By William Church

The real issue with the Edward Snowden NSA leak and the PRISM project has not been discussed. The elephant in the room, as the saying goes, is the question, “What are the next steps necessary to keep the United States safe?”

First, let me state up front. I have worked for the government. I have been cited in many articles and research papers on information warfare, intelligence gathering, and cyber threat analysis. I have lived and worked in the Arab Region.

Second, a grounding point is necessary to grasp the scope of this situation. I call them the three realities. Reality One: This “war” is not short term. The United States should plan on decades of increasingly hostile action. Reality Two: Terrorists are adaptive organizations. They change their communications or should we say tradecraft as they learn or are instructed. So as they learn, they will look for other means of communications other than public telephony or email channels. Reality Three: The United States will change its surveillance techniques to match or hopefully stay ahead of the threats.

These three realities form a triangle that drives understanding the scope of the Snowden leaks. The Snowden leaks are an ideal opportunity to have this discussion of what boundaries cannot be crossed in the future.

Without being too specific, it is already community knowledge or tradecraft that email and public telephony is outdated as a means of covert communications. It is just a matter of time (two or three years) before new tradecraft is widely adopted. These include communicating through on-line bulletin boards or discussion boards, classified ads to set time and place meetings, burying documents deep within servers with a non-public web address, burying messages within HTML code, and many others.

Just to make sure we are on the same page. The Arab Region immediately adapted after 9/11 and dropped certain words from emails and telephone communications to reduce the ability to screen. The same process was in transition before and especially after the Snowden disclosures.

The prime defense, as presented by the US government, is that these efforts have stopped terrorist attacks; therefore, by that measure, they should be allowed. If we accept that as a measure, and not our boundaries of personal or constitutional freedom, then will that defense be used when the NSA or its contractors have a “bot” that crawls through webservers and web pages looking and gathering documents or messages? Will that defense be used when filtering of discussion boards becomes an everyday activity? Will that defense be used when the NSA convinces software companies, in the name of national security, to plant malware code so that your computer can be screened without a warrant?

Just in case you think I am off in Science Fiction land, it is well documented that the US government was able to convince a well know encrypted FAX machine manufacturer too give it the key to break into diplomatic FAXES. It is widely believed that the government has a public access key to most encryption software. The US government has worked with some computer manufacturers to plant tracking chips in select devices destined for a less than friendly nation. Finally, Snowden documented that our major internet service providers turn over data without a struggle nor warrant to the United States government on a routine basis.

This is a legitimate question. How much of our privacy do we relinquish for the common good, and can our government be trusted not to use non-terrorist information gathered without a warrant for other targeting like at the Internal Revenue Service? Or is our private information safe from intentional leaks, release for political gain, or careless data management?

Lets not get sidetracked in our discussions. The current NSA activity is legal and because it was authorized by the President and Congress. There was Congressional oversight and disclosure. Even the Supreme Court ruled on limited aspects of this issue. Our Congress, as usual, is acting like they weren’t in the room when they authorized these programs.

In the end, we need to ask one basic question to meet the future. What are the boundaries of surveillance allowed by the Constitution? What is the Red Line that we will not cross?

Be Sociable, Share!