In the three years since the news first broke of Edward Snowden’s trove of leaked National Security Agency documents, debates have raged in the public sphere and within the intelligence community over the contents of what he revealed and what they mean for privacy, transparency, and the future of surveillance.
The Cipher Brief spoke to half a dozen top former NSA officials, cybersecurity experts, and privacy advocates to assess the legacy of the Snowden leaks. As each year passes, Snowden personally becomes less and less relevant, according to the observers, but the issues raised by the leaks remain crucial to discussions revolving around privacy, intelligence, and national security.
For those once in the intelligence community, Snowden’s actions still rankle. Grave concerns remain over his stay in Russia, what may exist in the remaining documents he took, and how to try to breach the divide that has emerged between the government and the technology industry in the wake of the disclosures.
But the impact of the leaks on legislation and government reform has been decidedly lackluster, with most surveillance powers revealed by Snowden left largely intact. Critics also say the conversation Snowden accelerated — although a necessary one — was badly distorted by the disclosures. And intervening events with other actors, such as this year’s Apple-FBI debate over encryption, continue to push Snowden further and further from relevance.
“The Snowden affair seems to have really faded a lot in this last year,” David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations, said. “We are not resolving some of the deep underlying issues in a way to protect privacy and human rights. He didn’t really help move the political needle one way or another, and that fading effect is just going to continue.”
The legacy of the leaks
Three years on, what have been the biggest impacts of the Snowden leaks? Experts and former top officials point to the losses in intelligence collection and trust — between the IC and the public, businesses, foreign governments, and foreign intelligence partners — as the most significant thing to come from the documents Snowden stole.
“The loss in trust with the U.S. public and businesses has a real operational effect. Despite Hollywood portrayals, U.S. intelligence has limited authorities, personnel, and resources,” Robert Eatinger, former senior deputy general counsel at the CIA, said. “Our intelligence agencies depend on the willingness of U.S. persons and companies to provide information and assistance, either voluntarily or through a contract mechanism. A loss in trust reduces the number of Americans willing to assist our intelligence agencies. It reduces not only voluntary assistance but also the number of companies willing to enter into contracts.”
“We have seen recent examples of major U.S. companies not only declining to help U.S. intelligence, but activity seeking to frustrate it. Perhaps the most obvious is Twitter, Inc.’s recent directive to the data analytics company Dataminr to cease selling data, not precisely defined in the press reporting, to U.S. intelligence agencies,” Eatinger added.
Rhea Siers, who served as the deputy associate director for policy at the NSA before retiring one month before the revelations broke, agreed, saying the most troubling legacy of the Snowden leaks is the “really big gulf, and open conflict in some kinds, between the government and the private cybersecurity community.”
“They reacted very vehemently to the leaks, to a lot of the stories about NSA exploiting known weaknesses in established cryptography and other systems which really bothered them,” she said. “Now they’ve been through this whole thing and there’s a lack of trust, and now they’re embroiled in conflict with the FBI on the encryption issue. I don’t think we’re ever going to have absolute trust here, but we need to broaden the dialogue, because to a certain extent, the private sector is on the front lines in terms of cyber intrusion and breaches, and we can’t afford to have this kind of gap.”
For privacy advocates, Snowden’s disclosures remain crucial to the push to rein in government surveillance of citizens. The ACLU, in its call to President Barack Obama to grant Snowden clemency, said the former NSA contractor “single-handedly reignited a global debate about government surveillance and our most fundamental rights as individuals.”
Electronic Frontier Foundation’s Rebecca Jeschke, meanwhile, said that “Snowden’s disclosures changed the face of the debate about the government spying,” although she described the U.S. government’s attempts at reform in the wake of the leaks as “lackluster.”
Earlier this year, Snowden — who did not respond to requests for an interview made through the Freedom Foundation, where he is on the board of directors — said he does not see himself as an “unhappy ending” for future leakers.
“I’m actually more fulfilled now, more connected now and more effective now in my work,” he said during a video call to RightsCon in April.
But how effective Snowden has been is certainly questionable.
On the whole, some observers say there has been little other tangible impact left by Snowden beyond creating a PR problem for the U.S. and its intelligence services and sparking a national conversation on privacy.
“Although some claim that it caused or accelerated a necessary conversation, and in some sense it did, it badly distorted that conversation. And so there’s an awful lot of work to be done to explain to the American people what it really is that NSA does,” said Gen. Michael Hayden, former CIA director from 2006-09 and NSA director from 1999-2005.
And in the legislative realm, there has been just one response to Snowden’s leaks. In 2015, the NSA’s program for collecting and holding the metadata of Americans’ phone calls—that is the phone numbers and duration of calls, not the actual content—under Section 215 of the Patriot Act was replaced. Snowden called it a “a historic victory for the rights of every citizen” in a New York Times opinion piece.
Now a modified version of the program operates under the USA Freedom Act, enacted after the Patriot Act provisions expired, which requires that the data remain with the telecom companies and that the government must go to the secret U.S. Foreign Intelligence Surveillance (FISA) Court for access.
Hayden said he would characterize changing the law on the 215 program as a small shift given that the key change is that companies now hold the American telephony metadata, rather than the NSA.
“It’s fine. It’s not what it was. If that were the best way of doing it, that’s the way I would have set it up. But I didn’t,” Hayden said. “So there is some reduction. But I don’t want to overdramatize that.”
There’s more ahead, though: The next legislative debate connected to Snowden’s revelations will be on the potential renewal in the summer of 2017 of Section 702 of the FISA Amendments Act, which provides the basis of the PRISM and Upstream programs that sweep up content about Americans in the process of targeting foreigners for intelligence. Observers say it is likely Congress will renew the program, and the real question is whether there will be any amendments to the law.
In addition to surveillance programs impacting American citizens’ privacy, the leaked documents also detailed information on U.S. monitoring of foreign heads of states’ phone calls, Chinese cyber espionage and the existence of surveillance programs in other countries, such as the United Kingdom’s Tempora system.
In a policy change, Obama announced in 2014 that unless there is a compelling national security purpose, the U.S. would cease its electronic surveillance coverage of foreign heads of state — this, however, is reversible and could be done so at any time and without public disclosure. In addition, Obama issued Presidential Policy Directive-28, directing the intelligence community to establish privacy protections for non-U.S. persons, regardless of where they live. Hayden called this “an incredible administrative burden,” noting that “there is no other electronic intelligence agency on Earth who is attempting to do the same thing.”
Obama also ordered a review of the programs leaked by Snowden in 2013 through the Privacy and Civil Liberties Oversight Board. While the board generally upheld Section 702, Snowden’s main success stems from the board’s findings that Section 215 was both unlawful and ineffective as a counterterrorism tool.
Beth Collins, who is currently serving as a board member of the Privacy and Civil Liberties Oversight Board, noted that most of the recommendations in the group’s reports go beyond addressing those respective programs. For instance, the suggestions pushing for increased transparency and encouraging the NSA to make sure it is using the best technology available to interpose privacy-based restrictions to narrow collection if possible, have salience beyond just the context of the 702 program, she said.
“And not just as a privacy matter, but as an operational matter,” Collins, who is also an attorney at WilmerHale, said. “It tends to be in the interest of the agencies to limit the collection where they can, because otherwise they have a sea of data they can’t get through.”
A spotlight on transparency
One of the most remarkable things about the last three years is the change in attitude towards transparency in the intelligence community, Collins said.
“The agencies in many respects legitimately appear to be now starting from a premise of what can we make public rather than beginning with a premise of classification. And I think if you look at more recent iterations of some of the procedures that accompany these programs, there is an effort to put them out in the public,” she said.
“At the same time I think there has been an effort by the FISA court to write opinions that can be released publicly,” Collins added. “It is extraordinary to me the amount of discussion we currently have about specific programs and capabilities of the United States intelligence community. It is unmatched anywhere in the world. But at the same time you educate the American people, you do educate our enemies.”
The leaks “demonstrated that the intelligence services, especially NSA, can’t operate completely in the dark,” Siers said.
“They have to demonstrate publicly they respect privacy concerns, and I’m not sure that has been entirely accomplished yet,” she said.
And as for Snowden’s own legacy, his relevance fades the longer he stays in Russia, according to Fidler, a professor at Indiana University whose publications include the 2015 book, “The Snowden Reader.”
“Even for people who were sympathetic, the fact he’s hosted by (Russian President Vladimir) Putin is something that undermines the credibility of the global human rights arguments he thought were so important to explaining what he was trying to do. It rubs people the wrong way,” he said.
Since the potential for more leaks remains a real possibility, the legacy of the Snowden disclosures cannot yet be fully written.
“Snowden still remains in many quarters wrapped in the cloak of a well-meaning ‘whistleblower,’” Eatinger said. “As time passes, should the scope of the information he releases make apparent the information he stole and is releasing is less and is less related to the privacy interests of the common man, but of ‘normal’ and expected foreign intelligence activities, his cloak of whistleblowing may be more akin to that of Hans Christian Andersen’s emperor’s clothes.”
Hayden said: “You’ve got this macro social contract conversation that we have to have, and it’s going to be harder to do than it would otherwise have been. You’ve got a marginal reduction in the metadata program. You have voluntary reduction at how aggressive we are at collecting foreign intelligence. And fundamentally, the big discussion is going to be on the NSA 702 program, which has to do with emails, and it is the most lucrative collection program NSA has today. It’s been tremendously successful. It’s up for renewal in 2017, and the debates have already begun.”
A major aspect of Snowden’s legacy, according to several former intel officials, has been its distortion of intelligence gathering activities for the public. The Cipher Brief will examine that argument and look at what’s next for Snowden and the leaks in tomorrow’s final piece on the disclosures, three years on.
Mackenzie Weinger is a National Security Reporter with The Cipher Brief. Erica Evans contributed to this report.