Timothy Edgar: “Beyond Snowden: Privacy, Mass Surveillance, and the Struggle [..]” | Talks at Google


DAVID: Good morning. Today at Google we are delighted
to welcome Mr. Timothy Edgar. Mr. Edgar is a former National
Security and Intelligence official, cybersecurity
expert, privacy lawyer, and civil liberties activist. He joined the American
Civil Liberties Union just before 9/11,
and spent five years fighting in Congress against
abuses in the war on terror. He then left the ACLU to try
to make a difference by going inside America’s growing
surveillance state, and went on to advise the
George W. Bush and Obama Administrations on privacy
issues and cybersecurity. In 2013, he left government
for Brown University to help launch its professional
cybersecurity degree program, and he is now a senior
fellow at Brown’s Watson Institute of International
and Public Affairs. He’s here today to discuss
his new book titled “Beyond Snowden: Privacy,
Mass Surveillance, and the Struggle
to Reform the NSA.” Please join me in welcoming
Mr. Timothy Edgar to Google. TIMOTHY EDGAR: Well, thank
you very much, David, and thank you to
Google for having me for this talk on privacy,
mass surveillance, and the struggle
to reform the NSA. And I’ll be talking about my
new book, “Beyond Snowden.” And first I want to
start out with thoughts about making a
difference, and what it takes to make a difference
in our age of mass surveillance. Now, I had a theory that I could
make a difference by working within the surveillance
state, and I tried to do that for a period
of about 2005, 2006, up to 2013. And there was another person
inside the surveillance state at that time who I
actually never met, and he had a different idea
about how to make a difference. His name was Edward Snowden. And instead of working
within the surveillance state to try to reform it from
the inside the way I did, he decided to make this
extraordinary decision to steal troves of
classified documents, go off to China and then
Russia, and kind of blow up the whole system. So I want to talk a little
bit about which tactic worked better, which was
more effective, and then think about what
we can do going forward, as the book is entitled
“Beyond Snowden.” So to not hide the ball, I’m
going to give you my conclusion up front. The results that I had
working within the system were results that I’m proud of. We made some significant
achievements. We took some Bush Era, post 9/11
domestic surveillance programs, or at least programs that
surveilled domestic data, we put them under the
framework of the secret Foreign Intelligence Surveillance
Court, briefed Congress on them. We brought them
within, basically, the framework of our Foreign
Intelligence Surveillance Act. We also made some
important improvements in oversight of those programs. I worked personally
on those improvements to create what I call a
middle way between purely domestic surveillance, where
you have individual court orders of wiretaps, and the
kind of foreign surveillance the NSA does with
far less oversight. We did something kind
of in the middle– the prism and upstream
collection programs you may have heard of– and we designed the
oversight system for that. But I have to admit, we really
missed the broader impact of all of these mass
surveillance programs on the privacy not only
of the United States, but of the whole world. And the reason that we
missed that broader impact is that we were working within
a very outdated legal framework, a framework that really is from
the analog age of the 1970s, and the main goal of which is to
prevent abusive domestic spying for political purposes. It’s not to safeguard
privacy in a global age of mass surveillance. So what were the results
that Edward Snowden had in 2013 with his massive
revelations of NSA spying? Well, four years later,
we can render somewhat of a verdict on the results
of the Snowden revelations. First, there was an absolute
revolution in transparency. And we’ll talk in more detail in
just a few moments about that. But this isn’t just Snowden’s
own leaks of information. Obviously, that
made those programs that he leaked transparent,
but the government fought back with
more transparency, which was a bit of a surprise. Now, they did this
in a tactical way to try to defend themselves
against accusations. These programs
were out of control and didn’t have any
privacy safeguards. But I would argue
that this has created a lasting change in the culture
of secrecy of the intelligence community, although
a fragile one, and there’s a real danger
of going back to bad habits. So a real revolution there. An end to a domestic
bulk collection program– in 2015, Congress
basically took this program that I’d worked on
for many years that was kept secret from
the American people, and decided to end it. It had not proved as
effective as we had thought, and there was a better way
to collect telephone records. That was a major reform
to the Patriot Act. And reforms to the secret
Foreign Intelligence Surveillance Court that
resulted from the reaction to Snowden, including
appointing outside lawyers to argue the other side in
cases that affected privacy. But I think that the most
important change that resulted from Snowden’s decision
to leak classified information in 2013 was a change to our
entire conception of privacy that the government and the
intelligence community used. For decades, privacy
meant Americans. When I was in government,
when I told people that I worked on privacy
and civil liberties issues, the first thing that
came to their mind was, well, how much
data about Americans do we have in this program? If it’s a fair amount, then
we’ll let Tim look at it. If this is mainly a
foreign program, you know, this really isn’t something
for the privacy office. Now we have rules to protect
the privacy of foreigners. Now, these rules– I don’t
want to oversell them. They’re relatively modest. But the fact that
there are rules at all in a policy directive that
President Obama issued roughly in 2014, implemented
a year later, is really a revolution for
the intelligence community. So what’s the verdict here? Well, I think the
verdict is obvious. Snowden’s way was
much more damaging, but it was also
much more effective than my way of working
inside the system. So the question I want
to ask and I talk about in the book is,
what are we going to do with that information? Can we do better than that? Are we just going to wait
around for another 10 years and hope that another
Snowden emerges to tell us about
mass surveillance programs in the future? Or is there a way
to reform the system so that people like
me on the inside have a fighting chance to
ensure effective protections of privacy without the need
for a set of massive leaks? I’m going to go back
in time a little bit to talk a little bit about the
birth of the mass surveillance state. And that’s going to bring us
back to September 11, 2001. A few weeks after
that terrible attack, I was an ACLU lawyer
in Washington, and we were gathered on
the steps of the Capitol, trying to persuade lawmakers
as they walked over to vote for the Patriot Act, a
new anti-terrorism surveillance law, that they really ought to
stop and think about what they were doing, that the powers
that they were voting to give the government had not
been fully thought through, and that we needed to take
some time to figure out how to better protect our
country while still preserving privacy and civil liberties. We didn’t get much of a hearing. The law passed overwhelmingly. Both parties voted
overwhelmingly for it. And back in the
office, our director, Laura Murphy, who you can
see here in this slide, was asking the question, are
we becoming a surveillance society? And it was a real
question that we, frankly, didn’t know the answer to. Because we didn’t know
how the government was planning to
use its new powers. So we got together
with other groups to try to imagine
hypothetical scenarios that would illustrate the dangers
of these new spying powers. One of the examples
we used was based on a real historical example,
when the FBI had used earlier surveillance powers to go and
try to get people’s library records to uncover
people that might be susceptible to
becoming radicalized and spying for the Soviet Union. So we worked with librarians
to call attention to the fact that under the Patriot Act,
there were these broad powers to get records, any
kinds of records, in order to prevent terrorism. Now, the government at that time
kind of ridiculed these fears. Bush’s Attorney,
General John Ashcroft, said that we were
trying to scare people with phantoms of lost liberty– phantoms of lost liberty. And I remember thinking
a little bit, you know, actually, the attorney
general has a point. We don’t know how
these surveillance powers are being used. And so we were, in a
sense, fighting phantoms. In 2005 and 2006, I
had an opportunity to go inside the
surveillance state. The intelligence community
was being reorganized in order to better share
information, and a lot of the reason it was
being reorganized was to better share
information that was domestic with
information that was foreign about
terrorist organizations. And so there are civil liberties
concerns, privacy concerns with doing that. When they created the
new director of National Intelligence to be the head
of the intelligence community, we had a victory at the
ACLU and other groups, because we created, in that
office, a privacy official that would report directly to
the head of the intelligence community. And much to my surprise, they
looked to me and said, Tim, would you like to
come work for us and be the second
employee of this privacy office, the first deputy for
civil liberties in the history of the intelligence community? And I thought long
and hard about this. This is 2006. My first interview for
the job, by the way, at the headquarters of the old
CIA building in Washington, was the same day that the
New York Times broke a story about Bush bypassing the Foreign
Intelligence Surveillance Act and authorizing
warrantless wiretapping. So this gave me a
little pause as to going into the Bush Administration. But I decided I really just
couldn’t resist the chance to find out about
all these phantoms that we have been
fighting, and see if I could make a
difference on the inside. What did I learn? Well, I learned that there
had been a transformation in our intelligence apparatus. And it wasn’t just about
international terrorism or Al-Qaeda or 9/11. It was also about the internet
and the transformation of technology over the
past couple of decades. The map that you
see up there shows what the NSA, at the time,
was calling its home field advantage. Look at all that data flowing
right through the United States of America. And yet, our laws
basically provided court review and
protections for this data, based on the theory
that this was potentially domestic
surveillance, even if the data belonged to foreign people. But it turns out there were
some loopholes and weaknesses in the way those laws worked,
and that’s because of the way the Supreme Court
had interpreted the Fourth Amendment. Foreign people outside
the United States, the Supreme Court
had said, they don’t have rights under the Fourth
Amendment to the Constitution. And also, data that isn’t
the content of communication, even if you’re an American,
if the data is not the content of
communication, if it’s only the metadata, that also
doesn’t have Fourth Amendment protection. So using creative lawyering,
the Bush Administration helped to create an innovative
series of mass surveillance programs that took advantage
of this home field advantage. Bulk collection
of metadata– that means collecting all
of it, analyzing it for patterns that
would hopefully uncover terrorist groups. And then going after the
content of communications where the target,
the direct target is someone who’s a foreign
person outside the United States, but they
might be incidentally, as we say, talking to Americans. So that was the home field
advantage of the NSA. Our job, really, was to
take these programs that started very quickly after
9/11 in enormous secrecy, bypassing altogether the Foreign
Intelligence Surveillance Court that’s supposed to review
this kind of data gathering, and putting that under
checks and balances. But we did it almost
entirely in secret. Now, there was that leak
that I told you about, the Bush Warrantless
Wiretapping Program, but major parts of the
program remained secret while we were in the process
of institutionalizing it under all three
branches of government. Along comes Obama in 2008. We all remember that hopeful
period in American history. And one of the things he
did during his campaign was to promise a review of
all NSA surveillance programs. It’s part of a broader reset
of the whole war on terror. He said, of course we
need to fight terrorism. But we shouldn’t sacrifice our
rights and liberties to do so. And his rhetoric was
inspiring to many. However, some people
might have noticed that in the summer of 2008
he had voted to approve a broad NSA surveillance law. Now, he did it
very thoughtfully, as we would expect from the
former constitutional law professor, with a long
post to his supporters who were disappointed,
explaining why he did that. And a lot of it had to do with
his main concern being checks and balances, saying that
President Bush had put too much power on the president. He thought Congress should
authorize these programs, courts should look
at them, and that’s why he was voting for this law. Now at this time, major parts
of the program, as I mentioned, were still secret. We knew about monitoring
international telephone calls. That’s what Obama had
voted for in 2008. We didn’t know– and when I say
“we,” I actually don’t mean we. I mean you. You didn’t know about bulk
collection of metadata. I had learned about it
a few years earlier. Now when Obama
comes into office, I get a wonderful opportunity
to go to the White House to serve as the first privacy
official in the National Security Council. And I was hopeful that we would
be able to make broader changes than we had made
under President Bush, that we’d be able to
say, OK, we’ve put these programs under the court. We briefed them to Congress. Now let’s have a
conversation about privacy. That never really happened. Obama was briefed on
the program, said, well, if the Court’s OK with
them, I’m OK with them. Fast forward to 2013. I’m beginning to wrap up
my government service, looking at working for Brown. Meanwhile, Mr.
Snowden is thinking about doing something
much more dramatic in leaving the government. And along comes my former
boss, Jim Klapper, the Director of National Intelligence, in
an open hearing in the Senate, and he’s asked a question
by Senator Ron Wyden. He says, does the
NSA collect records on millions or hundreds
of millions of Americans? Now, this is a very
loaded question. And it’s a question that
Senator Wyden already knows the answer to. He’s been briefed
on the programs. So has everyone else on
the intelligence committee. And in fact, that was part
of the checks and balances that we had worked on. But Wyden is upset. He can’t get anyone’s
attention, which makes sense. It’s a secret program. So he decides to
grill the director of National
Intelligence in public, asking him a tough question. Now, of course, this
puts General Klapper in a rather difficult position. He could answer the
question honestly and say, well, Senator, as
you know, the answer is yes. That would reveal the
existence of the program. He could also say, I can neither
confirm nor deny whether or not the NSA collects
hundreds of millions of records of Americans. That would also kind of imply
that the answer is yes– one of the problems with
the neither confirm nor deny language. So instead he says,
no, sir, not wittingly. Now, as we all know,
that was not true. There are a variety of
arguments as to exactly what was in Klapper’s mind. Only Klapper knows the
answer to that question. I talk about in the book the way
in which, in a very unique way, this one person was whipsawed
by competing obligations. Obviously, he has an
obligation to tell the truth and the whole
truth in sworn testimony. But he also has the
direct obligation to keep the government secrets. Because the government had
decided to keep this secret, that put him in the tough
spot that he was in. Well, in just a
couple of months, the first stories start to
appear from Snowden’s trove of documents. And we find out that
the truth was not, no, sir, not wittingly. The truth was, yes we scan. It turns out, yes, we do have
programs of mass surveillance that affect millions
and hundreds of millions of Americans. So just to summarize
very briefly, what are the things that
we learned from Snowden? Well, we learned
of the existence of this domestic bulk
collection program of telephone records, the orders
to the telephone companies. We learned about
internet surveillance, programs called upstream
collection and PRISM, also called down
stream collection. And that’s the program
involving looking at foreign communications,
but incidentally, looks at Americans
who are communicating with those foreign targets. That’s the content program. But we learn a lot more. We learn about many
other NSA programs that undermine the
security of communications around the world. Now, in a way, this is
not really a surprise. This is what the
NSA’s job is, is to break into communications. It’s just that a lot of people
didn’t know how good they were at their job. So maybe President Obama has
encouraged a lot of people to understand that
their agencies actually have a lot of dedicated
public servants that do their job
really, really well, like breaking into
communications. But we hadn’t had
a public debate about how this was
affecting the privacy and security of the whole
world’s communications, and that’s because
of excessive secrecy. So what happened as a result? Well, we ended up with
an intelligence community that reacted in a
way that is unusual. The normal reaction is,
we don’t comment on leaks of classified information. We don’t confirm programs. We don’t talk about it. This didn’t work. There was just too much
political heat for Jim Klapper to be able to go
out there and say, I’m not going to
comment on whether I was lying to the Senate
a couple of months ago. I’m not going to comment on all
these massive stories that’s got everybody up in arms. So they decided to do
the opposite, which is to release thousands
of pages of documents. A lot of people don’t know
this, but by March of 2014, the government had released
double the documents about NSA surveillance that had been
leaked by Edward Snowden, on its own transparency website
called IC on the Record. Now, these documents were
mostly orders and rules about how this surveillance
could be conducted, what the privacy
oversight was, things that I’d worked on for years. Many of them were opinions
of the Foreign Intelligence Surveillance Court, redacted
in some places, but really, tremendous amount
of detail that we learned from those documents. And then going forward,
issuing an annual intelligence transparency report with
details that the government had for decades argued
were classified, now made public on an annual basis. But it went beyond transparency. It also resulted in
significant accountability that actually, I would argue,
strengthened intelligence. Now this is my great image. Stole it from the Electronic
Frontier Foundation, EFF, all your data. I actually think that
this may, in some ways, not do exactly what the EFF
wants, because it kind of makes the NSA look pretty cool. Anyway, Congress
in 2015 was looking at whether to renew the
legal authority, the Patriot Act, that allows them to collect
in bulk all this metadata. And essentially, they
decided, no, we’re going to reform the program. A major reason for that
is that a privacy board reviewed, in detail, the
government’s claims about how this had helped with
terrorist attacks, and found that in each
of those instances, this massive program
of bulk collection had actually provided no
unique value to the government. Now, this is an area where
I felt quite embarrassed. I had worked for years on
oversight of this program to make sure that people
were obeying the privacy rules around access
to this bulk database. I had been told that there was
important terrorist incidents in which this bulk
database had been used, and I basically accepted
that at face value. And after the Snowden
revelations came out, I even defended them on
National Public Radio and said, you know, they’ve helped
to stop a certain number of terrorist attacks. When this board
looked in more detail, they found that, in fact, the
government had had that data from other sources. So it wasn’t as valuable
as we had thought. That was an important reason
Congress ended that program. Now, I say ended, but it’s
important to understand, they ended the bulk collection
part of the program. The NSA analysts still were
given access to this metadata but on a case by case basis. It turns out that that made
the program more effective. It gave them access to
more, rather than less, relevant data. Because without the
secrecy and the logistics of having to collect
all the data, they could look at
smaller providers. They could get a
richer source of data when they weren’t
collecting all of it. So that’s an important and
valuable lesson about reform. I also talked a little bit
about the secret court. The secret court really
is a genuine federal court with judges that are approved by
the Senate, lifetime of tenure. They are not quite
the rubber stamp that people think
they are, but they get skewed by the existence of
a one sided argument process, which we saw very much after
the Snowden revelations had distorted the law. In the Freedom Act, one of
the important provisions in that law basically
says when there is an important legal
issue, the court should appoint another lawyer
to argue the other side of that legal issue. Interesting idea. Something I learned
in law school, tends to strengthen the
quality of judicial decisions. I think it’s already done that. I think we need to
go a lot further with reforming the Foreign
Intelligence Surveillance Court. It was set up to review wiretap
applications, basically to say, is there probable cause that
you are spying for the Russians, that you are part of Al-Qaeda? That’s a fairly
straightforward decision that judges make every day. Now it’s overseeing
vast programs of transnational surveillance. And to have just a federal
judge and a tiny staff perform that function,
to me, is not going to provide effective oversight. I argue that instead of
just bringing in lawyers, we also need to bring in
technologists to help the FISA Court. There’s been a number of
incidents in which the FISA Court has reviewed
NSA programs where the NSA made major
mistakes in how they implemented the programs. And for the most
part, these were mistakes involving what I call
failed lawyer technologist communication. The lawyer says, we’ve
been authorized to do this, the technologist hears
something different. The technologist comes
back later and says, this is how it works. The lawyer says, oh
my god, I’ve been lying to the FISA
Court for two years because I didn’t realize
we were getting this data. So having technologists in
the FISA Court would help. But the most lasting
challenge was really something that
came as a result– I’d like to say it’s because
of our country’s strong support for the human rights of
everyone around the world, including the right
to privacy, but that’s really not the reason. After the Snowden
revelations, people like me, former
intelligence officials and current
intelligence officials, went out there and said, you
have nothing to worry about. We have strong protections
for the privacy of Americans. A lot of companies
in Silicon Valley said, please stop
talking about that. This is hurting our business. We have customers and
users around the world. We don’t want them all
migrating to other services. You have to do something to
reassure the rest of the world that you care about
their privacy, too. This photo here
is from a meeting that President Obama had with
ex-CEOs in December of 2013. You may recognize the
man he’s talking to. So Google, Facebook,
Yahoo, others, they have a lot of political
power in a way that voters in Germany and Brazil don’t. And that caused the
administration to say, we have to do
something about this. So they issued something called
Presidential Policy Directive 28. That flows trippingly
off the tongue. I’ve been accused
sometimes of being a wonk on surveillance issues. I won’t quiz you after
this talk about what is Presidential Policy Directive
28 or FISA Section 702, but this is important. This policy directive
basically laid down a marker for the
intelligence community saying that foreign privacy
matters, that there have to be rules to protect
the personal information that is collected by
agencies like the NSA in these bulk
collection programs. And this particular
quote, to me, sums it up, that everyone has
to be treated with dignity and respect regardless
of their nationality or wherever they might
reside, and all persons have legitimate
privacy interests in the handling of their
personal information. This was a revolutionary concept
for the intelligence community. What do you mean all persons? What about– I thought
it was just Americans. I though it was just US persons. Now I have to worry
about everybody else? So here’s an area where I
don’t think we’ve done enough on surveillance reform. And actually, in many of these
areas we haven’t done enough. And that has to do
with what I call in the book,
technological magic. For years, the
intelligence community had been studying how to
use encryption and privacy preserving technologies
to extract information from massive datasets
with real privacy guarantees for all the
people’s information that are in that data set. We learned after some of
the Snowden revelations that, yeah, the NSA vacuums up
huge quantities of information. Usually they have some
purpose for doing this other than looking at
everybody’s information, and they use people
like me, lawyers, to try to enforce policy
constraints on the analysts. And that can be fragile. You know, people can violate
those policy constraints. Math is a lot less
fragile when it comes to those kind of guarantees. So this is a picture of
[INAUDIBLE] my colleague at Brown University,
who has pioneered many of these encrypted
search techniques. We haven’t implemented them. You know, we’re studying them. We’re continuing to study them. Here it is, 2017, four
years after Snowden. So this is an area where
we have a lot of work to do when it comes to
surveillance reform. I want to close thinking
about the danger of abuse of these mass
surveillance capabilities. When Ed Snowden was asked
in his first interview in this hotel in Hong Kong,
well, why are you doing this? Why are you revealing all
of these secret programs and putting yourself in such
risk when you haven’t really shown us examples of the kind
of domestic political abuse of surveillance that
we’d seen in the past? We didn’t have examples from
Edward Snowden of, you know, Obama using
surveillance authority to go after his
political opponents in order to discover gossip. We didn’t have those examples
from the Bush Administration, either. And what he said to
that was, well, we’re not always going to have
enlightened leaders, essentially. He’s worried about building
an architecture of oppression in which it’s very fragile. Some day, he said, someone
else will be elected, and they’ll flip the
switch, and this apparatus could be turned against us. Well, in 2016 a lot of
people in my old community in the national security
world were very worried that that person had been found,
and had just been elected. During the campaign– we all
know about Donald Trump’s rhetoric during the
campaign and after that seemed to denigrate important
constitutional liberties and rights, respect for
religious minorities, and just the kind of
open promises of abuse of civil liberties
we’d really never seen before from any president, even
presidents like Richard Nixon hadn’t gone out
there and bragged about the kinds of abuses
that they wanted to engage in. And because of that,
people may not even have noticed that he actually
endorsed warrantless searches in his campaign. There is an interview
in which Donald Trump is asked what he’s going to do
about the dangers of terrorism. He says, I want surveillance. I want surveillance of
the Muslim community. And yes, warrantless
surveillance might be necessary. Now, of course, also
the dangers of abuse are not just something
Trump might engage in. There’s something that Trump
supporters have suddenly woken up and discovered in
their fears of the deep state. A few months ago,
Donald Trump himself discovered the dangers
of surveillance abuse, tweeting out, “Terrible! I just found out that
Obama had my ‘wires tapped’ in Trump Tower.” Now, this shows a shocking
ignorance of the fact that no president under our laws
can tap the wires of someone else without– I was about to say
without their consent– without permission
from the FISA court. But it also shows
perhaps an opportunity among political
opportunity where people who may fear
Trump and his potential for abusing our
civil liberties could unite with those who support
him and are worried about people in the intelligence community
abusing their power to go after him and his supporters. I want to close by talking a
little bit about what should we do going forward. You know, part of
the reason I called the book “Beyond
Snowden” was to say that we’ve had a debate about
Snowden that has focused often on him and what should
we do about him. And I have said that
because of the reforms that his disclosures
caused, my view is that he should be
pardoned, even though I do agree that they also
caused significant damage to national security. But I think more
importantly than that is to reform our
surveillance apparatus. So I’ve offered a
detailed and rich list of policy recommendations
near the end, boiling them down a bit. We need even more transparency
about how our surveillance system works. We need laws that respect
everyone’s privacy, not just the privacy
of Americans, and we need to do a lot more
to use the magic of crypto and other technology
that can help us obtain the data we want without
obtaining the data that we don’t want. Taken together, I
would say that we need a serious
overhaul of how we protect privacy and civil
liberties in the age of mass surveillance. And this puts me sort of
right smack in the middle, on the very, very far edge
of the national security community, which finds
many of my recommendations unworkable, but sometimes
on the other side of civil libertarians who
tell me, Tim, you know, we just need to junk
all these programs. We’re never going to make
them safe for democracy. And my view on that is
simply that the programs are, in some cases, very
useful for national security. And one thing we
learned from the debate is that the public,
for the most part, wants the intelligence
community to have these robots capabilities. They just want more oversight. And so that’s what I’ve
tried to do in the book, is tell us how we can do that. So thank you very much. AUDIENCE: So in
addition to data being used for political
purposes, what other major concerns should
we have, as Americans, for our data being in
the hands of the NSA? TIMOTHY EDGAR: Well, I
think abuse of our data is something we’ve
seen does happen. It certainly
happened in the past. And it could be used for
a variety of bad reasons. It could be used by an
unscrupulous politician to try to leak
damaging information for political purposes. It could be used to
intimidate a whistleblower. It could be used just for
overbroad invasion of privacy. When a program is
set up, in order to safeguard national
security, there can sometimes be mission
creep, where it then is used for a broader societal
interest, law enforcement, and so forth. So I think that
the real point is that we are still very early in
the 21st century when it comes to grappling with how
do we protect ourselves in this age of mass data
and of mass surveillance. And my argument is that our
laws have to reflect that. We can’t just be content
with a law that says, well, if you want to get the
content of my telephone calls, or the content of
my email messages, you’re going to need a
secret court warrant. What about all my metadata? What about all
that communications that you have of me talking
with people outside the country? I worry about that, too. AUDIENCE: What can you
share about the research into blockchain or smart
contract technologies to improve transparency
and privacy and maintain a level
of surveillance? TIMOTHY EDGAR: Well, both
of those technologies are very promising, and
they show different ways in which we might be able
to use new and innovative technologies. For blockchain, I guess the
area that I think of immediately is audit. I think about the possibility
of having a way of auditing how people are using data. But one of the
ironies of our failure to employ some of these
technical approaches in our efforts to protect
privacy and civil liberties from mass surveillance
is that much of the research into of
these technologies, including blockchain, including
encrypted search, was funded by the
government itself, in some cases by the
intelligence community. And yet we still haven’t
really come to grips with how do we deploy these
technologies at the scale that an agency like
the NSA would use, despite the fact that we’ve
made real breakthroughs, as I discuss in the
book, in using them. I would need to give it a
little bit more thought, but I think that’s exactly the
conversation that we should be having, is getting
people like the people here at Google together with
people from the intelligence community, and exchanging
ideas about here’s the tools and tactics
and techniques that we have that are really
interesting crypto techniques. What are your needs? What are you trying
to extract from data? How are you trying to
audit against misuse, those kinds of things? We had some early meetings
when I joined the ODNI more than a decade ago, and they
funded some research programs. But we haven’t done
enough to transform that into reality of deploying
these technologies. AUDIENCE: Hi,
thanks for the talk. Really interesting. This is a really
difficult question to ask, and you know, I want
to balance it and word it correctly, given
that, you know, I knew what it felt like on 9/11. I remember that so clearly. I lived in Israel
for a while and had my own fair share
of situations there that made me worry about
terrorism and threats to me or my family’s life
and things like that. But a lot of analysis has
been done surrounding, like, the value of
a human life, in how the government values that. And people have done
that with the Department of Transportation, for example. How much money is invested to
making our highways safe so that we can protect the people
who use them, et cetera. And people have done this a lot. It’s not an exact science
or anything like that, but given how big the security
state is, really, in the United States, and given that
you’ve kind of been there and you’ve seen
what it can prevent, what it can’t prevent– you’ve had your fair share
of knowledge of that– what are your thoughts on that? I mean, how important do you
think it is to focus on this? Are we over invested? Are we under-invested given how
much could happen if we never had these protections in place? Also, the fact that
there are some costs associated with that. This surveillance
can really ruin faith in technology that actually
could protect people against financial
crime and things like that, because now
suddenly people don’t trust giving their information away,
where it actually might protect them from things that
are more likely to happen than terrorism. So yeah, it’s a
complicated question and I hope it makes sense. TIMOTHY EDGAR: No,
I think it does. And the question
really comes down to, have we overreacted to
the risk of terrorism? I think most people would say
that we have in certain ways overreacted. I think in 2017
it looks different than it did on the
morning after 9/11. We had a lot of experiencing
counter terrorism. And I think what I would
suggest is that we simply look a lot more clear-eyed at
the question of effectiveness. So two examples– I talked to
you about the bulk collection of telephone records,
and how that program– we spent a lot of
time putting together the legal rules that should
govern access to the database, and ways to protect privacy. But this was a massive
database of call records which clearly posed
a risk to privacy. And we had some anecdotal
information, basically, about how it had been
used to prevent terrorism. But when that was put to
the test by the Privacy and Civil Liberties Oversight
Board, after the Snowden revelations, the conclusion
was, actually, this was not necessary. This whole program that
had been in existence for more than a decade did
not provide unique value in preventing any
terrorist incidents. Even though it had been used
in some terrorism cases, they already had that data. Now you contrast that to the
PRISM and Upstream collection programs, which Congress is
debating right now this fall, and the privacy board basically
came to the opposite conclusion and said, of course this program
has privacy implications, but we’ve examined carefully the
effectiveness of the program, at least in terms of
the terrorist incidents the government says
it has prevented, we’ve looked at each
case, and yes, it has provided valuable and
unique contribution to help head off those terrorist attacks. Now, you could, I suppose,
do some actuarial calculation and say, well, if those
attacks had happened, and a certain number
of people had died, this would be the damage. And then we have
to somehow assign a value to the
privacy that has been invaded by having the program. I wouldn’t go that far. I think it’s already
a step forward just to ask the basic
question, did it work at all? We’ve seen that we can get a lot
more privacy simply by asking that question, even if we put
infinite value on human life and we say, you know,
preventing a terrorist attack is worth these
kinds of programs. If it’s not actually
doing that at all, then the question
becomes a lot easier. AUDIENCE: If one studies
the terrorism literature, the purpose of terrorism
is to terrorize and to cause the empire
to overreact, and thus internally destroy itself. That’s in all the writings. And we play right into
the hands of the– and so terrorism accomplishes
what they want, unfortunately. So is there any
recognition that they’re playing into the hands of the
terrorists by overreacting? TIMOTHY EDGAR: That’s
a great question. I would say this comes back
a little bit to the Trump Administration. You know, Trump is– the rhetoric that he
used in the campaign gave a lot of people
who were experienced in the national security
world a lot of fear that we would have these kinds
of massive overreactions, and that we would play into
the hands of terrorist groups that were promoting a narrative
of a clash of civilizations. And we’ve seen with the
travel ban and other policies that President Trump
has, in fact, done that. At the same time, you have a
permanent national security establishment that has learned
some lessons, I would argue, over the past decade and
a half or more since 9/11, the policy changes that
were made by the Obama administration to protect the
privacy interests of foreigners and their personal information–
that’s Presidential Policy Directive 28– a lot of my former
colleagues said, well, that’s out the window. Trump doesn’t care
about foreigners. He’s America first. So day one, you know, we’ll
see that directive rescinded. It hasn’t been. It hasn’t been, and in
fact, has been reaffirmed by the new director of
National Intelligence on very pragmatic grounds,
which is that we need the support of many
other countries in our intelligence and our
intelligence activities. I would also caution,
even though we’ve been talking a lot
about terrorism, the intelligence apparatus
is not just about terrorism. It’s about broad
foreign policy interests of a very powerful
country, the United States. And that’s another
reason, I think, that the reaction to
the Snowden revelations was different than we’ve seen
to other spying programs that were more clearly
focused on terrorism. It was pretty clear that
if the NSA is spying on the chancellor
of Germany, it’s not because they suspect that
the chancellor of Germany is a terrorist. There are foreign policy
interests involved in surveillance programs. So that’s an important
conversation to have. My view is that the
calculation is different when you’re talking about
broad intelligence purposes, and that there are some mass
surveillance capabilities that we should not be using
for those broader intelligence objectives. We should only be using
them for security threats like terrorism. So that would be my
recommendation to Congress when it comes to
PRISM and Upstream, is do we really need to be
using this program for broader foreign policy interests, as
opposed to for the terrorists purposes that
Congress, you know, was thinking about when
they passed that law? AUDIENCE: I think
one last question– how do we, as citizens, forward
the cause of civil liberties? TIMOTHY EDGAR: It’s
a great question. Well, I know that some
of the folks in this room may know that Senator
Dianne Feinstein is an important leader on
intelligence issues. She is also not, I would say,
a reliable civil libertarian, to put it mildly. So pressure on Senator Feinstein
from people in California will have an impact on the
debate Congress is having right now on Prism and Upstream. Also, educating people on
how the technology works. This is an important
audience here at Google that can look at some of the
programs I’m talking about and have an intelligent
conversation about IP addresses and content of communications
and how selectors are used, taking advantage of that
transparency I talk about. There’s just an enormous
amount of information that used to be classified
at the top secret level, when I worked in government, that has
been declassified and released about how much of this
surveillance works. But it’s still impenetrable
to a lot of people. One reason I wrote
the book is to make it understandable
to ordinary people. It’s a reason that I
use ordinary words, like mass surveillance
instead of jargon that the intelligence
agencies like, like collection of signals intelligence
under executive order, 12 triple three. And this has caused some
of my former colleagues to say, hey, this is
scary language, Tim. You know, you’re scaring people. You should tell them about all
of our privacy protections. But my view is it’s important to
use plain and ordinary language about what the
government is up to. If we agree with
what they’re doing and we think the protections
are good enough, then so be it. But we shouldn’t be having
a conversation that’s clouded in euphemisms, like
signals intelligence instead of mass surveillance. So you all here in
the tech community can help illuminate these
issues for the public. And organizations
like EFF and ACLU are always looking for
people who can help them out. In fact, the ACLU of
northern California has an open position. I don’t necessarily want
to recruit everybody here away from Google, but
for a technologist. And whether you end up
doing like what I did and working as an activist,
or whether you just want to join with the
group and help them out, I just think that the
talent in this room could be so helpful to
those kinds of groups as they advocate for
privacy and civil liberties. And I would also encourage you
to look into government service and to see what
you can do to make a difference on the inside. I am very proud of the
service I did, as limited as some of my victories were. And having people who understand
how the internet works and how technology works
will help the lawyers and the officials ask the right
questions, which they often haven’t asked in the past. DAVID: Well, thank you, Tim. Let’s give him one
more round of applause.

9 thoughts on “Timothy Edgar: “Beyond Snowden: Privacy, Mass Surveillance, and the Struggle [..]” | Talks at Google

  1. Muslims have 109 verses that command followers to kill you for not believing their batsh*t insane demonic cult. Everyone of those walking time bombs need to be monitored 24/7 along with their mosques. What damage has Snowden caused other than damaging the narrative for insane amounts of funding for no real value. I haven't seen ANY reports about any terrorist events being prevented. If they truly were looking for terror, they would have stopped Las Vegas from happening. Let's push the double speak aside and get to the real focus, hunting taxes, preserving the corrupt shadow / deep state operations.

  2. Edward Snowden did more to help this country than you ever did. You facilitated the secrecy of the illegal programs. You admit it wasn’t til Snowden leaked that there was even outside litigation involved in the secret court process. Snowden is an American hero.

    Would like to hear how snowden caused serious damage to national security – by your own admission he strengthened collection efforts because now collection is done with intent. He protected rights of privacy. And the programs stopped literally no attacks, so do tell about the damages that he did…?

  3. So, it's OK to use (mass) surveillance on other countries in order to gain political and financial leverage over them, but you still claim to be concerned about their privacy. Interesting.

  4. The online travel agency is nothing but it means that a kind of retailer shop which provides services to the public related travel such as flight or train or bus tickets, hotel reservation, car rent, cruise lines, package tours etc.see also-http://onlinekarmabarta.com/the-online-travel-agency/

  5. Wow a google employee talking about privacy really?, google was providing mass amounts of data to the xKEYSCORE for years how ironic , just trying to cover up the fact they were caught out

  6. Countries such as Brazil, China and Russia have responded to

    Snowden’s revelations by tightening control over domestic data, which

    has cost US cloud service providers billions of dollars in revenue.

Leave a Reply

Your email address will not be published. Required fields are marked *