Bloomberg reports that the National Security Agency allegedly knew about the Heartbleed computer bug for almost two years and exploited its security flaws to collect “critical intelligence,” including passwords and internet records. Heartbleed, which was revealed to the public on April 7, has been called one of the most significant security threats the internet has ever seen.
According to Bloomberg:
Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
The NSA has come under heavy scrutiny in recent months due to Edward Snowden’s leaks on its data-collection activities. If the Bloomberg report is true, the NSA will have to contend with allegations that it sacrificed the digital security of millions of American citizens in order to collect information on a small cadre of potential security concerns. The NSA has already issued a statement denying Bloomberg’s claims.
It would be deeply troubling, to say the least, if any of Bloomberg’s assertions are corroborated by additional evidence or reporting. That the NSA collected bulk quantities of phone records for purportedly defensive ends was and remains highly questionable, but to additionally put huge quantities of personal data at risk in the collection process is a horrifying prospect. It is difficult to claim a moral imperative for protecting a country when said efforts directly lead to greater, tangible risk for its citizens.
Additional investigations will elicit more information about the NSA’s involvement in perpetuating Heartbleed’s security gap. But they will also likely invite political commentary and spur a fresh cycle of debate over whether internet privacy and federal data collection have become too invasive.
What’s politically unique about this situation is that both Democrats and Republicans have been surprisingly fragmented in their views on national data collection over the last few months. Neither party has seen a consensus in terms of a policy imperative going forward. Huffpost Religion reported back in February:
The Republican National Committee and civil libertarians like Kentucky Sen. Rand Paul have joined liberals like Massachusetts Sen. Elizabeth Warren on one side of the debate — a striking departure from the aggressive national security policies that have defined the Republican Party for generations.
On the other side, defending surveillance programs created under the Bush administration and continued under President Barack Obama, are Florida Republican Sen. Marco Rubio, Democratic former Secretary of State Hillary Rodham Clinton, and the House and Senate leadership of both parties.
One might expect the Democratic Party to be the preeminent voice against data collection programs, but President Obama’s proposed security policies aim for cautious reform instead of a full rejection of the status quo. This is not necessarily a bad thing, as stripping the entire program to the bone could impair key programs that do help prevent terroristic activities. But the new Heartbleed allegations suggest even greater NSA influence than what was previously understood, and given the President’s figurehead role and current cautiousness in proposing new restrictions, Democrats may be handcuffed in how far they can push back against this kind of overreach.
This would, in theory, present Republicans with the opportunity to remake at least one facet of their national policy platform. Internet security and “individual digital liberty” could become a significant plank in the GOP’s body politic as it looks to rebound and re-brand after a shellacking in 2012. To champion individual rights online without government oversight or intervention could be the starting process in building a new coalition of voters, particularly those in the 18-35 range who would otherwise be turned away by the GOP’s current platforms.
The NSA leaks have yielded a Republican Party that has been surprisingly nimble in making that switch. The Atlantic noted in January:
And is if to signify that the GOP establishment is changing along with its elected officials, the RNC voted in a winter meeting to literally renounce NSA domestic surveillance. “It was passed by a voice vote as part of a package of RNC proposals,” Benjy Sarlin reports. “Not a single member rose to object or call for further debate, as occurred for other resolutions.” That’s incredible, because it’s almost impossible to exaggerate how unequivocally the resolution condemns the NSA.
Of course, as noted above, there are still significant factions in the party that are opposed to how far these kind of condemnations should go. That Atlantic article notes that Bush-era GOP architects fear that such a full-scale repudiation of the NSA will undo the national security gains made in the preceding decade. The Huffpost article cited above paints a similarly conflicted perspective of the party as a whole, too, suggesting that things might not be as cut-and-dry as one RNC vote suggests.
Still, it’s striking to see just how far the Republican Party has changed course since President Bush left office in 2008. Does this suggest the GOP will continue to pursue policies that protect technological liberty going forward?
Not quite, unfortunately. Other individual-centric digital policies are being opposed by the GOP, and those kinds of policy measures negate credibility earned in opposing domestic surveillance. For example, Republicans oppose recent FCC measures to re-instate net neutrality rules, arguing that they prevent internet service providers from fairly adjusting service prices based on consumption use. That kind of policy makes sense from a pro-business perspective but comes at the expense of open, equal access for individuals. One might say that pursuing such corporatist policies ahead of the interest of individuals will nullify the GOP’s chances to claim the mantle of deregulated, “for-the-people” internet use. Businesses can be regulators just as much as governments.
The Snowden leaks and the Heartbleed allegations have presented the Republican Party with the opportunity to initiate a much-needed policy refresh. Unfortunately, it looks like they won’t take that opportunity, at least not in full. But it is good to see both Democrats and Republicans working together to tackle the problems raised by allegations of excessive data collection. Hopefully these efforts will lead to both logical change in domestic policy in the short term and additional room for collaboration on other issues going forward.