Surveillance & Privacy

Why the Privacy Community Focuses Where it Does

Susan Landau
Tuesday, June 16, 2015, 8:43 PM

I'm a little surprised by my colleague Ben's comments on the privacy community and its focus on NSA rather than China. I think he knows the answer to the question he's raising, and he's just doing a rhetorical exercise. But just in case not ...

Published by The Lawfare Institute
in Cooperation With

I'm a little surprised by my colleague Ben's comments on the privacy community and its focus on NSA rather than China. I think he knows the answer to the question he's raising, and he's just doing a rhetorical exercise. But just in case not ...

NSA's data collection on Americans creates a risk that the US government may use information it was not supposed to collect against its own citizens. The excessive collection by the NSA. FBI, the Army, and other parts of the Defense Department during the period 1936 to 1976 [1] — not all of these organizations at all of these times — has been well documented. Less well known, but covered in Congress, was subsequent times when political activities led to surveillance, arrests, and trials. This includes the 1980s investigations of the Committee in Solidarity with the people of El Salvador, a US-based group that supported the opposition to the Duarte regime in El Salvador. By the time the FBI investigation ended, the bureau had amassed files on 2300 people and 1300 organziations; this was of an organization involved in political, not military or terrorist, activities. In 1988 Congressional testimony FBI Director William Sessions observed, "The broadening of the investigation in October 1983, in essence, directed all field offices to regard each CISPES chapter, wherever located, as a proper subject of investigation. Based on the documentation available to the FBI by October 1983, there was no reason . . . to expand the investigation so widely." Another case involved eight Palestinians living in the US. They had organized a fundraiser in Los Angeles for medical care and schooling in Palestinian refugee camp, but the FBI believed the men were engaged in fundraising for terrorist activities. The legal case against the LA8 went on for eighteen years, long enough to raise a child and send her off to college. It was finally dismissed. But the point of these cases is not that justice eventually triumphed; it is that even with the 1970s controls placed by Congress on intelligence collection and abuse, overcollection and abuses occurred. [2]

So the answer to my friend Ben about why the privacy organizations are so concerned about NSA collection against Americans comes from the Church Committee: "Persons most intimidated may well not be those at the extremes of the political spectrum, but rather those nearer the middle. Yet voices of moderation are vital to balance public debate and avoid polarization of our society."

Is the Chinese collection of OPM data a problem? Yes, it is a huge national-security problem. Ben is right that this data collection has compromised the privacy of Americans working for the government. But more significantly that, by giving the Chinese government leverage over these Americans, this cyberexploitation has seriously compromised US security — and for the long term.

Those with close contacts in China, including Chinese-Americans, will be most subject to pressure by the Chinese government. In fact, China does not have to do anything more to rock US national security; those with close contacts in China are likely to be scrutinized heavily if they want to work for the US government in sensitive positions, and they will have some difficulty obtaining clearances. China does not have to take any actions in order to make government jobs less attractive for those with close contacts in China. Making the native Chinese speaking population less willing to work for the US government will put the US at a disadvantage in national security.

Why aren't CDT and others writing much about the OPM mess? Largely because the Chinese cyberexploit is, as Jack haswritten, espionage. One government spying on information about another government and its employers is a national-security intrusion, not a privacy one.

But Ben is correct that there is a privacy issue here. It's a very serious one, namely that the US government did not sufficiently secure private information about its own employees. That is not only a colossal security blunder, it is a nightmarish privacy one for everyone in the hijacked OPM files.

[1] The period listed corresponds to that investigated by the Church Committee.

[2] The problems described are issues with the FBI, not with NSA collection.

Susan Landau is Bridge Professor in The Fletcher School and Tufts School of Engineering, Department of Computer Science, Tufts University, and is founding director of Tufts MS program in Cybersecurity and Public Policy. Landau has testified before Congress and briefed U.S. and European policymakers on encryption, surveillance, and cybersecurity issues.

Subscribe to Lawfare