policy debate on data vs. meta-data
Transparency & the IT Industry • Big economic effects on public cloud computing market • Double in size 2012-2016 • Studies estimate US business losses from NSA revelations: tens of billions $/year • An opening for non-U.S. providers • Market has been dominated by US companies • Deutsche Telecomm and others: “Dont put your data in the hands of the NSA and US providers” • US industry response: more transparency • Boost consumer confidence that the amount of government orders is modest
Moving to More Transparency • RG Rec 9: OK to reveal number of orders, number they have complied with, information produced, and number for each legal authority (215, 702, NSL, etc.), unless compelling national security showing • RG Rec 10: more detailed government reporting of lawful access orders, by type of legal authority • RG Rec 31: US should advocate to ensure transparency for requests by other governments • Put more focus on actions of other governments • DOJ agreement with companies in January
Oversight goes with Transparency • Numerous RG recommendations to improve oversight • Public advocate in secret FISA court • New mechanisms for whistleblowers, to the Privacy & Civil Liberties Oversight Board • An Office of Technology Assessment in PCLOB to examine new IC technologies for privacy & civil liberties • Others • These build on existing FISC, Congress, Inspector General oversight mechanisms • Checks and balances against accumulation of power in the secret agencies
Oversight for the Full National Interest • Major theme of the report is that we face multiple risks, not just national security risks • Effects on allies, foreign affairs • Risks to privacy & civil liberties • Risks to economic growth & business • Historically, intelligence community is heavily walled off, to maintain secrecy • Now, convergence of civilian and military/intelligence communications devices, software & networks • Q: How respond to the multiple risks?
Addressing Multiple Risks • RG Recs 16 & 17: • New process & WH staff to review sensitive intelligence collection in advance • Senior policymakers from the economic agencies (NEC, Commerce, USTR) should participate • Monitoring to ensure compliance with policy • RG Rec 19: New process for surveillance of foreign leaders • Relations with allies, with economic and other implications, if this surveillance becomes public
Summary on These Recommendations • It is time to renew the transparency initiatives that resulted from Watergate • Fortunately, we don’t have political “enemies lists” this time • But, shouldn’t have powerful, well-budgeted watchers unless they are watched as well: • By the citizenry – transparency • By oversight and checks & balances
Part II: Declining Half Life of Secrets • The IC assumption was that secrets lasted a long time, such as 25-50 years • My descriptive claim – the half life of secrets is declining sharply • My normative claim – when secrets get known sooner, the IC should follow the “front page” test much more than previously • That’s a hard lesson for agencies accustomed to secrets that stay secret for 25+ years • We have seen what the front page can do if the agencies don’t take that seriously
Threat Model: The System Administrator • Theme: system administrator as important threat • Snowden’s job was to move files • He did that • RG Response: new tech to reduce system administrator privileges • But • It is hard to separate IT functions in a strict way • So, secrets can get out
Threat: The Sys Admin & Sociology • Contrast of USG & Silicon Valley view of Snowden on traitor v. whistleblower • USG: with all the briefings, I have not yet found an IC or other USG person who says WB • Silicon Valley: • In one company, over 90% say WB • “Thunderous applause” for Snowden at SXSW • Schneier: WB the civil disobedience of this generation • Sociological chasm between left coast and right coast • Solution: IC shouldn’t hire any techies? EFF membership as disqualification for security clearance? • Those won’t work
The Insider and Big Data • How much can an insider leak? • A lot. One thumb drive can ruin your whole day. • Already knew the insider threat, now learn the sys admin threat • One CIO: “My goal is that leaks happen only by a printer” • How well can an insider disseminate secrets? • Old days: Ellsberg needed the NY Times • Today: Wikileaks, no gatekeeper to the Internet
Crowd-sourcing & the Internet of Things • The mosaic theory turns against the IC • Bigger effort to publicly reveal IC activities • The Internet of Things – more sensors in private hands, networked • Crowd-sourcing – once some data is revealed, the world collaborates to put the pieces together • Hence, major trends in computing speed the revelation of IC secrets
IC Targets and Private IT Systems • The good old days: • Covert ops – few people knew • Signals -- for radio, often passively pick up signals • Today the targets are well-defended IT systems: • Reports of bulk collection inside private telecomm/Internet systems • Those systems may have EFF-leaning employees, as they do daily intrusion detection on their systems • Risk higher than before that someone outside of the IC will detect intrusions/year and report that
Summary on Half Life of Secrets • Insider threats, with sociology risky for secrets • Big Data • Internet of Things • Crowdsourcing • Decline of gatekeepers • Private systems can detect intrusions • In short, if you were in the IC, would you bet on things staying secret for 25 or 50 years?
Implications of Declining Half Life of Secrets • Previously, the IC often ignored the “front page test” • Jack Nicholson & “you can’t handle the truth” in A Few Good Men • But, how many front page stories this year? • Declining half life of secrets means higher expected value of revelations – bigger negative effect if ignore the front page test • RG: effects on foreign affairs, economics, Internet governance, so USG should consider these multiple effects and not isolate IC decisions
Conclusion • Are pessimists correct that nothing will change? • Section 215 program quite possibly will end • DOJ agreed to the transparency agreement • EU privacy regulation seemed dead, but Snowden-related sentiments resulted this month in EU Parliament 621-10 in favor • We are in a period where change is possible • Carpe diem