Nobody wants to have to choose between privacy and security, but in the information age, it is difficult for the two to live side by side without conflict. It is a sad and perhaps perpetual truth that the United States has enemies, and that given the opportunity these enemies would use extraordinary measures to cause harm to Americans. It is the onus, then, of those tasked with the defense of the nation to deny enemies of the U.S. any such opportunity. The ongoing challenge is to figure out how.
It has become painfully apparent to both the American people and the world that the U.S. Department of Defense, under whose umbrella the National Security Agency falls, has been engaged in what many consider extreme security measures whose cost (real or perceived) has been privacy. In June, the now infamous Edward Snowden, a former analyst at the NSA, brought to light clandestine mass surveillance programs in the U.S. and United Kingdom.
Among them was a data-mining operation called PRISM, which reportedly obtained direct access to the systems of major Internet and technology companies such as Google (NASDAQ:GOOG), Apple (NASDAQ:AAPL), Yahoo (NASDAQ:YHOO), and Facebook (NASDAQ:FB) through the use of court orders. The documents also revealed that the NSA infiltrated the internal cloud networks at major data companies like Google and Yahoo, siphoning information directly from their private networks.
The full scope and nature of the NSA’s data monitoring and collection mechanism is still nebulous. The documents — leaked to and collected by the Guardian — only allow the public the same kind of groping awareness of the whole situation that is described in the story of the blind men and the elephant. The information is necessarily incomplete and unlikely to be satisfactorily contextualized given that the NSA is a largely clandestine government agency. Beyond simply being socially and politically divisive, the situation strikes at that fundamental controversy between privacy and security, over which there is no clear correct answer.
The government’s authority to monitor digital communications and collect information was broadly born out of the Foreign Intelligence Surveillance Act of 1978, “An Act to authorize electronic surveillance to obtain foreign intelligence information.” Ostensibly, the NSA began its trek toward the “dark side” in the wake of 9/11. With terrorism at the forefront of the national psyche, greater demands for more and better intelligence was placed on defense agencies, and in particular, the NSA. PRISM itself is more directly a product of the FISA Amendments Act of 2008.
Through the PRISM program, the government’s authority to monitor and collect information was expanded beyond what most Americans deem reasonable (take the term ‘authority’ with a grain of salt — it’s still unclear where the legal justification for the programs rests). The content the NSA was able to collect — or at least observe — includes search history, emails, online conversations, and file transfers. The NSA has been accused of monitoring and/or storing metadata about telephone calls made in the U.S. and abroad. Most recently, the agency was accused of collecting data on as many as 70 million phone calls in Spain in just one month.
The information that has come to light has enormous political and economic implications. The political implications are necessarily more contentious and outside the scope of this article. Instead, it seems more productive to look at how the existing situation is, or could, impact American businesses — specifically those within the Internet and technology sector, like Facebook and Apple.
The amount of damage the ordeal has caused — or will cause — U.S. tech companies is unclear, but the atmosphere is growing thick with damage control. When the Washington Post published a leaked slide from the NSA that illustrated how the agency tapped into Google’s internal cloud network, chief legal officer David Drummon said that Google had been worried about this type of snooping for a while. ”We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said, according to the Post.
Having the NSA’s nose in its servers is, quite fundamentally, bad for business. Google and most other Internet companies can only operate within a context of some reasonable degree of information security. People would not use Gmail if they felt it was vulnerable to snooping, people would not use Google Documents if they felt their files were unsafe, etc.
Perhaps the most visible example of a business that has been harmed by the NSA snafu is Lavabit, an encrypted email service used by Snowden that chose to shut down operations instead of comply with requests from the government.
The company left a message on its website that concluded, “This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
This view was echoed by German Interior Minister Hans-Peter Friedrich, who said, “whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.” German Justice Minister Jörg-Uwe Hahn has called for a boycott of American tech companies. The German minister has directly referenced Google as an American company to avoid, but any company that processes data in the U.S. — such as Yahoo, Apple, and Facebook — is now suspect.
In August, the Information Technology & Innovation Foundation (ITIF) issued a report suggesting that the U.S. cloud computing business alone stands to lost between $22 and $35 billion over the next three years as a result of the NSA snafu. ”Just how much do U.S. cloud computing providers stand to lose from PRISM?” asks the report.
“On the low end, U.S. cloud computing providers might lose $21.5 billion over the next three years. This estimate assumes the U.S. eventually loses about 10 percent of foreign market to European or Asian competitors and retains its currently projected market share for the domestic market.
“On the high end, U.S. cloud computing providers might lose $35.0 billion by 2016. This assumes the U.S. eventually loses 20 percent of the foreign market to competitors and retains its current domestic market share.”
Don’t Miss: Here Are Google’s Cool New Photo Tricks.