- Bruce Schneier: Government officials lied to us that the state doesn't collect our data
- Schneier: It's clear that we can't trust anything anyone says about the NSA programs
- He says corporations have gone along with government in hiding the truth from us
- Schneier: Too much secrecy has robbed people of their trust in government
In July 2012, responding to allegations that the video-chat service Skype -- owned by Microsoft -- was changing its protocols to make it possible for the government to eavesdrop on users, Corporate Vice President Mark Gillett took to the company's blog
to deny it
Turns out that wasn't quite true.
Or at least he -- or the company's lawyers -- carefully crafted a statement that could be defended as true while completely deceiving the reader. You see, Skype wasn't changing its protocols to make it possible for the government to eavesdrop on users, because the government was already able
to eavesdrop on users.
At a Senate hearing in March, Director of National Intelligence James Clapper assured the committee
that his agency didn't collect data on hundreds of millions of Americans. He was lying
, too. He later defended his lie by inventing a new definition of the word "collect," an excuse that didn't even pass the laugh test.
As Edward Snowden's documents reveal more about the NSA's activities, it's becoming clear that we can't trust
anything anyone official says about these programs.
Google and Facebook insist
that the NSA has no "direct access" to their servers. Of course not; the smart way for the NSA to get all the data is through sniffers
Apple says it's never heard of PRISM. Of course not; that's the internal name of the NSA database. Companies are publishing
reports purporting to show how few requests for customer-data access they've received, a meaningless number
when a single Verizon request can cover all of their customers. The Guardian reported that Microsoft secretly
worked with the NSA to subvert the security of Outlook, something it carefully denies
. Even President Obama's justifications and denials are phrased with the intent that the listener will take his words very literally and not wonder what they really mean.
NSA Director Gen. Keith Alexander has claimed that the NSA's massive surveillance and data mining programs have helped
stop more than 50 terrorist plots, 10 inside the U.S. Do you believe him? I think it depends on your definition of "helped." We're not told whether these programs were instrumental in foiling the plots or whether they just happened to be of minor help because the data was there. It also depends on your definition of "terrorist plots." An examination
(PDF) of plots that that FBI claims to have foiled since 9/11 reveals that would-be terrorists have commonly been delusional, and most have been egged on by FBI undercover agents or informants.
Left alone, few were likely to have accomplished much of anything.
Both government agencies and corporations have cloaked themselves in so much secrecy that it's impossible to verify anything they say; revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative.
There's much more to come. Right now, the press has published only a tiny percentage of the documents Snowden took with him. And Snowden's files are only a tiny percentage of the number of secrets our government is keeping, awaiting the next whistle-blower.
Ronald Reagan once said "trust but verify." That works only if we can verify. In a world where everyone lies to us all the time, we have no choice but to trust blindly, and we have no reason to believe that anyone is worthy of blind trust. It's no wonder that most people are ignoring the story; it's just too much cognitive dissonance to try to cope with it.
This sort of thing can destroy our country. Trust is essential
in our society. And if we can't trust either our government or the corporations that have intimate access into so much of our lives, society suffers. Study
after study demonstrates the value of living in a high-trust society and the costs of living in a low-trust one.
Rebuilding trust is not easy, as anyone who has betrayed or been betrayed by a friend or lover knows, but the path involves transparency, oversight and accountability. Transparency first involves coming clean. Not a little bit at a time, not only when you have to, but complete disclosure about everything. Then it involves continuing disclosure. No more secret rulings by secret courts about secret laws. No more secret programs whose costs and benefits remain hidden.
Oversight involves meaningful constraints on the NSA, the FBI and others. This will be a combination of things: a court system that acts as a third-party advocate for the rule of law rather than a rubber-stamp organization, a legislature that understands what these organizations are doing and regularly debates requests for increased power, and vibrant public-sector watchdog groups that analyze and debate the government's actions.
Accountability means that those who break the law, lie to Congress or deceive the American people are held accountable. The NSA has gone rogue, and while it's probably not possible to prosecute people for what they did under the enormous veil of secrecy it currently enjoys, we need to make it clear that this behavior will not be tolerated in the future. Accountability also means voting, which means voters need to know what our leaders are doing in our name.
This is the only way we can restore trust. A market economy doesn't work unless consumers can make intelligent buying decisions based on accurate product information. That's why we have agencies like the FDA, truth-in-packaging laws and prohibitions against false advertising.
In the same way, democracy can't work unless voters know what the government is doing in their name. That's why we have open-government laws. Secret courts making secret rulings on secret laws, and companies flagrantly lying to consumers about the insecurity of their products and services, undermine the very foundations of our society.
Since the Snowden documents became public, I have been receiving e-mails from people seeking advice on whom to trust. As a security and privacy expert, I'm expected to know which companies protect their users' privacy and which encryption programs the NSA can't break. The truth is, I have no idea. No one outside the classified government world does. I tell people that they have no choice but to decide whom they trust and to then trust them as a matter of faith. It's a lousy answer, but until our government starts down the path of regaining our trust, it's the only thing we can do.