Ex-NSA Official Warns Tech Firms: Stop Spying

Donate for the Cryptome archive of files from June 1996 to the present

6 March 2014

Ex-NSA Official Warns Tech Firms: Stop Spying

2014-0041.htm Pros and Cons of Big Data Spying

http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-473434/

Ex-NSA Official Inglis Warns Tech Firms: Be Transparent

March 5, 2014

Companies That Amass Vast Amounts of Personal Data Should Learn From Agency's Mistakes, He Says

Former NSA deputy director John C. Inglis says tech companies that amass vast amounts of personal information should learn from his agency's mistakes.

By Danny Yadron

SAN FRANCISCO—To a degree shared by few, John C. Inglis knows the risks of collecting a lot of data on people.

Until January, Mr. Inglis, who goes by “Chris,” was the number-two official at the National Security Agency. He spent much of 2013 pushing back against disclosures from former contractor Edward Snowden about the extent of NSA surveillance.

Now, the former NSA deputy director is warning technology companies that amass vast amounts of personal information to learn from his agency’s mistakes. Be transparent about what they collect, and why they collect it, Mr. Inglis said last week from the vendor floor of a cybersecurity conference here.

“There’s an enormous amount of data held in the private sector,” Mr. Inglis said, in his first published interview since leaving government. “There might be some concerns not just on the part of the American public, but the international public.”

Mr. Inglis’s comments underscore tension between Washington and Silicon Valley about collecting, storing and using information about Americans.

Since the Snowden disclosures, technology executives have criticized the NSA’s data-collection practices, as well as restrictions on what they can say about government requests for information. Now, some executives believe Mr. Inglis and other government officials are trying to deflect attention from the NSA’s practices by pointing fingers at tech companies.

Monday, White House counselor John Podesta told a conference at the Massachusetts Institute of Technology that “national security is not the only space” where technological change is “challenging traditional conceptions of privacy.” He cited “a revolution in the way that information about our purchases, our conversations, our social networks, our movements, and even our physical identities are collected, stored, analyzed and used.”

It has prompted complaints from officials at major tech companies and some of their investors. “A spy agency is a taller order for consumers to deal with than Google or Facebook,” said Ted Schlein, a partner at venture-capital firm Kleiner Perkins Caufield & Byers who invests in cybersecurity companies.

Google Inc., Facebook Inc. and other tech firms make money by recording and selling detailed bits of information on Web users. They typically disclose their data-collection policies in long legal statements. And in theory, customers can take their business elsewhere if they don’t like the policies.

But few people read the fine print, just as few people watched C-Span when Congress codified some of the NSA’s snooping abilities in 2008, Mr. Inglis said.

Civil-liberties groups that have been critical of both tech companies and the government also question the comparison. “It’s certainly the case that companies collect too much data,” said Christopher Soghoian, a technologist at the American Civil Liberties Union. “But that in no way gives the NSA a free pass in regard to what they’re doing.”

Mr. Inglis was a government employee since graduating from the U.S. Air Force Academy in 1976. He still lives near Washington, D.C., and is debating whether to become an adviser to private sector technology companies. Last week, he gave a paid, private speech at a cybersecurity conference for Securonix Inc., a computer-security company.

Mr. Inglis says the Snowden episode, which he refers to only as “May 2013,” taught him a few things. Before then, he assumed that Americans believed there are enough checks and balances in place to protect them.

“Of course, that’s not the way the story played out,” he says. “As others told the story, they chose to emphasize components of that story, which, in my view, were not always correct. We spent a lot of time chasing it.”

This may have been prevented, he says, if NSA officials had spent more time educating the public about the types of data they collect beforehand. By Mr. Inglis’s logic, the same applies to tech companies who market personal information.

An NSA spokeswoman wouldn’t comment on Mr. Inglis’s remarks on government transparency, but noted that his successor, Rick Ledgett, made similar remarks in a recent interview with the Washington Post.

“These companies at least have a public relations issue, if not a moral obligation, to really make sure you understand that this is to your benefit,” Mr. Inglis said. “As an individual, myself, I continue to be surprised by the kinds of insights companies have about me.”

Write to Danny Yadron at danny.yadron@wsj.com