POSTS FOR 2013

FISA, The NSA, PRISM and Edward Snowden

Privacy and Security5340 words26 minutes to read

I’ve been paying quite a bit of attention to the story of Edward Snowden — the former CIA contractor who leaked classified information to the American public about how the government is spying on us through acronym-laden programs known as “PRISM” and “MUSCULAR”.

Allow me to be your tour guide as we uncover just a few of the ways in which the NSA has broken the law and spied on American citizens.

Foreign Intelligence Surveillance Act (1978)

It all started in 1978 with the passage of FISA:

The Foreign Intelligence Surveillance Act of 1978 (“FISA” Pub.L. 95–511, 92 Stat. 1783, 50 U.S.C. ch. 36) is a United States federal law which prescribes procedures for the physical and electronic surveillance and collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers” (which may include American citizens and permanent residents suspected of espionage or terrorism). The law does not apply outside the United States. It has been repeatedly amended since the September 11 attacks.

FISA was amended in 2001 by The Patriot Act:

The USA PATRIOT Act of 2001 is an Act of Congress that was signed into law by President George W. Bush on October 26, 2001. […]

On May 26, 2011, President Barack Obama signed the PATRIOT Sunsets Extension Act of 2011, a four-year extension of three key provisions in the USA PATRIOT Act: roving wiretaps, searches of business records (the “library records provision”), and conducting surveillance of “lone wolves”—individuals suspected of terrorist-related activities not linked to terrorist groups.

Then again by the Protect America Act of 2007:

The Protect America Act of 2007 (PAA), (Pub.L. 110–55, 121 Stat. 552, enacted by S. 1927), is a controversial amendment to the Foreign Intelligence Surveillance Act (FISA) that was signed into law by U.S. President George W. Bush on August 5, 2007. It removed the warrant requirement for government surveillance of foreign intelligence targets “reasonably believed” to be outside of the United States. The FISA Amendments Act of 2008 reauthorized many provisions of the Protect America Act in Title VII of FISA.

And yet again by the FISA Amendments Act of 2008:

Warrantless wiretapping by the National Security Agency (NSA) was revealed publicly in late 2005 by the New York Times and then discontinued in January 2007. […] Approximately forty lawsuits have been filed against telecommunications companies by groups and individuals alleging that the Bush administration illegally monitored their phone calls or e-mails. Whistleblower evidence suggests that AT&T was complicit in the NSA’s warrantless surveillance, which could have involved the private communications of millions of Americans.

The Foreign Intelligence Surveillance Act makes it illegal to intentionally engage in electronic surveillance under appearance of an official act or to disclose or use information obtained by electronic surveillance under appearance of an official act knowing that it was not authorized by statute; this is punishable with a fine of up to * 10,000 or up to five years in prison, or both. In addition, the Wiretap Act prohibits any person from illegally intercepting, disclosing, using, or divulging phone calls or electronic communications; this is punishable with a fine or up to five years in prison, or both.

(All 3 sets of amendments to FISA were passed by Congresses operating during the George W. Bush administration.)

Edward Snowden, Whistleblower

In May 2013, Edward Snowden’s leak of Top Secret-level NSA material was called “the most significant leak in U.S. history” by Daniel Ellsberg, leaker of the Pentagon Papers (1971).

The U.S. government has charged Snowden with espionage and theft of government secrets. President Obama’s response was reported by Z. Byron Wolf, writing for CNN:

Even as he announced changes to the NSA programs, including the appointment of an independent government review, at a news conference on Friday, Obama suggested Americans would be better off if they hadn’t found out that the government collects vast amounts of phone and Internet data.

“No, I don’t think Mr. Snowden was a patriot,” Obama said. A bit earlier he had argued that his administration was already in the process of reviewing the programs that most Americans didn’t know existed.

The leaks, he said, hurt that process.

Conor Friedersdorf, writing for The Atlantic, talks about why pardoning the whistleblower would be more moral and legal than Team Obama’s treatment of Bush-era interrogators:

Circa 2008, Barack Obama gave his supporters reason to believe that if he were elected, he would protect whistleblowers and obey U.S. law on the subject of torture.

He has disappointed on both subjects.

Long before Edward Snowden exposed mass surveillance on Americans by the NSA, the Obama Administration was aggressively persecuting former civil servants who blew the whistle on objectionable behavior during the Bush Administration.

Edward Snowden, in A Manifesto for the Truth:

Society can only understand and control these problems through an open, respectful and informed debate. At first, some governments feeling embarrassed by the revelations of mass surveillance initiated an unprecedented campaign of persecution to supress this debate. They intimidated journalists and criminalized publishing the truth. At this point, the public was not yet able to evaluate the benefits of the revelations. They relied on their governments to decide correctly. […]

Citizens have to fight suppression of information on matters of vital public importance. To tell the truth is not a crime.

The American public’s view has been polarized. Here is what Wikipedia’s entry on Edward Snowden says:

He has been variously called a hero, a whistleblower, a dissident, a traitor, and a patriot. Response from US officials has been similarly varied; Director of National Intelligence James Clapper condemned Snowden’s actions as having done “huge, grave damage” to US intelligence capabilities, while United States Secretary of State John Kerry admitted that the NSA had gone “too far” in some of its surveillance activities and promised that it would be stopped.

“Patriotism is supporting your country all the time, and your government when it deserves it.”

— Mark Twain

Rory Carroll, writing for The Guardian, says that the White House has chosen to reject clemency for Edward Snowden.

The former NSA employee this week appealed for clemency and an opportunity to address members of Congress about US surveillance. He also asked for international help to lobby the US to drop the charges against him. The White House, stung by domestic and international criticism, has shown growing appetite to rein in some of the NSA programmes that Snowden exposed but it has not softened its hostility to the 30-year-old fugitive. […]

Feinstein, a Democratic senator from California, remained implacable. “He’s done this enormous disservice to our country. I think the answer is ‘no clemency’,” she told CBS’s Face the Nation.

The former NSA contractor could have blown the whistle on excesses by contacting the House and Senate intelligence committees, Feinstein said. “We would certainly have seen him … and looked at that information. That didn’t happen.”

The NSA’s PRISM program

The information that was leaked by Snowden outlined the PRISM program, run by the NSA. Here is what we’ve learned so far.

Chris Gayomali, writing for the The Week, says that “The United States has allegedly been spying on its own allies”.

Perhaps the most damning new revelation is that the U.S. government may have been spying on friends as well as foes. Thirty-eight embassies and missions are outlined as “targets” on one document, reports the Guardian.

Also that “PRISM allegedly collects data from companies in real time”.

The Post suggests the FBI uses “government equipment on private company property” to retrieve information on a specified target, before it is then passed on to “customers” in either the NSA, CIA, or FBI. If true, this ostensibly allows the government’s data collection to proceed in real time. To refresh your memory: Google, Yahoo, Microsoft, Apple, Facebook, PayTalk, AOL, Skype, and YouTube were all reported to be taking part in the PRISM program.

And yet, all the companies have “strenuously denied” involvement, says Mike Masnick at TechDirt, which doesn’t jibe with the Post’s own annotations. Based on the slides, “it’s not at all clear” that Data Intercept Technology Units (DITU) are physically located on private the premises of private companies:

Google has said in the past that when it receives a valid FISA court order under the associated program it uses secure FTP to ship the info to the government. From that, it seems like the “DITU” could just be a government computer somewhere, not on the premises of these companies, and info is uploaded to those servers following valid FISC orders. [TechDirt]

The Washington Post, in an article entitled “NSA slides explain the PRISM data-collection program”, shows slides from a classified presentation about PRISM’s purpose.

The top-secret PRISM program allows the U.S. intelligence community to gain access from nine Internet companies to a wide range of digital information, including e-mails and stored data, on foreign targets operating outside the United States. The program is court-approved but does not require individual warrants. Instead, it operates under a broader authorization from federal judges who oversee the use of the Foreign Intelligence Surveillance Act (FISA). Some documents describing the program were first released by The Washington Post on June 6. The newly released documents below give additional details about how the program operates, including the levels of review and supervisory control at the NSA and FBI. The documents also show how the program interacts with the Internet companies. These slides, annotated by The Post, represent a selection from the overall document, and certain portions are redacted.

This presentation lists Microsoft, Yahoo!, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple as being the sources of data for PRISM.

Joshua Brustein, writing for Bloomberg Businessweek, has collected statements from all of the companies named in the leaked NSA documents.

In a series of terse statement (sic), all the companies named in the reports about NSA’s Internet snooping program, Prism, have denied involvement. All these companies have been compelled to share personal data with the government at some time, which they tacitly acknowledge by saying they only do so after careful consideration and court orders. “Direct access” to servers, though, is a bridge too far, they say […].

Dara Kerr, writing for CNET, says that “The tech giants [Apple, Google, Microsoft], along with Yahoo, Facebook, and AOL, call upon the Senate Judiciary Committee to substantially reform the US government’s mass surveillance practices.”

Google, Apple, Microsoft, Yahoo, Facebook, and AOL penned a letter (pdf) to the lead members of the Senate Judiciary Committee on Thursday urging the lawmakers to substantially reform the NSA surveillance practices. The companies also asked for additional oversight and accountability mechanisms for the spying programs.

“Transparency is a critical first step to an informed public debate, but it is clear that more needs to be done,” the letter reads. “We urge the Administration to work with Congress in addressing these critical reforms that would provide much needed transparency and help rebuild the trust of Internet users around the world.” […]

That document leak opened the public’s eyes to the government’s collection of data on US residents through both cellular records and metadata from Internet companies. Since Snowden’s original leak, thousands more documents have surfaced. The NSA and the Obama administration have maintained that the surveillance program was carried out to protect Americans and track down foreign terrorists.

The piece continues, showing precisely how good intentions mean nothing in the real world.

The letter sent by the tech companies “applauds” Sen. Patrick J. Leahy (D-Vt.) and Rep. F. James Sensenbrenner Jr. (R-Wis.) who recently sponsored a bill called the USA Freedom Act. This bill has the goal of “ending eavesdropping, dragnet collection, and online monitoring” by the NSA and other government agencies.

Sensenbrenner is considered one of the architects of the Patriot Act, which the NSA often cites as a legal justification for its surveillance activities. However, Sensenbrenner is adamant that mass government spying wasn’t the intention of the Patriot Act.

“We have to make a balance between security and civil liberties,” Sensenbrenner told the Associated Press in an interview last week. “And the reason the intelligence community has gotten itself into such trouble is they apparently do not see why civil liberties have got to be protected.”

Isn’t that against the law?

You’ve asked a very complex question.

If you read up on FISA and its various amendments, it is very clear that for the American government to get information from American companies on American soil, they have to provide probable cause and get a warrant from a judge.

What they’ve done is not break the law, but rather go around it. The Guardian has an excellent presentation entitled “NSA Files: Decoded. What the revelations mean for you.” which does a terrific job explaining everything. I would encourage you to take some time learning from it.

Much of the NSA’s defence is that the public should be unconcerned, summed up by the dictum: “If you have nothing to hide, you have nothing to fear.” But civil liberties groups such as the Electronic Frontier Foundation and the American Civil Liberties Union warn that surveillance goes well beyond what Congress intended and what the US constitution allows.

What the NSA has done is partner with GCHQ (Britain’s equivalent agency) to tap the private fiber-optic cables that transfer digital data from continent to continent.

Instead of the American government getting information from American companies on American soil, they’re getting it on British soil — which negates all of the oversight protections that American citizens expect.

The British parliament was very aware of the power they had over their own people, and colluded with the NSA to dodge American law. While it’s not technically a violation of FISA (which itself is being contested as unconstitutional), it is absolutely a violation of the of the Fourth Amendment to the U.S. Constitution.

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

The ACLU published a piece entitled “Surveillance Under the USA PATRIOT Act” which explains how the Patriot Act violates our Constitutional rights.

With regard to “Expanded access to personal records held by third parties”:

Section 215 of the Patriot Act violates the Constitution in several ways. It:

  • Violates the Fourth Amendment, which says the government cannot conduct a search without obtaining a warrant and showing probable cause to believe that the person has committed or will commit a crime.

  • Violates the First Amendment’s guarantee of free speech by prohibiting the recipients of search orders from telling others about those orders, even where there is no real need for secrecy.

  • Violates the First Amendment by effectively authorizing the FBI to launch investigations of American citizens in part for exercising their freedom of speech.

  • Violates the Fourth Amendment by failing to provide notice - even after the fact - to persons whose privacy has been compromised. Notice is also a key element of due process, which is guaranteed by the Fifth Amendment.

With regard to “secret searches”:

The Patriot Act, however, unconstitutionally amends the Federal Rules of Criminal Procedure to allow the government to conduct searches without notifying the subjects, at least until long after the search has been executed. This means that the government can enter a house, apartment or office with a search warrant when the occupants are away, search through their property, take photographs, and in some cases even seize property - and not tell them until later.

Notice is a crucial check on the government’s power because it forces the authorities to operate in the open, and allows the subject of searches to protect their Fourth Amendment rights. For example, it allows them to point out irregularities in a warrant, such as the fact that the police are at the wrong address, or that the scope of the warrant is being exceeded (for example, by rifling through dresser drawers in a search for a stolen car).

With regard to “Expansion of the intelligence exception in wiretap law”:

A 1978 law called the Foreign Intelligence Surveillance Act (FISA) created an exception to the Fourth Amendment’s requirement for probable cause when the purpose of a wiretap or search was to gather foreign intelligence. The rationale was that since the search was not conducted for the purpose of gathering evidence to put someone on trial, the standards could be loosened. In a stark demonstration of why it can be dangerous to create exceptions to fundamental rights, however, the Patriot Act expanded this once-narrow exception to cover wiretaps and searches that DO collect evidence for regular domestic criminal cases. FISA previously allowed searches only if the primary purpose was to gather foreign intelligence. But the Patriot Act changes the law to allow searches when “a significant purpose” is intelligence. That lets the government circumvent the Constitution’s probable cause requirement even when its main goal is ordinary law enforcement.

With regard to “Expansion of the ‘pen register’ exception in wiretap law”:

Under the Patriot Act PR/TT orders issued by a judge are no longer valid only in that judge’s jurisdiction, but can be made valid anywhere in the United States. This “nationwide service” further marginalizes the role of the judiciary, because a judge cannot meaningfully monitor the extent to which his or her order is being used. In addition, this provision authorizes the equivalent of a blank warrant: the court issues the order, and the law enforcement agent fills in the places to be searched. That is a direct violation of the Fourth Amendment’s explicit requirement that warrants be written “particularly describing the place to be searched.” […]

Web addresses are rich and revealing content. The URLs or “addresses” of the Web pages we read are not really addresses, they are the titles of documents that we download from the Internet. When we “visit” a Web page what we are really doing is downloading that page from the Internet onto our computer, where it is displayed. […] That is much richer information than a simple list of the people we have communicated with; it is intimate information that reveals who we are and what we are thinking about - much more like the content of a phone call than the number dialed. After all, it is often said that reading is a “conversation” with the author.

In order for a federal law to be recognized as unconstitutional, a court case needs to go before the U.S. Supreme Court to be decided. Not many court cases against a federal agency have been able to make it that far, but on occasion, something gets caught.

In January 2009, the FISA court was notified that the NSA had been querying business records metadata “in a manner that appear[ed] to the Court to be directly contrary” to the court’s order allowing it to so. In response, the FISA court ordered the government to explain itself. These documents detail this exchange as the NSA struggled to understand the business records program and ensure compliance.

“The court is exceptionally concerned about what appears to be a flagrant violation of its order in this matter and, while the court will not direct that specific officials of the executive branch provide sworn declarations in response to this order, the court expects that the declarants will be officials of sufficient stature that they have the authority to speak on behalf of the executive branch.”

— Reggie Walton

Using this interactive diagram, you can see which laws, amendments and executive orders have enabled the NSA to operate as it currently does.

So, what are Microsoft, Yahoo!, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple doing about this?

First of all, it needs to be clear that they never knowingly gave this kind of information to the NSA. The NSA colluded with the GCHQ to subvert American law by directly tapping the fiber optic cables that sends data between continents.

Barton Gellman, Ashkan Soltani and Andrea Peterson, writing for The Washington Post, explain “How we know the NSA had access to internal Google and Yahoo cloud data” (emphasis mine).

Immediately after the story posted online, a reporter asked NSA Director Keith B. Alexander about it at a cybersecurity event hosted by Bloomberg Government. Neither the reporter nor Alexander had read the story yet.

General, we’re getting some news that’s crossing right now being reported in The Washington Post that there are new Snowden allegations that say the NSA broke into Yahoo and Google’s databases worldwide, that they infiltrated these databases?

Alexander replied:

That’s never happened. […] This is not the NSA breaking into any databases. It would be illegal for us to do that. And so I don’t know what the report is, but I can tell you factually we do not have access to Google servers, Yahoo servers.

The story did not say the NSA breaks into “servers” or “databases.” It said the agency, working with its British counterpart, intercepts communications that run on private circuits between the fortress-like data centers that each company operates on multiple continents.

The distinction is between “data at rest” and “data on the fly.” The NSA and GCHQ do not break into user accounts that are stored on Yahoo and Google computers. They intercept the information as it travels over fiber optic cables from one data center to another. […]

The two companies do not entrust their data center communications to the “public internet,” which is comparable to an international highway system that anyone can use. Instead, they link their data centers with thousands of miles of privately owned or privately leased fiber optic cable – in effect, a system of private highways. When Google and Yahoo have to share a stretch of road with the public internet, they take other precautions to keep their traffic secure. […]

Our Wednesday story noted that the NSA is governed by fewer rules and less oversight when it does its intelligence collection outside U.S. territory:

Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight. NSA documents about the effort refer directly to “full take,” “bulk access” and “high volume” operations on Yahoo and Google networks. Such large-scale collection of Internet content would be illegal in the United States, but the operations take place overseas, where the NSA is allowed to presume that anyone using a foreign data link is a foreigner.

Outside U.S. territory, statutory restrictions on surveillance seldom apply and the FISC has no jurisdiction. Senate Intelligence Committee Chairman Dianne Feinstein (D-Calif.) has acknowledged that Congress conducts little oversight of intelligence-gathering under the presidential authority of Executive Order 12333, which defines the basic powers and responsibilities of the intelligence agencies.

(EO 12333 was signed by Ronald Reagan. It was superseded and amended by EO 13355 and EO 13470, both signed by George W. Bush.)

Brandon Downey, a security engineer at Google, had this to say:

Fuck these guys.

I’ve spent the last ten years of my life trying to keep Google’s users safe and secure from the many diverse threats Google faces. […]

It makes me sad because I believe in America.

Not in that flag-waving bullshit we’ve-got-our-big-trucks-and-bigger-tanks sort of way, but in the way that you can looked a good friend who has a lot of flaws, but every time you meet him, you think, “That guy still has some good ideas going on”.

But after spending all that time helping in my tiny way to protect Google — one of the greatest things to arise from the internet — seeing this, well, it’s just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.

Mike Hearn, another security engineer at Google, had this to say:

I now join him in issuing a giant Fuck You to the people who made these slides. I am not American, I am a Brit, but it’s no different - GCHQ turns out to be even worse than the NSA.

We designed this system to keep criminals out. There’s no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we’ve got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason.

Unfortunately we live in a world where all too often, laws are for the little people. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done - build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.

Thank you Edward Snowden. For me personally, this is the most interesting revelation all summer.

Later, in the comments of his post, he explains the following:

Encryption was being worked on prior to Snowden but it didn’t seem like a high priority because there was no evidence it would achieve anything useful, and it cost a lot of resources. Once it became clear how badly compromised the fiber paths were, there was a crash effort to encrypt everything.

Sean Gallagher, writing for Ars Technica, says that “Googlers say ‘F*** you’ to NSA, company encrypts internal network”.

Google has started to encrypt its traffic between its data centers, effectively halting the broad surveillance of its inner workings by the joint National Security Agency-GCHQ program known as MUSCULAR. The move turns off a giant source of information to the two agencies, which at one point accounted for nearly a third of the NSA’s daily data intake for its primary intelligence analysis database—at least for now.

As of 2012, the NSA developed “defeat fingerprints” to scan the server-to-server communications that powered Google Adwords, Blogger, the BigTable database that powers Google Drive and other applications, and the TeraGoogle search index interface. These fingerprints allowed the NSA to scan Google internal traffic and identify elements associated with the usage of specific individuals or for searches and other behavior around a particular subject of interest (like, say, “pressure cooker bomb”). […]

A second set of NSA tools, called Serendipity, gave the agency the ability to target specific Google accounts for monitoring as they accessed service, including:

  • Chrome synchronization, including bookmark sync to the cloud
  • “Talkgadget,” the Google Talk component of Gmail
  • The now-defunct iGoogle personalized pages
  • Google searches
  • Picasa photo sharing
  • YouTube […]

For Yahoo, the NSA had developed another set of hooks, fully accessing its internal mail protocols as well as its Messenger instant messaging service, advertising tracker, and “Web beacons” used to track whether users had opened HTML-formatted emails. And the agency had to respond to a flood of unwanted data from these sources by instituting blocks—mostly to deal with Yahoo’s periodic movement of entire user mailboxes.

Chris Baraniuk, writing for Wired, says that Microsoft still doesn’t encrypt server-to-server data.

A senior Microsoft executive has told a European parliamentary committee that the company does not encrypt its server-to-server data communications.

Dorothee Belz, EMEA VP for Legal and Corporate Affairs, made the remark when answering a question from Claude Moraes, MEP, during a meeting at the European Parliament on Monday.

“Generally, what I can say today is server-to-server transportation is generally not encrypted,” she said. “This is why we are currently reviewing our security system.” […]

It’s just one of several leaks by former intelligence agency contractor Edward Snowden that has concerned the EU’s Committee for Civil Liberties, Justice, and Home Affairs (LIBE) in a series of parliamentary hearings.

Prior to taking questions from MEPs, Belz, who appeared alongside executives from Google and Facebook, reiterated earlier statements from Microsoft by stressing that the company did not openly provide “direct access” to its servers. However, her later admission that the firm has as yet failed to establish server-to-server encryption has raised fears among many within digital liberties groups that a significant breach of privacy could still be perpetrated.

Sam Smith, a technologist at Privacy International, said the unencrypted data could hypothetically relate to any of Microsoft’s cloud services, from Hotmail and Outlook.com email accounts to Xbox Live, Office 365, and SkyDrive cloud storage.

What now?

The debate Snowden wanted is happening. That in itself is a major achievement.

Public opinion is polarized over surveillance, but polls show a jump in concern over privacy in the wake of Snowden’s revelations. A Pew poll at the end of July found that for the first time in a decade, the majority of Americans are more concerned about the government infringing on their civil liberties than about a potential terrorist attack. […]

According to a recent study, the majority of Americans believe that preserving the rights of US citizens is more important than preventing terrorist attacks. Since the NSA revelations, Americans have become more opposed to government surveillance that infringes on civil liberties.

People are turning to the court system more and more.

In the end, it may be through the courts rather than Congress that genuine reform may come. Privacy groups such as the Electronic Privacy Information Center and the Electronic Frontier Foundation launched lawsuits that have led to disclosure of hundreds of pages of Fisa (sic) rulings on Section 215. GCHQ and NSA surveillance is facing a legal challenge at the European court of human rights from Big Brother Watch, English PEN and Open Rights Group.

Silicon Valley is also taking action through the courts. Google, Microsoft and Yahoo, facing a backlash from their users in the US and overseas over mass surveillance, are fighting to be allowed to be more transparent about their dealings with the intelligence agencies. These companies, along with Facebook, Apple and AOL have also written to the Senate intelligence committee demanding reform.

With as much hate and backbiting I’ve seen among American citizens and Congressional members since 2000, something strange has happened around this issue.

There are now several major pieces of legislation going through Congress that would introduce at least some reform of the NSA. Among those, the one backed by Feinstein and passed by her committee is the least radical, offering proposals for greater transparency but basically maintaining the status quo. The bulk collection of Americans’ phone call data would be enshrined in US law.

More far-reaching is the proposed Intelligence Oversight and Reform Act, with bipartisan support from senators Wyden, Udall, Richard Blumenthal and Rand Paul. It would ban the collection of internet communication data; close loopholes that allow snooping on Americans without a warrant; reform the Fisa court; and provide some protection for companies faced with handing over data to the NSA.

What about Edward Snowden?

After leaving Hawai’i and his job as an NSA contractor, he fled to Hong Kong before winding up in Moscow, where Russian President Vladimir Putin granted him temporary asylum and protection from the U.S. government.

He most certainly has a rough road ahead of him. There’s no way you can piss-off the U.S. government as badly as he has and plan to remain free forever. Then again, they also said that about Bobby Fischer.

Dr. Martin Luther King Jr. once said:

“An individual who breaks a law that conscience tells him is unjust, and who willingly accepts the penalty of imprisonment in order to arouse the conscience of the community over its injustice, is in reality expressing the highest respect for the law.”

I, for one, consider Edward Snowden a hero and a patriot to the highest degree.

Update (2013–12–09)

Aol, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo! have all gotten together and put forward this new initiative: ReformGovernmentSurviellance.com.

I’m disappointed that Apple isn’t on this list.

Ryan Parman

Ryan Parman is an experienced software engineer, open source evangelist, and passionate user advocate currently living in Seattle. He is the creator of and , and worked on DevOps and Security at . He is now bringing learning into the digital age as an Engineering Lead and Site Reliability Engineer at . Ryan's aptly-named blog, , is where he writes about ideas longer than .