The Buzz

Tempora-Fried Conflict of Interest

Let’s agree, for the sake of argument, that the National Security Agency’s various data-gathering activities in the United States are unquestionably constitutional, legitimate and necessary. Let’s further agree that the oversight regimes in place—internal measures, Congressional committees, and the Foreign Intelligence Surveillance Courts—are robust and transparent enough to prevent abuse. These assumptions are strong enough to address the vast majority of worries about the programs. Yet they do not touch one major concern: foreign intelligence agencies gathering information on Americans.

The United Kingdom’s Government Communications Headquarters—GCHQ—was revealed to have a far more extensive collection program than the NSA’s. The program, codenamed Tempora, extracts data from international fiber-optic data cables and then collates it in a manner quite similar to the NSA’s PRISM system. But Tempora takes in more, both in scope and in scale. It stores both the content and the associated metadata of communications, unlike the NSA, which merely takes the latter. While one NSA program took in ninety-seven billion pieces of information in one month, at peak rates Tempora could do that in just over two days. And GCHQ lawyers told their NSA counterparts that “we have a light oversight regime compared to the U.S.”

Tempora offers major benefits to the United States, as the NSA enjoys access to the data and works closely with GCHQ on exploiting it. The United States and Britain are surely safer and better informed, and they’re cooperating in yet another area. Yet there’s a big downside for the United States. British cable-tappers are taking in many American communications. Tempora got its start at a GCHQ station at Bude, Cornwall, where many fiber-optic cables from the United States make landfall. This is partly of necessity—the United States is a major waypoint for data flows, so much of what’s going from America and into Tempora does not necessarily involve any U.S. persons.

Yet much surely does. And this is concerning for many reasons. For it is one thing when the American government gathers information on Americans. It is another when a foreign government does—whether allied or not.

American citizens are having their privacy violated en masse by a foreign crown—by one of its espionage services, no less. Preventing such activity is one of the core functions of a government. That’s part of the reason Washington has been so unhappy with Chinese cyber snooping. That’s why numerous states around the world protested—and even took action—when the NSA’s programs were revealed.

The U.S. response to the GCHQ’s Tempora program should be similar. A government-to-government complaint is natural and appropriate. But so is a second set of steps—educating the American public about methods that could be used to protect their information from foreign peeping. This would likely be far more effective than a mere protest—espionage is, after all, an eternal element of interstate relations, and modern technology has made it terribly easy. The most effective protection must thus focus on individuals. Widespread public adoption of powerful encryption on communications, and of secure communications endpoints (email clients, phone systems, web browsers, etc.), would make mass foreign cyber snooping extremely expensive, as decryption takes time and lots of computing power. Private citizens have already organized collections of free tools that could make this happen—Peng Zhong’s PRISM Break is one example.

Yet that particular page’s name may hint at why the U.S. government hasn’t taken such steps to protect its citizens from foreign espionage. The programs don’t discriminate. Making Americans safer from Tempora would also make them safer from PRISM. Further, it would be virtually impossible to keep the rest of the world from taking the same preventive steps, reducing PRISM’s effectiveness against foreign targets. The latter problem merely requires that the government balance contending goals. But the former is a conflict of interest.

Image: Flickr/George Rex. CC BY-SA 2.0.