In an effort to move past simplistic debates about the NSA’s spying program, the nonpartisan, non-profit research firm Open Technology Institute has released a report evaluating the various costs, economic and otherwise, of the surveillance programs.
The report breaks down the various ways the NSA’s surveillance programs can harm the United States and their overall findings are summarized succinctly:
This paper attempts to quantify and categorize the costs of the NSA surveillance programs since the initial leaks were reported in June 2013. Our findings indicate that the NSA’s actions have already begun to, and will continue to, cause significant damage to the interests of the United States and the global Internet community.
They break things down to four areas in which the costs of NSA spying are measured:
- Direct costs to US businesses (talking dollars and cents, here)
- Potential costs to US businesses and to the open Internet from data protection regulation (the costs of meeting new regulatory burdens aimed at preventing American surveillance abroad)
- Costs to US foreign policy (diplomatic losses)
- Costs to cybersecurity (financial and otherwise)
For the cloud computing industry alone, the report values the potential lost business at up to $35 billion over just the next three years. This is based on industry research on the amount of companies moving their cloud computing business off of US soil and away from American businesses because they don’t trust any company’s ability to refuse intrusions from the NSA and other governmental entities.
Later, it is estimated that the IT services industry in general could lose up to $180 billion in the next three years alone. Within the industry, almost all companies are changing their purchasing decisions due to the NSA revelations. This includes American companies no longer wishing to do business with other American companies.
While the full extent of the damage is unclear as many industries cannot simply quit doing business with American companies, the fact that there is significant damage is undeniable.
The 64-page report covers many aspects of the situation within those four categories, such as detailing the domestic and international loss of trust due to the Snowden revelations. Freedom of expression, a liberty for which the United States has long been held in high esteem, is now doubted internationally as the pervasive spying on journalists by the NSA is thought to have a “chilling” effect on speech.
It concludes with a series of recommendations to repair existing damage and head off anticipated losses. First, it calls for giving real teeth to legal protections for American privacy and the privacy of non-Americans, as well as ending the shroud of secrecy that surrounds all surveillance.
Further, the report calls for a drastic reformation of the way American surveillance deals with cybersecurity, recommending that cryptography standards be more clearly removed from the clutches of the NSA, ending practices that create and fail to patch security vulnerabilities in third-party software, and creating transparent policies about how the government can use malware-like bugs to gather information. From the report:
It is wholly inappropriate for the U.S. government to covertly influence security standards-setting processes in a way that may weaken those standards or introduce security flaws. The NSA’s efforts in this area have undermined overall trust in the security of the Internet and diminished confidence in the National Institute of Standards and Technology (NIST). As the President’s Review Group explains, “Encryption is an essential basis for trust on the Internet… The use of reliable encryption software to safeguard data is critical to many sectors and organizations, including financial services, medicine and health care, research and development, and other critical infrastructures in the United States and around the world.”
Finally, the last recommendation is an especially interesting one. The report says that the NSA’s purposes can be seen as having two chief functions, one being offensive and the other defensive. The recommendation, then, is to split those two tasks into separate agencies to remove the inherent conflict of interest.
The “offensive” aspect of the NSA is the one we hear most about: active surveillance. Now, the justification for the offense is technically defense. The NSA spies to root out threats to the security of the country. This is a legitimate purpose and something the government should be doing in some way, shape, or form.
However, there is a “defensive” aspect as well. The NSA employs some of the world’s foremost security experts and is tasked with preventing spying from happening from foreign or other entities through its role in creating cryptographic standards and offering other cybersecurity services for the government. Since the NSA has been asked to both of these things, they have constantly decided to compromise the defense for the sake of offense.
Instead, the United States can have an agency that focuses solely on cybersecurity concerns like cryptography and communications security. This allows the NSA to continue focusing on surveillance but takes away the ability to risk the security and freedom of private communications in the process. The two would certainly collaborate, but a separate defensive-oriented agency would be unwilling to completely mortgage their goal for the sake of the NSA.
This report is not the only one of its kind, either. The American Civil Liberties Union (ACLU) and Human Rights Watch jointly released a report just days ago focused on the harmful effects of NSA spying on journalistic freedom and democracy.