Information Sharing

Can Tech Companies and Local Governments Mitigate Abuses of Government Secrecy?

By Ashley Deeks
Thursday, December 3, 2020, 8:01 AM

The 2020 election brought into sharp relief the critical role that technology companies and local governments play in securing elections and minimizing disinformation about voting. The Cybersecurity and Infrastructure Security Agency’s (CISA’s) #Protect2020 Strategic Plan recognized that state and local election officials “are on the front lines” of election security, and it identified media and social media companies as key partners. Representatives from Facebook, Google, Microsoft and Twitter met with officials from the FBI, the Office of the Director of National Intelligence and the Department of Homeland Security before the election season to coordinate how best to secure the 2020 elections. Facebook set up an election “war room” at its headquarters. Everywhere you look you can find stories about how CISA worked extensively with state and local election officials to secure the 2020 vote.

One way that the federal government works with these two groups is by sharing threat information about actual or potential attacks on election infrastructure or other types of interference, including by foreign actors. Not surprisingly, some threat information that the government acquires and wants to share is classified. In these cases, the government may give security clearances to tech employees and local officials so that they can review and act on that information. The fact that these nonfederal actors gain access to information about classified threats and U.S. government activities may not be surprising, even if the practice isn’t well-known. What is less understood is that this sharing of classified information has benefits that extend well beyond protecting elections.

A Two-Way Relationship

On its face, this information-sharing regime might seem like a one-way transaction, with the federal government bestowing (often classified) information and advice on the tech companies and state and local governments. The actual dynamics are both more complicated and more interesting. By revealing to a set of nonfederal actors a range of intelligence and operational information, the executive branch effectively turns these actors into “secrecy surrogates” for the American public. This process creates actors who have both the capacity and the incentives to check problematic uses of government secrecy in circumstances in which the general public does not and cannot know what the executive is doing. These surrogates possess specific expertise about the threats and targets that our usual surrogates (Congress, the courts and leakers) may not. They bring to the table irreplaceable access to the kinds of information and infrastructure that the executive branch needs in order to perform its national security activities. The surrogates can also challenge secret government operations without revealing classified information—something that leakers by definition cannot.

The role of these secrecy surrogates extends far beyond the election arena: They also serve as our surrogates in the areas of cybersecurity and counterterrorism. Technology companies observe and defend the front lines of critical infrastructure systems on a daily basis, attribute the sources of cyberattacks and operate the very systems that foreign actors are manipulating. States and localities control and intimately understand election operations and machinery, and also develop ground-level intelligence about suspected terrorist activities inside the United States. Because the executive faces growing pressure to effectively address cyber, election and terrorism threats, it increasingly must work with these surrogates. This means that the surrogates have significant room to question executive operations and intelligence without risking their access to them.

Why does it matter that these actors have a window on what the executive branch is doing in secret? Government secrecy can conceal executive violations of public law values—concepts such as accuracy, fairness, rationality, competence, legality and (sometimes) transparency. When the executive acts in secret, it is easier for the executive to treat those values more cavalierly, and it is harder for the public to identify when the executive has done so. Secrecy can conceal illegality, incompetence and poor policy choices, and it can allow the government to avoid having to defend its policies to outside actors.

As a society, we have created structures and processes in Congress (the intelligence oversight committees), in the courts (the Foreign Intelligence Surveillance Court) and in statute (the Freedom of Information Act) to allow outside actors to review or force the declassification of certain classified government activities. But that ecosystem has flaws. Members of Congress often lack the incentives and expertise to provide robust oversight. Further, although the executive must keep Congress “fully and currently informed” about its intelligence activities, Congress has had difficulty getting access to certain information. Courts are necessarily reactive and often defer to executive claims about national security equities and classification questions. And the FOIA contains a range of exemptions for classified and intelligence information. Introducing other sets of eyes, ears and expertise into that mix can reinforce the executive’s adherence to public law values. The secrecy surrogates can “check” illegality or flawed execution, force the executive to justify its decisions to another actor outside the executive branch, and challenge the executive’s classification decisions. They are an important addition to the secrecy ecosystem.

Secrecy Surrogates in Action

A few examples illustrate how the surrogates gain access to classified or other sensitive information and how they can identify and challenge the government when it fails to adhere to public law values. For instance, technology companies frequently unearth information that directly implicates U.S. national security interests, sometimes developing threat information that the government itself may lack. Google was the first actor to identify significant Chinese intrusions into a range of U.S. companies in 2010 and then shared that information with the government. Companies like Google have independent sources of information that can supplement—or contradict and challenge—the government’s assumptions and operations.

In addition, the tech companies sometimes receive classified intelligence from the government and are expected to act on it—such as when the government shares cyber threat intelligence in order for the companies to protect critical infrastructure. The companies have a clear commercial interest in only using government information that is accurate, and so will independently assess the information’s accuracy whenever possible—or demand more context for the intelligence. Further, the government reportedly sometimes asks these companies to incorporate U.S. intelligence into their public cybersecurity reports, effectively “laundering” the information for the government. Companies will do this only when they are confident about the quality of the intelligence, as their own reputations are at stake.

The fact that tech companies can develop their own intelligence about cyber and election threats and receive classified information from the government means that sophisticated actors outside the government are positioned to challenge and check executive conclusions about the intelligence they receive. The companies also frequently urge the government to be more transparent about the information it possesses. They sometimes challenge what they perceive as illegal activities, including by litigating to resist government decisions to keep programs secret. Local governments and even foreign allies play a similar role when peering behind the curtain of classification, questioning the quality of U.S. intelligence, the legality of secret operations and even U.S. policy choices.

What Incentives Do the Surrogates Have to Check Abuses of Government Secrecy?

Some observers may be skeptical that states and localities, tech companies and foreign allies really have an interest in challenging classified U.S. activities. After all, these surrogates may not be driven by the public law values that we want our federal government to follow, and they may fear losing access to U.S. government intelligence if the government perceives them as troublesome. Nevertheless, each of these surrogates has significant incentives to challenge the executive when it deviates from public law values—at least in instances where the national security threat at issue is one that, if unaddressed, will have adverse consequences for the surrogate.

Sophisticated tech companies have significant leverage over the government because they can decline to share threat information that they uncover on their own and because they can choose whether and how to respond to the information that the government provides. Tech companies can push against what they perceive as executive incompetence or incompletely reasoned decisions—maybe more effectively than congressional oversight committees or the courts can. Tech companies enhance their bottom line and their reputation when reliable government information improves their ability to make accurate cyberattack attributions and defend their customers against those attacks.

What about local governments? As a general matter, relying on local governments to check secret federal government operations may feel more familiar—and more comforting—than having tech companies operate as checks. Local governments have strong incentives to ensure the integrity and functionality of their daily operations: They want their constituents’ electricity to stay on, their election machines secure and their agency websites operational. Local government efforts to question and confirm the classified cyber and election information that the federal government provides and to engage with its suggested operational responses push government action in the direction of accuracy and competence. These interactions may also force the federal government to give reasons for its determinations, which can improve their quality. The persistent federalism-driven tensions provide fodder for local governments to challenge the accuracy of secret federal information and to advocate for greater transparency about some of that information.

Conclusion

These secrecy surrogates are only a partial fix to the persistent problems of government secrecy. But they can play an important part in nudging the executive to comply with public law values even when the public cannot see the executive’s actions. Nor will these surrogates work in every situation, as my recent article about them explains. But we should celebrate any set of actors that can stimulate the executive to improve the accuracy of its intelligence, diminish the executive’s opportunity to act unlawfully, and increase accountability for the executive’s classified choices.