The Obama administration’s decision last week to continue the dual-hatted arrangement whereby a single military officer runs both the Cyber Command (Cybercom) and the National Security Agency (NSA) is the latest indication that the administration plans to make only modest changes in how the United States conducts offensive and defensive cyber operations in the aftermath of Edward Snowden’s revelations of NSA data collection. Instead, the administration’s aim will be to tighten security procedures to prevent yet another massive leakage of sensitive information from a rogue contractor such as Snowden, as well as to minimize further friction with friendly governments.
Although generally correct, such an approach is unlikely to ease the pressure on the administration to impose some limitations and transparency on the NSA’s data-collection activities. Snowden revealed such extensive U.S. monitoring of international email, telephone and social media communications as to reinforce misperceptions of an out-of-control U.S. spy network that can arbitrarily and arrogantly monitors anybody’s communications at any time.
Privacy advocates complain that the NSA has collected considerable information, even if inadvertently, on American citizens. The NSA is required to obtain a court order to monitor the communications of American citizens or foreigners when they are inside the United States, but the nature of the Internet makes implementing a blanket firewall between foreign and U.S. communications impossible. The administration has already ended the bulk collection of email metadata sent inside the United States. In the future, technology might provide some solutions, such as making it possible to search through a more limited volume of phone metadata rather than millions of call records.