Part 1 of 2 —

The Snowden Legacy, part one: What’s changed, really?

In our two-part series, Ars looks at what Snowden's disclosures have wrought politically and institutionally.

Remember this guy?
Enlarge / Remember this guy?

Digital privacy has come a long way since June 2013. In the five years since documents provided by Edward Snowden became the basis for a series of revelations that tore away a veil of secrecy around broad surveillance programs run by the National Security Agency, there have been shifts in both technology and policy that have changed the center of gravity for personal electronic privacy in the United States and around the world. Sadly, not all of the changes have been positive. And Snowden's true legacy is a lot more complicated than his admirers (or his critics) will admit.

Starting with that first article published by the Guardian that revealed a National Security Agency program gathering millions of phone records from Verizon—which gave the agency access to metadata about phone calls placed by or received by everyone in America—the Snowden leaks exposed the inner workings of the NSA's biggest signals intelligence programs. Coming to light next was the PRISM program, which allowed the NSA, via the FBI, to gain access directly to customer data from nine Internet companies without notifying the customers. And then came Boundless Informant, a tool for visualizing the amount of signals intelligence being collected from each country in the world. By the time the Snowden cache had been largely mined out, hundreds of files—ranging from PowerPoint presentations to dumps of Internal Wikis and Web discussion boards—had been reviewed and revealed by journalists.

"Thanks to Snowden's disclosures, people worldwide were able to engage in an extraordinary and unprecedented debate about government surveillance," the American Civil Liberties Union declared on the fifth anniversary of the Guardian article.

But when examining the situation closely in terms of political and institutional impact, Snowden's leaks have left a mixed legacy. While his efforts to create a dialogue about privacy reached many ears and had a direct and tangible impact on areas of Internet technology that had long been vulnerable to mass surveillance, the tangible changes that followed have been more evolutionary than revolutionary.

In the meantime, the threat to privacy has evolved as well—especially as the mass adoption of smartphones has placed a trackable, network connected device within reach of billions of people on the planet. The Snowden leaks (and other revelations since) have even emboldened other states to engage in more explicit forms of mass surveillance. Seeing a threat from encryption, the US and other members of the Five Eyes group (the United Kingdom, Australia, New Zealand and Canada) have agreed to look at ways to require backdoors to secured communications again.

"Suddenly, everybody knows, and nothing's changed," security technologist and author Bruce Schneier told Ars. "It was never a campaign issue. We tried to make it one. We failed... the subsequent changes are very small."

Today, for good and ill, we live in a world that has clearly been shaped by Snowden's actions—from both a political and technological perspective. So in a special Ars two-part episode this fall, we're looking back on the Snowden leaks: today, we'll examine Snowden's policy impact in terms of how the government has changed its practices, how the leaks impacted the national security community itself, and what the future looks like for whistleblowers. In our second installment coming soon, we'll dive deeper into how Snowden shaped the de facto world of security—focusing on the technical underpinnings of our current networked world, the evolution of the Internet since the revelations, and what it all means for the future of our privacy.

Opening debate

Edward Snowden did not set out to single-handedly change the world. "Snowden's number one goal was to launch a meaningful debate about the appropriate limits of government surveillance authority, and that goal was accomplished," Ben Wizner, director of the ACLU Speech, Privacy, and Technology Project and a member of Snowden's legal team, told Ars. "His biggest fear was that the revelations would be ignored or cynically dismissed, and instead we have a global debate. Now it's obviously the case that in many instances he would have liked to have seen more significant reforms, but that was the secondary goal."

Snowden's supporters saw the massive document dump as a heroic act. His "decision to expose the mass surveillance practices of US and its international intelligence allies has been transformative," said Dr. Gus Hosein, executive director of Privacy International, in a statement on the FISA leak's fifth anniversary. "Despite the ferocious repudiation of his actions by the US and UK governments, his courageous actions were ultimately good for the intelligence agencies themselves, governments, and most importantly the global public. Until Snowden, the idea that Western governments would routinely collect, store, and analyze our personal data sounded like a conspiracy theory to many people. Because surely, mass surveillance isn’t something good, benevolent Western democracies would ever undertake. Snowden blew that idea wide open."

But even if the ends seemed indisputably good, not every security-watcher believes in the means. Klon Kitchen, the Heritage Foundation's senior research fellow for Technology, National Security and Science Policy, acknowledged that Snowden's "illegal disclosures significantly elevated public debate on the intrinsic tensions between liberty and security," but he believes there are "far more responsible ways" to initiate that conversation.

"Edward Snowden is no hero," Kitchen told Ars. "Any positive effects that may have emerged following his treachery are overshadowed by the great costs to our nation’s security."

Peeling back the veil

Snowden's very first leaked document, the Foreign Intelligence Surveillance Court (FISC) order to Verizon mandating the turnover of "telephony metadata" to the FBI and the NSA, has inarguably had the greatest impact on US policy and legislation. Even many critics of Snowden admit that the NSA's Telephone Records Program, conducted under Section 215 of the USA PATRIOT Act, was a major intrusion into the privacy of American citizens and was an abuse of the FISC orders.

"Pre-Snowden, the government was collecting billions of call records probably on a daily basis," said Mark Rumold, senior staff attorney at the Electronic Frontier Foundation. "They were doing it entirely in secret, with some limited oversight from the FISC. But subsequent disclosures have shown the government was repeatedly violating the rules FISC put in place. And most members of Congress didn't have a clue that the program was going on."

But that program wasn't entirely unknown prior to Snowden's FISC document leak. There had been public reporting on the 215 program, including a report by USA Today in May of 2006 (though the newspaper was forced to retract portions of the story pertaining to the sources of the data collected by the NSA). And even before that, there were legal efforts to expose NSA surveillance, including an EFF lawsuit in January of 2006 against AT&T over the NSA's network surveillance. That case was eventually dismissed after Congress gave AT&T and other telecom companies retroactive immunity under the FISA Amendments Act of 2008; similar lawsuits floundered, too.

"So people knew about this program, but for whatever reason it didn't resonate with the public in the same way that it did in 2013," EFF's Rumold said. "Maybe there's some difference that you could attribute to the leaking of an actual court document, but the government could have said, 'No, that's not a real document,' or they could have refused to confirm or deny. They could have done the same thing they did in 2006. So there was something about the time when the Snowden documents came out that the public had a greater appetite, or maybe just a bigger awareness, of the privacy problems that were going on."

"Snowden ended up proving things rather than bringing it to light," as Mark Zaid, a prominent national security attorney who frequently handles whistleblower cases, put it. "There were lawsuits that people were trying to bring that got defeated because of standing, and the FISC document gave them standing."

"As a result of the disclosures," ACLU's Wizner explained, "we had standing to press our claims, and we actually got a federal court to declare the most sweeping domestic surveillance program in US history to be illegal."

The disclosure of the FISC document itself created a surge in attention to other FISC-related lawsuits, the EFF's Rumold told Ars. "To just give you an example, in terms of FISC opinions, in May of 2013 we had filed a motion in the FISC as part of a lawsuit against the Department of Justice to try to get a FISC opinion disclosed, and I couldn't get anyone in the press or the public to care about this lawsuit. Then the Snowden leaks started in early June, and by July people were dying to hear about this case and get updates. It was impressive to see the turnaround in the public on it, but also I think there was a marked shift from the government, too, about whether or not it could continue to have this absolute wall of secrecy about its foreign intelligence authority."

Prior to the Snowden leak, "there were like three or four FISC opinions that had ever been released," he continued. "And now there are probably over a hundred at this point that have been disclosed. So it's night and day, the difference. It's still not perfect but it's been a substantial shift. And I think greater disclosure about FISC opinions, greater disclosure and transparency about the government's general use of its surveillance authorities has led to changes around the margins for some of the other foreign intelligence surveillance programs."

In response to all this, the Office of the Director of National Intelligence became more public about its oversight operations, for instance. Notably, the ODNI launched IC On The Record, a Tumblr page dedicated to publishing information on surveillance programs and their oversight. "Clearly, the US Intelligence Community is more transparent now," said Paul Rosenzweig, senior fellow at the R Street Institute (a center-right public policy research organization in Washington, DC). "Six years ago, the idea that the IC would be posting on Tumblr would have been, 'What, are you kidding me?' That's a good thing, in that it makes our government more transparent and accountable."

Rumold agreed that "a change in the government's heart about transparency" was one of the most substantial results of the Snowden disclosures. He called it "a wakeup call for the government that secrecy is not the highest order of value when it comes to intelligence, or when it comes to foreign intelligence surveillance." And going forward, if the government wants to operate a big program like 215 without public notice or more awareness from Capitol Hill, "when they build these massive illegal programs under a veil of secrecy, then there's a resulting backlash that can cause them to lose authority that they might otherwise have gotten," Rumold said.

Channel Ars Technica