Speaking in Baltimore last week, National Security Agency Director Keith Alexander defended the methods his agency uses to spy on the private phone calls and emails of millions of American citizens, but he did appear to give a little ground to critics of the agency when he said he's "not wedded" to every surveillance program it carries out. "If we can come up with a better way of doing them, we should," he insisted.
That formulation left unclear the meaning of the word "better," however. Does it mean the agency would no longer have to violate the privacy of Americans in order to guard the country against terrorist threats? Or does it mean the agency could simply collect the massive amounts of information it now snatches out of the ether more efficiently?
Mr. Alexander probably wouldn't even be going that far were it not for the most recent revelations about the agency's spying on allied leaders such as German Chancellor Angela Merkel and news last week that the NSA had broken into the data storage centers of global Internet giants such as Google and Yahoo to pilfer messages from their servers abroad. Last week, for the first time, the leaders of those tech companies publicly called for restraints on the agency's activities.
The tech industry's objections were notable because in the past it has sought to cooperate with the NSA's requests for information passing through its networks, rather than confronting the agency. That led to no small embarrassment for the industry recently after documents leaked to the press by former NSA contractor Edward Snowden revealed the companies routinely supplied data on users' private phone calls and email messages to the NSA under the Foreign Intelligence Surveillance Act without notifying their customers.
But we learned last week that in addition to the information the companies were knowingly giving the agency from their servers in this country, the agency had also opened a "back door" to the industry's data storage centers in other countries, through which virtually same information passed. Even top executives of the companies involved were caught by surprise at the scope of the NSA operation that was stealing millions of electronic records from their data servers overseas.
These executives can hardly be reassured by Mr. Alexander's bland promise that everything his agency is doing is perfectly legal. "There is nothing that anyone from NSA or cyber command has done that is wrong," he said last week. "From where I sit, we're doing everything we can to do this right. We hold ourselves accountable." But an agency that holds itself accountable only to itself isn't accountable at all.
It's encouraging that the tech industry's leaders are finally pushing back against some of the NSA's more outrageous claims, and given the recent revelations they probably have little choice but to do so if they want to retain the confidence of the customers who entrust them with their personal information. Ironically, they share much of the blame for the violations of privacy on their networks because much of the user data they collect to target the advertising that generates their companies' profits is the same information the NSA covets. If they weren't collecting the data, the NSA wouldn't be able to steal it so easily.
That's one reason the path going forward remains somewhat unclear. There are a number of proposals being considered by Congress that, in various ways, would restrict NSA surveillance programs in this country, but none of them address NSA collection operations in other countries. Moreover, there are legal questions regarding whether the Constitution's Fourth Amendment protections against illegal searches and seizures even apply to operations conducted overseas
That's why privacy advocates are deeply skeptical anything will change even if the bills become law. Legislation could simply offer the illusion of narrowing the NSA's ability to snoop on Americans by imposing more oversight and transparency on the agency while in fact simply legalizing the bulk collection of U.S. citizens' phone and electronic traffic. That's hardly likely to make the NSA more accountable to anyone, let alone the public.