Your online privacy was doomed long before the NSA came along

Fallout from the Snowden storm continues, with continued flurries of disclosures forecast for the next several weeks. Some of the fallout may be positive; some is definitely not.

Thanks to the revelations about PRISM, most of which seem based largely on speculation and excerpts from a PowerPoint presentation, the reputation of tech companies like Google and Facebook have taken a severe blow that may not be at all deserved. Likewise, any cloud storage provider in the United States is now (forgive me) under a cloud of suspicion. European regulators are now far less likely to compromise on new privacy rules, making it harder for U.S. companies to share data beyond our borders. It’s a mess.

[ Also on InfoWorld: Facts and fiction, secrets and sci-fi: Breaking down the NSA ]

But this damage wasn’t caused by the leaks. It’s caused by the total lack of transparency about what information the NSA collects and what happens to it. Toward that end, Microsoft, Google, and Facebook have all asked the U.S. government to allow them to publicize the number of requests for information they receive each year from our nation’s spies via the FISA court. Google chief legal eagle Dave Drummond wrote:

Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.

We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures — in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.

You’d think that wouldn’t be such a big deal. It’s just a number, after all. But sorry, that’s classified information. The fact that it’s classified is also classified.

Past the point of no return?

Here’s the bottom line for me. Regardless of what’s true and what isn’t true about what the NSA is doing, what’s been exaggerated and what’s still being hidden from us, or even whether you think Snowden is a hero or a traitor or something in between, here’s what’s important: This is the conversation we should have been having a long time ago.

We should have been talking about this back when the NSA decided to bypass the flimsy safeguards established to keep it in check and installed secret surveillance equipment at telecoms and network access points. We should have been discussing it back when Congress was writing law enforcement a blank check to gut the Fourth Amendment, otherwise known as the Patriot Act. We certainly should have been having a big public debate over these things when it came time to renew the Patriot Act and retroactively make warrantless wiretaps legal.

We are long past the point where we can trust the clown college otherwise known as Congress to look out for our best interests. The “we’ve been briefed on this” and “we’re just trying to protect our country” defenses ring hollow from a group whose public approval rating is lower than head lice. They abdicated their responsibilities a long time ago.

The intelligence community and both the Bush and Obama administrations have taken full advantage of this. The notion of “classified information” has been bastardized into “anything we’d rather the public not know.” When that information does become public, it’s a “grave threat to national security.” And of course, anyone who leaks any of that information is a “traitor.”

Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, wrote a piece on Uncle Sam’s addiction to overclassification for Foreign Policy three years ago:

Agency officials often make absurd, erroneous, or self-serving classification judgments — and not just because they lack training or supervision. For example, ever since 2007, the Office of the Director of National Intelligence (ODNI) has publicly disclosed the total budget for the National Intelligence Program. But last year, when I asked for the size of the 2006 budget, ODNI’s staff asserted that the 2006 figure is still classified and would damage national security if disclosed. This is self-evidently ridiculous and reflects the widespread inability of classifiers to re-evaluate past practices in the light of new circumstances.

The real scandal here is not that the NSA is hoovering up the records of millions of innocent Americans and hiding behind spurious top-secret classifications. The real scandal is that Congress and the courts knew about this and did nothing to stop it.

The NSA is not necessarily the problem

I get it, the NSA are spies. Keeping secrets is what they do. Bad people want to hurt us, and we want them to find out who the bad people are before they get there.

But we don’t need to know everything the NSA does. We just need to know where the limits are, what is and isn’t considered an acceptable level of data collection, how much power individual analysts truly wield, and who is making sure they don’t abuse it.

We may end up deciding that what the NSA is doing is necessary for our nation’s security and that the checks and balances to protect us against abuse are adequate. But it’s something we, the people, need to decide — not a bunch of well-connected cronies behind closed doors, not a bunch of clowns who think the Internet is a series of tubes. It comes down to you and me and the rest of us, together.

If nothing else comes out of this, that would be enough.