In his book Skating on Stilts, former US Department of Homeland Security Assistant Secretary for Policy Stewart Baker examines the numerous ways—air travel, biotech, the Internet—that America has left itself vulnerable to threats. Baker has been one of the most vocal proponents of the Patriot Act—especially section 215, the program to collect telephone records and other digital information. A litany of opponents, including everyone from the Electronic Frontier Foundation to Senator Rand Paul, consider the secretive program a gross invasion of privacy—on May 31, the program expired.

Baker, on the other hand, is of the mind that Americans don’t realize how much programs like 215 and other methods of government surveillance actually protect people from outside threats and bad guys—whether they’re Al Qaeda terrorists or North Korean hackers. And he’s not afraid to say it: Baker is often the counter-voice to those wanting to reign in or create more transparent government surveillance programs.



As it was becoming clear that section 215 would expire, we spoke with Baker about his views on America’s current state of digital security, especially in the context of most Americans’—on both sides of the political spectrum—distrust of government and law enforcement having so much access into the lives of its citizenry.

What kinds of legislation do you think we need to maintain people’s confidence in their government after all the revelations about spying?

I’m of the view we’re going to regret getting rid of the 215 program. It was designed to overcome an actual failure, not a theoretical failure in our intelligence defenses. It was a hole in our defenses that existed because of the civil liberties sensitivities of the 1990s, which are all back in full cry and [215 opponents] haven’t learned anything as far as I can tell. Getting rid of this program gets rid of a defense that works best where your attacker is a well organized terrorist organization that has a safe harbor and access to recruits who they can identify, train and plan with, and then send to the United States to carry out a well organized and sophisticated attack with relatively little support from abroad. That’s what happened on 9/11, and we responded in many ways—we improved our border defense, but mostly we took away the safe harbor that Al Qaeda had. But now that ISIS has taken advantage of disorder in Iraq and Syria, it’s a very foolish thing to get rid of this program. I think we’ll regret it. I hope we don’t. But it strikes me as a triumph of political correctness over good sense.

There are always bad actors at certain levels—look at Abu Ghraib. But if people in government have this access to this amount of information about regular people, how do you create safeguards that make people comfortable?

Was the American response to Abu Ghraib to strip the American military of its weapons? No. What happened in Abu Ghraib could in theory happen in the United States. If you’re worried about a few bad actors and you don’t want the potential for abuse so you take away the tools that might allow abuse, that would argue for the demilitarization of the United States, and yet we don’t do that.

We rely on institutional constraints on misbehavior. That doesn’t mean no one has ever misused a weapon—that does happen—but we do not say one misuse of a weapon means we should strip the military of its weapons, and the same thing is true here.

There’s an important difference. The fallout was very public, and people felt like actions were taken. With our surveillance, the response has mostly been—”Deal with it. Trust us. This is what’s happening.”

I’m not sure I buy that entirely. I can’t remember any abuses of the data people are complaining about. If the question is, “Where’s the discipline?,” the answer is that there hasn’t been any discipline because nobody broke the rules.





But if you look closely at the rules, which no one in opposition likes to do, there are very substantial restrictions of an institutional sort, designed by people who are pretty cynical about what motivates the government. There is no pretense that just because one party is in Congress, you only brief that party on intelligence activities because something like that is susceptible to partisan abuse. Rather than allow that to happen, members of both sides have always had insight into the intelligence programs.

If you look at the institutional controls through a proper lens, they are about as strong as they could be, with this exception—this is why I say a proper lens—because you can’t discuss intelligence programs publicly to expect to continue to have intelligence programs. They are by definition secret.

You only have to look at the success of ISIS since Snowden exposed our capabilities. They’ve clearly gone to school on the limitations we impose on ourselves to protect the security of their operations.

In the Snowden case, those were PowerPoint presentations of some things that had been reported—

Oh kiss my ass, that’s not true. At some abstract level you know the NSA has some capabilities. You don’t know which rumors are true or false. You don’t know whether the people who are saying them are accurate. There’s a lot of stuff in the ether. It doesn’t come down to you as an individual making a decision on how to communicate. But when you see the details and exactly how the NSA is exploiting your communications, which is true of some of the Snowden stories, they actually told ISIS what we were doing to intercept ISIS communications—that’s a very different thing. At that point, if you continue to do that, you should be shot. That is very different than having heard maybe there was some capabilities and seeing that you have been compromised.

Did Snowden’s revelations and raising national consciousness about surveillance end up being a good thing for America?

No.

Why not?

It was a scam from the start. Greenwald, Poitras, Snowden, and Bart Gellman did exactly what people like them have been accusing the intelligence community of doing for 40 years. They used the classification to tell a partial story in the hopes of shaping the debate, and they succeeded.

They released that order saying the government is scarfing up metadata about all your calls and they withheld, for roughly two weeks, the [documentation] which they all had which showed all the limitations on that access. Why? Because they didn’t want a debate on the limitations—they wanted to leave the impression that everybody’s phone calls are looked at by NSA and they have succeeded in leaving that impression because of their manipulation of the classified information. That’s a shame.

But a populace that holds its government more accountable is always a good thing, right?

Yes, but I’d prefer if we had debates that weren’t so ideologically tilted by journalists who are actually withholding data that’s relevant to the stories they are writing. So I don’t see this as a situation where the government was properly held accountable by the populace.

Companies like Google and Facebook can be government proxies for gathering a lot of personal data. Are there any restrictions we should legislate on what they can do with people’s data?

We’re kidding ourselves if we think we can pass a law that we think will essentially negate Moore’s Law, and that’s what’s being proposed here. The reason data is being collected in such large amounts is because for the first time it’s very cheap to collect, store, and analyze.

The idea that we can say we want that data to be more expensive to collect and process—that’s a pipe dream. This data is going to be out there and it’s going to be cheaper two years from now than it was two years ago. The effort to try to say we don’t want that to happen so we’re going to pass laws that make it harder for the government to use the technology that everyone else is using, or say nobody can use this technology, I think that’s a hopeless enterprise. Or it will result in laws that don’t make any sense 15 years from now.

Privacy laws end up being overtaken by the technology and then they stay on the books because of sentiment or a small contingent of people that believe in them. You know, we’ve all seen pictures of ourselves on Pinterest that we sorta regret. It makes no sense to pass laws that don’t actually account for the direction of technology and the likely consequences.

I don’t think anyone believes data won’t become cheaper to analyze, collect, and store. Shouldn’t we at least look at smarter laws that reign in the way big companies use our data?

I’m happy to look at them, but I’m skeptical. Most of the laws are aimed at saying you can’t collect or analyze, or you have to delete data. We’re letting our approach to this technology be driven by the most techno-unfriendly regime on the planet, which is the European Union. They hate where technology is going because they have trouble keeping up.

I just think it’s silly to write laws that will be out of date in 20 years.

What First World countries have model law enforcement surveillance systems?

I’m not sure there is a single model, but it is certain that the United States has more restrictions on government surveillance than any other country. It requires judicial warrants for wiretaps, where many democracies require only executive approval. It forbids many private companies from cooperating with government data requests in the absence of a subpoena or other process. And it is on the light side in terms of practical surveillance. The Dutch and the Italians, if I remember correctly, are over 100 times more likely to be subjects of government surveillance than Americans. Similarly, practically all developed countries have national ID cards—except for English-speaking countries.

What other lessons can the U.S. take from different countries’ surveillance networks?

Every country other than the United States that has proposed changing its law since Snowden’s leaks and ISIS’s rise has proposed to increase government surveillance authority. That includes the U.K., France, Australia, and Canada. Only the United States has moved in the other direction. I believe in American exceptionalism, but it’s possible to have too much of a good thing.

Do you believe Stewart Baker or Edward Snowden? Share your thoughts in the comments section below. #maketechhuman