Delegate Danica Roem joins us to talk traffic, tolls and the 2019 Va. legislative session, and Delegate Dereck Davis tells us why he wants to be the next speaker of Md.'s House of Delegates.
Twelve years after the 9/11 terrorist attacks, Americans are once again debating the price we pay for national security amid revelations that the government spies on citizens in the name of counterterrorism. The highly-secretive National Security Agency is being forced to defend its intelligence-gathering methods against charges they violate Americans’ privacy rights. Kojo explores NSA surveillance abroad and at home, the role of leading technology companies and the consequences for individual privacy.
- Marc Rotenberg Executive Director, Electronic Privacy Information Center
- Christopher Soghoian Principal Technologist, American Civil Liberties Union's Speech, Privacy and Technology Project
- Alan Paller Director of Research, SANS Institute
MR. KOJO NNAMDIAs the nation marks another anniversary of the 9/11 terrorist attacks, Americans are once again debating the price we must pay to head off new threats to our national security. Documents leaked by former intelligence analyst, Edward Snowden, revealed that in the name of counterterrorism the National Security Agency is spying, not only on foreigners, but on Americans as well. The NSA collects records of our phone calls and emails from tech companies like Google.
MR. KOJO NNAMDIIt hacks into computer networks and it apparently circumvents some digital encryption. The NSA says it does not knowingly break the law that sets boundaries on what it can do, but civil libertarians say the agency is trampling on individual privacy and destroying the public's trust in the integrity of the internet and cyber security. Joining me to look at the fallout from the NSA's domestic surveillance is Alan Paller.
MR. KOJO NNAMDIHe is president of the SANS Technology Institute. Allan Paller, good to see you, again. Thank you for joining us.
MR. ALAN PALLERGood to see you, Kojo.
NNAMDIAlso joining us in studio is Marc Rotenberg. He is executive director of the Electronic Privacy Information Center. Marc Rotenberg, thank you for joining us.
MR. MARC ROTENBERGNice to see you.
NNAMDIAnd Christopher Soghoian is principal technologist with the ACLU Speech Privacy and Technology Project. Christopher Soghoian, thank you for joining us.
MR. CHRISTOPHER SOGHOIANHi.
NNAMDIIf you would like to join the conversation, give us a call at 800-433-8850. How do you feel about the NSA surveillance program that collects records of phone calls and emails of ordinary Americans? 800-433-8850. Christopher, remind us of what the NSA is reportedly doing in the course of gathering intelligence? It's able to track our email and phone calls and, in some cases, actually read and listen to them. Where does it get that authority?
SOGHOIANSo it gets the authority from the law and Marc is a lawyer so he will better be able to describe what's happening there, but I can say at a technical level that the way that the NSA gets this information is by compelling the assistance of communications and internet companies. They are able to find out who we call. They're able to find out who we email and in many cases they're able to get the contents of the emails and the contents of our communications. The NSA is able to build a picture of our digital lives and this is all with the assistance of Silicon Valley and phone companies.
NNAMDIMarc, the legal authority?
ROTENBERGWell, primarily two places, Kojo. One is Section 215 of the Patriot Act, the so-called business records provision. And the other is Section 702 of the Foreign Intelligence Surveillance Act, which is primarily directed toward non-U.S. persons, but as we've learned over the last couple of months, has provided to the government an extraordinary amount of information on U.S. persons. Both of these authorities are being used in ways that have surprised not only civil liberties groups, but lawmakers as well.
ROTENBERGCongressman James Sensenbrenner, who was the lead drafter of the Patriot Act provisions, and Section 215 in particular, said he was very surprised to learn that that provision was being used to gather up solely domestic telephone records. He said we never intended that, which I think is what most people who have looked closely at the law believe. It's been used in ways that people just did not expect it would be.
NNAMDIAlan Paller, today's paper says that for three years the NSA improperly searched a huge database of Americans' phone calls in part because no one at the agency actually understood the technology behind its system. What does that tell us about the complexity of NSA surveillance? It sounded as if what they were telling the judge in 2009 is that the machines have taken control, they just took off on their own and we couldn't quite understand what they were doing.
PALLERI don't think it was that that they were telling the judge. I think it was more that there are enclaves all over the place, and different parts of the organization have different capabilities and no one actually knows all of them. But one of the differentiations that's not being clear is the difference between gathering, as in Google has all this data on us, and using, as in sending an ad about something we just searched on that we don't want. So there's a huge difference. And when we talk about, has the capability, that comes with an authority to use that is outside of NSA.
PALLERIt looks as if they may have gone beyond their authorities, but the rule is having the data doesn't mean they get to use it. Having the data means it's there somewhere. They only get to use it if someone in the White House, the National Command Authority, says I need data about that particular problem or country or company in another country. That's when it gets used. So separating having it from using it is an important distinction. We still need balance.
NNAMDIChristopher, how are private tech companies like Google and Yahoo involved in NSA surveillance?
SOGHOIANThere's a bit of a symbiotic relationship between these companies and the government. I mean the business model adopted by Silicon Valley companies is a quid pro quo. You give them your data, they analyze it, they figure out what you're interested in and they serve you ads, and in return they give you these gray and typically free communication services. Right? So free email, free search, free social networking. And the way that these companies can figure out what we're interested in is by collecting as much information as possible.
SOGHOIANThey have an incentive to collect as much and to keep it for as long as possible. And once those companies have built these gigantic data bases of our emails and our social networking information, then the NSA can come in afterwards and ask for it. In addition to these particular companies handing over data, often the NSA can also pick the information off of the wire. So by going to the companies that operate the internet backbones, the AT&T's and Sprint's and Verizon's of the world, they can get the communications as they are on the way between our computers and Google or between our computers and Yahoo.
SOGHOIANAnd so the NSA, through its partnerships, which are both voluntary assistance and compelled assistance, can acquire the communications that we have entrusted to these private companies.
NNAMDIWe give these private companies our information, Marc Rotenberg and Alan Paller, do we give those private companies are information with the implicit understanding -- since nobody reads those very long agreements -- with the implicit understanding that, okay, it's fine for you to use that information to try to sell me or give me whatever it is you think I want or need, but please implicitly understand that you're not supposed to share that with the government. Do we somehow trust those private companies more than we trust the government?
ROTENBERGWell, Kojo, I don't know if we trust those companies more than we trust the government. I think there is the understanding that if the government comes to a private company in the course of an investigation and says, you know, we have reason to believe that, you know, one of your customers, one of your users is engaged in some criminal activity or is a suspect in a terrorist investigation, I think most people would say, in those circumstance, it would be appropriate, following a legal process, to disclose information about that individual. That's typically how we understand law enforcement access to the records that are held by private businesses about their customers and their clients.
ROTENBERGI think what's so troubling about these activities, however, is there's not individualized suspicion. In other words, they're just providing the bulk data on all of their customers, on an ongoing basis, without the government ever having to say, you know, these particular people are suspected of some kind of criminal conduct. And one of the, you know, the things that came out this summer, which I just thought was extraordinary, actually provided the basis for a lawsuit that Epic has now brought to the U.S. Supreme Court, is the order from the Foreign Intelligence Surveillance Court to the Verizon Corporation, which says essentially, give us all of the telephone records of all of your customers on an ongoing basis.
ROTENBERGAnd Verizon is currently doing that. Every single Verizon customer is having that data turned over to the government without any suspicion, concerning any particular customer. That's a problem. That's a real big problem.
NNAMDIAlan Paller, in a way, the same question to you. We trust this information to these private companies. Is there an implicit understanding that the private companies won't turn them over to government if there is no need to suspect individuals who might be involved in any kind of illegal activity having to do, in this case, with terrorism?
PALLERMy sense is that the general public doesn't focus on the question at all. They just use the technology. If it works, it works, if it doesn't, it doesn’t. It only comes up when somebody says, oh, my god, the data's being given to the government. So I think, again, when Marc talks about it's being given to the government, there's this implication, and somebody's reading it. And what I'm trying to differentiate is it being in a database somewhere, whether it's at Verizon or at NSA is irrelevant if there's no order from the White House that says you have to look for that piece of data, unless there's a rogue operation.
PALLERIf there's a rogue operation, it's a problem. Marc and I had an interaction 12 years ago when I was setting up the Internet Early Warning System. And I said we're going to collect all this data from all these computers, is that okay? And he said yes. And I said but you just beat the hell out of the government for doing exactly the same thing. And I said what's the difference. He said you're not the government. I trust the government guys more than I trust a lot of the system administrators who work in commercial organizations, but they're going to be rogue people in the government, as well.
ROTENBERGCan I jump in? I mean, first of all, I'm not sure that I remember that history.
NNAMDIYes. Let's pick up this conversation from 12 years ago, yes.
ROTENBERGFrom 12 years ago, Alan may be right, but I'm a little bit surprised. But I think, you know, what I believe or what he believes is probably not as relevant as what the Fourth Amendment to the Constitution says. And the Fourth Amendment to the Constitution, you know, talks about searches and seizures. And if you seize information, whether or not you subsequently inspect the information, whether or not you subsequently use the information, you have still triggered a Constitutional interest.
ROTENBERGAnd I simply don't accept the view that it's okay for the government to gather up all this data on individuals from private companies, without an adequate legal basis, as long as there's subsequent checks and balances, because that's essentially what that argument is. It says you really shouldn't be so concerned about this. We can gather up the data and we'll only use it for appropriate purposes. Well, I think it's a big question, it's a big legal question, whether in fact you can gather up the data. It's a question that the courts need to confront.
SOGHOIANYeah, I mean, we've also sued the NSA. There's lots of people who are suing the NSA right now. And so the ACLU filed a suit. And one of the points that we made in our litigation is that the NSA has a database of every American who's called an abortion clinic, every person who's called a suicide hotline, everyone who's called a whistleblower hotline, everyone who's called a gun shop. Whatever your views are of the government that we have right now, this data is sitting there for the next government, too.
SOGHOIANAnd, you know, you may think that, you know, that President Obama is going to respect the civil liberties of Americans, but this data is too sensitive to be sitting in a government data center. And we've seen that the oversight process doesn't work. We've seen that the intelligence apparatus has no control over how their massive surveillance capabilities are being used. And the existence of this data, the existence of this massive database should terrify every American. It's just too sensitive to exist in government hands.
NNAMDIBefore we go to the phones -- and by the way, the number is 800-433-8850 -- where do you feel the line should be between national security and personal privacy? 800-433-8850. You can send email to Kojo@wamu.org or send us a tweet @kojoshow. Alan Paller, I wanted to get back to the point you made earlier when I characterized the machines as being in control of what was going on at NSA. And you pointed out that, no, what they were trying to point out was that the agency was divided in such a way that there were people in one division who did not know what was going on in another.
NNAMDIHow did 9/11, and the subsequent move among government agencies to share intelligence, make it easier for Edward Snowden to find and release this information about NSA practices?
PALLERThat's the key question. It turns out that what Snowden released was mostly what I would call promotional literature. There's other stuff he did, but a lot of it was promotional literature about capabilities that one part of the government had that they were showing to another part of the government. Prior to 9/11 all that was in enclaves. There wasn't a chance in hell that they would ever hear from each other what they have. After 9/11 there was a forced opening so that lots of people could get access to lots of different data. Snowden wasn't an intelligence analyst.
PALLERWe're all calling him that. He was a sys admin. And the sys admins all over the world have infinite access to the documents.
NNAMDIWhat's a sys admin?
PALLERA sys admin is the person who works at the computer, who says, Marc Rotenberg, you may have an ID and an account and I will change your password for you. Often he, sometimes she, has complete control over the computer. The sys admins in San Francisco closed San Francisco down and it took a judge to threaten jail, in fact, put a guy in jail for a long time.
PALLERSystem administrator. Too much power.
NNAMDIThey're not intelligence analysts. Please don your headphones gentlemen, because we're about to go to the phones. We will start with Stephen, in, appropriately, Stephens City, Va. Steven, you're on the air. Go ahead, please.
STEPHENYes. Hi, Kojo. Great show today. One of the first things that I do want to get out is that I am a systems administrator. I do this work every day. One of the biggest problems that we do run into is that the Bush administration started all of this. I mean, essentially, Bush started warrantless wiretapping. Him and Cheney. What we have to look at now, is that Obama pretty much took his idea and put it on steroids, but now everybody's mad about it. So I guess that's my concern on it.
STEPHENAnd then now system administrators are getting a bad rap and it's harder for us to get jobs, especially the younger generation, to get jobs in the field because everyone's so worried about what you're capable of. Like, with me working in the field for so long, it's a big deal when I go into these large companies and say here's the information that I know. Because now it scares companies because they don't want to get in trouble with their customers.
NNAMDIYou know, it's been -- you raise several issues here, Stephen. One of them, of course, is this issue of reputation because Google and Yahoo and other companies are concerned about how this information that has been revealed by Edward Snowden is not only affecting their reputation overseas, but their bottom line and their business model, what's to be done about that. But first, Alan Paller, I'd like to hear to you respond to Stephen about systems administrators and what he thinks their reputation is suffering from as a result of this.
PALLERTheir not only reputationally at risk, they're actually at risk of jobs. One of the big reactions to the Snowden leak is to try to move the computers to common management so that individuals don't have that kind of control that they can take any documents they want and give them to anyone. So there's actually a pressure on the job in the sys admin world. The opportunity, though -- just to put my other hat on -- sys admins who understand cyber security are still in enormous, enormous demand. They really are.
NNAMDIThank you very much for you call, Stephen. Now, Marc Rotenberg, onto the legal remedies that you see occurring here. Obviously, the NSA has been involved in activity that the federal judge in 2009 thought had overstepped its boundaries, clearly a lot of people now think that there should be, if not necessarily more transparency, a more regulated environment.
ROTENBERGWell, I think that's right. And I think true transparency do achieve more accountability. I think it is appropriate to credit the president who's called for the publication of more of the court opinions, the provision of more the aggregate data about the use of the surveillance authorities so that the public is able to make some meaningful assessment of what the NSA is doing, whether it's effective, whether it should continue.
ROTENBERGHave there been abuses? Those aren't questions that can only be answered in close rooms. Those are questions now that I think have to be talked about openly and debated. And that process is now underway, which is good. At the end of the day, I think we are going to have to narrow these legal authorities. I think the problem post-9/11 is we've created this enormous surveillance infrastructure with a very low threshold and very little accountability.
ROTENBERGAnd we're seeing now, with the disclosures, what the consequences of that are. I think we need to change. I think this is a moment where we got to say let's restore some of those better safeguards we traditionally had.
NNAMDIWhat does the ACLU want to see happen, Christopher?
SOGHOIANI think we'd like to see a few things. The first thing we'd like to see is companies protecting their customers' privacy. You mentioned before that the reputations of many of these technology companies are suffering abroad and I think, you know, justifiably so. When you are an internet company, whether you're providing telephone or email or social networking or other services, you rely on the trust of your customers.
SOGHOIANAnd it's one thing for your own government to spy on you, but it's another thing entirely for another government to spy on you. And, you know, the fact is is that people around the world use services provided by American companies and the U.S. government has naturally then had an advantage in foreign intelligence matters over everyone else. Americans don't use Russian email services. Americans don't use Chinese photo-sharing websites.
SOGHOIANBut the rest of the world entrust their data to U.S. companies. And as a result, U.S. companies now have their reputations in tatters. Hopefully those companies will beef up the security of the products they offer abroad in an attempt to salvage their brands. But we hope that while they're beefing up the security of the products they offer to non-Americans, they also beef up the security of the products that they offer to Americans, too.
SOGHOIANGiven the important of cyber security in the debate today, I think it's vital that we prioritize cyber security. And unfortunately what we've learned in the last few weeks is that the NSA has been actively circumventing and sabotaging security technologies that have, you know, in order to better obtain access to communications. We need to prioritize security. U.S. companies need to prioritize the security of their customers and keep the NSA from being able to perform dragnet surveillance of their users' information.
NNAMDIGot to take a short break. If you called, stay on the line, we will get to your calls when we come back. If not, the number is 800-433-8850. One of the issues we'll be discussing when we come back, should Google and Facebook be allowed to reveal how often they hand over information to the government and what kinds of information it is? 800-433-8850. You can send us a tweet @kojoshow using the hashtag, TechTuesday, or email to email@example.com. I'm Kojo Nnamdi.
NNAMDIWelcome back to our conversation on NSA surveillance and the legacy of 9/11. We're talking with Marc Rotenberg. He is executive director of the Electronic Privacy Information Center. Christopher Soghoian is principal technologist with the ACLU Speech, Privacy and Technology Project, and Alan Paller is the president of SANS Technology Institute. They join us in studio. You can join us by phone at 800-433-8850, by email at firstname.lastname@example.org, or by tweet @kojoshow.
ROTENBERGOn Monday, Yahoo asked the Foreign Intelligence Surveillance Court to let it disclose how many requests it gets from the government to turn over data. What do you think about greater disclosure of these NSA requests? I'll start with you this time, Christopher?
SOGHOIANI mean, we're happy that these companies are seeking permission from the court to be able to provide aggregate statistics. So what they're saying is they'd like to be able to say that every year they got 300 requests from, you know, from the FBI and that this impacted 10,000 users. Those are the kind of numbers that they are asking to publish. And we think that's very reasonable.
SOGHOIANAnd of course the companies could do even more than just ask to be able to publish these reports, the companies could actively fight the orders they receive in court and we hope they will do that too.
NNAMDIAlan Paller? Companies wanting to reveal this. What do you see as the purpose in doing this? They of course want to indicate that they are not simply handmaidens of the National Security Agency.
PALLERThey're in real trouble financially abroad. Their customers are searching for alternative sources of their products and they want to act as affirmatively as they can to cut their losses. And one of the ways they're doing -- they're trying to do that to be as open as they can possibly be.
ROTENBERGWell, I think it would be good to have more information. But I would prefer that it wasn't being done as Alan suggest really for public relations purposes. I think we need to have an annual report. That's an objective basis with the data being disclosed. I think it should be established in law, very similar, by the way, to the annual reports that are produced on the use of electronic surveillance authority use in criminal investigations.
ROTENBERGThose reports have been made public almost for 40 years. And we can look at the use of electronic surveillance in traditional cases with a very clear understanding of its effectiveness and its cause. That's the kind of data we need today on the use of the FISA authorities.
NNAMDIWe've also learned that the NSA tried to keep security lax on the internet by deliberately weakening encryption programs. What's the result of that effort?
ROTENBERGWell that issue takes me way back. I mean, I was involved with legislation almost 25 years ago. The Computer Security Act and the concern back in the late 1980s was that the NSA's role in computer security and cryptography policy would have the practical consequence of making less strong tools available for internet security and privacy. And that's almost exactly what happened back in those days. And we've learned now from the recent revelations that the NSA is still doing this.
ROTENBERGAnd I think what people may not understand is, you know, it's one thing to go after foreign intelligence that you need to protect the nation's security. It's quite another thing to come back to the nation's tech companies and say we want you to install back doors. We want you to use weak encryption. We want you to do various other things so that the government can get access to the records of your customers. That creates a vulnerability that shouldn't otherwise exist.
NNAMDIGoogle said this week it will start using stronger encryption. What effect is that likely to have on intelligence gathering on individual users, Alan?
PALLERIt will make intelligence gathering harder if they implement it effectively. If they implement it badly, it will make it the same. What Marc was talking about is really an essential in what you're trying -- essential conflict in any National Security Agency. Do you want to tell people about vulnerabilities or do you want to exploit the vulnerabilities? There are two halves in that essay.
PALLEROne is actually defensive half, it's trying to protect the government and the other half is trying to gather the data and they're in that same conflict internally that you're hearing in this discussion.
NNAMDIChristopher, same question to you. Countries -- Googles and others trying to strengthen encryption. What effect is that likely to have?
SOGHOIANIt's not going to cause any problems for the NSA as long as they go through the right procedure. So intelligence agencies can obtain orders from the FISA court and then go to Google and say we would like this information on your users. And what Google is deploying is encryption between various Google offices. And that will not stop the government from getting that at all.
SOGHOIANWhat it might prevent, though, is the government getting that information without Google's assistance or knowledge by intercepting the communications in transit between Google servers. I think, in general, we want companies to be doing this. There should be only one way to get a Google user's information, that is with Google's knowledge or assistance. The government shouldn't just be able to grab it for itself.
SOGHOIANYou know, these companies, in many ways, unfortunately, have to act as a proxy for our privacy interest. The government isn't going to come and tell you and say, hey, Kojo, we want to read your emails. And so, these companies act as our agents. And if the government doesn't have to go to the companies, if they can just grab the communications as they go over the internet or go through the air, then we have no one acting as our advocates.
SOGHOIANAnd, you know, we can have a debate about how effective the companies are as our advocates, but it's even worse when the government can just grab communications by itself.
NNAMDIPut on your headphones please because we're headed for Mary Anne in McLean, VA. Mary Anne, you're on the air. Go ahead please.
MARY ANNEI just wanted to say, as an American, I have nothing to hide and nothing to fear and I really don't care if the NSA is looking at my phone calls or emails. I just try to put food on the table and want my streets to be safe.
NNAMDIWould you care if your next door neighbor were looking at your emails and your phone calls?
ANNEI really don't care. I mean, I have nothing to hide.
NNAMDII have heard this sentiment expressed on several occasions, Marc Rotenberg. What do you say in response to it?
ROTENBERGWell, as an American, I'm proud of the fact that we have a Constitution that defends our freedoms and it would concern me if our government could freely get access to our personal information without following the legal procedures that our country is based on that we fought to defend. It's a dangerous view of the world that says, you know, I have nothing to hide, go ahead, you know, look and find.
ROTENBERGI don't think people should be quite so willing to sacrifice very important freedoms. And then, of course, the next question I always like to ask somebody is, you know, well, how do you feel about your children or your spouse, are you okay on their behalf also sacrificing whatever privacy rights they might have? It's not a road I see people to go down.
NNAMDIIs it possible, Alan Paller and Christopher Soghoian, that having made the decision to give up all of this information to private companies and banks and the likes, there are an increasing number of Americans who feel, well, there are so many agencies that already know so much about me that it really doesn't matter whether the government is prying or not.
PALLERI think there's a balance here. Yes, of course, there are a lot of Americans who feel that way. And Marc's right that we don't want to give up our national rights that we fight for. But it's sort of one long story here with -- and I don't mean back to you, but there was a place called Bletchley Park that broke encryption and ran all the communications it could get their hands on. And a lot of people wouldn't be here if they hadn't because that's how we beat Germany in the last war.
PALLERThis business of breaking encryption and reading communications is an existential issue for nations. So there's a balance on how you implement it. And I love what Marc's doing to try and Chris is doing to try to bring that balance so that we minimize the impact on personal privacy. But we do need to do it and we need to do it really well.
NNAMDILet's talk more specifically about how we would do it if indeed your ideas go forward, Marc. You're pushing for greater transparency in intelligence gathering, for laws that would make the Foreign Intelligence Surveillance Court more accountable to the public. How would that change the way we gather intelligence?
ROTENBERGWell, one thing I think we need to do is be more focused. And, you know, I appreciate Alan's comments. I don't see this as a necessary tradeoff between protecting the nation's security and preserving individual liberty. I think we should achieve both. But I think if we can say to the government agencies that have this very broad authorities, listen, you know, show a court, show some independent decision maker that you're actually on to something that justifies gathering data.
ROTENBERGIt's not only good from a privacy perspective, it's good from an efficiency perspective. It's good to ensure that you're fulfilling the mission that you're supposed to pursue. And I think that if the NSA and other agencies are able to demonstrate that they are doing that, then I think they will have the support of the public. I think the public will say you're doing what you're supposed to be doing, you're doing it well. Okay, now we're all right with it.
ROTENBERGBut that's not where the country is today. The sense we have right now is that the agencies are not fulfilling their missions well.
SOGHOIANI mean, I'd actually like to response to the point that Alan made. Yes, the British decrypted communications during World War II, but I think it's also important to note that our Founding Fathers used encryption. The first letters from James Madison to Thomas Jefferson describing his intension to write the Bill of Rights were encrypted. And had the British had the means to break those communications, I think we would all be speaking with, well, you all will be speaking with accents.
PALLERWe'd speak with an accent.
SOGHOIANThat are slightly closer to mine. I think the fact that the Founding Fathers found it important and necessary to encrypt their communications is something that we should remember and value and, you know, I think we should be following in the footsteps of our Founding Fathers and encrypting all of our communications. To their comment of the caller who said basically, you know, I have nothing to hide so why do I care?
SOGHOIANYou don't have to be a victim of discrimination to want to live in a society without discrimination. You don't need to be the victim of racism to not want to live in a society where there is racism. And likewise, even if you have nothing to hide, there are plenty of Americans who legitimately don't want the government listening to their communications and reading their emails. And you should worry about their privacy too.
NNAMDIThank you very much for you call, Mary Anne. Finally, we go to Paul in Herndon, VA. Paul, your turn.
PAULHi, gentlemen. Hi, Kojo. This is a great topic. I'm so glad you guys are talking about this. I am a network engineer with an ISP that's got a lab over in Herndon and I've actually been a little bit privy some of the guts behind the scenes that make some of this stuff happen. And I wanted to specifically ask you guys what you thought the implications were, I don't know if you guys heard about Lavabit, the tech email company that the founder pretty abruptly and mysteriously shut down.
PAULAnd he wasn't even allowed to say why. He basically said, okay, we've gotten national security letters over the years and you guys will probably want to explain that they're kind of one-off, there's a reason. It's almost...
NNAMDII'm familiar with the discussion about that and we're running about time. And Christopher Soghoian is also familiar with it. So I'll have him respond to you.
SOGHOIANSure. There are a few companies that have decided that they want to be in the business of offering secure services to their customers. Services that cannot be wiretapped, services where the Chinese cannot break in and steal information. And there are people in the government who don't think that those companies should exist, who see them as a threat to security. You know, I think that we don't a lot about the Lavabit situation.
SOGHOIANWe don't know why the company shut down. We don't know what kind of request they receive. But, you know, I do think that companies should be allowed to offer services that are secure. A service that is secured from the Chinese is also going to be secured from the FBI. And a service that allows the FBI to get access to communications ultimately will not be secured from the Chinese.
SOGHOIANIt will not be secured from hackers. And given where we are, given the threat of cyber security, given the threat of foreign governments and hackers stealing our information, we should be encouraging more companies to offer these kinds of services that put their users' privacy and security first.
NNAMDIRunning out of time. Very quickly, but where would you draw the line, Marc, between intelligence the NSA legitimately needs to collect on U.S. citizens and spying that, well, goes too far?
ROTENBERGWell, I think in the old days, you know, the Foreign Intelligence Surveillance Act said agent of a foreign power for the purpose of collecting foreign intelligence. That was a two-part task and the court got to take a look and was focused on an individual. I think that's the right way to go.
NNAMDIMarc Rotenberg is executive director of the Electronic Privacy Information Center. Marc, thank you for joining us.
ROTENBERGThank you, Kojo.
NNAMDIChristopher Soghoian is principal technologist with the ACLU Speech, Privacy and Technology Project. Christopher, thank you for joining us.
NNAMDIAlan Paller is president of SANS Technology Institute. Alan, good to see you again.
PALLERAnd you, Kojo.
NNAMDIAnd thank you all for listening. I'm Kojo Nnamdi.
NNAMDIComing up tomorrow on "The Kojo Nnamdi Show," breaking up the old line state, activists in western Maryland are launching a movement to secede, saying the culture and politics of Annapolis don't reflect their region. Then at 1:00, a young Haitian girl is given up for adoption by a father too poor to raise her. A haunting new novel by Haitian American author Edwidge Danticat. "The Kojo Nnamdi Show," noon 'til 2:00 tomorrow on WAMU 88.5. And streaming at kojoshow.org.
Most Recent Shows
Call in today with what's on your mind about the release of the long awaited Mueller report.
A friendly neighborhood store can help people feel rooted in their community. But what happens when those businesses close up shop? And how can small businesses in particular survive in the high-rent, high-risk Washington region?
Washington, D.C. is known for its historical landmarks and monuments. What happens when they start to deteriorate?