Published by The Lawfare Institute
in Cooperation With
[T]he cybersecurity threat is more pervasive and severe than the terrorism threat and is somewhat easier to see. If the Times’ website goes down a few more times and for longer periods, and if the next penetration of its computer systems causes large intellectual property losses or a compromise in its reporting, even the editorial page would rethink the proper balance of privacy and security. The point generalizes: As cyber-theft and cyber-attacks continue to spread (and they will), and especially when they result in a catastrophic disaster (like a banking compromise that destroys market confidence, or a successful attack on an electrical grid), the public will demand government action to remedy the problem and will adjust its tolerance for intrusive government measures.And second, when that demand arises, NSA will be better positioned than today to provide credible guarantees to the public that it is acting responsibly and within prescribed limits, in large part because the Snowden revelations are requiring it to recalibrate its tolerance for transparency.
“Before the unauthorized disclosures, we were always conservative about discussing specifics of our collection programs, based on the truism that the more adversaries know about what we’re doing, the more they can avoid our surveillance,” testified Director of National Intelligence James Clapper last month. “But the disclosures, for better or worse, have lowered the threshold for discussing these matters in public.” In the last few weeks, the NSA has done the unthinkable in releasing dozens of documents that implicitly confirm general elements of its collection capabilities. These revelations are bewildering to most people in the intelligence community and no doubt hurt some elements of collection. But they are justified by the countervailing need for public debate about, and public confidence in, NSA activities that had run ahead of what the public expected. And they suggest that secrecy about collection capacities is one value, but not the only or even the most important one. They also show that not all revelations of NSA capabilities are equally harmful. Disclosure that it sweeps up metadata is less damaging to its mission than disclosure of the fine-grained details about how it collects and analyzes that metadata. It is unclear whether the government’s new attitude toward secrecy is merely a somewhat panicked reaction to Snowden, or if it’s also part of a larger rethinking about the need for greater tactical openness to secure strategic political legitimacy. Let us hope, for the sake of our cybersecurity, that it is the latter.