There's a lot more heat than light in Edward Snowden's live Q&A over at the Guardian, which is too bad. We could use more clarity on the scope of NSA's surveillance. Along those lines, I was glad to see Josh Marshall picking up on this point:
For all the back and forth about Phoenixes and what exactly he expected a spy organization to do, the one interesting and significant thing to come out of this Snowden live chat is his focus on what is technically possible within the NSA vs whatever policy restrictions are in place to protect privacy, constitutional protections for US citizens and so forth. It’s not even totally clear, reading these answers, how much Snowden and his nemeses within the Intel Community are even disagreeing about how things work.
I'd guess there's not much disagreement at all. After all, Snowden has so far presented no evidence that NSA has abused its statutory powers. He obviously doesn't like NSA's statutory powers, but that's a different thing. At one point, for example, he says that the focus on whether NSA is sweeping up domestic communications is a "distraction from the power and danger of this system. Suspicionless surveillance does not become okay simply because it's only victimizing 95% of the world instead of 100%." Maybe so, but spying on foreigners is NSA's whole reason for existence.
And that gets to the nub of things: If you simply disapprove of spying on foreigners, then you're obviously not going to think much of the NSA. But that's a disagreement with U.S. policy, not a criticism of the agency itself.
Ditto for Snowden's comments about NSA being restricted only by "policy." Well, of course that's what restricts them. Once the technical capability is available to do something, then policy is always the only restriction. That policy can take the form of laws, of executive orders, of court oversight, or of internal NSA rules. Some of those are better than others, and all are subject to abuse if oversight is poor, but they're all policies. Pointing this out is like saying that Social Security is insecure because it's merely a policy of the federal government. That's true, but what isn't?
NOTE: There is, of course, a difference between Social Security and NSA surveillance. They're both creatures of policy, but NSA's actions are largely constrained by secret policies. That's a legitimate beef. The simple fact that NSA's constraints are policy-based isn't.