Listen to the story.
Marco Werman: So what about the real Edward Snowden and his legacy? I keep wondering how much has actually changed since Snowden revealed the extent of the NSA surveillance, so I asked Bobby Chesney, he’s a law professor at the Univ. of Texas in Austin, about what he thinks has been the most striking result of the Snowden leaks.
Bobby Chesney: Well, you know, most people want to see statutory change or policy change as evidence that there’s been some real impact from the Snowden leaks, but in a way I think that’s turning out to be the wrong place to look. There’s not actually very much happening on those fronts, but there’s something else that’s happening that the public may not be fully focused on and that’s the changing relationship between the American intelligence community and the private sector, especially all the different entities that are involved in telecommunications or internet communications. Most people don’t appreciate this perhaps, but cooperation between the private sector and the government is a critical part of the intelligence communities success, thanks to the way that the Snowden story has catalyzed interest in privacy, pressure on companies to be more privacy protective. There’s something of a sea change underway and you see this in many manifestations, the most obvious I think is the decision by Apple, and then Google and no doubt others to make encryption a default matter for people’s devices and the way information is stored. This, in a larger changing tenor of how the private sector reacts when asked to cooperate with the government on these sorts of matters, this I think is the big long term impact.
Werman: Right. So Apple’s new generation of mobile devices, much harder to hack into. I heard about the encryption kind of changes, how does that actually work in real life, like people protecting themselves?
Chesney: Well, the significance of it is that the default encryption model in theory makes it hard, if not impossible, for the company themselves to unlock data on say, a suspect’s or a target’s cellphone or their iPad, whatever the device may be.
Werman: So if the NSA were to pressure them to give over some data, they would have a justified response in saying we don’t know how to do that, we can’t do it.
Chesney: Well, interestingly, it’s really the FBI that’s speaking out most loudly about this. The FBI’s director, Jim Comey, made a much remarked speech at Brookings not too long ago, describing the problem as FBI going dark. The claim is it’s not that they are seeking new authorities, but their existing authorities don’t mean what they used to because of this technological change.
Werman: Wow, how do you think Snowden would feel about that?
Chesney: Well, I have to assume that Snowden would applaud this and I’m quite sure that for those who are coming at this issue from a privacy protection perspective, this is all to the good and indeed, probably the most realistic solution; that is, you’re much more likely over time to get real changes in terms of greater privacy protection from the dissemination of encryption technology in the devices themselves, hardwired into the code, into the devices...then you’re going to get headway by seeking legislative change, trying to crimp government investigative power this way or that way.
Werman: Why do you think the commercial world reacted more quickly than the legal world to Snowden’s revelations?
Chesney: Well, the legal world, it’s pretty easy to see how the pressures on congress come together to make it difficult to move forward. Put simply, on one hand, not many legislators want to be seen as heedless of privacy. On the other hand, it’s equally clear that no one particularly wants to have just voted for some retrenchment of investigative intelligence collection authority, only to have some horrific attach occur the next day, or some episode with ISIS, or fill in the blank, a national security disaster, at which point people will be left pointing fingers at one another. This may explain why last month, the most recent and strongest attempt so far to get some legislative change actually failed to get out of the senate.
Werman: So right now you’re saying there’s no law making its way through the system, despite Obama’s announcement about a year ago to narrow the government’s access to phone and data?
Chesney: Actually, what I really mean is it’s been kicked over to the new congress. This congress didn’t get it done, but the next one is going to have to do it and there’s a reason why: in so far as what we’re talking about here is the bulk collection of telephone metadata, the underlying statutory authority and key part will expire in June of this coming year, so the new congress unavoidably will come to grips with this, but at the end of the day, what they’re contemplating doing there won’t be that much different than the status quo and it won’t matter as much as these private sector adoption of encryption type things I’ve been talking about.
Werman: And one other effect of Edward Snowden’s revelation, Snowden as a cultural figure, I mean what has been his impact, his visceral impact among younger people? I know in some circles he’s a rock star. Do your students at UT Austin relate to him?
Chesney: Well, they certainly are interested in him. He’s a major figure. Last year at South By Southwest Interactive, which is, as you know, a big tech festival here in Austin, he made a remote appearance and it was dramatic. I mean that was the big headline news, much to my chagrin because we were doing our own event at the same time and no one cared. He is a polarizing figure. You don’t need me to tell the audience that. Personally, I think hat it’s like a lot of issues where there are some elements cutting one way, some elements cutting strongly the other way and that makes him a very human figure if nothing else.
Werman: What about your own professional work? Has any of it been affected by the Snowden revelations? Are you more paranoid, have you learned to encrypt yet?
Chesney: Well, the biggest professional affect on me is when I teach the basic course in national security law, which is sort of a standard law school course, used to be that we’d cover this particular topic in four or five days and it wasn’t a terribly thorough job. We covered all the major elements, based on what was in the public record that you could really talk about. Last year we had to more than double that and it wasn’t nearly enough.
Werman: Is it doable in half a semester?
Chesney: You know, the truth is you could spend years on it and still have room to go because the learning curve for most students in terms of understanding the technologies involved, let alone the policy...and there’s a significant layer of policy constraint and regulation here. And then layering in on top of that the complex federal statutes, the background concepts of the fourth amendment, and then having the chance for the students to debate the desirability of the status quo versus how you might change it, actually sounds like it would make for a year long course.
Werman: Yeah, really. And finally, we’re not looking for product endorsement here, but what kind of phone do you use for now?
Chesney: I have a Samsung Galaxy.
Chesney: I do like it, but I just like it because it’s gigantic and I can see the pictures of my kids really easily with it. I haven’t ever thought about its encryption model.
Werman: So you don’t encrypt at all.
Chesney: Not unless they do it as a default, but you know, that exactly illustrates the power of the thing that Director Comey was talking about -- here I am, someone who works in this area, I really don’t think much about encryption as a personal matter for whatever reason. And if the provider decides to switch to the default encryption, then the choice is made event for someone like me who really hadn’t thought about it one way or another.
Werman: Bobby Chesney, law professor at the Univ. of Texas, Austin, thank you so much.
Chesney: Thank you very much.