The Snowden Disclosures, So Far

I just wrote a long-form article in the Cloak Security Blog describing what we know, and what we suspect we know, about western governments’ electronic surveillance programs:

In the past few months, the three of us here at Cloak have watched with rising concern as the size and shape of Edward Snowden’s disclosures has ratcheted into focus. Until today, we haven’t said much, mostly because the full capabilities of government intelligence organizations such as the NSA and the GCHQ are simply not known.

Writing the “story so far” forced me to re-visit primary sources, principally in The Guardian and ProPublica, and to piece together the motivating logic behind our intelligence agencies’ efforts. It’s unsurprisingly trivial:

Agencies seek to: (1) collect all data and, when possible, directly collect its unencrypted variant, (2) decrypt any encrypted data, and (3) provide analysts with the ability to store, index, and process the data

Are Snowden’s revelations a surprise? I don’t think it’s cynical to say “no.” Intelligence agencies have lived in “dangerously murky constitutional, legal, and ethical terrain” since their earliest days. It was ever thus.

What’s different today are the fundamental animating economics:

In a physical world, we have fairly reliable intuitions about the significant expense and human effort involved in someone compromising our privacy, whether it’s breaking into our office or eavesdropping on a conversation. In a world where most of our data wanders unselfconsciously through unknown computer networks, our intuitions betray us. For all that we talk of massive intelligence budgets, the per-capita cost of gathering data is plummeting.

This is, I think, the deeper story. It’s also, perhaps, the way forward. As a public, we must continually seek ways to increase the expense of circumventing our privacy. We can do this via technological means, of course, although it’s impossible to predict where such an arms race — against our own governments, no less — might lead. Better still might be to pursue a broad platform of political measures to more clearly define the public’s rights and the government’s responsibilities in the modern digital age.