Sign at the headquarters of the National Security Agency
National Security Agency
Fifty prominent American computer scientists have signed an open letter urging the United States to reject mass surveillance and preserve privacy. At the heart of the letter is a warning against systems that encourage abuse:
Indiscriminate collection, storage, and processing of unprecedented amounts of personal information chill free speech and invite many types of abuse, ranging from mission creep to identity theft. These are not hypothetical problems; they have occurred many times in the past. Inserting backdoors, sabotaging standards, and tapping commercial data-center links provide bad actors, foreign and domestic, opportunities to exploit the resulting vulnerabilities.
In June, Microsoft revealed that they informed the NSA about bugs before sending out a general patch, giving the spies a chance to explore vulnerabilities and backdoors before anyone else. This leaves computers vulnerable for longer, and also hands those vulnerabilities to someone that will exploit them. The letter goes on, clarifying that this isn’t the rejection of spying itself, only spying that makes citizens less safe.
The choice is not whether to allow the NSA to spy. The choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure for its users. Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals, but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life.
In the month since Edward Snowden leaked information about NSA spying projects to the public, the agency has been at the center of two parallel revelations: the incredible reach it has in creepy-but-legal targeted surveillance, and the fantastic breadth it has for mass collection of bulk information. The targeted surveillance, which includes intercepting computers before they’re delivered and installing hardware that then spies on the user, has stronger legal precedence, and fits a regular definition of surveillance that targets only those allowed by a judge, given reasonable suspicion.
Bulk collection, on the other hand, rests on a legal case decided in the late 1970s, which predates almost every modern function of the internet. And unlike targeted surveillance, bulk collection grabs the innocent with the guilty, storing the information indefinitely and threatening the privacy. In collecting so much, and especially so much information just from private citizens, it risks hiding threats in a sea of irrelevant data. Much of this information is already freely collected by private companies like Google or Facebook online, but when the U.S. government obtains that information, it threatens Silicon Valley‘s business in Europe and elsewhere.
The letter’s signatories have joined with many of these tech companies to offer five recommendations for government surveillance reform. Those recommendations are, briefly, that governments create sensible limitations on their authority to collect users’ data; that intelligence agencies work under a clear legal framework subject to strong checks and balances; that governments be transparent about the number and nature of their demands for user information; that transfer of data across borders not be impeded; and that, in order to avoid conflicts, there should be a transparent and robust framework to govern the sharing of information between governments.
Read the letter in its entirety, and its complete list of signatories, here.