NSA PRISM Negative – Table of Contents
advertisement
NSA PRISM Negative RIUDL Varsity Division NSA PRISM Negative – Table of Contents Summary.............................................................................................................................................. 2 Glossary............................................................................................................................................... 3 Harms Answers No Harms – Cloud Computing Insignificant .......................................................................................... 4 No Harms – Existing Oversight ............................................................................................................. 5 No Harms – NSA Surveillance Insignificant .......................................................................................... 6 No Harms – Obama’s Policy Solves ..................................................................................................... 7 No Harms – XO 12333 Has Safeguards ............................................................................................... 8 Solvency Answers No Solvency – 702 Reform Does Not Address Perception ................................................................... 9 No Solvency – Circumvention ............................................................................................................. 10 Solvency Turn – Domestic Only .......................................................................................................... 11 1|Page NSA PRISM Negative RIUDL Varsity Division Summary The NSA PRISM Negative position responds to the arguments made by the Affirmative team in support of its plan to eliminate certain loopholes by requiring domestic surveillance to only occur under the guidelines of section 702 of the FISA Amendments Act. The Negative position attacks the Affirmative position in a few ways. The Negative position discusses the problems highlighted by the Affirmative team and either denies that they exist or denies that they are as severe as the Affirmative team claims. The evidence asserts that impacts of cloud computing on U.S. technological leadership are overblown, and it extends that assertion by saying that the impact of the NSA surveillance doesn’t even undermine cloud computing on a large scale. The Negative team also suggests that existing oversight already is in place to reduce and prevent NSA abuse of current policies. Furthermore, the Obama Administration has taken steps using Executive Orders and public statements to increase government oversight of its own domestic surveillance and has promised that the scope of surveillance will continue to become more limited. The Negative evidence also allows for a team to attack the way in which the plan solves the problems highlighted by the Affirmative team. Evidence of this type explains that the fundamental mistrust about U.S. surveillance in the international community is of the PRISM program and the NSA. Simply enacting regulations to restrict the NSA will not remove a fundamental distrust of the agency or its intentions. It is clear both internationally and domestically that the NSA has intentionally circumvented regulations and exploited loopholes before and that they would not hesitate to do so again. Lastly, the evidence explains that focusing only on fixing domestic surveillance loopholes would still leave perceptions of foreign abuse unaddressed. 2|Page NSA PRISM Negative RIUDL Varsity Division Glossary Authoritarianism – The indefinite political rule of the ruler or ruling party (often in a single-party state) or other authority. Cloud-Computing – The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. Data Localization – A government’s requirement that foreign companies store domestic citizens’ data within the country’s borders. EO 12333 – Executive Order 12333 – Signed on December 4, 1981 by U.S. President Ronald Reagan, extends powers and responsibilities of U.S. intelligence agencies and directs the leaders of U.S. federal agencies to co-operate fully with CIA requests for information. The document has been employed by the National Security Agency as legal authorization for its secret systematic collection of unencrypted information flowing through the data centers of internet communications giants Google and Yahoo! Hegemony – The political, economic, or military predominance or control of one state over others. It can be argued that the United States is the global hegemon, and dominants all other states. Internet Freedom Agenda – A foreign policy priority for the United States, that focuses on preserving open Internet across the world, as well as promoting the deployment of broadband communications across the world, free of government censorship National Security Agency – An intelligence organization of the United States government, responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes – a discipline known as signals intelligence (SIGINT). PRISM – A secret surveillance program under which the United States National Security Agency (NSA) collects internet communications from at least nine major US internet companies. Since 2001 the United States government has increased its scope for such surveillance, and so this program was launched in 2007. Section 702 – Part of the FISA Amendments Act of 2008 that permits the Attorney General and the Director of National Intelligence to jointly authorize targeting of persons reasonably believed to be located outside the United States, but is limited to targeting non-U.S. persons. Once authorized, such acquisitions may last for periods of up to one year. Section 702 authorizes foreign surveillance programs by the National Security Agency like PRISM and some earlier data collection activities which were previously authorized under the President's Surveillance Program from 2001. FISA – Foreign Intelligence Surveillance Act of 1978 – A United States federal law which prescribes procedures for the physical and electronic surveillance and collection of "foreign intelligence information" between "foreign powers" and "agents of foreign powers" (which may include American citizens and permanent residents suspected of espionage or terrorism). It has been repeatedly amended since the September 11 attacks. 3|Page NSA PRISM Negative RIUDL Varsity Division No Harms – Cloud Computing Insignificant [___] [___] Their cloud computing impacts are overblown. There’s no way that loss of cloud computing would destroy technological competitiveness. Weise, 2015 (Elizabeth, “PRISM revelations didn't hit U.S. cloud computing as hard as expected” 4/7, http://americasmarkets.usatoday.com/2015/04/07/prism-revelations-didnt-hit-u-s-cloud-computing-ashard-as-expected/) When Edward Snowden revealed the extent of the U.S. National Security Agency’s PRISM spying program, there were concerns that American cloud, hosting and outsourcing businesses would lose customers running to non-U.S.-based companies safe from NSA’s prying eyes. “The assertion was that this would be a death blow to U.S. firms trying to operating in Europe and Asia,” said Forrester Research analyst Ed Ferrara. But two recent reports from Forrester find it was less catastrophic than expected. That’s good news for companies like Box (BOX), DropBox and others that make their money by selling U.S.-based data storage. Forrester had originally predicted U.S. companies could lose as much as $180 billion in sales. Instead, just 29% of technology decision-makers in Asia, Canada, Europe and Latin America halted or reduced spending with U.S.-based firms offering Internet-based services due to the PRISM scandal, Forrester’s Business Technographics Global Infrastructure Survey for 2014 found “It’s a relatively small amount of data,” Ferrara said. That’s because most of the companies didn’t need to move all their data, much of which was stored inhouse. Instead, only 33% of the data held by that 29% of companies was at a third-party data center or in a cloud system. Forrester believes the overall loss to U.S. cloud providers for 2015 will be about $15 billion and in 2016, $12 billion, a far cry from projections that were ten times that a year ago. Forrester also found that companies are looking at other ways to protect the integrity of their data, not just from the NSA but also from surveillance by other nations. Chief among them was encryption. Eighty-four percent of the companies said they’re using various encryption methods to protect sensitive material. The survey’s definition of cloud providers is broad, and includes both platform as a service, infrastructure as a service and software as a service companies, said Ferrara. 4|Page NSA PRISM Negative RIUDL Varsity Division No Harms – Existing Oversight [___] Existing oversight checks NSA overreach. Cordero, 2014 (Carrie F. Cordero is the Director of National Security Studies at Georgetown University Law Center (“Fear vs. Facts: Exploring the Rules the NSA Operates Under” 6/13, http://www.catounbound.org/2014/06/13/carrie-f-cordero/fear-vs-facts-exploring-rules-nsa-operates-under) So how do we know that this system of approvals is followed? Is the oversight over NSA’s activities meaningful, or “decorative,” as Sanchez suggests? It is worth exploring. Here is how oversight of the Section 702 surveillance works, as one example, since it has been the subject of a significant part of the debate of the past year. Section 702 was added to FISA by the FISA Amendments Act of 2008. It authorizes the NSA to acquire the communications, for foreign intelligence purposes, of non-U.S. persons reasonably believed to be outside the United States. These are persons with no Constitutional protections, and yet, because the acquisition requires the assistance of a U.S. electronic communications provider, there is an extensive approval and oversight process. There is a statutory framework. Specifically, the Attorney General and Director of National Intelligence jointly approve certifications. According to declassified documents, the certifications are topical, meaning, the way the statute is being implemented, the certifications are not so specific that they identify individual targets; but they are not so broad that they cover any and everything that might be foreign intelligence information. The certifications are filed with the FISC, along with targeting and minimization procedures. Targeting procedures are the rules by which NSA selects valid foreign intelligence targets for collection. Minimization procedures are rules by which NSA handles information concerning U.S. persons. The FISC has to approve these procedures. If it does not approve them, the government has to fix them. The Court reviews these procedures and processes annually. The Court can request a hearing with government witnesses (like senior intelligence officials, even the NSA Director, if the judge wanted or needed to hear from him personally) or additional information in order to aid in its decision-making process. Information about the 702 certifications is reported to the Congressional intelligence committees. Once the certifications are in effect, attorneys from the Department of Justice’s (DOJ) National Security Division and attorneys and civil liberties officials from the Office of the Director of National Intelligence (ODNI) review the NSA’s targeting decisions and compliance with the rules. They conduct reviews at least every 90 days. During that 90-day period, oversight personnel are in contact with NSA operational and compliance personnel. Compliance incidents can be discovered in one of at least two ways: the NSA can selfreport them, which it does; or the DOJ and ODNI oversight personnel may discover them on their own. Sometimes the NSA does not report a compliance incident in the required timeframe. Then the time lag in reporting may become an additional compliance incident. The DOJ and ODNI compliance teams write up semi-annual reports describing the results of their reviews. The reports are approved by the Attorney General and Director of National Intelligence and provided to the FISC and to Congress. According to the one report that has been declassified so far, in August 2013, for a sixmonth period in 2012, the rate of error for the NSA’s compliance under Section 702 collection was .49% - less than half of one percent. If we subtract the compliance incidents that were actually delays in reporting, then the noncompliance rate falls to between .15-.25% - less than one quarter of one percent. Hardly an agency run amok. 5|Page NSA PRISM Negative RIUDL Varsity Division No Harms – NSA Surveillance Insignificant [___] [___] They have no access to the internal links for technological leadership. NSA surveillance doesn’t undermine cloud computing. Henderson, 2015 (Nicole, “Impact of NSA Surveillance on US Cloud Providers Not as Bad as We Thought: Forrester” 4/9, http://www.thewhir.com/web-hosting-news/impact-nsa-surveillance-us-cloud-providers-not-badthought-forrester) It’s been two years since Edward Snowden leaked details of the NSA’s PRISM surveillance program, and although analysts predicted an exodus from US-based cloud and hosting services in response to the revelations, it hasn’t exactly worked out that way, a new report finds. Forrester released a new report last week that suggests concerns around international customers severing ties with US-based hosting and cloud companies “were overblown.” “Lost revenue from spending on cloud services and platforms comes to just over $500 million between 2014 and 2016. While significant, these impacts are far less than speculated, as more companies reported taking control of security and encryption instead of walking away from US providers,” Forrester’s principal analyst serving security and risk professionals Edward Ferrara said in a blog post. Snowden recently told a crowd of cloud and hosting providers that use of encryption is growing, and encrypted traffic has doubled since 2013. In 2013, Forrester predicted that US cloud providers cloud lose up to $180 billion in business by 2016 due to concerns around the scope of NSA’s PRISM program. According to NextGov, Forrester finds that 26 percent of enterprises based in Asia Pacific, Canada, Europe and Latin America have stopped or reduced their spending with US-based firms for Internet-based services. Thirty-four percent said these concerns were related to fears of US surveillance, while others said they want to support businesses in their own country, or data sovereignty rules prevent them from storing data abroad. Forrester surveyed more than 3,000 businesses between June and July 2014. More than half of respondents said that they did not trust US-based outsourcers to handle sensitive information, with only 8 percent reporting to trust their company’s intellectual property with a US-based outsourced company. Ninety-percent of decisionmakers have taken steps to encrypt their data, according to the report. 6|Page NSA PRISM Negative RIUDL Varsity Division No Harms – Obama’s Policy Solves [___] [___] Obama has promised the global audience that US surveillance will have oversight and be limited in scope. Margulies, 2014 (Professor of Law, Roger Williams University School of Law (“CITIZENSHIP, IMMIGRATION, AND NATIONAL SECURITY AFTER 9/11: THE NSA IN GLOBAL PERSPECTIVE: SURVEILLANCE, HUMAN RIGHTS, AND INTERNATIONAL COUNTERTERRORISM” 82 Fordham L. Rev. 2137, April, lexis) Under section 702, "foreign intelligence information" that the government may acquire includes a number of grounds related to national security, such as information relating to an "actual or potential attack" or "other grave hostile acts of a foreign power or an agent of a foreign power." n18 It also includes information relating to possible sabotage n19 and clandestine foreign "intelligence activities." n20 Another prong of the definition appears to sweep more broadly, including information relating to "the conduct of the foreign affairs of the United States." n21 Despite the greater breadth of this provision, President Obama informed a domestic and global audience that U.S. intelligence agencies seek a narrow range of information centering on the national security and foreign intelligence concerns described above. n22 While the U.S. intelligence agencies acquire a substantial amount of data that does not fit under these rubrics, the president's speech confirmed that U.S. analysts do not rummage through such data randomly or for invidious purposes. n23 A scatter-shot approach of this kind would be unethical, illegal, and ineffective. Instead, NSA officials query communications using specific "identifiers" such as phone numbers and email addresses that officials reasonably believe are used by non-U.S. persons abroad to communicate foreign intelligence information. n24 The government must also have in place minimization procedures to limit the acquisition, retention, and dissemination of nonpublic information about U.S. persons. n25 The NSA deletes all irrelevant content, including content from non-U.S. persons, after five years. n26 7|Page NSA PRISM Negative RIUDL Varsity Division No Harms – XO 12333 Has Safeguards [___] [___] Obama’s Executive Order 12333 provides international safeguards against abuse. Margulies, 2014 (Professor of Law, Roger Williams University School of Law (“CITIZENSHIP, IMMIGRATION, AND NATIONAL SECURITY AFTER 9/11: THE NSA IN GLOBAL PERSPECTIVE: SURVEILLANCE, HUMAN RIGHTS, AND INTERNATIONAL COUNTERTERRORISM” 82 Fordham L. Rev. 2137, April, lexis) In acknowledging the "legitimate privacy interests" of both U.S. and non-U.S. persons, President Obama affirmed the U.S. commitment to core principles in January 2014. n27 First, he narrowed the operating definition of [*2142] foreign intelligence information, limiting it to "information relating to the capabilities, intentions, or activities of foreign governments or elements thereof, foreign organizations, foreign persons, or international terrorists." n28 In addition, he asserted that the NSA would engage in bulk collection of communications for purposes of "detecting and countering" terrorism, espionage, nuclear proliferation, threats to U.S. forces, and financial crimes, including evasion of duly enacted sanctions. n29 Addressing anticipated concerns that these limits still left the NSA with too much discretion, President Obama declared what the United States would not do. First, it would not collect communications content "for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion." n30 Second, it would disseminate and store information regarding any person based on criteria in section 2.3 of Executive Order 12,333 n31: cases involving "foreign intelligence or counterintelligence," public safety, or ascertainment of a potential intelligence source's credibility. n32 Of course, President Obama's speech did not quell the complaints of NSA critics. One could argue that even the description the president provided has legal flaws under domestic and/or international law. One can also argue that the president's policy directive, statutory provisions, and case law cannot wholly eliminate the possibility of systemic or individual abuse of NSA authority. That said, there are compelling reasons for treating the president's speech and directive as an authoritative and binding statement of U.S. policy. The most compelling reason may be the simplest: no American president has ever been so forthright on the subject of intelligence collection, and few heads of state around the globe have ventured down the path that President Obama chose. n33 That alone counsels treating President Obama's guidance as more than "cheap talk." 8|Page NSA PRISM Negative RIUDL Varsity Division No Solvency – 702 Reform Does Not Address Perception [___] Section 702 limit doesn’t resolve perception—the fundamental issue is fear of PRISM. Granick, 2013 (Civil liberties director for the Center for Internet and Society at Stanford Law School (Jennifer, “REFORMING FISA: A CRITICAL LOOK AT THE WYDEN/UDALL PROPOSAL AND FOREIGN SURVEILLANCE” 9/30, http://cyberlaw.stanford.edu/publications/reforming-fisa-critical-lookwydenudall-proposal-and-foreign-surveillance) Place stronger statutory limits on the use of unlawfully collected information. These are critical reforms. I would like to see the bill further include a higher standard of care with regards to ensuring that people inside the U.S. are not targeted. As Professor Christopher Sprigman and I argued in the New York Times, PRISM is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” In other words, 49 percent of the time the NSA may be acquiring information it is not allowed to have, even under the terrifyingly broad auspices of the FAA. More fundamentally, though, the Wyden/Udall bill does not fully address a fundamental problem with the FAA, which is that it authorizes surveillance of average citizens of other countries for reasons that are not necessarily related to the security of the United States. Senator Udall acknowledged in the press conference announcing the bill (at 30:17) that the NSA’s unfettered spying has had and will continue to have an adverse economic effect on U.S.-based businesses, and that this is one of the motivations behind the bill. Prohibiting “about the target” collection is one giant step forward. That would mean that non-targets outside the U.S. could not be subject to surveillance under this law just because they talk about a target, unless their conversation is related to terrorism. Depending on the details of the targeting and minimization procedures, if my British friend in London and I email about our dismay over the Kenya attacks, that would be fair game, but our conversation about the policies of Brazilian President Dilma Roussef would be off limits. However, targets still need not be agents of foreign powers so long as a significant purpose of the collection is foreign intelligence. Foreign intelligence is broad, and includes any information that “relates to” the conduct of U.S. foreign affairs. For example, DNI James Clapper affirmed that the U.S. collects information about economic and financial matters to “provide the United States and our allies early warning of international financial crises which could negatively impact the global economy … or to provide insight into other countries’ economic policy or behavior which could affect global markets.” Monitoring economic and financial matters is in the United States’ national interest. However, routine eavesdropping upon common foreigners to discover information about these matters is a bad idea. First, foreigners have privacy rights, too. Freedom from arbitrary interference with one’s privacy is part of the Universal Declaration of Human Rights. Next, this monitoring is detrimental to U.S. companies and to the United States’ long-term interests in promoting democratic ideals. As Sprigman and I argue, although it may be legal, unfettered U.S. spying on foreigners will cause serious collateral damage to America’s technology companies, to our Internet-fueled economy, and to human rights and democracy the world over. Since our Atlantic article on June 28th, and the disclosure that the NSA targeted both Petrobras and President Dilma Roussef, Brazil has announced that it will look into requiring Internet companies to store its citizens’ data locally, and take other steps that threaten to balkanize the global Internet. When Brazil takes these steps, it gives comfort and cover to authoritarian countries who will do the same, so that they can better censor, spy on, and control Internet access within their own borders. 9|Page NSA PRISM Negative RIUDL Varsity Division No Solvency – Circumvention [___] [___] Circumvention of the plan is inevitable. The NSA will do what it can to continue spying. Redmond, 2014 (J.D. Candidate, 2015, Fordham University School of Law (Valerie, “I Spy with My Not So Little Eye: A Comparison of Surveillance Law in the United States and New Zealand” FORDHAM INTERNATIONAL LAW JOURNAL [Vol. 37:733 In the United States, the current state of surveillance law is a product of FISA, its amendments, and its strictures. An evaluation of US surveillance law proves that inherent loopholes undercut FISA’s protections, which allows the US Government to circumvent privacy protections.182 The main problems are the insufficient definition of surveillance, the ability to spy on agents of foreign powers, the lack of protection against third party surveillance, and the ability to collect incidental information.183 First, a significant loophole arises in the interpretation of the term “surveillance.”184 In order for information collection to be regulated by FISA, it must fall under FISA’s definition of surveillance.185 This definition does not apply to certain National Security Letters, which are secret authorizations for the Federal Bureau of Investigation (“FBI”) to obtain records from telephone companies, credit agencies, and other organizations if they merely certify that the information is relevant to an international terrorism investigation.186 National Security Letters are regularly used to circumvent FISA’s warrant procedures.187 Additionally, FISA’s definition of surveillance is antiquated because it distinguishes between data acquired inside of the United States and outside of the United States.188 This distinction allows the NSA to process surveillance that is received from other countries irrespective of whether the target is a US citizen.189 Therefore, the NSA is unrestrained when a communication is not physically intercepted within the United States.190 Second, an issue arises when US citizens are construed to be agents of foreign powers under FISA because a warrant can be issued to engage in surveillance against them.191 According to FISA’s procedures, the only way to spy on a US citizen is when they can be considered to be an agent of a foreign power, or engaged in information gathering, aiding, or abetting a foreign power.192 However, this limitation does not result in total privacy protection because it only requires probable cause that a person is an agent of a foreign power, not that a crime is being committed.193 The effect of this ability is that the US Government can conduct surveillance on a US citizen with no ties to terrorism such as a suburban mother telling her friend that her son “bombed” a school play.194 Furthermore, FISA is limited to protecting against surveillance by the US Government; it does not create a reasonable expectation of privacy for individuals from surveillance by a third party.195 This rule is exploited by the United States’ participation in Echelon.196 Because US law generally does not regulate information sharing, the United States essentially violates the privacy rights of US citizens by accepting information from foreign intelligence agencies about potential threats involving US citizens.197 Thus, the lack of privacy rights when US citizens are spied on by agencies outside of the United States creates a loophole for spying on US citizens without the government restrictions created by existing law.198 10 | P a g e NSA PRISM Negative RIUDL Varsity Division Solvency Turn – Domestic Only 1. The domestic-only limitation of the plan wrecks any chance of solvency. Kehl, 2014 (Policy Analyst at New America’s Open Technology Institute (Danielle, “Surveillance Costs: The NSA’s Impact on the Economy, Internet Freedom & Cybersecurity” July, https://www.newamerica.org/oti/surveillance-costs-the-nsas-impact-on-the-economy-internetfreedom-cybersecurity/) The U.S. government has already taken some limited steps to mitigate this damage and begin the slow, difficult process of rebuilding trust in the United States as a responsible steward of the Internet. But the reform efforts to date have been relatively narrow, focusing primarily on the surveillance programs’ impact on the rights of U.S. citizens. Based on our findings, we recommend that the U.S. government take the following steps to address the broader concern that the NSA’s programs are impacting our economy, our foreign relations, and our cybersecurity: 1. Strengthen privacy protections for both Americans and non-Americans, within the United States and extraterritorially. 2. Provide for increased transparency around government surveillance, both from the government and companies. 3. Recommit to the Internet Freedom agenda in a way that directly addresses issues raised by NSA surveillance, including moving toward international human-rights based standards on surveillance. 4. Begin the process of restoring trust in cryptography standards through the National Institute of Standards and Technology. 5. Ensure that the U.S. government does not undermine cybersecurity by inserting surveillance backdoors into hardware or software products. 6. Help to eliminate security vulnerabilities in software, rather than stockpile them. 7. Develop clear policies about whether, when, and under what legal standards it is permissible for the government to secretly install malware on a computer or in a network. 8. Separate the offensive and defensive functions of the NSA in order to minimize conflicts of interest. 2. And it turns the case. The domestic-only stipulation expands perceptions of foreign abuse. Chandler and Le, 2015 (Director, California International Law Center, Professor of Law and Martin Luther King, Jr. Hall Research Scholar, University of California, Davis; A.B., Harvard College; J.D., Yale Law School AND **Free Speech and Technology Fellow, California International Law Center; A.B., Yale College; J.D., University of California, Davis School of Law (Anupam and Uyen, “DATA NATIONALISM” 64 Emory L.J. 677, lexis) First, the United States, like many countries, concentrates much of its surveillance efforts abroad. Indeed, the Foreign Intelligence Surveillance Act is focused on gathering information overseas, limiting data gathering largely only when it implicates U.S. persons. n174 The recent NSA surveillance disclosures have revealed extensive foreign operations. n175 Indeed, constraints on domestic operations may well have spurred the NSA to expand operations abroad. As the Washington Post reports, "Intercepting communications overseas has clear advantages for the NSA, with looser restrictions and less oversight." n176 Deterred by a 2011 ruling by the Foreign Intelligence Surveillance Court barring certain broad domestic surveillance of Internet and telephone traffic, n177 the NSA may have increasingly turned its attention overseas. 11 | P a g e
