Snowden + 1: reflections on a sobering year

It’s a year today since the first of Edward Snowden’s revelations about global surveillance appeared. All over the world there are events marking the anniversary, so it seems a good time to take stock.

First, some ground-clearing.

  1. I’ve been saying almost from the beginning that Snowden is not the story. It follows that whether one regards him as a hero or a villain is moot. What matters is what he has revealed about the state of our networked world.
  2. I don’t think there’s much mileage either in demonising the security agencies. They’re doing a job that’s been specified for them by their political masters. There are, of course, always grounds for being suspicious of secretive agencies, and there’s plenty of evidence of past wrongdoing in MI5/6, the CIA, the FBI and our own dear Metropolitan Police (and maybe also the NSA, though I’m not up to speed on its history in that regard). Maybe there are rogue elements loose in their contemporary manifestations, but what Snowden has revealed is so systemic and large-scale as to relegate individual malfeasance to the status of noise in the signal. The buck we are dealing with at the moment stops with the politicians: the missions they have tasked the agencies with carrying out, the laws they have made and the ‘oversight’ mechanisms they have devised and are now operating. (That’s not to say that the agencies are blameless, by the way, or that they don’t play a hidden role in lawmaking. I’m sure that, for example, the UK Regulation of Investigatory Powers Act owed quite a lot to internal lobbying by GCHQ and MI5. But in terms of the post-Snowden fallout, that’s a secondary issue just at the moment.)
  3. The official protestations that if Snowden had been a serious whistleblower then he should have confided his concerns to his superiors is laughable cant. Does anybody seriously believe that we would be having the debates we’re having if Snowden hadn’t done what he’s done? In this context, the experience of William Binney is key. He saw what was happening (ie that the NSA was spying on American citizens using the tools that he had designed) and resigned from the Agency. Nothing happened. Nothing.

Having got that stuff out of he way, where are we now?

My colleague David Runciman makes a useful distinction between scandals and crises. Scandals happen all the time in democracies; they generate violent controversies, lots of media coverage and maybe public discussion. But they pass and nothing much changes. Normal life resumes. Crises, on the other hand, do eventually lead to significant reform or change. When the British phone-hacking story broke, many of us felt that it was a genuine crisis that would lead to significant change in the way the tabloid newspapers behaved. But now it looks as though it was just a scandal, because nothing significant will have changed, despite the Leveson Inquiry and its aftermath. The newspaper industry will continue to ‘regulate’ itself, and the newspapers will continue to behave badly.

The big question about the surveillance controversy, therefore, is whether it is a scandal or a crisis. And my reading of events to date is not encouraging: it will turn out to have been a scandal, not a crisis, because I can see no evidence that the relevant governments have any intention of changing their practices. That’s not to say that there haven’t been flurries of activity. Obama set up his famous Intelligence Review Panel of five wise men (all of them insiders, of course), and they duly produced a 300-page report with its 46 recommendations for consideration by the administration. But a close reading of Obama’s recent speech and the resulting Presidential Policy Directive suggests that nothing fundamental is going the change.

As Benjamin Wittes of the Brookings Institution puts it,

“In his speech Obama squarely aligns himself with the intelligence community’s own central narrative of recent events: Its activities are essential, the president says; its activities are lawful and non-abusive (mistakes notwithstanding); and the community’s critics will hold it accountable for failures to connect the dots just as breezily as they now hold it accountable for the use of available tools to connect those dots.

That said, Obama goes on, we need changes. But Obama is careful to describe the reasons we need changes. It’s not to rein in an out of control intelligence community. It’s because “for our intelligence community to be effective over the long haul, we must maintain the trust of the American people, and people around the world.”

What that means is that the US will unapologetically continue its bulk collection and other programmes; continue to ignore the privacy rights of non-Americans; and so on. The mood music is different, of course; lip-service is paid to the need to be respectful of others, etc. But in the end, the national security of the United States trumps everything.

It will be the same story in Britain. The Intelligence Services Committee has launched an investigation, the results of which are not yet available. My hunch is that while there will be more soothing mood music, along the lines essayed by the Chairman of the Committee, Sir Malcolm Rifkind, in his recent Wadham Lecture at Oxford which concluded thus:

True public servants operate with noble motivations, lawful authority, and subject to rigorous oversight. These are the values that distinguish public servants from a public threat. That is how those who work for our intelligence agencies see themselves. That is how most of the public see them. That has been my own experience seeing them at work over a number of years. It is in all our interests that that should remain their justified reputation in the Internet Age.

In practice, therefore, there will be no substantial change. We will continue to have ‘oversight theatre’ rather than rigorous democratic accountability. And I expect that the Foreign Secretary will continue to intone his if-you-have-nothing-to-hide-then-you-have-nothing-to-fear mantra. And all this will be tolerated because the Great British Public appears to be largely relaxed about the whole business.

The only developments that might transform it from a scandal into a crisis are (a) possible action by the EU or by some European governments (notably Germany); (b) really vigorous pushback by the American Internet giants who are concerned about the long-term damage that the Snowden revelations is inflicting on their businesses; and (c) intensive technological resistance by engineering and Internet community activists.

On (a), I’ll believe it when I see it. In this respect, when EU governments are confronted with a bleak choice between confronting an implacable United States and doing nothing, most — even Germany — will choose the latter course. On (b) we’re seeing steps like Google offering end-to-end encryption for Gmail users, implementing perfect forward secrecy on communications between its server farms and laying its own intercontinental fibre-optic cables. But the companies are inextricably compromised in all this because they’re all in the same business as the NSA — comprehensive, intensive surveillance. And on (c) we see tech resistance like the IETF’s determination to insert more encryption in the Internet’s internal workings, which is a bit like putting treacle into the NSA’s surveillance machine, vigorous calls to arms by sages like Eben Moglen and renewed calls to citizens to use TOR and other protective technologies.

All good stuff, which I hope will have beneficial effects. But without political change — which will only happen if, in the end, there is widespread and palpable public concern and outrage — these reactions will have only limited impact. One of the mistakes that we techno-utopians made was to assume that technology would eventually trump politics. I remember thinking that when PGP first appeared in the early 1990s. At last the average citizen could have the same privacy from government (and other snooping) that the state had hitherto reserved for itself. And then along came the aforementioned RIPA in 2000 with its provision that a duly-authorised agent of the Home Secretary (aka Minister of the Interior) could demand that one hand over one’s encryption keys or face a gaol sentence of two years. For most people, caving in would be a no-brainer. And suddenly technology didn’t look so omnipotent after all.

So a bleak — but I fear realistic — conclusion is that the national surveillance state is here to stay. Our democracies seem unwilling, or unable, to choose a different path. If that’s true, then we need to start thinking about what lies ahead. What we’re likely to see is the emergence of a bi-polar world in which there are two competing surveillance empires: one run by the US and its allies, the other run by the Chinese. Think of it as Apple’s IoS and Google’s Android. In those circumstances, the stuff that Ross Anderson has been writing recently suddenly seems very apposite. In a surveillance ‘market’, Ross asks, why shouldn’t the network effects that dominate commercial competition in information markets come into play? “The Snowden papers”, he writes,

reveal that the modern world of signals intelligence exhibits strong network effects which cause surveillance platforms to behave much like operating systems or social networks. So while India used to be happy to buy warplanes from Russia (and they still do), they now share intelligence with the NSA as it has the bigger network. Networks also tend to merge, so we see the convergence of intelligence with law enforcement everywhere, from PRISM to the UK Communications Data Bill.

There is an interesting cultural split in that while the IT industry understands network effects extremely well, the international relations community pays almost no attention to it. So it’s not just a matter of the left coast thinking Snowden a whistleblower and the right coast thinking him a traitor; there is a real gap in the underlying conceptual analysis.

That is a shame. The global surveillance network that’s currently being built by the NSA, GCHQ and its collaborator agencies in dozens of countries may become a new international institution, like the World Bank or the United Nations, but more influential and rather harder to govern. And just as Britain’s imperial network of telegraph and telephone cables survived the demise of empire, so the global surveillance network may survive America’s pre-eminence. Mr Obama might care to stop and wonder whether the amount of privacy he extends to a farmer in the Punjab today might be correlated with what amount of privacy the ruler of China will extend to his grandchildren in fifty years’ time. What goes around, comes around.

It sure does.