When Edward Snowden leaked classified information about U.S. government mass surveillance seven years ago, the former National Security Agency contractor sparked intense debate about — and reform of — many surveillance policies. Those conversations around reforming government surveillance practices have been especially important for journalists. As the Reporters Committee has previously argued, national security surveillance can chill or compromise newsgathering.
Current discussions about proposed legislation that would prevent companies from using the strongest forms of encryption, such as the EARN IT Act, have resurfaced many concerns about government surveillance. But learning how NSA policies have changed is almost as hard as it was before Snowden’s revelations, lawmakers are finding.
The NSA is resisting congressional efforts, led by Sen. Ron Wyden (D-Ore.), to improve transparency around its policies regarding the introduction of back doors into commercial products. In response to these inquiries, NSA official Anne Neuberger told Reuters, “We don’t share specific processes and procedures.” But the broad strokes of post-Snowden policies on other issues have been released, including the White House-initiated Vulnerability Equities Process, which governs the process by which government agencies decide whether to reveal or keep for national security surveillance purposes vulnerabilities in information systems and technologies.
Reuters reports that three former senior intelligence agency officials have said that the new NSA backdoor process requires them to “weigh the potential fallout” and to arrange for some kind of warning to the company if the back door is discovered by adversarial actors.
Backdoor access to devices matters to journalists who rely on commercial products to communicate with sources domestically and overseas — especially when these back doors are in commercial encryption products that journalists use to offer sources greater protection. Documents released by Snowden revealed that the NSA worked with the Commerce Department to get a certain encryption standard accepted as the global default — in part because the agency knew how to break it and access encrypted data.
In a highly publicized incident, Juniper Networks, a network management company, discovered that an outside actor had changed the encryption key to the NSA-designed algorithm its products incorporated. In July, Sens. Wyden, Mike Lee (R-Utah) and Cory Booker (D-N.J.), along with 13 House members, sent a letter to Juniper Networks, asking the company to reveal the results of its internal investigation. The company’s response has not yet been made public.
The Technology and Press Freedom Project at the Reporters Committee for Freedom of the Press uses integrated advocacy — combining the law, policy analysis, and public education — to defend and promote press rights on issues at the intersection of technology and press freedom, such as reporter-source confidentiality protections, electronic surveillance law and policy, and content regulation online and in other media. TPFP is directed by Reporters Committee attorney Gabe Rottman. He works with Stanton Foundation National Security/Free Press Legal Fellow Grayson Clary and Technology and Press Freedom Project Legal Fellow Mailyn Fidler.