5 Years After Snowden, Has Anything Changed?

Five years ago The Guardian published the first of what would be a bombshell series of stories about how the United States (and several other Western countries) were engaged in the mass surveillance of their own citizens, collecting millions upon millions of telephone and internet records.

It wasn't the first time the feds' saw some of their secret tech surveillance exposed—you may recall the revelation of AT&T's secret room 641A, for example—but now Americans got provided evidence of how far-reaching this surveillance was. It became very clear that the targets included all of us.

The name of the source behind the story was initially kept secret, but he soon revealed himself to be a government contractor named Edward Snowden.

Since then, Snowden has become a household name—even as he remains stuck in Russia, wanted on espionage charges in the United States. The Guardian and The Washington Post won Pullitzer prizes in 2014 for their reporting based on the documents Snowden provided.

Five years later, it's worth looking at the legacy of Snowden's revelations.

The Snooping Hasn't Really Stopped—But There Have Been Changes: Among the revelations that emerged from Snowden's leaks was how much of the surveillance was based on secret interpretations of federal laws. Section 215 of the PATRIOT Act allowed the Foreign Intelligence Surveillance Act (FISA) Court to grant the feds approval to secretly collect information from third parties during terrorism investigations. The Department of Justice turned out to have secretly interpreted this section of the law as an authorization to collect the metadata records of millions upon millions of Americans.

This interpretation was so far afield of the law's intent that Rep. Jim Sensenbrenner (R-Wis.), who crafted the PATRIOT Act, publicly denounced it. And released reports from the FISA Court indicated it sometimes was not fully aware of how extensive the federal data collection reached. Other courts subsequently ruled that this mass data collection was not authorized.

In 2015, Section 215 of the Patriot Act was set to sunset, and a pack of legislators—most famously Sen. Rand Paul (R-Ky.)—moved to block it from being renewed. They succeeded, and it was replaced by the USA Freedom Act.

The USA Freedom Act did not, unfortunately, eliminate mass metadata collection. But it did set up actual guidelines that required government investigators to use specific search terms when attempting to look at metadata in records collected by phone companies. The new law also called for annual reports that give Americans a sense of how much secret surveillance is happening. The reports are vague and incomplete, but they're more than we were getting previously.

Americans Learned What Metadata Is and Why It Mattered: When Snowden's leaks first started, President Barack Obama and many lawmakers insisted that "Nobody is reading your email." This became a mantra among those trying to downplay Snowden's revelations.

It was a deliberate attempt to distract from the reality that we were all leaving electronic fingerprints everywhere we went and every time we communicated with each other. The government was collecting all our metadata—information about where, when, and to whom we were communicating. They were collecting everything but the conversations themselves.

Back in the days of Ma Bell, we thought of "metadata" as simply information about who we were calling and for how long we were talking. These days we all keep huge chunks of information about our lives on our computers, tablets, and smartphones. Experiments have demonstrated that, based on just your metadata, observers can reconstruct a good part of your life and your relationships with others.

This realization about how much privacy we're losing via our metadata has played out as we worry about government track our social media use—and as we become more aware of the ways that police (and not just federal police) are trying to keep track of our behavior through such tools as license plate readers and facial recognition.

Efforts to Push Forward with Increased Tech Surveillance Get Pushback: Many citizens and even lawmakers aren't accepting the idea that every form of surveillance that the government demands is necessary. Some states have passed laws requiring police to get warrants in order to track cellphone location data. The question of whether this tracking violated the Fourth Amendment is now under review by the Supreme Court.

Senators have warned the Department of Homeland Security about using facial recognition software to scan Americans boarding international flights. In California, lawmakers are currently considering legislation requiring police to get permission from their local government before implementing new surveillance technologies.

But other officials keep pushing and pushing to implement more surveillance tech, even as the public resists. Immigration enforcers want access to the data the feds have collected. Officials want to use facial recognition systems when monitoring protests via drones, and to combine such systems with police body cameras. Police in Miami Beach are willing to cause massive traffic jams in order to scan everybody's license plates while searching people with warrants. New York Gov. Andrew Cuomo wants to use facial recognition tools on cashless toll roads to identify drivers.

There are stories every day about officials wanting to use technology for surveillance. While some of the news coverage may fall on deaf ears, Snowden's information has been valuable to help people grasp that whenever the government starts spying, the surveillance will probably be broader and deeper than they actually tell us.

New Encryption Fights Begin: Back in the 1990s, the feds fretted about encryption on personal computers. Their efforts back then to limit our access to encryptionfailed.

Fears of terrorism having given new life to that old fight against encryption. Officials want access to locked phones or other secured devices belonging to people who have allegedly committed crimes, but encryption makes it harder for law enforcement to get in.

For many officials, the public push has been to try to force tech companies to compromise data security by creating so-called "backdoors" that bypass tech encryption or to otherwise provide access on demand. In the wake of the terrorist attack in San Bernardino, California, the FBI had a court fight with Apple over its efforts to force the company to give it access to an iPhone in one terrorist's possession. While Apple resisted, the FBI managed to get access with the assistance of a third party. It turned out later that the FBI was deliberately looking for a fight to try to establish a precedent.

Privacy and technology experts have warned us over and over that compromising encryption means rendering all of us vulnerable to breaches from anybody who gets their hands on these encryption keys or figures out how to mimic these access mechanisms. Weakening encryption would make everyone susceptible not just to government snoops—ours or those working for malicious foreign governments—but to hackers with identity theft or other crimes in mind.

Many officials demanding an encryption bypass simply refuse to entertain the possibility that this would expose citizens to greater threats. Nor are they understand the ways Snowden's disclosures have made Americans more skeptical about giving them access in the first place.

But tech companies keep pushing for stronger mechanisms to keep users' data secure, regardless of the wishes of government officials. Snowden's own email provider, Lavabit, shut down in 2013 rather than comply with the government's demands for the encryption key that would let it access Snowden's communications. Founder Ladar Levison resurrected the company in 2017 with end-to-end encryption that makes it much harder for the government to force its way in.

The Trumpification of the Surveillance Fight: After Donald Trump became president, the surveillance fight took a strange turn. The FBI had gotten the FISA Court's authorization to snoop on Trump campaign aides in order to probe connections with foreign countries—Russia in particular. As the special investigation plays out, Trump and his supporters have decried the use of these secret surveillance tools against people close to him.

This could have been an opportunity to discuss how the federal government engages in secret snooping against the citizenry in general, how this could be corrupted for political purposes, and why that would be a good reason to limit the feds' surveillance powers.

But that conversation did not happen. Indeed, some of the people crying the loudest that the "deep state" is coming after Trump also believe that Snowden committed treason by exposing federal surveillance. Rep. Devin Nunes (R-Calif.), a conservative lawmaker who frequently insists the FBI's investigation of the president is politically motivated, is a huge fan of government surveillance on you. He just doesn't like it when Trump's the target.

This preference for simply protecting Trump rather than having an actual surveillance debate became clear when Section 702 of the FISA Amendments came up for renewal last year. Section 702 is another law that's been commandeered for domestic surveillance even though its stated purpose is to fight foreign terrorism and espionage. During the debate over renewing it, civil rights activists and privacy-minded lawmakers tried to force reforms. But despite all the yelling about spying on Trump that was taking place at the exact same time, most Republican lawmakers (Nunes included) voted not only to renew Section 702 but to expand its ability to target Americans.

Utlimately, Snowden's biggest accomplishments were to bringing the surveillance debate to the forefront and to encourage tech companies to ramp up their encryption and other security efforts. In the July Reason, Elizabeth Nolan Brown explains how you can encrypt your own communications. The fact that strong encryption tools are becoming more available to average internet users is one thing we can all thank Snowden for.