Roosevelt Institute | Cornell University

The NSA: Maybe Not So Scary Afterall

By Agrippa KellumPublished April 3, 2016

The Snowden debacle in 2013 has triggered much concern regarding the dangers of far-reaching surveillance programs. I argue that this surveillance can be evaded by concerned citizens and malevolent actors alike.
By Agrippa Kellum, 04/03/16

Edward Snowden's release of top-secret documents regarding the surveillance practices of the National Security Agency in 2013 spurred an outpouring of media coverage and debate. In particular, detractors are concerned that such technology harms free press: if whistleblowers and journalists cannot remain anonymous, their safety and ability to report is threatened. I'm going to explain why I'm not so worried that we've reached that point.
The contents of all messages can be encrypted before being broadcast over the Internet. While an observer (e.g. the NSA) may be able to view the encrypted message, it is only possible to decrypt the message back into a readable form using some private information. This is a reason why programs such as PRISM are necessary for the NSA to read our emails; it is (for instance) Google, not the NSA, who are able to decrypt messages sent and stored using their systems.

However, it is not necessary that the service handling these messages ever fully decrypt. Decryption can simply be passed on to the recipient, or the sender may use an extra layer of encryption so that the service in question can only decrypt it part of the way.  Even if all information stored or transferred using the email service's systems were seized or visible to the NSA, the messages would still be indecipherable. It is only by obtaining information held on the recipient's computer alone that content surveillance or seizure can be successful— with the exception of the occasional technological loophole, the only way that the NSA could currently reliably do this involves a knock on the recipient's door.

It is mostly metadata (information about the who, when, and sometimes where of communications) that the NSA collects and analyzes without a warrant. As long as people continue to use services encapsulated in the PRISM program (Google, Verizon, etc.), the NSA will always be able to view the metadata of their communications. However, users may opt to use services that are either too small to have received any court orders or otherwise out of reach entirely because they are hosted in countries that do not cooperate with United States activities. Additionally, communications can be executed using peer-to-peer protocols, meaning that no potentially NSA-cooperative intermediary service is necessary at all. Finally, browsing data can be hidden by using browsing anonymization services such as Tor. Snowden's leaks reveal that the NSA have been working to circumvent Tor but have made very little headway.

Thus, the situation does not seem to be quite as Snowden might say. With a minimal amount of research, private and anonymous communication remains possible— even between parties that are being specifically targeted by the NSA. It is only with strict control of software distribution that a government lockdown on anonymous communications could occur. This would be a difficult task even for a government openly hostile to a free internet— 21% of China's internet users use Facebook (a blocked website in China), utilizing a variety of tools to circumvent China's web restrictions. Given that comprehensive control of software distribution is impossible to perform in secret and counter to the interests of the technology sector, it is hard to imagine such a program ever being instituted in the United States. Thus, while the NSA's programs would certainly be useful to a dictatorship, alone they are likely not enough to enable the creation of one.

Of course, there are other reasons to be upset by the NSA's programs. For instance, one may be concerned by the fact that such important and constitutionally dubious decisions were made by such small congressional committees, completely out of view of the rest of the country. However, as it stands, our freedoms are meaningfully protected by more than just policy switches as long as we are suitably cautious with our technology.