On January 17th Obama gave his official response to the NSA scandal that has pushed the privacy community to take further steps to protect their privacy and data, and created a "smog of mistrust" around American technology companies.
First we get a history lesson: He begins with four minutes on the history of surveillance against the enemies of the state. Interestingly none of those descriptions contain spying on ordinary Americans or their closest allies. It was always surveillance targeted with pinpoint accuracy at the enemies of the state, even after the initial creation of the NSA.
The conversation changes when he talks about the transformation that intelligence agencies went through to fight terrorism. A general argument is made that this widespread suspicionless surveillance is imperative to keeping the US safe, and that allies of the US rely on NSA spying to stay safe as well. He asserts that these programs have "saved lives not just here, but abroad as well". This does not sit well with me as there have been multiple terror attacks worldwide long after these programs were implemented including in the UK where video surveillance is far more pervasive than in the United States.
He then goes on to describe some of the capabilities specifically. Talking about how PRISM in combination with supercomputers can be used to "sift through" the massive amounts of data. He calls it a "powerful tool".
Of course it is a powerful tool, and it can be used for wrongdoing. The argument is that the risks far outweigh the rewards, not whether the tool is useful or not.
The argument is sound that making an unbelievably large haystack makes finding the needle in the haystack more difficult. One program (Muscular) is pulling 60GB of email per day. It doesn't sound like a lot until you put it in perspective.
There is also the argument of cost. At an estimated 50 Billion USD annual budget, the NSA as a department has about the same annual budget as the US Dept of Commerce, the Army Corps of Engineers, the Environmental Protection Agency, the National Science Foundation, the Small Business Administration, and National Aeronautics and Space Administration (NASA) combined. To put it in another light, we spend about twice as much annually on the NSA as we do on the Dept of Justice, which to me says a lot about our priorities.
The speech then shifts to talking about the good behavior of the intelligence agencies. He states that nothing he has seen has shown that the intelligence agencies are violating the privacy of Americans. This is simply false. Multiple independent government and non government bodies have called some of the NSA programs unconstitutional. Some of them are so overtly bad that there are people sitting in jail for committing the same offenses. Could you imagine a court case being dismissed against a hacker that was compromising consumer level routers to insert viruses into browsers? or building large botnets? or hacking a Microsoft datacenter to steal millions of emails and contact lists?
He then makes a few broad statements about the purpose of intelligence agencies. Yes, we know that enemies are bad. So you target your enemies, not everyone.
He talks about declassification of documents relating to NSA programs. I find this interesting because the Obama administration has fought this every step of the way, and these documents were only revealed due to the administration losing a lawsuit against the ACLU, and even after losing the lawsuit, they are holding back documents and eroding the trust the American people have for our intelligence gathering operations.
29 minutes into the speech, we finally hear about some action being taken. The president talks about preserving the phone metadata program, but creating interlinked databases of the bulk metadata and having them held by the companies themselves. To me this is worse than the current setup. You are now relying many independent parties to store and secure this metadata. This widens the attack surface for abuse and theft.
More action taken. We will only "look at" metadata that is two steps removed from a target instead of three. So the metadata program remains completely intact and there's just hundreds of thousands of people in each query instead of millions. Is that supposed to be comforting?
The remainder of the speech is non specific actions that might be taken or might not based on committees and congressional approval and a bunch of governmental jargon mixed in with some patriotism. I'd take the entire closing ten minutes with a grain of salt. This is especially true of surveillance of our allies and the restraint of our programs against foreign targets.
It seems to me that the United States has just 'doubled down' on surveillance. We are supposed to accept that it is here to stay, and that we get to choose the flavor rather than if we want it or not.