10 years after Snowden's first leak, what have we learned?
Spies gonna spy
Feature The world got a first glimpse into the US government's far-reaching surveillance of American citizens' communications – namely, their Verizon telephone calls – 10 years ago this week when Edward Snowden's initial leaks hit the press.
Verizon, we all learned, had handed over information to the US National Security Agency (NSA) on all calls in its systems on a daily basis, under a top-secret Foreign Intelligence Surveillance Court (FISC) order.
Thousands more secret documents were subsequently published by journalists in the days and years to come, followed by lawsuits, privacy-enabling tech and – more slowly – some transparency into and reforms of Uncle Sam's domestic spying efforts.
At least that's what lawmakers, digital privacy and civil liberties advocates tell us. It's always hard to know for sure when you're dealing with classified, top-secret domestic spying programs.
These same folks tell us that while public awareness of the harms posed by mass surveillance has increased over the past decade, there's still much room for improvement. And all of them point to the upcoming battle to reform Section 702 of the Foreign Intelligence Surveillance Act (FISA) as the next big test, but more on that later.
"I warned in 2011 that 'When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry.' I was right, as Edward Snowden's revelations proved," US Senator Ron Wyden (D-OR) told The Register.
Wyden was one of two US senators who had sounded the alarm about the Obama administration's surveillance programs even before the Snowden leaks came to light.
In the decade since then, "reformers have made real progress advancing the bipartisan notion that Americans' liberty and security are not mutually exclusive," Wyden said. "That has delivered tangible results: in 2015 Congress ended bulk collection of Americans' phone records by passing the USA Freedom Act."
Freedom ain't free
This bill sought to end the daily snooping into American's phone calls by forcing telcos to collect the records and make the Feds apply for the information.
That same month, a federal appeals court unanimously ruled that the NSA's phone-records surveillance program was unlawful.
The American Civil Liberties Union (ACLU) and the New York Civil Liberties Union sued to end the secret phone spying program, which had been approved by the Foreign Intelligence Surveillance Court, just days after Snowden disclosed its existence.
"Once it was pushed out into open court, and the court was able to hear from two sides and not just one, the court held that the program was illegal," Ben Wizner, director of the ACLU Speech, Privacy and Technology project, told The Register.
The Freedom Act also required the federal government to declassify and release "significant" opinions of the Foreign Intelligence Surveillance Court (FISC), and authorized the appointment of independent amici – friends of the court intended to provide an outside perspective.
The FISC was established in 1978 under the FISA – the legislative instrument that allows warrantless snooping. And prior to the Freedom Act, this top-secret court only heard the government's perspective on things, like why the FBI and NSA should be allowed to scoop up private communications.
"To its credit, the government has engaged in reforms, and there's more transparency now that, on the one hand, has helped build back some trust that was lost, but also has made it easier to shine a light on surveillance misconduct that has happened since then," Jake Laperruque, deputy director of the Center for Democracy and Technology's Security and Surveillance Project, told The Register.
Wyden also pointed to the sunsetting of the "deeply flawed surveillance law," Section 215 of the Patriot Act, as another win for privacy and civil liberties.
That law expired in March 2020 after Congress did not reauthorize it.
"For years, the government relied on Section 215 of the USA Patriot Act to conduct a dragnet surveillance program that collected billions of phone records (Call Detail Records or CDR) documenting who a person called and for how long they called them – more than enough information for analysts to infer very personal details about a person, including who they have relationships with, and the private nature of those relationships," Electronic Frontier Foundation's Matthew Guariglia, Cindy Cohn and Andrew Crocker said.
Encryption for the win
Wizner calls these legislative and court reforms part of the "Snowden effect." And you can't talk about the Snowden effect without talking about encryption.
James Clapper, the former US Director of National Intelligence, "stated publicly that the Snowden disclosures accelerated by seven years the adoption of commercial encryption," Wizner said, describing this as a Rorschach test. For government agencies tasked with surveillance, encryption is a bad thing, he explained.
But individuals and companies interested in data protection and privacy probably see things differently. "At the individual level, and at the corporate level, we are more secure," Wizner said.
This includes mass adoption of end-to-end encrypted messaging services like WhatsApp and Signal.
"And at the corporate level, what the Snowden revelations taught big tech was that even as the government was knocking on the front door, with legal orders to turn over customer data, it was breaking in the backdoor," Wizner said. "Government was hacking those companies, finding the few points in their global networks where data passed unencrypted, and siphoning it off."
"If you ask the government – if you caught them in a room, and they were talking off the record – they would say the biggest impact for us from the Snowden disclosures is that it made big tech companies less cooperative," he continued. "I regard that as a feature, not a bug."
To be fair, 10 years later some tech companies including Amazon still hand over data – including Ring security videos – to law enforcement without a warrant.
Still, as Apple, Meta, Google and friends push end-to-end encryption across their messaging services and other products, this should mean even if tech firms are served with a subpoena, the content of these communications would remain encoded.
But perhaps the biggest test of the Snowden effect will happen later this year.
Fight over Section 702 heats up
"This year Congress has the opportunity to pass another critical set of reforms, including by putting real oversight and checks in place to end the rampant violations of Americans' privacy through Section 702 of the Foreign Intelligence Surveillance Act," Wyden said.
Section 702 is supposed to permit the federal government to spy on communications belonging to foreign individuals outside of America, theoretically to prevent criminal and terrorist acts. Those communications can sweep up phone calls, texts and emails with US persons, however, and are stored in massive databases. The FBI, CIA and NSA can search these communications without a warrant.
Although the law is not supposed to be used to surveil American citizens, the government has historically used this data to monitor activists, journalists and others without obtaining a warrant. These communications can then be used to prosecute people for crimes, and have been.
- FBI abused spy law but only like 280,000 times in a year
- US Senate passes USA Freedom Act – a long lip service to NSA reforms
- Kremlin claims Apple helped NSA spy on diplomats via iPhone backdoor
- Pentagon whistleblower Ellsberg given months to live
Laperruque calls Section 702 the "most significant" area where the government has fallen short in reforming surveillance abuses.
"Advocates have been clamoring even before the Snowden disclosures to know how many Americans' communications are swept up by that statute," he said. "We've been pressing for an estimate for over a decade at this point."
Clapper promised to provide an estimate in 2015, "and now, seven-plus years later, we still don't have a number," Laperruque said.
One thing we do know about Section 702 is that it has been widely misused: more than 278,000 times by the FBI between 2020 and early 2021 to conduct warrantless searches on George Floyd protesters, January 6 rioters who stormed the Capitol, and donors to a Congressional campaign.
This "litany of examples" demonstrate how the government routinely abuses these warrantless searches, and should provide incentive for Congress to either overhaul, or outright end, Section 702, according to Laperruque and other opponents.
"The fact that this seems to reoccur, again and again, even as the FBI says, we've enacted new rules so this won't happen," Laperruque said. "This has worn the patience of Congress, and demonstrates that this type of misuse is going to keep happening until we fundamentally change the rules."
But wait, there's more
Another area that Wyden, EFF and the Center for Democracy & Technology (CDT) all agree still needs reform is Executive Order 12333. "There's more that the public has a right to know, about how the government secretly interprets Section 702 and how it conducts surveillance outside of FISA under Executive Order 12333," Wyden said.
Executive Order 12333 very broadly mandates rules for spying on US persons, whether they are in America or overseas, and on anyone in America.
Another one of the Snowden disclosures was about an NSA spying tool called XKeyscore, which is authorized under the executive order and collects data on "nearly everything a user does on the internet."
As EFF noted: "There are serious issues raised by this tool and by 12333 more broadly. Despite consistent calls for reform, however, very little has occurred and 12333 mass surveillance, using XKeyscore and otherwise, appears to continue unabated."
The real issue that the Snowden leaks revealed is that America's "ordinary system of checks and balances doesn't work very well for secret national security programs," Wizner said.
No day in court: US Foreign Intelligence Surveillance Court rulings will stay a secretREAD MORE
The architecture put in place to curb surveillance misuse including FISA, FISC and the US House and Senate select committees on intelligence was all created in the late 1970s as a reaction to Hoover-era abuses. These are all good ideas in theory, but not necessarily in practice – especially after 9-11 when the US government essentially greenlighted mass domestic spying for the sake of preventing another terrorist attack.
"Ten years have gone by," since the first Snowden disclosures, "and we don't know what other kinds of rights-violating activities have been taking place in secret, and I don't trust our traditional oversight systems, courts and the Congress, to ferret those out," Wizner said. "When you're dealing with secret programs in a democracy, it almost always requires insiders who are willing to risk their livelihoods and their freedom to bring the information to the public." ®