This article is part of a limited-run newsletter. You can sign up here.
Today, the Privacy Project published a long and mostly terrifying Op-Ed by Glenn S. Gerstell, the general counsel for the National Security Agency. The piece outlines the “future of war” from the perspective of one of the blackest boxes in the intelligence community: the challenges and far-reaching implications for privacy, and surveillance and society.
I thought I’d pick through some of the most interesting and unsettling observations for those of you who never want to sleep again but are too crunched for time to read 6,000 words. Rather than taking Gerstell’s words as gospel, I think the piece is important as a public documentation of how the intelligence apparatus is framing arguments (publicly, at least) about everything from the size of government surveillance to China to Big Tech to endless cyberwar.
The N.S.A. Would Like More Money, Please
Gerstell’s Op-Ed is basically a notebook dump of nightmare scenarios, brought to you by the actual eyes in the sky. There are phrases like “the unprecedented scale and pace of technological change will outstrip our ability to effectively adapt to it.” And “the digital revolution has the potential for a pernicious effect on the very legitimacy and thus stability of our governmental and societal structures.” Sleep tight!
He argues that the piece “is not in the spirit of forecasting doom, but rather to sound an alarm.” Translated: Congress, wake up. Pay attention. We’ve seen the future and it is a sweaty, pulsing cyber night terror. So please give us money (the word “money” doesn’t appear in the text, but the word “resources” appears eight times and “investment” shows up 11 times).
How much money? Gerstell never says outright but the hints suggest it’s mind-boggling:
The roughly $60 billion our nation spends annually on the intelligence community might have to be significantly increased during a time of intense competition over the federal budget. Even if the amount is indeed so increased, spending additional vast sums to meet the challenges in an effective way will be a daunting undertaking.
Again, this is the most helpful context through which to entertain Gerstell’s many arguments. Which isn’t to say they’re not credible or terrifying (see next section).
New Technology Is Scary as Hell
The future of cyberwar and instability Gerstell outlines is harrowing. And with the caveat that this is all a long sales pitch, sentences like “we will be in a world of ceaseless and pervasive cyberinsecurity and cyberconflict against nation-states, businesses and individuals” highlight how the next century’s challenges won’t look much like anything we’ve seen before. Basically: Welcome to an online forever war most of us can’t see. And that’s just what they’re admitting publicly.
Gerstell talks about needing to defend our artificial intelligence systems from “data poisoning,” which he defines as when “an adversary can feed misinformation to A.I. systems to corrupt or defeat them (such as deceiving a driverless car into ignoring a stop sign).” Fun.
We’ve barely scratched the surface when it comes to cyberwar. “The problem is that the 40-odd nation-states that today have offensive cybercapabilities will seem a quaint historic artifact when sophisticated tools for cybermischief are in the hands of not only every nation-state but also common criminals around the globe.” Yeah.
Then there’s quantum computers, which will render previous methods of encryption obsolete. Gerstell argues the existence of such computers will fundamentally tilt the balance of geopolitical power toward the nation that cracks the technology first. And he writes that “it seems more likely than not that before the middle of this century either China or the United States will do so”).
Gerstell explains the quantum computing race as essentially the United States versus China. And his description is intense.
China’s publicly announced 2030 goal is to develop a high-performing quantum computer, which should have that decryption ability. Imagine the havoc that could create. Imagine the overwhelming leverage that the winner would have — such a decryption ability could render the military capabilities of the loser almost irrelevant and its economy overturned.
I’ll add yet another caveat that this warning is coming from a government official working for one of the country’s premier intelligence agencies and should be weighted accordingly. Nonetheless, the quantum computing implications have been described elsewhere as apocalyptic. And so it’s in that context that I highlight this quote:
The analogy of the postwar world in which there was only one nuclear power hints at the type of unilateral dominance that might be possible for the quantum computing victor — but it is not apt here. Even with a nuclear monopoly, there were very real limits on utilizing that capability. But not so with the unilateral capability to decrypt — and thus to understand and perhaps to interfere with or destroy — the entire digital existence of an adversary country.
The N.S.A. Sees Big Tech as Both a Rival and … uh … a Partner
It’s not every day you see an N.S.A. official suggest that Big Tech might be as powerful as the surveillance state. And yet (emphasis mine):
First, the government no longer possesses the lead in complex technology, at least in many areas relevant to national security. Arguably, the most powerful computing and sophisticated algorithm development now occurs not in the Pentagon or the N.S.A. but in university research labs and in the Googles and Amazons of the commercial world. (To be sure, the government still maintains its superiority in important areas ranging from nuclear energy to cryptography.)
Of course, it makes sense that the N.S.A. would want to both publicly downplay its own capabilities and also flatter companies it would like to work with to increase its surveillance and tradecraft capabilities (who remembers PRISM?). Still, the acknowledgment that the bulk of the tech talent and sophistication is coming from Big Tech underscores the power of these companies. It’s also a bit ominous, given that in the past week Google and Facebook have become the subjects of big antitrust investigations.
And it’s not just Facebook, Google and Amazon. Gerstell’s whole argument is actually a pretty excellent and damning explanation of just how good the surveillance economy is at surveilling:
“The private sector will have many more times the quantity of data about individuals and commercial activity than governments could ever obtain. The larger antivirus vendors, with their sensors connected to their global corporate clients, already know more at any given moment about the state of networks around the world than does any government agency. Businesses in the services, retailing, industrial and other sectors will have more global sensors and applications detecting cybertraffic, collecting behavioral patterns, amassing personal data and so on, than even the most surveillance-oriented nation could ever hope to have.
And so, Gerstell argues that the private sector may have to fundamentally rethink how it interacts with the government.
National security agencies will need to defuse that frustration and find an effective path for collaboration with the private sector to mitigate cyberthreats. The only practical solution is for the private sector to assume a greater burden in this area, but with the active support of the national security agencies.
Again, it’s hard to even imagine what this would look like. Or how deeply concerning such collaboration might be for the privacy of American citizens. Equally concerning, Gerstell hints at the idea that perhaps the very legal definition of privacy between citizens and the government is evolving. Granted, both privacy advocates and data-hungry tech companies have suggested these definitions have grown complicated and fuzzy, but it’s jarring to hear the same admission from the N.S.A.:
Our notions of privacy have been rooted in the Fourth Amendment’s delineation of the federal government’s powers vis-à-vis the individual citizen. But what do our notions of privacy mean anymore when Amazon, Google, Apple, Microsoft, Facebook and so on already know so much about you? We now see increasing pressure in Congress to regulate in this area. To be sure, this article is not advocating any particular approach (much less suggesting greater surveillance powers), but it is hard to escape the conclusion that we will need to recalibrate the balance in this area of data privacy between the government and the private sector.
[If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]
Oh, About Democracy …
Gerstell’s final point is that technology, combined with our increasingly cluttered information ecosystem, may pose a fundamental threat to democracy as well as global alliances that will be necessary to ward off all the nightmares described above.
We all recognize this decentralizing and delegitimizing force, and there is no need to elaborate on it here. Worth appreciating in this context, however, is that governmental agencies with a national security mission are going to find it vastly more difficult to maintain the necessary trust, respect and support of a democratic populace in this environment — jeopardizing not only their ability to obtain resources from society but also in the end their very mission.
This last point is rather obvious, but it gets at something important: that the erosion of trust and rapidly spread disinformation muddying the waters will make all the other serious issues raised by Gerstell that much harder to combat. Whether you take his alarm-ringing with a grain of salt or are terrified by it, combating the future’s problems will require us to have, at the very least, a shared reality. And given the way things are trending (“A world in which effective deception in almost every venue and media outlet is possible,” he writes), that feels like a big ask.
Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.
General Data Protection Regulation personal data
Charlie Warzel, a New York Times Opinion writer at large, covers technology, media, politics and online extremism. He welcomes your tips and feedback: [email protected] | @cwarzel
Source: Read Full Article