Here is how it is going to play out. Starting with the lackluster reforms that President Obama introduced today, reducing meta data based surveillance to two instead of three links, beefing up requirements for looking at that data, with more FISA court review, clarifying NSA spying on foreign heads of state, and making national Security Letters less onerous, there will be band aid patches to the surveillance state.
But all of these reforms will be to assuage the qualms that Americans have about living in a Stasi like state while doing little about the rest of the world’s fears of the US surveillance juggernaut.
The global tech community is already responding. The founders of Lavabit and Silent Circle are convening a working group to come up with new email protocols that can evade surveillance. Blackphone, a project involving Silent Circle’s Phil Zimmerman, has launched a so called NSA-defeating cell phone. Wickr, a secure messaging platform, is now available for Android in Beta. Google, Microsoft, and Yahoo! are moving rapidly to encrypt their data centers. Customers of big tech vendors are starting to ask difficult questions about their relationship with the NSA and the ability of their products to thwart backdoors.
From my perspective the real impact of NSA surveillance has been to reveal the shaky security grounds on which all communications has been built. A ball has been set in motion to correct that. The tech industry will be the ones to counter NSA surveillance.
The only threat to improved encryption, key management, and obfuscation of meta data, is that of the NSA attempting to thwart such efforts. For us to reach an end state where corporations and individuals can feel confident in the confidentiality of their communications, billions will be spent. Ultimately the programs the NSA has in place to tap undersea cables and scour the airwaves will be much less effective as their intelligence windfall is curtailed.
The steps that should be taken are to prevent the NSA from engaging in an arms race with the tech industry. They should be legally restricted from tampering with algorithms, infiltrating tech company infrastructure, or subverting carriers. On top of that, the NSA budget should be limited, even cut back, so that technology has a chance to route around surveillance.