When Edward Snowden and John DeLong, Director of the NSA’s Commercial Solutions Center, both appeared on the schedule for a recent symposium, people started speculating.Would they be having a debate? Is the NSA back-tracking on their campaign to paint Snowden as a traitor? Has anything changed?
I watched both Snowden’s and DeLong’s presentations, and here’s what I learned.
What Actually Happened
Some people who have written about the symposium have characterized it as a debate between Snowden and DeLong, but I think “debate” is a misnomer. Edward Snowden spent time speaking with Bruce Schneier (check our interview with Bruce for some interesting insights), a prominent figure in the cryptography and privacy fields, via Google Hangouts. After their talk was over, DeLong took the stage for his presentation.
While they addressed a few of the same things, it seemed to me that each talk had a focus that was distinct from the other (I’ll go over them in more detail below). In a way, some of the things that DeLong said could be interpreted as a response to the points made by Snowden and Schneier, but it seemed to me that Snowden was there to talk about a range of things, from cryptographic technology to the difference between passive and active intelligence operations.
DeLong, on the other hand, was addressing the issues of compliance and monitoring at the NSA and the need for transparency and widespread discussion over a number of issues. And yes, as some people have pointed out, he also spent some time defending the NSA’s actions. I’d hesitate to call his speech as a defense of the NSA, though. While their topics overlapped, the two speakers definitely seemed to come there with their own agendas, and not seeking to simply debate or discredit the other.
What Did They Say?
If you want to see the entire conversation between Snowden and Schneier, you can watch the video below. It’s an hour long, but it’s a great conversation about the state of cryptography, some failures of the compliance and transparency programs at the NSA, and the culture of the intelligence community.
One of the things that stood out to me was that both Snowden and Schneier took the time to point out that cryptography works. When properly implemented, cryptographic protocols like TOR, PGP, AES, and Blowfish are extremely secure. Nothing is completely uncrackable, but these open-source, peer-reviewed protocols are the best tools we have (at least until quantum computing changes the science of cryptography).
This is one of the reasons why many governmental attempts to get at encrypted data don’t actually involve cracking the encryption; instead of going “through the wall,” they go around it by using keyloggers, identifying weak encryption keys, compelling companies to share data, and other similar methods.
Similarly, if there’s unencrypted data out there—on the servers of a telecommunications company, for example—it’s much easier to simply demand that data or go through a backdoor to get it than to get encrypted data and decrypt it without the keys. Passive collection of data is cheap and significantly easier for governments to implement on large scales than active cyber attacks.
However, Schneier brought up the point that the NSA seems to be losing their aversion to risk, and are performing more brazen attacks (as are many other countries around the world as the technologies required to do so become easier to acquire). Similarly, Snowden maintains that the NSA “is much less defensive than they’ve ever been before, and a much higher proportion of the efforts is committed to offense.”
One of the most important things that Snowden said in his presentation is that the people that he worked with, the people who are manning thousands of NSA computer terminals around the world, “aren’t bad people or villains,” but that a “culture of impunity” has developed over time. “[T]hey think they can do anything because it’s for a just cause; when meaningful judicial oversight is lost, you get a very different quality of decision when decisions need to be made.”
There’s a lot more to be learned from this conversation, and I highly recommend checking out the video.
When John DeLong took the stage, he immediately made it clear that he wasn’t there to engage in a point-by-point debate, and framed his discussion as focusing on both the need for widespread discussion between previously disparate groups and the requirements of compliance and transparency at the NSA. As the former Director of Compliance for the organization, DeLong is certainly qualified to talk about these issues.
A major theme of the talk was the difficulties that are faced when engineers, mathematicians, lawyers, and policy makers try to have a discussion about the sorts of decisions that need to be made at the NSA. Each group speaks a different language, has different priorities, and brings a different viewpoint to the discussion. As things stand now, these discussions often happen at the end of the project process, but DeLong called for these conversations to happen from the beginning to keep everyone on the same page.
Much of his talk centered around this idea: that different types of people (including the public) should be involved in many sorts of conversations to help define privacy in a networked world and encourage the NSA to stick to its rules about transparency.
DeLong pointed out several times, however, that compliance officers, independent panels, and other individuals have been impressed with the NSA’s attempts to police itself when it comes to potential privacy violations. He specifically mentioned Professor Jeffrey Stone, who wrote on Huffington Post:
I came away from my work on the Review Group with a view of the NSA that I found quite surprising. Not only did I find that the NSA had helped to thwart numerous terrorist plots against the United States and its allies in the years since 9/11, but I also found that it is an organization that operates with a high degree of integrity and a deep commitment to the rule of law.
Similarly, DeLong used an extended metaphor about cooking and the NSA’s actions, finishing with “let’s not confuse the recipe with the cooking.” If I’ve interpreted the metaphor correctly, he was saying that while the rules and ideas behind the actions taken by the NSA may not always have been in the best interest of privacy, they have resulted in positive outcomes, such as preventing terrorist attacks against the United States. The collection of metadata is one thing that he mentions specifically.
When asked about Edward Snowden, DeLong repeated a line that he’s used before: “I think we need to let the wheels of justice turn.” Considering some of the previous things we’ve heard government officials say about him, I’d call this pretty mild. If you’re interested in DeLong’s defense of certain issues, or the things that Snowden and Schneier have to say about cryptography, you should watch the videos above.
What Can We Learn from These Discussions?
While it’s clear that Edward Snowden and John DeLong disagree on some key issues—the defensive versus offensive nature of the NSA, the justifiability of spying on US citizens—it seems to me that their presentations, taken together, form a very positive message. Yes, Snowden called out the NSA and GCHQ on some bad stuff. And yes, DeLong was probably cherry-picking his statistics.
But Snowden’s assertion that the people who work for NSA aren’t bad people, and that they’re simply working in an environment that’s highly conducive to privacy violations, is encouraging. He may be calling for some sweeping changes, but at no point has he said that the NSA as an organization is a terrible thing, or that it’s not doing work that’s in the country’s best interest.
Similarly, DeLong’s discussion of our need for a number of different voices in discussions about privacy going forward is very valuable; we currently have intelligence officers working with mathematicians on one side, lawyers and politicians on the other, and the public thrown under the bus. By bringing all of these groups together to not only monitor the processes at work, but also to re-create them, we’ll be able to seek a balance between the best interests of the public and the security interests of our country.
When it comes down to it, one thing that DeLong said really sticks with me: that we need to “break out of the self-reinforcing circles that might in the short term make us feel more comfortable but in the long term don’t really advance moving us forward in the art and science of privacy.” This is true both of Snowden supporters and backers of the NSA.
The time for discussing whether Snowden is a hero or a villain is over, and the NSA knows it. Now’s the time to take the information that we have and use it to create a better system.
Have you seen Snowden’s and DeLong’s presentations? What did you think? Does it seem like the NSA is moving away from villainizing Snowden? Are they taking the proper steps toward compliance and transparency? Share your thoughts below!
Image credits: Group of business people discussing via Shutterstock.