This statement was originally published on eff.org on 9 February 2016.
This morning, the White House announced an Executive Order establishing a federal interagency privacy council composed of senior privacy officials from two dozen federal agencies. While seeming to offer some promise, however, the council has a limited mandate, and ultimately represents an overdue nod to privacy principles the administration has repeatedly abused in practice.
If the Obama administration wants to support privacy, it can start by finally offering straight answers to Congress on surveillance and intelligence practices that offend privacy. Instead, Congress has legislated surveillance policy in the dark while enduring a long series of executive misrepresentations.
Last week, mere days after an independent panel (notably including current U.S. intelligence officials) refuted recent FBI claims about encryption tools, Congress began examining surveillance powers set to expire next year in a closed hearing, enabling a familiar pattern of executive obfuscation and congressional confusion.
As we wrote over two years ago, "It's time for Congress to reassert its oversight role and begin a full-scale investigation into the [government's] surveillance and analytic activities....Congress cannot rely solely on mandating more reports from [intelligence agencies] as a solution."
Surveillance will survive encryption, despite false FBI claims
Most recently, executive officials misled Congress in the context of the encryption debate.
Intelligence officials including FBI Director James Comey have conjured claims that encryption threatens national security, and that private companies should allow government agencies backdoor access to encrypted communications and data. A study released last week by the Berkman Center for Internet & Society at Harvard University, however, reveals that the FBI has been crying wolf.
The Berkman Center report, "Don't Panic: Making Progress on the 'Going Dark' Debate," suggests that concerns about encryption undermining security are premature and overblown. In particular, fears that intelligence agencies are "going dark" by losing pervasive access to electronic communications, or data stored online, overlook the emergence of new data streams—especially increasingly vast sets of unencrypted data produced by household devices connected to the Internet.
These devices include not only the computers and smart phones for which encryption is an essential security and privacy tool, but also "toasters to bedsheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables."
The authors of the report included U.S. senior intelligence officials who, according to the New York Times, were constrained from speaking publicly for their agencies but joined the conclusion that:
[C]ommercial interests will likely limit the circumstances in which companies will offer encryption that obscures user data from the companies themselves, and the trajectory of technological development points to a future abundant in unencrypted data, some of which can fill gaps left by the very communication channels law enforcement fears will "go dark" and beyond reach.
In other words, according to co-author Bruce Schneier, "While it may be true that there are pockets of dimness, there other areas where communications and information are actually becoming more illuminated, opening up more vectors for surveillance."
EFF Board member Jonathan Zittrain, a Harvard professor who serves as faculty chair of the Berkman Center, noted that the review group's unique composition enabled a broader perspective than either the agencies or Congress have sought, enabling a "debate beyond its well-known bumper stickers."
Agencies bending the truth yet again
The exposure of the FBI's misrepresentations surrounding encryption is hardly the first time that intelligence agencies have been caught playing loose with the facts.
Close watchers of the NSA, FBI, and CIA may notice an all-too-familiar pattern of unreliable statements by senior officials addressing tough questions about intelligence operations. Having for years misled elected officials, the press, and the public about their agencies' domestic surveillance activities, many of the same officials continue to use their public positions to promote false claims that national security requires undermining individual security, anonymity, and freedom of expression.
Perhaps most infamously, Director of National Intelligence James Clapper gave a false and self-serving answer when questioned by Senator Ron Wyden (D-OR) during a March 2013 Senate hearing about whether the NSA was monitoring millions of law-abiding Americans. General Counsel Robert Litt later offered at least a coherent (if not convincing) defense of his boss, essentially arguing that Clapper could not answer truthfully under oath because the classification system—which itself is so broken that even its former chief has described it as "dysfunctional"—requires secrecy while the hearing was a public forum.
Clapper himself later acknowledged that his statement was false and "too cute by half," with the bizarre caveat that he had answered in "the least untruthful manner" that he could. Yet, as Litt has admitted, Clapper never corrected the record after making his statement. The only reason we know the truth is because a courageous young man sacrificed his career to do what all public officials swear an oath to do: defend the Constitution against all enemies, foreign and domestic.
Duplicity must be contagious, because other senior intelligence officials seem to also suffer from the "least untruthful" Clapper Syndrome.
For instance, just a few months after Clapper misled the Senate, NSA head Keith Alexander testified at another hearing. Asked whether the NSA collects bulk cell phone location data, he chose to answer a different question, limiting his answer to Section 215 of the Patriot Act while effectively refusing to answer the question he was asked.
In response, Sen. Wyden said, "Once again, the intelligence leadership has decided to leave most of the real story secret—even when the truth would not compromise national security." Wyden later expounded on the agencies' recidivism, explaining that the NSA "has repeatedly deceived the American people."
Beyond the NSA and Director of National Intelligence, other agencies have also failed at times to make true statements under oath.
The CIA, for instance, misused technology to hack into Congressional files and steal documentary evidence of torture, of which CIA officials had previously destroyed videotape evidence. After initially claiming that agency officials had never done so, CIA Director John Brennan reversed course after an internal investigation, admitting that CIA personnel effectively conducted an espionage operation targeting the Senate to hide evidence of the agency's human rights abuses.
Similarly, Brennan and others have claimed for years that armed drones do not generate significant collateral casualties when used to conduct targeted assassinations. The utility of drones, of course, hinges on their precision.
Yet the first time an independent study attempted to verify the agency's claims, researchers from NYU and Stanford concluded that most of the deaths from drones are collateral deaths. They described as simply "false" claims by officials that "the use of drones…is of a surgically precise and effective tool that makes the US safer by enabling 'targeted killing' of terrorists, with minimal downsides or collateral impacts."
Reflecting on these incidents just a few months ago, the New York Times editorial board correctly suggested that "It is hard to believe anything Mr. Brennan says."
The debate over surveillance policy will remain skewed as long as executive officials remain less than forthcoming with the truth—or, for that matter, as long as they're the only people from whom Congress bothers to invite expertise.
With Congress already turning its attention to the possibility of renewing the statute cited as legal justification for dragnet NSA spying on the Internet, there is a dire and long overdue need for transparency. Unfortunately, there is no reason to think that the agencies' claims today will prove any more true than their repeated misrepresentations in the past.
Today's White House announcement may seem to indicate a real concern with privacy principles, but a more meaningful one would entail responding truthfully to congressional oversight.
Congress could ensure its own access to facts in spite of executive evasion by reforming the bloated classification system, launching a new Church Committee to finally investigate what the intelligence committees have failed to explore, or requiring the executive branch to send credible officials to testify at oversight hearings. As the former congressional investigators who uncovered COINTELPRO put it, "Nothing less than the confidence of the American people in our intelligence agencies, indeed, the federal government, is at stake."
White House's plans for privacy council fall short
This statement was originally published on eff.org on 9 February 2016.