Edward Snowden is many things to many people, and in recent days The New York Times and The Guardian have favorably editorialized about the overdue debate he has initiated. Rightly so, but both newspapers were wrong to prematurely declare him a whistleblower. Whistleblowers expose illegality and wrongdoing, and no matter what we think of its actions, it is not yet clear that the National Security Agency has been operating illegally or unconstitutionally. So, rather than blow a whistle, Mr. Snowden has shone a light on the extent to which technology, in particular cloud computing, has outstripped our laws and the Patriot Act may have exceeded its usefulness.
First, the matter of whistleblower. The Cambridge dictionary defines the term as “A person who tells someone in authority about something they believe to be illegal that is happening, especially in a government department or a company.” The Whistleblower Protection Act applies to federal employees who disclose “illegal or improper government activities.” Those who argue that the contractor Ed Snowden is a whistleblower, therefore, are deploying different definitions that are not currently rooted in law.
The 2001 Patriot Act lowered the barriers to legal surveillance by allowing the secret Foreign Intelligence Surveillance Court to approve requests to suspend privacy rights. The surveillance court only hears arguments from the Justice Department and not opposing views, and Chief Justice Roberts has unilateral power to select its members. The surveillance court has been criticized from all points on the political spectrum, and one federal judge has deemed NSA collection of American telephone records to be likely unconstitutional. Another has ruled the other way, making it possible that the Supreme Court will ultimately have to rule on the issue, assuming the program isn’t suspended or materially altered earlier by the administration or Congress.
As of June 2013, the Foreign Intelligence Surveillance Court had received more than 33,900 surveillance requests and turned down just 11 of those. In July 2012, the Director of National Intelligence, James R. Clapper, declassified government documents that showed the court had deemed some NSA data collection “unreasonable under the Fourth Amendment.” The NSA claims to have addressed those concerns. We have no way of knowing whether or not they have actually done so: the chief judge of the surveillance court, Reggie B. Walton, has himself said that his body cannot verify whether the mistakes the NSA reports as unintentional were indeed that, or whether the agency has reported all of its violations.
Meanwhile, the broader societal migration to cloud computing is one of the underappreciated factors that motivated Snowden to reveal what the NSA was doing, and has generated so much of the ensuing apprehension about his revelations. Cloud computing is nothing new—anyone who searches on Google, uses a web-based email program, or works on shared documents via Dropbox has experienced the power of cloud computing. What is new in cloud computing is its sheer scale, as well as the acceleration of our transition away from a reliance on computing power and software applications that reside on hardware we own. With the cloud, all any user needs to access vast computing power is a web browser and a login password.
Cheap and powerful cloud computing potentially serves the interests of companies, consumers, and democracy alike. It also poses a great challenge. Whatever aspect of your life has been uploaded to the cloud does not currently have the same constitutional protection as the same information stored in a drawer in your home. The Fourth Amendment requires government to justify to a court why it has a compelling interest in your personal information. It protects the contents of your laptop from illegal search and seizure, but once you deposit something up in the cloud, you lose that protection. While there are some protections that treat emails like sealed letters, Fourth Amendment protection largely ends where virtual reality begins, since Americans are volunteering to share in this way, not being coerced to do so.
It initially looked as though tech companies were collaborating with the NSA by honoring requests for information, but we now know that the NSA also rummaged through Google’s and Yahoo’s fiber-optics links without consent. The NSA did not believe it needed company consent since the data was extracted from outside US territory. Is that illegal under the Patriot Act and its 2011 extensions, which President Obama signed into law? That is a question for courts to decide.
What is clear is that the Patriot Act coupled with cloud computing has worrisome implications for the privacy rights of American citizens, America’s relationships with allies, and American commerce. Snowden’s revelations have undercut the world’s trust in American companies at the same time they are seeking to extend the range of their influence and appeal in the move to the cloud era.
The NSA is tasked to protect the American people in a dangerous world to the full limits of the law. A panel of presidential advisors has urged President Obama to rein in NSA data mining, finding “persistent instances of noncompliance” but no “illegality or other abuse of authority.” The jury is therefore still out on whether the NSA has really “routinely and deliberately broken the law” as the concluding paragraph of the Times editorial argues, or instead whether the laws themselves are in need of an overhaul or further clarification.
According to the currently available evidence, Snowden is not yet a whistleblower. Yet he doesn’t need to be a whistleblower to have rendered a great public service by exposing the potential gap between current government practices—legal or illegal—and American values.
This post originally appeared at The Weekly Wonk, New America’s digital magazine.