law and ethics implications of the president’s review group peter swire huang professor of law and...
Post on 29-Dec-2015
219 Views
Preview:
TRANSCRIPT
Law and Ethics Implications of the President’s Review Group
Peter Swire
Huang Professor of Law and EthicsScheller College of Business
Georgia Institute of Technology
March 28, 2014
Overview of the Talk
Intro to Review Group The central puzzle: how should we govern secret
agencies in an open democracy? History of secrecy and transparency (Watergate) RG recommendations on transparency and oversight “Declining Half Life of Secrets”
That is happening Has big implications for how IC conducts its future
business
Creation of the Review Group
Snowden leaks of 215 and Prism in June, 2013 August – Review Group named Report due in December 5 members
Our assigned task
Protect national security Advance our foreign policy, including economic
effects Protect privacy and civil liberties Maintain the public trust Reduce the risk of unauthorized disclosure
Our Report
Meetings, briefings, public comments 300+ pages in December 46 recommendations
Section 215 database “not essential” to stopping any attack; recommend government not hold phone records
Pres. Obama speech January Adopt 70% in letter or spirit Additional recommendations under study Organizational changes to NSA not adopted
An Ethical and Legal Challenge
How govern secret intelligence agencies in a democracy?
Thomas Jefferson: “An informed citizenry is the only true repository of the public will.”
Since WWII, enormous growth in IC Cold War War on Terrorism
Special concern if the secret surveillance is directed at the citizens themselves
That could threaten democracy
The Watergate Era and Secret Governance
1960’s + 1970’s: “The Crimes of the U.S. Intelligence Agencies” “Enemies list” in IRS Dirty tricks in political campaigns CIA, NSA, DoD surveillance in U.S. “National security” domestic wiretaps by J. Edgar
Hoover, without judicial review The Watergate break-in itself was to spy on domestic
political opposition, the DNC
Post-Watergate Solutions
Freedom of Information Act expanded Privacy Act: goal of no secret govt. databases Government in the Sunshine Act Foreign Intelligence Surveillance Act 1978
Domestic wiretaps for “foreign intelligence” but not vague “national security” grounds
Article III judges review each wiretap Public report on number of wiretap orders Congressional Intelligence committee oversight
Overall, shift toward transparency & oversight
Secrecy after 9/11
Surveillance of hard-to-find new targets, the terrorists secret surveillance
Sense of urgency & the Patriot Act Wars in Iraq & Afghanistan Warrant-less wiretaps (leaked 2005) Large database of phone records (leaked 2006) Snowden leaks beginning in June 2013
Section 215 domestic telephone meta-data Section 702 surveillance at targets overseas The long list of other stories
Section 215 of the Patriot Act
June 2013: surprising that most/all domestic phone records were being collected under “foreign intelligence” authorities
Unclear what other domestic surveillance was occurring Legislative proposals were pending for greater
“information sharing” from private sector to government for “cybersecurity” purposes Sharing would be permitted “notwithstanding any
other (privacy) law”
RG Findings
RG received thorough briefings Finding: Section 215 had not been essential to
preventing any attack Good news: compliance has improved in NSA since
2008 Good news: no evidence of meddling with domestic
politics
RG Rec 11: Transparency
“We recommend that the decision to keep secret from the American people programs of the magnitude of the section 215 bulk telephony meta-data program should be made only after careful deliberation at high levels of government and only with due consideration of and respect for the strong presumption of transparency that is central to democratic governance. A program of this magnitude should be kept secret from the American people only if (a) the program serves a compelling governmental interest and (b) the efficacy of the program would be substantially impaired if our enemies were to know of its existence.”
RG Recommendations on 215
RG Rec 1 & 5: End current program of government holding the records A “black box” that is hard to monitor from outside Prevent mission creep/slippery slope to many bulk
databases about domestic activities Records already held by telcos for 18 months Go to telcos when have individualized basis for
request, with judicial review President Obama this week proposed legislation, with all
of these provisions
Other RG Transparency Recommendations
RG Rec 2: Similar judicial role for National Security Letters, by FBI Shift toward disclosure far earlier than 50 years Criminal searches often revealed in 6 months
RG Rec 4 & 7: bulk collection programs narrowly tailored, only with senior review, and public whenever possible
RG Rec 6: commission a meta-data study, to bring greater transparency and policy debate on data vs. meta-data
Transparency & the IT Industry Big economic effects on public cloud computing market
Double in size 2012-2016 Studies estimate US business losses from NSA
revelations: tens of billions $/year An opening for non-U.S. providers
Market has been dominated by US companies Deutsche Telecomm and others: “Dont put your data in the
hands of the NSA and US providers” US industry response: more transparency
Boost consumer confidence that the amount of government orders is modest
Moving to More Transparency
RG Rec 9: OK to reveal number of orders, number they have complied with, information produced, and number for each legal authority (215, 702, NSL, etc.), unless compelling national security showing
RG Rec 10: more detailed government reporting of lawful access orders, by type of legal authority
RG Rec 31: US should advocate to ensure transparency for requests by other governments Put more focus on actions of other governments
DOJ agreement with companies in January
Oversight goes with Transparency
Numerous RG recommendations to improve oversight Public advocate in secret FISA court New mechanisms for whistleblowers, to the Privacy & Civil
Liberties Oversight Board An Office of Technology Assessment in PCLOB to examine
new IC technologies for privacy & civil liberties Others These build on existing FISC, Congress, Inspector General
oversight mechanisms Checks and balances against accumulation of power in the
secret agencies
Oversight for the Full National Interest
Major theme of the report is that we face multiple risks, not just national security risks Effects on allies, foreign affairs Risks to privacy & civil liberties Risks to economic growth & business
Historically, intelligence community is heavily walled off, to maintain secrecy Now, convergence of civilian and military/intelligence
communications devices, software & networks Q: How respond to the multiple risks?
Addressing Multiple Risks
RG Recs 16 & 17: New process & WH staff to review sensitive
intelligence collection in advance Senior policymakers from the economic agencies
(NEC, Commerce, USTR) should participate Monitoring to ensure compliance with policy
RG Rec 19: New process for surveillance of foreign leaders Relations with allies, with economic and other
implications, if this surveillance becomes public
Summary on These Recommendations
It is time to renew the transparency initiatives that resulted from Watergate
Fortunately, we don’t have political “enemies lists” this time
But, shouldn’t have powerful, well-budgeted watchers unless they are watched as well: By the citizenry – transparency By oversight and checks & balances
Part II: Declining Half Life of Secrets
The IC assumption was that secrets lasted a long time, such as 25-50 years
My descriptive claim – the half life of secrets is declining sharply
My normative claim – when secrets get known sooner, the IC should follow the “front page” test much more than previously That’s a hard lesson for agencies accustomed to
secrets that stay secret for 25+ years We have seen what the front page can do if the
agencies don’t take that seriously
Threat Model: The System Administrator
Theme: system administrator as important threat Snowden’s job was to move files He did that RG Response: new tech to reduce system
administrator privileges But
It is hard to separate IT functions in a strict way So, secrets can get out
Threat: The Sys Admin & Sociology
Contrast of USG & Silicon Valley view of Snowden on traitor v. whistleblower
USG: with all the briefings, I have not yet found an IC or other USG person who says WB
Silicon Valley: In one company, over 90% say WB “Thunderous applause” for Snowden at SXSW Schneier: WB the civil disobedience of this generation
Sociological chasm between left coast and right coast Solution: IC shouldn’t hire any techies? EFF membership as
disqualification for security clearance? Those won’t work
The Insider and Big Data
How much can an insider leak? A lot. One thumb drive can ruin your whole day. Already knew the insider threat, now learn the sys
admin threat One CIO: “My goal is that leaks happen only by a
printer”
How well can an insider disseminate secrets? Old days: Ellsberg needed the NY Times Today: Wikileaks, no gatekeeper to the Internet
Crowd-sourcing & the Internet of Things
The mosaic theory turns against the IC Bigger effort to publicly reveal IC activities The Internet of Things – more sensors in private
hands, networked Crowd-sourcing – once some data is revealed, the
world collaborates to put the pieces together Hence, major trends in computing speed the revelation
of IC secrets
IC Targets and Private IT Systems
The good old days: Covert ops – few people knew Signals -- for radio, often passively pick up signals
Today the targets are well-defended IT systems: Reports of bulk collection inside private
telecomm/Internet systems Those systems may have EFF-leaning employees, as
they do daily intrusion detection on their systems Risk higher than before that someone outside of the
IC will detect intrusions/year and report that
Summary on Half Life of Secrets
Insider threats, with sociology risky for secrets Big Data Internet of Things Crowdsourcing Decline of gatekeepers Private systems can detect intrusions In short, if you were in the IC, would you bet on
things staying secret for 25 or 50 years?
Implications of Declining Half Life of Secrets
Previously, the IC often ignored the “front page test” Jack Nicholson & “you can’t handle the truth” in A
Few Good Men But, how many front page stories this year? Declining half life of secrets means higher expected
value of revelations – bigger negative effect if ignore the front page test
RG: effects on foreign affairs, economics, Internet governance, so USG should consider these multiple effects and not isolate IC decisions
Conclusion
Are pessimists correct that nothing will change? Section 215 program quite possibly will end DOJ agreed to the transparency agreement EU privacy regulation seemed dead, but Snowden-
related sentiments resulted this month in EU Parliament 621-10 in favor
We are in a period where change is possible Carpe diem
top related