Howard Schmidt, former White House cyber security adviser, tells DW the US has gone too far in its surveillance operations. But he believes only time will tell whether whistleblower Edward Snowden is a hero or a traitor.
Howard A. Schmidt most recently served as US President Barack Obama's Cyber-Security Coordinator from 2009 - 2012. After the 9/11 terrorist attacks, Schmidt also served as a cyber-security advisor to former President George W. Bush.
DW: In terms of the NSA debate, a lot of what we now know has come through Edward Snowden's leaks. Before him, there was Wikileaks. Julian Assange is house-bound in a London embassy. And now their aide Sarah Harrison fears going back to the UK over legal consequences. Are these individuals whistle-blowers?
Schmidt: I think there are a couple of aspects to that. One, there's a legal component. I'm not a lawyer, but when you look at someone committing a crime based on whatever basis - you have to face those consequences. And I think these people have all decided that.
The second piece of that is the future will determine whether or not it falls under the category of whistle-blower and hero or criminal and traitor. I don't think any of us can decide this at this time. We're too close to it. So in the future, when we look back at the Pentagon Papers and those sorts of things, our perspective is far different today than it was then. So, making judgements now of right, wrong or indifferent - only history will decide that.
Journalists working on the Snowden files claim that the NSA surveillance activities are much broader than what's described in the current reporting.
I don't know, and I can only speculate. One of the questions I get asked all the time is how much about this did I know. The thing is when you talk about classified government programs is they're very compartmentalized. The category we always use is, "you don't have a need to know."
My job was defense. As a matter of fact, my work was based on stopping people from doing things like this [surveillance]. So as a consequence, they're not going to be telling me that they're doing something that I'm trying to fight against. So to that extent, is it possible.
The revelation that Chancellor Merkel was being eavesdropped on by the NSA has been very controversial in Germany. Has the US gone too far in its global surveillance activities?
It's my personal opinion that we have. Not only us, but others have done the same thing, not necessarily for Angela Merkel, but they've done it for other leaders because there's the perspective that somehow you get an edge on someone else if you do those sorts of things. Even though morally they may be wrong, in many cases it's legal for them to do it.
The rules are different against citizens of one nation relative to another nation. So what we have to do is we have to collectively around the world back away from that. Focus on things that are important. Yes, guess what, you're going to go into a meeting and you're not going to know what the other side thinks. But we've done that for light years. And that's what we have to go forward with.
We have to start understanding you may not know everything, but that's why we have negotiations. That's why we have teams to help put things together and not somehow, "if I know everything about you, I can conquer you." That's not the world we live in.
Berlin has called on the US to sign a bilateral no-spy agreement in response to revelations about NSA surveillance in Germany. There are reports that while the Obama administration is willing to increase intelligence cooperation with Berlin, it's unwilling to sign a broader no-spy agreement. What could explain White House reluctance?
I don't know why they're saying that now, but I know one of the things that's been discussed not necessarily with Germany, but …I've heard different nations say this: "Well why would I sign something to give up a capability I already have that puts me in a better position?" That is my only speculation as to why someone would be hesitant to do something like that, especially with friends.
So there should be a mechanism set up where somebody can pick up the phone and contact somebody in BKA or BSI [German federal police and Federal Office for Information Security, respectively] or somebody and say we see this really dangerous activity coming from a server in your nation, we need your cooperation to shut it down or to monitor or do whatever we do. We don't do that enough. And that's the first step we have to do moving forward is to set that process in place so we have better trust.
Telecommunications infrastructure is global in many ways. Brazil and Germany have submitted a draft resolution at the UN that seeks to strengthen international norms for the protection of privacy. Do you believe the US supports the initiative?
I don't know if regulation is the key as opposed to agreement. And there is a distinction. For example, in the United States we've been trying for years to get privacy protection laws changed. We did a green paper and a white paper when I was at the White House. To this day, we still don't have that passed in the United States.
So trying to do that globally is going to be a tremendous task. But we should start moving down that path. We can't wait five years to start the dialogue; we need to be doing it now. It has to be done now; it has to be concentrated; it has to be consistent.
Are privacy protections too weak then?
I think they are. Anytime you have privacy protections based on constitutions or based on democracy, they have to be put in stone and stay there. There always should be exceptions and legitimate exceptions. But that's under a unique set of circumstances and that set of circumstances has to be accounted for in a lot of the cyber security things that we do. Because you can't give up the protection of your citizens. I mean that 's one of the key roles of government. But you can't overreach in doing it.
The legal interpretations of intelligence operations and many of the court rulings are secret. How is reform possible if the public doesn't know the full extent of what's happening?
Well I think right now the public knows enough to say, "I demand some answers now. I demand a change of the way the business is done." But I think a lot of this once again is going to come from the private sector. The private sector that says, "I may not know everything, I know what I know now, and I can envision what I don't know, so therefore as my government… my expectation is for you to fix this."
Whether we in the private sector make recommendations; we become some sort of a structure that better gives the government what our needs are and what it means to work in a global community as we see in the Internet today. It's going to take some of that. But it has to be demanded by the companies and the people - irrespective of what they know. That would then in turn change the policies. Once the policy changes the courts would then look at the interpretation of these things, and I think we'll all be better for it.