Yesterday, Reuters reported that Yahoo secretly built software to scan its customers’ emails for keywords provided by the NSA and FBI. One can only imagine the number of recipes for bars this program uncovered. Among Americans, at least, a Yahoo account is a badge of unfamiliarity with the contemporary internet second only to Hotmail. But this remains a massive breach of trust. Your aunt might not have signed up for Yahoo mail if she knew all her messages would be scanned and turned over to law enforcement. This may be the secondary infection that kills Yahoo’s ailing business, but I’m more interested in the argument this discovery prompted from Stewart Baker, former general counsel at the NSA. I quote:
“[Email providers] have the power to encrypt it all, and with that comes added responsibility to do some of the work that had been done by the intelligence agencies.”
Does it? Close reading after the jump.
First of all, I question the claim that Yahoo has the power to “encrypt it all.” Just two weeks ago, the company announced that hackers had compromised data from 500 million of its user accounts. Perhaps the NSA cannot penetrate Yahoo’s security, but it remains tractable to unidentified non-state1 actors. But let us imagine a hypothetical in which Baker’s premise is true, and Yahoo, along with other email providers, has developed cryptography the NSA and FBI can’t crack. Would that oblige them to make people’s emails available to bulk search?
By referring to such searches as “the work that had been done by the intelligence agencies,” Baker implies that such searches have been conducted all along. They haven’t. The invention of email, to say nothing of strong encryption, created searchable databases of Americans’ communications in a way that allowed law enforcement agencies to overstep boundaries that had restrained them for generations.
There was no blanket wiretap-listening or mail-reading program before the internet. Had the NSA demanded of Bell Telephone the power to listen to all its customers’ phone calls, they would have been A) undone by labor shortage and B) laughed out of court. That sort of thing used to require a warrant. Since September 11, the Patriot Act, and the advent of FISA courts as a substitute for the public judicial system, warrants have become more of a tradition than a requirement. But this period of “work that had been done by intelligence agencies” was constitutionally questionable, conducted in secret, and curtailed almost as soon as it was discovered. And it lasted for less than a decade.
The modern world didn’t make it impossible for intelligence agencies to do the kind of work Baker describes. The modern world invented such work, which has been illegal at worst and historically anomalous at best. Now that the NSA and FBI find it more difficult to overstep their authority using secret mass surveillance approved by secret courts, I’m not sure internet companies are obliged to abet them.
But there’s also a larger question at work here—one of political economy. Are Yahoo and the FBI/NSA on the same team? Why, exactly, should very large corporations cooperate with the government—even do law enforcement agencies’ work for them—instead of serving as a check on government power?
The ready argument is that we’re all in it together in the fight against terrorism. But that’s a straw man. We’re all in it together in the fight against unconstitutional searches, too—as well as in the fight against an encroaching police state and the fight against corporatocracy. Building a government system of mass surveillance and then delegating its operation to for-profit companies seems deeply un-American. We should not think of the feds and large corporations as natural allies, especially in this arena.
None of that seems to matter to the FBI and NSA, though, because they’re just doing it. Their strategy for dealing with constitutional questions related to mass surveillance seems to have been to do it secretly, then keep doing it during the controversy that ensues after they’re caught. In both cases, they have enjoyed not legal authority but mere ability. Given their willingness to exploit this dynamic, strong encryption seems like the only way to force the FBI and NSA to act with our permission.