Silicon Valley Could Force NSA Reform, Tomorrow. What's Taking so Long?
Tech CEOs are complaining, but bills are languishing. Time for internet companies to pull an OKCupid and call out the NSA, on every homepage
With Glenn Greenwald and Laura Poitras triumphantly returning to the US to accept the Polk Award with Barton Gellman and Ewan MacAskill yesterday, maybe it's time we revisit one of their first and most important stories: how much are internet companies like Facebook and Google helping the National Security Agency, and why aren't they doing more to stop it?
The CEOs of the major tech companies came out of the gate swinging 10 months ago, complaining loudly about how NSA surveillance has been destroying privacy and ruining their business. They still are. Facebook founder Mark Zuckerberg recently called the US a "threat" to the Internet, and Eric Schmidt, chairman of Google, called some of the NSA tactics "outrageous" and potentially "illegal". They and their fellow Silicon Valley powerhouses – from Yahoo to Dropbox and Microsoft to Apple and more – formed a coalition calling for surveillance reform and had conversations with the White House.
But for all their talk, the public has come away empty handed. The USA Freedom Act, the only major new bill promising real reform, has been stalled in the Judiciary Committee. The House Intelligence bill may be worse than the status quo. Politico reported on Thursday that companies like Facebook and are now "holding fire" on the hill when it comes to pushing for legislative reform.
The keepers of the everyday internet seem to care more about PR than helping their users. The truth is, if the major tech companies really wanted to force meanginful surveillance reform, they could do so tomorrow. Just follow the example of OKCupid from last week.
Mozilla, the maker of the popular Firefox browser, was under fire for hiring Brendan Eich as CEO because of his $1,000 donation in support of Prop 8 six years ago, and OKCupid decided to make a political statement of its own by splashing a message criticizing Mozilla before would-be daters could get to OKCupid's front page. The site even encouraged users to switch to another browser. The move made the already smoldering situation explode. Two days later, Mozilla's CEO was out of a job, and OKCupid got partial credit for the reversal.
The leading internet companies could easily force Congress' hand by pulling an OKCupid: at the top of your News Feed all next week, in place of Monday's Google doodle, a mobile push alert, an email newsletter: CALL YOUR MEMBER OF CONGRESS. Tell them to SUPPORT THE USA FREEDOM ACT and tell the NSA to stop breaking common encryption.
We know it's worked before. Three years ago, when thousands of websites participated in an unprecedented response to internet censorship legislation, the Stop Online Piracy Act (Sopa), the public stopped a once-invincible bill in its tracks. If they really, truly wanted to do something about it, the online giants of Silicon Valley and beyond could design their systems so that even the companies themselves could not access their users' messages by making their texting and instant messaging clients end-to-end encrypted.
But the major internet outfits were noticeably absent from this year's similar grassroots protest – dubbed The Day We Fight Back – and refused to alter their websites à la Sopa. If they really believed the NSA was the threat so many of them have claimed, they'd have blacked out their websites in protest already.
In an emblematic moment for the nonchalance at the executive level of tech companies, Dropbox named former Secretary of State Condoleezza Rice to its board of directors this week. Besides being an Iraq war architect and torture advocate, Rice notoriously defended George W Bush's outright illegal NSA warrantless wiretapping program when it first was revealed in 2005. Not exactly a vote of confidence to users worried about government intrusion. Rice actually had to the gall to say she would help Dropbox "navigate" the national debate about privacy.
Among the rank-and-file engineers in Silicon Valley, there is widespread affinity for Edward Snowden and genuine anger at the US government. One of the most indelible anecdotes in all the NSA reporting came when the Washington Post reported the NSA had broken into the links between their overseas data centers:
Two engineers with close ties to Google exploded in profanity when they saw the drawing. "I hope you publish this," one of them said.
"The initial reaction from employees and engineers at big companies like Google after the NSA leaks was sort of a resounding 'how dare you?,'" security expert Chet Wisniewski told Buzzfeed on Friday. "I imagine now that there's the possibility companies like Yahoo, Akamai, Amazon might have been vulnerable, there will be a very similar reaction."
Turns out they were. Millions of websites have been affected by the OpenSSL so-called Heartbleed bug that was revealed this week, putting billions of people's personal information at risk. Now Bloomberg is reporting that the NSA has secretly been exploiting the bug for two years. (The US government denies this claim.)
It's amazing that entire internet, including big companies like Google and Facebook rely on this tiny OpenSSL foundation, which manages the free encryption library. They have four developers working on the project, and only one full time. Maybe these multi-billion dollar companies could throw in some money to help preserve the future of the internet. As cryptographer Matthew Green told the New York Times, 'If we could get $500,000 kicked back to OpenSSL and teams like it, maybe this kind of thing won't happen again."
To be sure, Snowden's revelations have sparked these companies to dramatically improve their security, which protects customers against not only the NSA but also other governments and criminals. "For that reason alone, we owe Edward Snowden our thanks," the ACLU’s principal technologist has said.
But many of the companies were also just implementing practices that security experts had been advocating for years – and as the Heartbleed bug showed, they were not enough.
And what about that Edward Snowden, the man who brought us all this of information? Many of these CEOs can't bring themselves to praise him in public, despite being "outraged" by the government's "illegal" activity. Only Zynga's founder – Marc Pincus, the man seated next to President Obama in that photo above – was brave enough to advocate for a pardon of Snowden after he and some of his fellow CEOS went to the White House in December.
Both Greenwald and Poitras made clear at the Polk awards here in New York on Friday: without Snowden, we'd have known exactly none of this.
Many of the billion-dollar companies involved in the NSA mess have faced allegations that they are more than willing participants in at least some of the surveillance programs, and a recent poll showed people trust them even less than the IRS. Which is saying something. If they want to say to us that they're serious, it's time that they took some serious action.
© 2014 The Guardian