Edward Snowden’s revelation that the US government was spying on millions of communications between civilians sent shock waves through Silicon Valley. Major technology companies that had often been complicit in the surveillance program, such as Facebook, Google, and Apple realized the full extent of government spying and faced public outcry over the lack of user privacy. They responded swiftly with heightened security measures; now, the Apple iPhone’s iMessage and Facetime, Facebook’s Messenger and WhatsApp, and Google’s Gmail, among other apps and services in the tech industry, use end-to-end encryption. In essence, end-to-end encryption ensures that companies are not able to break the encryption on their own users’ messages. Only the sender and recipient — the two “end” points of the information transaction — have the “key” to decipher a message.

If the NSA knocks on Yahoo!’s door requesting information with the threat of a $250,000 per day fine for noncompliance, as the NSA did last year, Yahoo! doesn’t even need to refuse. They can respond, correctly, that they simply don’t have the information. This new security method has made government surveillance more difficult, although certainly not impossible (formal requests for user information are hardly the only means of intelligence-gathering) and has affirmed company user privacy agreements. However, end-to-end encryption faces firm opposition from federal agencies and the threat of legislative regulation.

In November, UK Home Secretary Theresa May announced the Snoopers Charter, a proposed draft of the Investigatory Power Bill, which aims to update existing information communication regulations in light of new technologies. For months, many in the tech industry feared an outright ban of end-to-end encryption in the bill. The final piece of legislation is more nuanced, but serves the same ends of opening user information up to government access. Section 189 of the Snoopers Charter declares the Secretary of State may issue orders to companies “relating to the removal of electronic protection applied…to any communication or data.” In effect, the government would be able to order tech companies to remove end-to-end encryption or, more likely, ask Facebook, Google, or Apple to reengineer end-to-end encryption to provide a “back-door” for government intelligence agency access.

Currently, there are no similar proposals on this side of the Atlantic, but the US federal government has voiced similar opposition to end-to-end encryption. FBI Director James Cromey and Deputy Attorney General Sally Ouillian Yates recently testified to the Congress on this very issue. Cromey provided the amusing description of end-to-end encrypted messages intercepted by the government as “gobbledygook.” Yates spoke more firmly on the issue. A mandate on companies using end-to-end encryption “may ultimately be necessary,” she said. Noting that critics of the Snoopers Charter and policies like it often assert that engineering a “backdoor” is not possible, Yates responded, “Maybe no one will be creative enough [to solve the problem] unless you force them to.”

Efforts to pass regulations in response to new security technology could, however, run into legal and constitutional roadblocks. End-to-end encryption may be defended under the Fourth Amendment right to privacy against unreasonable search, as wiretapping often occurs without proper warrants on civilians who are not suspected of being involved in criminal activity.

Efforts to pass regulations in response to new security technology could, however, run into legal and constitutional roadblocks. End-to-end encryption may be defended under the Fourth Amendment right to privacy against unreasonable search, as wiretapping often occurs without proper warrants on civilians who are not suspected of being involved in criminal activity. A 2013 Supreme Court case on this grounds was dismissed, but simply because the plaintiffs could not prove they had been wiretapped. End-to-end encryption puts barriers on mass government surveillance and, therefore, may be defended as a means of ensuring Fourth Amendment privacy.

Issues of government-enforced decryption may also jeopardize Fifth Amendment protection against self-incrimination. With end-to-end encryption in effect and companies unable to comply with law enforcement orders, there have been requests in criminal cases that the accused decrypt their own phones, computers, or individual files for evidence gathering or be held in contempt of court for “obstruction of justice.” The question of whether decryption is a form of self-incrimination has yet to be decided definitively. Cases on the subject have vacillated back and forth on the issue. Jason Grimmelmann, a University of Maryland Law School Professor, has said the decision comes down to whether police have a justifiable reason to demand decryption, “If the police don’t know what they’re going to find inside,” he says, “they can’t make you unlock it.” Mass surveillance can similarly be cast as a blind search for incriminating evidence at the expense of users’ Fifth Amendment rights.

Proponents and apologists of government surveillance often assert that these rights to privacy are superseded by the indefinable and malleable concept of the state’s compelling interests, including national security and public safety. On these terms the debate can devolve into an argument of values in which little ground is gained by either side. Perhaps, a more compelling argument against end-to-end encryption regulation is that it’s bad policy, and that it stands against the state’s compelling interests.

As previously mentioned, in response to government requests for a “backdoor” into encrypted user information, technologists and technology companies have responded that it’s not possible without severely comprising the overall security of end-to-end encryption. One analogy that’s been used in this argument is that “there’s no way to outfit a safe with a backdoor that only the FBI can open.”

The wave of tech companies employing end-to-end encryption is not solely a response to the Edward Snowden leak. It can also be read as a general response to the state of cyber security, in other words, the dire state of cyber security, in which hacks have become “when” rather than“if” questions. This is not the time for the government to be mandating that companies scale back their security measures.

If we are considering the compelling interests of public safety, the threat of cybersecurity fraud and theft is mounting and should be prioritized by the federal government, not purposely exacerbated by requiring major tech companies to collect massive stockpiles of data whose security has been deliberately compromised. And certainly, after reflecting on this summer’s OPM breach, in which the social security numbers of over 22 million federal workers were stolen, federal agencies are hardly on firm footing when demanding major alterations to Silicon Valley’s cybersecurity infrastructure.

Art by Grace Sun
Art by Grace Sun

The NSA monitors your emails. The Library of Congress archives your tweets. And a simple Google search can lead to your least favorite prom picture. The Internet is forever, and now your web activity is increasingly public property. The web — that once digital realm of anonymity — is gone, replaced instead by an Internet where every action a user makes leaves a digital footprint. As companies, law enforcement officials and criminals increasingly take advantage of this feature, users are grasping at what is left of their right to privacy.

Americans are seeking to fulfill the desire to regain online anonymity. Users have turned to Snapchat for “private” photo messaging and Yik Yak or Whisper for anonymous Twitter-like text updates. According to a report released last year by Pew Research, 59 percent of Americans believe the Internet should be used with complete anonymity. Yet, the same percentage of those surveyed did not believe that this was possible.

The laws that regulate the use of an individual’s online history in the United States are nebulous and have been criticized for doing little to protect Americans’ modern-day privacy. Included in this set of privacy rules is the 1986 Electronic Communications Privacy Act (ECPA), initially meant as an extension of restrictions on telephone wiretapping. According to the regulations, government agencies can request user data from any company that obtains and stores information online, often with just a subpoena and no form of judicial review. At the time of the law’s passing, most data was stored solely on personal computers in the long term. As services have moved almost completely online, that same data, such as emails or cell phone usage, is now stored on third-party servers, often indefinitely. Because US law states that information you have shared with someone else — including a company online — is no longer private, the government has access to nearly everything that is stored online through third-party servers, even without a warrant or probable cause.

In the first half of 2014, Google’s Transparency Report found that United States law enforcement officials submitted 12,539 user data requests, more than any other country in the world. Of those requests, 84 percent were granted to some degree; in Germany, the country with the second-highest number of requests, only 48 percent were granted.  Although the expedited ease of tracking possible criminal activity may be good for law enforcement, this loose definition of what constitutes “private” weakens interpretations of the Bill of Rights and its overarching right to privacy. It specifically undermines the Fourth Amendment’s “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” Under the broad allowances of the ECPA and other subsequent court rulings — including one last year that determined that cellphone location data is a “business record” and unprotected by the Fourth Amendment — if “papers” are in electronic form, they are as good as up for grabs.

The Pew Research study also found that 66 percent of Americans agree that current privacy laws are insufficient — a belief that holds true across party lines. However, the majority of concerned citizens are more concerned with the possibility of hackers, advertisers and people they know accessing data they’d rather keep under wraps than government abuses.

The laws we currently use to regulate online privacy were enacted in an earlier era of computing, when few people had access to the Internet, and decades before the advent of cloud storage and company servers that handle everything from dating profiles to medical documents.

In 2012, concerns over the ubiquity of search engine use and its capacity to degrade online reputation resulted in the European Union’s declaration of the “right to be forgotten and to erasure”. In 2014, the European Court of Justice decided that Google must give people the option to request removal of links to potentially damaging personal information from its search results. Citing the human “right to privacy,” the Court sided with a Spanish citizen who argued that the top search results under his name, which referred to a debt case that had been resolved years earlier, should be removed by the search engine. According to the ruling, the economic interests of “data processors” like Google do not justify interference with a person’s control over their personal life. Since May 29, Google has evaluated nearly 500,000 URLs, removing about 42 percent of them from search results, the largest number of which have been linked from Facebook.

In the United States, the “right to be forgotten” has occasionally been applied in cases relating to libel or slander, but it often conflicts with the Second Amendment’s right to free speech. The Internet’s commitment to freedom of information further complicates the issue. However, it’s possible to uphold the rights of the individual without veering into the terrain of censorship by using strict standards ensuring that approved requests of removal only target instances where defamation would prove more harmful to the requester than to the public. This could include references to victims of a crime, activity from when the person was a minor or evidence of sealed or expunged criminal records.

Many tech interests also advocate ECPA reform, arguing that it should be updated to match the increased reach of modern technology. An updated ECPA should include consistency across all forms of technology and require an increased legal burden of proof on law enforcement requesting user data. The laws we currently use to regulate online privacy were enacted in an earlier era of computing, when few people  had access to the Internet, and decades before the advent of cloud storage and company servers that handle everything from dating profiles to medical documents.

To be involved in modern American society necessitates a certain degree of digital participation, enough that our online presence is not simply an addition to, but an integral part of our lives. Yet public and private sectors’ neglect of the notion of privacy has come to define our online presences. Today, despite the Internet’s status as a public domain, there is an increasing acceptance that by entering it you relinquish the power to control your own personal information. Such loss of control flips the virtues of openness and freedom afforded by the Internet, turning them into threats of invasion and an endangerment to our ability to lead private lives.

Standing before a packed audience in the Taubman Center for Public Policy, Timothy Edgar called this past summer a “crisis of confidence” for the National Security Administration (NSA). Edgar, a civil liberties and privacy lawyer who has worked in the past two U.S. presidential administrations, claimed that Edward Snowden’s betrayal of the U.S. intelligence community and his subsequent escape to Russia — the United States’ principal intelligence adversary — was not the biggest blow to the NSA’s confidence. Instead, the agency’s internal shock stems from the wide discrepancy between how the American public received Snowden’s actions and how the intelligence community perceived the same set of events. To the public, Snowden is certainly not the traitor that those within the system believe him to be. In some circles he has even been heralded as a national hero.

The traitor–hero divide is only further evidence that Snowden has ignited one of the most poignant aspects of Americans’ historical distrust of big government: the invasion of privacy. The recent revelation that the United States has spied on foreign heads of state and conducted industrial espionage in Mexico, Brazil, France, Germany and Spain has invited international fury, just as Snowden was exiting the world stage. As the Obama administration and the NSA scramble to fend off both domestic and international criticism, there has been surprisingly little discourse — even from Republicans, content to watch Obama flail — justifying these modes of espionage. Now seems the opportune time to question why the United States bears the brunt of the world’s criticism surrounding espionage tactics, even as many states, specifically those in Europe, spy on the United States to the best of their abilities. But even more essential, and absent, in this crisis of confidence is a public understanding of espionage’s crucial role in maintaining the stability that the international community has enjoyed for the past 70 years.

The massive U.S. intelligence operations of today began during World War II, subsequently found a comfortable niche in the Cold War and finally reached a peak with the War on Terror. Since Snowden’s revelations this summer, the global community appears to have forgotten that the United States has been spying on most of the world — or more accurately, the world has been spying on itself — for the greater part of the last century. They also forget that the past 70 years arguably have been the most stable in world history. Despite fears of nuclear proliferation during the Cold War and the rise of terrorism in the 21st century, these decades have seen the decline of interstate war and the lowest civilian death toll ever. The United States has remained the dominant superpower in the world order throughout this turbulent period, and it has engaged in both international and domestic espionage at unprecedented levels, not by coincidence. Certainly, increased spying isn’t the only, or even the most important, contributing factor to a stable world order. Other post-World War II institutions — the United Nations, the World Bank and the International Monetary Fund — are often rightly credited with facilitating world peace and prosperity. We have also experienced a proliferation of democratic governments. While these factors are certainly pivotal to international cooperation, espionage’s role in promoting international stability is often overlooked. When it is referenced, it’s either underemphasized or excessively vilified.

In order to produce any kind of lasting change, the negotiations that occur within institutions such as the UN must maintain a considerable degree of transparency. This openness helps to eliminate misperceptions and avoid misguided policies like isolationism or appeasement. In the absence of transparency, as international relations theorist Robert Keohane explains, “States are uncertain about what their partners and rivals value at a given time. They naturally respond to uncertainty by being less willing to enter into agreements.” Simply put, without transparent dialogue, states are less likely to compromise and more likely to go to war. In an anarchical international system, governments can never truly know their allies’ interests or intentions, and most importantly, how long they will remain loyal. Espionage, then, forces a degree of transparency that allows leaders to anticipate the actions of allies and foes alike. As former Assistant Secretary of Homeland Security Stewart Baker noted, the United States “can’t stop gathering intelligence without running the risk of terrible surprises.” Historically unpredictable developments — the invasion of the Sudetenland, Austria and Poland by Nazi Germany, for instance — have resulted in total war. In retrospect, if states had been more aware of each other’s intentions, they may have been able to take the necessary precautions in order to stabilize the situation.

There is little evidence to suggest that this transparency must be voluntary to be effective; gathering information on Germany’s intentions through espionage would have been no different from the country blatantly stating its intentions. Admittedly, the intelligence community’s perceptions of another nation’s foreign policy certainly aren’t foolproof. But even if spy agencies are not able to provide absolute assurances, the information they collect can shed light on a state’s intentions. Throughout the past 70 years, intelligence agencies have allowed states to keep tabs on potential changes in policies and alliances, and to take action in time to allow for swift diplomacy or limited, stabilizing military action. So what explains the international and domestic backlash against U.S. espionage efforts now?

The anti-NSA mentality is partially predicated on the false assumption that “victimized” countries do not gather intelligence themselves. Last month, European media outlets and diplomats discovered that the United States had collected data on heads of state, and they reported the story with an air of surprise and utter disgust. The German weekly news magazine Der Spiegel reported that “the espionage attack on the EU is … a surprise for most European diplomats, who until now assumed that they maintained friendly ties to the U.S. government.” Intelligence officers tell a different story. As Bernard Squarcini, former head of France’s Directorate of Territorial Surveillance, explained bluntly, “I am amazed by such disconcerting naïveté. You’d almost think our politicians don’t bother to read the reports they get from the intelligence services. The French intelligence services know full well that all countries, whether or not they are allies in the fight against terrorism, spy on each other all the time.” France “is the evil empire in stealing technology,” said a German businessman quoted in documents posted by Wikileaks. “The total damage [it does] to the German economy is greater than that inflicted by China or Russia. And Germany… is France’s closest and most trusted friend.”

Europe’s indignant response could reflect the disparity between relatively insignificant European espionage and the United States’ enormous information-gathering capabilities. Germany’s post-WWII pacifist stance has resulted in “an underdeveloped geo-political mindset,” says Jen Techau, director for the European policy forum Carnegie Europe. The result leaves much to be desired in Germany’s intelligence operations. While Techau’s claims may be true, it seems unrealistic, given Germany’s decades-long aversion to domestic surveillance, that intelligence services could be ramped up significantly, at least in public. By conveying outrage over U.S. espionage, Germany is echoing the sentiments of its people. Meanwhile, the government is attempting to strategically pressure the U.S. government into an espionage agreement that would benefit Germany, providing them with the intelligence they themselves lack the political latitude to collect. While Germany likely does not hold enough leverage over the United States to enact the strict espionage treaty it desires, the country utilized media hype in order to get to the negotiating table with American senior intelligence officials this month, which is more than they have been able to achieve in the past. Whether countries like Germany and France succeed in pressuring the United States into treaties that ban spying between allies and encourage intelligence sharing is beyond the point. Their vain attempts at exploiting espionage scandals illustrate their desire to capitalize on the high volume of U.S. intelligence, which they cannot come close to matching. In effect, the German government is using the United States as a scapegoat in order to manipulate domestic sentiment — purporting to protect the interests of the people while pressing for a favorable data gathering agreement.

Germany could be forgiven for its tenacity. Pressuring the United States into an agreement would help Western allies identify common problems and build trust. France and Germany are both eager to join the elite “Five Eyes,” a spying alliance consisting of Australia, Canada, Great Britain, New Zealand and the United States. This inner circle of allies has historically remained transparent with one another without the need for mutual espionage. By joining this club, France and Germany would simultaneously ensure access to the largest intelligence bank in the world while keeping their leaders and industry safe from surveillance. In order to enter into such an agreement, the United States, Germany and France would have to establish an extensive culture of transparency with one another, just as the Five Eyes countries have already done. But such a relationship has a long way to go before coming to fruition, and the United States is hesitant to forego the ability to continue spying on these two allies.

Nevertheless, the U.S. government continues to get the short end of the stick: not only the international community, but also the American people, have met the news of surveiling foreign dignitaries with shock. The public discord sparked by the Snowden affair has resulted in the greatest “crisis of confidence” that the American security complex has possibly ever had to deal with.

At the heart of the outrage is the inability of the law to keep up with the rapid advances in intelligence gathering technologies. The 1960s witnessed grave abuses by intelligence agencies — the Martin Luther King Jr. wiretaps, J. Edgar Hoover’s virtual dictatorship of the FBI — because legal norms had yet to address the technology of the time, and relatively little oversight existed over the intelligence community. This changed during the 1970s, the sole effective period of reform in the history of U.S. intelligence practices. During this period, the Foreign Intelligence Surveillance Act (FISA) was passed, which established the FISA court — effectively a Congressional oversight committee with the purpose of approving all domestic wiretaps. This period also birthed a new branch of law surrounding civil liberties and privacy. As law caught up with surveillance technologies, abuses waned and accountability became the norm.

This legacy changed with the terrorist attacks of September 11, aggressively warping the previously delicate balance between security and liberty. In the name of national security, the George W. Bush administration harnessed never-before-seen technological capabilities (the mass collection of data, the stockpiling of information from social media sites) to conduct warrantless wiretapping on an unprecedented scale.  Eventually these practices were institutionalized with the Bush-era FISA amendments that, as Timothy Edgar sees it, transformed FISA “from a shield to protect our liberties into a sword for the protection of programs.” The government’s enormous gathering of information went largely unchallenged, continuing into the Obama administration up until this year’s NSA debacle.

It’s clear the American public has become increasingly wary about the effects of the intelligence complex’s intrusion into every day life. Whistleblowers such as Snowden may be the ultimate embodiment of public discomfort with the fact that woefully under-equipped oversight laws are cyclically outpaced by surveillance technology. By virtue of the countless threats it faces, the United States has good reason to continue collecting intelligence, and mass data analysis- — though not necessarily collection — is an effective way to do this. According to NSA Director Keith Alexander, 54 terrorist attacks have been stopped thanks to the mass data collection allowed by the amendments to FISA and the larger scope of electronic surveillance, a dozen of which would have struck on the U.S. mainland. Technology, in other words, is serving a valuable purpose: it’s the law that must now play quick catch up with technology to ensure not only the protection of privacy, but also the protection of sensitive, classified information.

Back in Taubman, Edgar laid out a three-pronged plan for ensuring that our system of checks and balances is reinvigorated. The first step is to increase the transparency of the intelligence system. Spying is inherently secretive, but subjecting information about FISA’s decision-making process to public review would increase accountability and reduce incentives for people like Snowden to leak classified information. Such measures could include the release of FISA opinions, which would give citizens access to the justifications for widespread data collection. A better-informed public is less likely to be surprised by government actions, and is more likely to channel its objections through democratic pathways to instigate reform, hopefully reducing the need for whistleblowers. The second step would involve strengthening checks and balances, primarily by changing the system through which judges are appointed. Today, the Chief Justice of the Supreme Court selects all FISA judges,  which limits candidates’ political diversity.

The third step involves scrutinizing the type and scope of technology used to collect intelligence. No matter what intelligence spokespersons say, bulk data collection is not necessary to achieve the same results that the NSA currently attains, and analysis of large volumes of data is possible without storing it long-term. The use of cryptographic techniques, for example, would achieve the same ends without the violation of privacy incurred through the storage of data. U.S. intelligence agencies could analyze data by searching for key words and other specifics without revealing content or storing the datum unless it were flagged. Moving toward cryptographic methods of analysis and eliminating data stockpiling would also lessen the need for security subcontractors, like Snowden, who perhaps pose the largest threat to intelligence security in their positions as for-profit handlers of valuable government information. Most importantly, lawyers and technologists must stop talking past each other, so that surveillance methods and policy can meet. Until the public is informed to the fullest extent possible about the intelligence community’s procedures, the United States will face international and domestic criticism.

The U.S. intelligence complex has undergone cycles of abuse and reform before. With that historical progression in mind, it seems clear that the post-9/11 intelligence era is coming to an end. This year has proven a fatal blow to U.S. intelligence organizations, first with domestic backlash and now international pressure and disdain, resulting in a crisis of confidence between the American people and the national security complex. The crisis, however, provides us with an unmistakable opportunity to analyze the role of espionage in the international system, and the motivations behind international actors who too often get away with unvarnished hypocrisy in condemning American intelligence practices. Just as it’s time to reform the system of checks and balances on domestic espionage, it is also time to accept that espionage might have a lawful place in our world. Global transparency and stability may depend on it.