The “USA Freedom Act”—which its proponents were heralding as “NSA reform” despite its suffocatingly narrow scope—died in the august U.S. Senate last night when it attracted only 58 of the 60 votes needed to close debate and move on to an up-or-down vote. All Democratic and independent senators except one (Bill Nelson of Florida) voted in favor of the bill, as did three tea-party GOP Senators (Ted Cruz, Mike Lee, and Dean Heller). One GOP Senator, Rand Paul, voted against it on the ground that it did not go nearly far enough in reining in the NSA. On Monday, the White House had issued a statement “strongly supporting” the bill.
The “debate” among the Senators that preceded the vote was darkly funny and deeply boring, in equal measure. The black humor was due to the way one GOP senator after the next—led by ranking intelligence committee member Saxby Chambliss of Georgia (pictured above)—stood up and literally screeched about 9/11 and ISIS over and over and over, and then sat down as though they had made a point. Their scary script had been unveiled earlier that morning by a Wall Street Journal op-ed by former Bush Attorney General Mike Mukasey and former CIA and NSA Director Mike Hayden warning that NSA reform would make the terrorists kill you; it appeared under this Onion-like headline:
So the pro-NSA Republican senators were actually arguing that if the NSA were no longer allowed to bulk-collect the communication records of Americans inside the U.S., then ISIS would kill you and your kids. But because they were speaking in an empty chamber and only to their warped and insulated D.C. circles and sycophantic aides, there was nobody there to cackle contemptuously or tell them how self-evidently moronic it all was. So they kept their Serious Faces on like they were doing The Nation’s Serious Business, even though what was coming out of their mouths sounded like the demented ramblings of a paranoid End is Nigh cult.
The boredom of this spectacle was simply due to the fact that this has been seen so many times before—in fact, every time in the post-9/11 era that the U.S. Congress pretends publicly to debate some kind of foreign policy or civil liberties bill. Just enough members stand up to scream “9/11” and “terrorism” over and over until the bill vesting new powers is passed or the bill protecting civil liberties is defeated.
Eight years ago, when this tawdry ritual was still a bit surprising to me, I live-blogged the 2006 debate over passage of the Military Commissions Act, which, with bipartisan support, literally abolished habeas corpus rights established by the Magna Carta by sanctioning detention without charges or trial. (My favorite episode there was when GOP Sen. Arlen Specter warned that “what the bill seeks to do is set back basic rights by some nine hundred years,” and then voted in favor of its enactment.) In my state of naive disbelief, as one senator after the next thundered about the “message we are sending” to “the terrorists,” I wrote: “The quality of the ‘debate’ on the Senate floor is so shockingly (though appropriately) low and devoid of substance that it is hard to watch.”
So watching last night’s Senate debate was like watching a repeat of some hideously shallow TV show. The only new aspect was that the aging Al Qaeda villain has been rather ruthlessly replaced by the show’s producers with the younger, sleeker ISIS model. Showing no gratitude at all for the years of value it provided these senators, they ignored the veteran terror group almost completely in favor of its new replacement. And they proceeded to save a domestic surveillance program clearly unpopular among those they pretend to represent.
There is a real question about whether the defeat of this bill is good, bad, or irrelevant. To begin with, it sought to change only one small sliver of NSA mass surveillance (domestic bulk collection of phone records under section 215 of the Patriot Act) while leaving completely unchanged the primary means of NSA mass surveillance, which takes place under section 702 of the FISA Amendments Act, based on the lovely and quintessentially American theory that all that matters are the privacy rights of Americans (and not the 95 percent of the planet called “non-Americans”).
There were some mildly positive provisions in the USA Freedom Act: the placement of “public advocates” at the FISA court to contest the claims of the government; the prohibition on the NSA holding Americans’ phone records, requiring instead that they obtain FISA court approval before seeking specific records from the telecoms (which already hold those records for at least 18 months); and reducing the agency’s “contact chaining” analysis from three hops to two. One could reasonably argue (as the ACLU and EFF did) that, though woefully inadequate, the bill was a net-positive as a first step toward real reform, but one could also reasonably argue, as Marcy Wheeler has with characteristic insight, that the bill is so larded with ambiguities and fundamental inadequacies that it would forestall better options and advocates for real reform should thus root for its defeat.
When pro-privacy members of Congress first unveiled the bill many months ago, it was actually a good bill: real reform. But the White House worked very hard— in partnership with the House GOP—to water that bill down so severely that what the House ended up passing over the summer did more to strengthen the NSA than rein it in, which caused even the ACLU and EFF to withdraw their support. The Senate bill rejected last night was basically a middle ground between that original, good bill and the anti-reform bill passed by the House.
* * * * *
All of that illustrates what is, to me, the most important point from all of this: the last place one should look to impose limits on the powers of the U.S. government is . . . the U.S. government. Governments don’t walk around trying to figure out how to limit their own power, and that’s particularly true of empires.
The entire system in D.C. is designed at its core to prevent real reform. This Congress is not going to enact anything resembling fundamental limits on the NSA’s powers of mass surveillance. Even if it somehow did, this White House would never sign it. Even if all that miraculously happened, the fact that the U.S. intelligence community and National Security State operates with no limits and no oversight means they’d easily co-opt the entire reform process. That’s what happened after the eavesdropping scandals of the mid-1970s led to the establishment of congressional intelligence committees and a special FISA “oversight” court—the committees were instantly captured by putting in charge supreme servants of the intelligence community like Senators Dianne Feinstein and Chambliss, and Congressmen Mike Rogers and “Dutch” Ruppersberger, while the court quickly became a rubber stamp with subservient judges who operate in total secrecy.
Ever since the Snowden reporting began and public opinion (in both the U.S. and globally) began radically changing, the White House’s strategy has been obvious. It’s vintage Obama: Enact something that is called “reform”—so that he can give a pretty speech telling the world that he heard and responded to their concerns—but that in actuality changes almost nothing, thus strengthening the very system he can pretend he “changed.” That’s the same tactic as Silicon Valley, which also supported this bill: Be able to point to something called “reform” so they can trick hundreds of millions of current and future users around the world into believing that their communications are now safe if they use Facebook, Google, Skype and the rest.
In pretty much every interview I’ve done over the last year, I’ve been asked why there haven’t been significant changes from all the disclosures. I vehemently disagree with the premise of the question, which equates “U.S. legislative changes” with “meaningful changes.” But it has been clear from the start that U.S. legislation is not going to impose meaningful limitations on the NSA’s powers of mass surveillance, at least not fundamentally. Those limitations are going to come from—are now coming from —very different places:
1) Individuals refusing to use internet services that compromise their privacy. The FBI and other U.S. government agencies, as well as the U.K. Government, are apoplectic over new products from Google and Apple that are embedded with strong encryption, precisely because they know that such protections, while far from perfect, are serious impediments to their power of mass surveillance. To make this observation does not mean, as some deeply confused people try to suggest, that one believes that Silicon Valley companies care in the slightest about people’s privacy rights and civil liberties.
As much of the Snowden reporting has proven, these companies don’t care about any of that. Just as the telecoms have been for years, U.S. tech companies were more than happy to eagerly cooperate with the NSA in violating their users’ privacy en masse when they could do so in the dark. But it’s precisely because they can’t do it in the dark any more that things are changing, and significantly. That’s not because these tech companies suddenly discovered their belief in the value of privacy. They haven’t, and it doesn’t take any special insight or brave radicalism to recognize that. That’s obvious.
Instead, these changes are taking place because these companies are petrified that the perception of their collaboration with the NSA will harm their future profits, by making them vulnerable to appeals from competing German, Korean, and Brazilian social media companies that people shouldn’t use Facebook or Google because they will hand over that data to the NSA. That—fear of damage to future business prospects—is what is motivating these companies to at least try to convince users of their commitment to privacy. And the more users refuse to use the services of Silicon Valley companies that compromise their privacy—and, conversely, resolve to use only truly pro-privacy companies instead—the stronger that pressure will become.
Those who like to claim that nothing has changed from the NSA revelations simply ignore the key facts, including the serious harm to the U.S. tech sector from these disclosures, driven by the newfound knowledge that U.S. companies are complicit in mass surveillance. Obviously, tech companies don’t care at all about privacy, but they care a lot about that.
Just yesterday, the messaging service WhatsApp announced that it “will start bringing end-to-end encryption to its 600 million users,” which “would be the largest implementation of end-to-end encryption ever.” None of this is a silver bullet: the NSA will work hard to circumvent this technology and tech companies are hardly trustworthy, being notoriously close to the U.S. government and often co-opted themselves. But as more individuals demand more privacy protection, the incentives are strong. As The Verge notes about WhatsApp’s new encryption scheme, “‘end-to-end’ means that, unlike messages encrypted by Gmail or Facebook Chat, WhatsApp won’t be able to decrypt the messages itself, even if the company is compelled by law enforcement.”
2) Other countries taking action against U.S. hegemony over the internet. Most people who claim nothing has changed from the Snowden disclosures are viewing the world jingoistically, with the U.S. the only venue that matters. But the real action has long been in other countries, acting individually and jointly to prevent U.S. domination of the internet.
Brazil is building a new undersea internet infrastructure specifically to avoid U.S. soil and thus NSA access. That same country punished Boeing by denying the U.S. contractor a long-expected $4.5 billion contract for fighter jets in protest over NSA spying. Another powerful country, Germany, has taken the lead with Brazil in pushing for international institutions and regulatory schemes to place real limits on NSA mass surveillance. U.S. diplomatic relations with numerous key countries have been severely hampered by revelations of mass surveillance.
In July, Pew reported that “a new…survey finds widespread global opposition to U.S. eavesdropping and a decline in the view that the U.S. respects the personal freedoms of its people” and that, while the U.S. remains popular in many countries, particularly relative to others such as China, “in nearly all countries polled, majorities oppose monitoring by the U.S. government of emails and phone calls of foreign leaders or their citizens.” After just one year of Snowden reporting, there have been massive drops in the percentage of people who believe “the U.S. government respects personal freedom,” with the biggest drops coming in key countries that saw the most NSA reporting:
All of that has significantly increased the costs for the U.S. to continue to subject the world, and the internet, to dragnets of mass surveillance. It has resulted in serious political, diplomatic, and structural impediments to ongoing spying programs. And it has meaningfully altered world opinion on all of these critical questions.
3) U.S. court proceedings. A U.S. federal judge already ruled that the NSA’s domestic bulk collection program likely violates the 4th Amendment, and in doing so, obliterated many of the government’s underlying justifications. Multiple cases are now on appeal, almost certainly headed to the Supreme Court. None of this was possible in the absence of Snowden disclosures.
For a variety of reasons, when it comes to placing real limits on the NSA, I place almost as little faith in the judiciary as I do in the Congress and executive branch. To begin with, the Supreme Court is dominated by five right-wing justices on whom the Obama Justice Department has repeatedly relied to endorse their most extreme civil-liberties-destroying theories. For another, of all the U.S. institutions that have completely abdicated their role in the post-9/11 era, the federal judiciary has probably been the worst, the most consistently subservient to the National Security State.
Still, there is some chance that one of these cases will result in a favorable outcome that restores some 4th Amendment protections inside the U.S. The effect is likely to be marginal, but not entirely insignificant.
4) Greater individual demand for, and use of, encryption. In the immediate aftermath of the first Snowden reports, I was contacted by countless leading national security reporters in the U.S., who work with the largest media outlets, seeking an interview with Snowden. But there was a critical problem: despite working every day on highly sensitive matters, none of them knew anything about basic encryption methods, nor did their IT departments. Just a few short months later, well over 50 percent of the journalists who emailed me did so under the protection of PGP encryption. Today, if any journalist emails me without encryption, they do so apologetically and with embarrassment.
That is reflective of a much broader change from the Snowden reporting, perhaps the most important one: a significantly increased awareness of the need for encryption and its usage around the world. As Wired reported in May:
Early last year—before the Snowden revelations—encrypted traffic accounted for 2.29 percent of all peak hour traffic in North America, according to Sandvine’s report. Now, it spans 3.8 percent. But that’s a small jump compared to other parts of the world. In Europe, encrypted traffic went from 1.47 percent to 6.10 percent, and in Latin America, it increased from 1.8 percent to 10.37 percent.
As a result, there are people genuinely devoted to privacy (as opposed to Silicon Valley profit-driven companies) developing all-new, free encryption capabilities. The New York Times recently urged all media outlets to provide default “HTTPS” protection for their sites to protect user privacy (The Intercept is currently only one of three news sites to do so).
Increased individual encryption use is a serious impediment to NSA mass surveillance: far stronger than any laws the U.S. Congress might pass. Aside from the genuine difficulty the agency has in cracking well-used encryption products, increased usage presents its own serious problem. Right now, the NSA—based on the warped mindset that anyone who wants to hide what they’re saying from the NSA is probably a Bad Person—views “encryption usage” as one of its key factors in determining who is likely a terrorist. But that only works if 10,000 people around the world use encryption. Once that number increases to 1 million, and then to 10 million, and then to default usage, the NSA will no longer be able to use encryption usage as a sign of Bad People. Rather than being a red flag, encryption will simply be a brick wall: one that individuals have placed between the snooping governments and their online activities. That is a huge change, and it is coming.
So let Saxby Chambliss and Susan Collins and Marco Rubio scream into their insular void about ISIS and 9/11 and terrorism. Let Barack Obama, Dianne Feinstein and Nancy Pelosi deceitfully march under a “reform” banner as they do everything possible to protect the NSA from any real limits. Let the NSA and other national security officials sit smugly in the knowledge that none of the political branches in D.C. can meaningfully limit them even if they wanted to (which they don’t).
The changes from the Snowden disclosures are found far from the Kabuki theater of the D.C. political class, and they are unquestionably significant. That does not mean the battle is inevitably won: The U.S. remains the most powerful government on earth, has all sorts of ways to continue to induce the complicity of big Silicon Valley firms, and is not going to cede dominion over the internet easily. But the battle is underway and the forces of reform are formidable—not because of anything the U.S. congress is doing, but despite it.
Photo: Alex Wong/Getty Images