Whistlehackers in the age of surveillance

“We're going to have to make some choices as a society,”  Barack Obama observed back in June.

That was not long after reports began appearing in the Guardian, the Washington Post, and elsewhere based on information actively and strategically leaked by former National Security Agency contractor Edward Snowden, suggesting the startling sweep of surveillance activities conducted by the agency. "You can't have 100 percent security,” the president asserted, “and also then have 100 percent privacy and zero inconvenience."

The remarks sounded like the starting point for a vital national conversation. At the time it was already clear that Snowden would be among the most pivotal news figures to emerge in 2013. But the real significance of his story likely lies in our future.

[Related: Scroll through our Top 10 News stories slideshow ]

Among other things, it will depend on whether we ever really have the conversation that Obama alluded to. So far, surprisingly enough, we haven’t. Sure, there’s been intense interest — in Snowden as a person, as well as the implications of his actions — and plenty of hot opinion-swapping from the yack shows to the online infosphere. But somehow we seem no closer to making the tough societal choices that the Snowden story revealed.

Demonstrators hold signs supporting fugitive former NSA contractor Edward Snowden as they gather for the "Stop …The birth of the whistlehacker

Snowden’s actions had precedents — but there is something singular and new about them when you get down to specifics. Yes, Daniel Ellsberg’s disclosure of the classified Pentagon Papers to the press in the Vietnam era arguably established the modern template for the government whistleblower who believes that introducing classified information into the public sphere serves a greater good. And yes, digital-age equivalents, notably those facilitated by WikiLeaks, have become familiar, often entailing the sorts of massive data troves that shape the 21st-century information society, as well as deep technical sophistication and a more open-endedly rebellious “hacker” ethos.

Snowden has turned out to be a whistlehacker: He had a clear ideological agenda, obvious technical chops, a plan that has kept him outside the legal reach of the American government, and the ability to tap into an existing support network of similarly sophisticated sympathizers.

And the results of his whistlehacking will be with us for a long time to come – for several reasons.

The earliest disclosures, back in June, were explosive enough: Through a program called PRISM, the NSA was said to have “obtained direct access to the systems of Google, Facebook, Apple and other US internet giants,” suggesting a program of mass surveillance that sounded not only unprecedented but that dragged some of the most enormous and familiar business enterprises of our time into the debate.

Thing is, that was just the beginning. Snowden (who now reportedly has a “technical support job at a Russian website”) doesn’t seem to be leaking anything new at the moment. But his most aggressive leak-recipient, journalist Glenn Greenwald, has said he’s worked through only a fraction of the 15,000-20,000 classified documents he initially received. Thus the continual flow of new, troubling, embarrassing allegations about NSA surveillance ever since.

 We’ve learned, for instance, that the U.S. government NSA malware reportedly infects more than 50,000 computers worldwide operates an aggressive system for gathering intelligence on even friendly heads of state, relying on “supercomputers and the algorithms used to search vast databases [that] have put the N.S.A. far ahead of rival intelligence services.” And most recently it’s been alleged that the agency not only hits up tech companies for data access directly, but has routed around any permission process by infiltrating data links among far-flung servers. The relevant tech companies (which include Yahoo) are said to be “angry” and demanding government reform. The consequences here are unpredictable, as many of these companies have business models that depend on compiling user data (as a means of courting advertisers) and thus have a lot to lose if the general public concludes that interacting with them entails the risk of indirect NSA snooping.

You get the idea. But there’s a second legacy to Snowden-as-whistlehacker.  

As much as the drumbeat of revelations has suggested a Big Brother scenario that George Orwell himself might have found far-fetched, they also contain a powerful counternarrative. The Snowden affair is ultimately a reminder that the bigger and more totalizing a system aims to be, the more it nevertheless becomes subject to precisely this sort of failure: Like a single bug in an ocean of code, one person with the right skill set can cause catastrophic problems. It’s been reported that the government works with something like 480,000 contractors with top-secret security clearance (and there are already reports of more whistlehackers in the wings).

Snowden put a face to this idea, and to the broader trend of individuals and groups using technology to route around official structures. From the dispersed hackers who make up the ever-shifting membership of Anonymous, to Reddit users’ attempt to crowdsource the Boston Marathon bombing investigation, we’ve become familiar with the general idea of outsiders hacking a supposedly authoritative system. Snowden’s meshing of that ethos with secret-spilling fascinated us — not least because he was able to learn from and ally himself with WikiLeaks and other sympathizers in a way that suggests a kind of whistlehacking ecosystem.

Snowden’s third potential legacy is the most important — and the most uncertain. Will we ever have the serious, open, choice-making debate Obama alluded to?

[Read more Year in Review news analyses: Shutdowns and shoutdowns on hill]

Facing the tough choices

There’s been enough public concern to inspire the beginnings of a patchwork of state-level legislation and a degree of congressional inquiry that suggests to at least some observers that we need a lot more independent oversight of government surveillance behaviors. Most recently, even John Kerry conceded that some NSA activities “have been happening in many ways on an automatic pilot, because the technology is there and the ability is there," and more to the point: "In some cases, some of these actions have reached too far.”

Despite this, true mainstream engagement with the subject has proved fleeting — flaring up now and again, only to be shoved aside by the latest budget showdown or Miley Cyrus spectacle. Partly this may be a result of the paradoxical challenge of having an open discussion about covert programs: It’s hard to know how to respond to the supposed reassurance that a largely secret court signs off on the legality of our surveillance measures.

But that doesn’t entirely explain things. Are we fundamentally unscandalized? Are we satisfied with the fairly marginal reforms that have been proposed? Is it too difficult to sort out what it all means to us as individuals? Do we basically figure that our security is worth everything the NSA has done, and may do in the future? Have we basically given up on privacy? Or as Obama suggested, do we, in the American tradition that demands greater services and lower taxes and “government hands” kept off Medicare, simply want it both ways?

Settling this last, undetermined element of what the whistlehacker moment really means, then, depends on two things. One is the administration — and Congress — making it clear just what our “choices as a society,” in balancing security and privacy, really are. The other is our engagement, as a society, in making them.