A year after Snowden, the real costs of NSA surveillance

Editor’s Note: Danielle Kehl is a policy analyst at New America Foundation’s Open Technology Institute. Kevin Bankston is OTI’s policy director. The opinions expressed in this commentary are solely those of the author.

Story highlights

It's been a year since Edward Snowden's disclosures about NSA spying

Danielle Kehl, Kevin Bankston: NSA programs hurt U.S. economic interests and policies

They say the agency has also deliberately weakened Internet security and standards

Kehl, Bankston: We need a firm commitment from U.S. government to reform the NSA

CNN  — 

It’s time to reset the post-Edward Snowden debate.

On the first anniversary of the first published leaks about the National Security Agency’s far-reaching surveillance programs, the discussions remain focused on the tradeoffs between individual privacy and U.S. security.

Despite government officials’ attempts to justify the value of NSA programs, experts have pointed out that the vast surveillance apparatus is not effective at protecting Americans from terrorism.

In fact, there’s compelling evidence that NSA activities are hurting the United States. They threaten our economic interests, undermine our foreign policy objectives and damage the security of the global Internet.

Danielle Kehl

In less than a year, American companies such as Cisco and IBM reported declining sales overseas and lost business opportunities. Foreign companies are turning U.S. surveillance into a competitive advantage. For example, Deutsche Telekom has marketed “e-mail made in Germany” as a secure alternative after the NSA leaks.

Kevin Bankston

Meanwhile, the cloud computing industry is projected to lose between $25 billion and $180 billion in the next three to five years as customers become increasingly concerned about where their private data is stored. And proposals by Germany and India that would require data on their citizens be stored locally could compound U.S. business losses.

NSA’s surveillance programs have also impacted U.S. foreign policy goals and hurt our relations with strategic allies, as we’ve found in preparing for an upcoming report on the topic.

The credibility of the Internet Freedom agenda, a major initiative launched by Secretary of State Hillary Clinton in 2010, has been sapped. Russia and China, which have sought to exert greater control over the Internet for many years, are growing more skeptical of the American role in governance of the Internet.

German Chancellor Angela Merkel was enraged to discover that the NSA had listened to calls on her personal cell phone, creating tension between the United States and Germany as the two must work together on issues such as the Ukraine crisis. Brazilian President Dilma Rousseff became the first world leader to turn down a state dinner with the President of the United States.

Moreover, the disclosures exposed various ways the NSA has actively undermined Internet security in the past decade.

Under the guise of providing technical expertise, the agency deliberately weakened international encryption standards adopted by the National Institute for Standards and Technology. Encryption forms the basis for trust on the Internet, and developers in the United States and around the world rely on the institute’s technical standards to build secure products.

Additionally, the NSA quietly asked individual companies to insert backdoors into their products to facilitate spying and covertly stockpiled information about security vulnerabilities that NSA hackers discovered in commercial products, rather than responsibly notifying vendors so they could patch their products.

The NSA has even carried out offensive hacking operations such as spoofing Facebook and LinkedIn to perform “man-in-the-middle” attacks to insert malware onto targets’ devices.

The Obama administration has undertaken modest steps to mitigate the damage caused by the NSA and begin the slow, difficult process of rebuilding trust in the United States as a responsible steward of modern communications networks.

In January, President Barack Obama issued Presidential Policy Directive 28, which placed some limitations on authorities to collect signals intelligence. In May, the House of Representatives passed the USA FREEDOM Act, which is quite watered down but could still bring about limited reform to the bulk collection program. The National Institute of Standards and Technology convened a group of outside experts to review its cryptographic standards and guidelines, and there are proposals to remove the statutory requirement that it consult with the NSA on certain standards.

These proposals are narrow in scope. Further reforms must be broader.

In the coming months, lawmakers must continue to strengthen protections against data collection on Americans and foreigners, here and abroad. The government must also recommit to the Internet Freedom agenda and move toward robust international standards on surveillance that are grounded in human rights.

Finally, more transparency is needed.

Last fall, a coalition of major Internet companies joined privacy experts and public interest advocates in calling for far greater corporate and government transparency, asking that they be allowed to release more detailed information about the quantity, nature and scope of requests they receive from intelligence officials. The unlikely partnerships that have sprung up in the past year between of some of Internet’s biggest rivals speak to the seriousness of the threats to their collective business interests.

While the initial shock of NSA surveillance may have faded a bit, the deeper concerns are not going away any time soon. That’s why we need a firm commitment to reforms that go above and beyond the provisions of the House’s USA FREEDOM Act.

Companies need to be able to inform consumers around the world in much greater detail about the scope and impact of the NSA’s surveillance programs – an important step to stopping businesses and individuals from permanently turning away from the United States to escape the surveillance dragnet.

Follow us on Twitter @CNNOpinion.

Join us on Facebook/CNNOpinion.