As Technology Changes, So Should Law

Improved technology enabled the NSA’s mass surveillance programs and future improvements will make collecting data on citizens easier and easier.

Recent revelations about the extent of surveillance by the U.S. National Security Agency come as no surprise to those with a technical background in the workings of digital communications. The leaked documents show how the NSA has taken advantage of the increased use of digital communications and cloud services, coupled with outdated privacy laws, to expand and streamline their surveillance programs. This is a predictable response to the shrinking cost and growing efficiency of surveillance brought about by new technology. The extent to which technology has reduced the time and cost necessary to conduct surveillance should play an important role in our national discussion of this issue.

The American public previously, maybe unknowingly, relied on technical and financial barriers to protect them from large-scale surveillance by the government. These implicit protections have quickly eroded in recent years as technology industry advances have reached intelligence agencies, and digital communications technology has spread through society. As a result, we now have to replace these “naturally occurring” boundaries and refactor the law to protect our privacy.

The way in which we interact with one has drastically changed over the past decade. The majority of our communications are now delivered and stored by third party services and cloud providers. Email, documents, phone calls, and chats all go through Internet companies such as Google, Facebook, Skype, or wireless carriers like Verizon, AT&T, or Sprint. And while distributed in nature, the physical infrastructure underlying the world wide web relies on key chokepoints which the government can, and is, monitoring. This makes surveillance much easier because the NSA only needs to establish relationships with a few critical companies to capture the majority of the market they want to observe with few legal restrictions. The NSA has the capability to observe hundreds of millions of people communicating using these services with relatively little effort and cost.

Each of the NSA programs recently disclosed by the media is unique in the type of data it accesses, but they all share a common thread: they have been enabled by a massive increase in capacity and reduction in cost of surveillance techniques.

NSA’s arrangement with just a few key telecom providers enables the collection of phone records for over 300 million Americans without the need to setup individual trap-and-tracer registers for each person. PRISM provides programmatic access to the contents of all emails, voice communications, and documents privately stored by a handful of cloud services such as Gmail, Facebook, AOL, and Skype. A presidential directive, PPD20, permits “offensive” surveillance tools (i.e hacking) to be deployed anywhere in the world, from the convenience of a desk at CIA headquarters in Langley. Finally, Boundless Informant, the NSA’s system to track its own surveillance activities, reveals that the agency collected over 97 billion pieces of intelligence information worldwide in March 2013 alone. The collection, storage, and processing of all this information would have been unimaginable through analog surveillance.

Recent documents indicate that the cost of the programs described above totaled roughly $140 million over the four years from 2002 to 2006, just a miniscule portion of the NSA’s approximately $10 billion annual budget. Spying no longer requires following people or planting bugs, but rather filling out forms to demand access to an existing trove of information. The NSA doesn’t bear the cost of collecting or storing data and they no longer have to directly interact with their targets. The technology-enabled reach of these programs is vast, especially when compared to the closest equivalent possible just 10 years ago.

What we have learned about the NSA’s capabilities suggests a move towards programmatic, automated surveillance previously unfathomable due to limitations of computing speed, scale, and cost. Technical advances have both reduced the barriers to surveillance and increased the NSA’s capacity for it. We need to remember that this is a trend with a firm lower bound – once the cost of surveillance reaches zero we will be left with our outdated laws as the only protection. Whatever policy actions are taken as a result of the recent leaks should address the fact that technical barriers such as cost and speed offer dwindling protection from unwarranted government surveillance domestically and abroad.


Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s