Why Kaspersky was right to reveal NSA secrets
Corporations folded as soon as the U.S. government came calling with little more than a one-page court-order in hand. They willingly turned over millions of bits of information about their foreign customers, most of them having at most a tiny connection to the nexus of intelligence that might be valuable to policy-makers.
Until Article II of the Constitution is amended away, Americans declare themselves citizens of the world, or the real and direct threats from nuclear proliferation, transnational crime cartels, and terrorism recede, the U.S. won't unilaterally dismantle its global surveillance leviathan. That's a fact Americans should, on balance, accept.
Still, the disclosures by Edward Snowden demonstrated even to the NSA's defenders that the agency boxed above its weight, ignoring or minimizing the political and diplomatic ramifications of its actions, often because the president and policy-makers didn't know which questions to ask, and, indeed, didn't even know to ask questions.
If anyone figures out the right way to integrate democratic, humanist values with intelligence collection, they deserve a Nobel prize. It's an excruciatingly hard problem.
The Kapersky Lab's disclosure provides a paradigm for pushing back. In a report published Monday, the Russia security software company said it had discovered that a government entity, most likely the NSA, had implanted intelligence collection sensors inside the hard drives of virtually every type of popular computer on earth. The implants they found inside the coding for the firmware itself, akin to manipulating DNA instructions on the molecular level.
This means that the NSA likely had help from the corporations that build the hard drives and USB devices in question, because they'd have no access to the source code otherwise, according to Reuters. It opens up the possibility that the NSA used an American company's cooperation with a foreign company on projects as an invitation to steal the American company's proprietary information, too, even though U.S. law explicitly prohibits this type of covert operation.
We've seen corporations, until very recently, roll over when the NSA comes calling. They were afraid of legal sanctions. They were afraid of being labeled as anti-patriotic. They were afraid of exposure to lawsuits. Internet providers like Yahoo and Microsoft didn't challenge government surveillance orders until after parts of the the programs themselves were exposed.
Big corporations aren't often a vehicle for holding powerful interests accountable — but on the NSA, they can. Kapersky's research shows what happens when corporations don't roll over. Only corporations have the resources to fight back against surveillance orders they think might be overly broad. They have the money, the lawyers, the ability to marshal public support. And Kapersky's disclosures show us that they have the technical expertise, too, to bring to the fore the secrets that the government will prosecute its employees for disclosing.
Kapersky's work also gives companies and individuals some suggestions for how to rid themselves of the malware. They've effectively provided a check on the NSA's power. I don't doubt, based on Kapersky's own analysis, that the computers and systems targeted here help the U.S. government learn more about the intentions of Russia, Iran, Iraq, Pakistan and China, or that the number of computers with deep infections was (or is) small and limited to people who could reasonably be expected to provide intelligence value. The NSA isn't stupid, and there are many reasons to think that the intel is very valuable.
But this type of non-sanctioned check on government power is just very important. It helps remind the NSA leviathan why it needs to be careful, and more tailored, in how it exercises its authorities and uses its technology. It is informal, not formal, and that makes it more satisfying, more enduring even, than any legislation Congress produces.