Privacy Advisor

Clapper Offers NSA Explanations; Criticism, Concerns Abound

September 11, 2013

By Jennifer L. Saunders, CIPP/US

Twelve years after the September 11, 2001, attacks, terrorism, security and safety are dominating the headlines again in the U.S. and around the globe—but this time, thankfully, our focus is not on terrorist attacks resulting in tragedies in New York, Washington, DC, and Pennsylvania. Today, the headlines are dominated with the question of security vs. privacy.

Yesterday, U.S. Director of National Intelligence James R. Clapper offered his explanation of the National Security Agency’s intelligence collection programs authorized under the Foreign Intelligence Surveillance Act (FISA) through IC on the Record, and today, the continued revelations about the NSA surveillance programs continue to prompt privacy concerns, spark debate and raise myriad questions about implications of individual privacy, global relations, businesses and, of course, protecting against crime and terrorism.

In his statement, Clapper writes, “Release of these documents reflects the Executive Branch’s continued commitment to making information about this intelligence collection program publicly available when appropriate and consistent with the national security of the United States. Some information has been redacted because these documents include discussion of matters that continue to be properly classified for national security reasons and the harm to national security would be great if disclosed.”

In explaining the NSA’s surveillance programs and compliance questions reported to the Foreign Intelligence Surveillance Court FISC court in 2009, he writes, “The compliance incidents discussed in these documents stemmed in large part from the complexity of the technology employed in connection with the bulk telephony metadata collection program, interaction of that technology with other NSA systems, and a lack of a shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned. These gaps in understanding led, in turn, to unintentional misrepresentations in the way the collection was described to the FISC. As discussed in the documents, there was no single cause of the incidents and, in fact, a number of successful oversight, management and technology processes in place operated as designed and uncovered these matters.”

Clapper’s writing details the current NSA compliance program, and he reiterates that the documents demonstrate “once compliance incidents were discovered in the telephony metadata collection program, additional checks, balances and safeguards were developed to help prevent future instances of noncompliance.”

Meanwhile, another U.S. official, Patrick Gallagher, undersecretary of commerce for standards and technology and director of NIST, said that the Snowden-generated leaks "would appear to attack our integrity." A Computerworld article quotes Gallagher’s comment, “We are not deliberately, knowingly, working to undermine or weaken encryption technologies.”

Media responses to Clapper’s writing and the release of the documents have been critical, indicating, as The Wall Street Journal reports, the NSA's database searches “violated privacy protections for three years by failing to meet a court-ordered standard."

UPI reports on FISC Judge Reggie Walton’s 2009 ruling, noting Walton “said in a scathing rebuke the NSA's explanation of the violations ‘strains credulity.’” In his 2009 opinion, which was released Tuesday, Walton criticized "repeated inaccurate statements made in the government's submissions."

Responses At Home and Across Borders

In response to the release of the NSA documents, U.S. lawmakers are calling for action. Sens. Ron Wyden (D-OR) and Mark Udall (D-CO) released a joint statement, saying, “We have said before that we have seen no evidence that the bulk collection of Americans' phone records has provided any intelligence that couldn't be gathered through less intrusive means and that bulk collection should be ended…These documents provide further evidence that bulk collection is not only a significant threat to the constitutional liberties of Americans, but that it is a needless one.”

Meanwhile, Brazil President Dilma Rousseff, while meeting with Japanese Prime Minister Shinzo Abe during the G-20 Summit in St. Petersburg, Russia, “called for global action on cybersecurity in the wake of reports that the U.S. National Security Agency had tapped into her private communications and those of other world leaders,” Bloomberg BNA reports. A U.S. official has reportedly responded that the U.S. will work with Brazil “to understand their concerns about the NSA,” the report states.

Business Concerns

Kashmir Hill reports for Forbes that the NSA revelations are having another impact: They’re bad for business.

Hill quotes Princeton technologist and former FTC official Ed Felten as saying, “This is going to put U.S. companies at a competitive disadvantage, because people will believe that U.S. companies lack the ability to protect their customers—and people will suspect that U.S. companies may feel compelled to lie to their customers about security.” Jason Weinstein wrote about this potential not long ago for the Privacy Perspectives blog.

Or, as Bruce Schneier puts it in the Forbes report, “I can’t imagine foreign buyers trusting American products. We have to assume companies have been co-opted, wittingly or unwittingly. If you were a company in Sweden, are you really going to want to buy American products?”

And ZDNet questions whether the NSA revelations—and other privacy concerns—might “burst the dot-com bubble.”

Privacy vs. Security

Advocates, too, are calling for more information on the NSA’s practices. PC Magazine's Neil J. Rubenking suggests the NSA has "killed privacy," while this PCWorld report focuses on comments made at the Future of Privacy Forum’s Washington, DC, event yesterday, calling “for more transparency about what information surveillance agencies are collecting and new independent oversight of the collection practices.” Editor’s Note: Look for more coverage of the FPF’s event from the IAPP in the coming days.

And today, on this 12-year anniversary of the September 11, 2001, terrorist attacks, on survey has found "younger Americans appear more insistent than older Americans on greater transparency about surveillance programs as a way to ensure privacy rights are upheld," The Seattle Times reports.

The Associated Press-NORC Center for Public Affairs Research poll found that 53 percent of respondents “now say the government does a good job of ensuring freedoms, compared with 60 percent two years ago.” Meanwhile, almost 60 percent reported they oppose the NSA collection of telephone and Internet use data, with a similar number responding that they oppose “the legal process supervised by a secret federal court that oversees the government’s classified surveillance,” the report states. 

In this post-9/11 world, however, some are offering a different perspective: suggesting security is worth some sacrifice of privacy.

Vint Cerf, one of the founders of the Internet and Google VP and chief Internet evangelist, tells TechRadar, “we have small groups of people who have access to the Internet who are capable of doing a number of bad things. So there's a lot of worry about how to cope with that and the important problem is that security isn't reacting after a bad thing has happened, security is preventing the bad thing from happening…we elect governments who will look after us and we even give up a degree of privacy in order to be protected.”

Stating his comment is not offered as an apology for the NSA’s actions, Cerf adds, “So here we are struggling to balance the safety of society against the privacy of the individual, and we don't want to be at the extremes.”

Read more by Jen Saunders:
Roundup: NSA, UK Fallout Persists
NSA and Legislative Breach Implications, New Breach Announcements: A Roundup
GPEN Concludes Its First Internet Privacy Sweep