Edward Snowden is either a hero or traitor, depending on whom you ask. Talk to a regular citizen on the street – particularly one from a foreign country – and he or she will tell you that Snowden did society a great service by disclosing details of the U.S. government’s surveillance programs.

Talk to someone in the military and defence communities, however, and the picture isn’t quite so rosy. They would say that Snowden not only undermined the security of the United States, but also broke bonds of trust between allied nations.

But no matter who you ask, one thing is clear: Snowden has brought the issues of privacy and security to the forefront of public consciousness. The question that remains is whether his actions have had a positive or negative impact on global security – and what his actions will mean for its future.

A panel at the Ottawa Conference on Defence and Security, the annual symposium hosted by the Conference of Defence Associations Institute in late February, debated this question as it considered cyber security in the post-Snowden era.

“This is an environment that requires more international cooperation and trust than just about any other that exists,” said Rafal Rohozinski, CEO of the DevSec Group. “And yet through the disclosures we’ve had by Snowden, the very essence of trust that was important for discussing these difficult issues – [issues] that governments did not necessarily have an expertise at either the policy, legal, or practical level to discuss – has suddenly disappeared.”

Yet Rohozinski also pointed out that there is a silver lining to the fallout from Snowden’s disclosures. By leaking top secret information, Snowden brought it to everyone’s attention that cyber security as it exists today is simply not robust enough to cope with the constant threat of cyber attacks.

“Amongst the public policy community, the lack of information about capabilities…was difficult to talk about in a public forum,” said Rohozinski. “The Snowden disclosures make it possible now to have that kind of public debate. And it’s necessary because institutions have to change.”

His colleagues – Dr. David Mussington, former senior advisor for cyber policy with the U.S. Department of Defense, and Melissa Hathaway, former director of the U.S. Joint Interagency Cyber Task Force in the Office of the Director of National Intelligence – disagreed.

“The debate in North America hasn’t benefitted much from Snowden’s disclosures. It accelerated underlying trends that have undermined the relevance of U.S. policy and cybersecurity, or the ability of U.S. policy to gain adherence internationally,” said Mussington.

He argued that the opportunity for debate was hampered because those associated with the NSA and other intelligence-gathering agencies dove for cover as soon as the news broke of the leak, and would not surface to talk about it.

Hathaway, meanwhile, suggested that the public should be focusing not on the data that intelligence agencies are collecting on them, but rather on the vulnerability of the Internet as a whole. The Internet was originally built to serve a military purpose, and to provide a method of communication between the commander-in-chief and American troops in the event of a nuclear, or other, disaster.

When the Internet was built, “we were not thinking about anonymity, we weren’t thinking about privacy, we weren’t thinking about security – we were thinking about resilience and redundancy so it would work if there was a problem,” she said. “We never thought it was going to become the backbone of the global economy and running every essential service of every part of our life.”

One takeaway from the Snowden leak is that we have been quick to take advantage of the efficiency and productivity the Internet affords us without wholly considering what would happen in the event of a breach. As Hathaway pointed out, Snowden managed to breach a trillion-dollar apparatus with a 99-cent thumb drive.

And then there is the fact that the NSA and its foreign counterparts are catching grief for alleged snooping, while companies such as Google and Amazon get away with similar activity with nary a whisper of protest from the public. What are the implications of commercial data collection, and why isn’t it getting the same attention as the Snowden affair?

“We need to have a responsible conversation about what privacy and security mean in the 20th century,” said Hathaway. “A lot more people have data on us in the commercial sector, and I have to tell you they have nowhere close to the security we have in our military and intelligence communities.”

 

Amy Allen is a staff writer with Canadian Government Executive, sister magazine of Vanguard.