December 11, 2013 7:04 pm
Tech groups need to be seen as stewards of confidential data, rather than conduits to the NSA
The internet and social network companies of Silicon Valley enjoy one of the world’s most attractive business models. Offer a free service, collect personal data, use it to lure advertisers, and expand seamlessly across the US and around the world to millions of users.
Unfortunately, the spies noticed.
This week’s appeal to governments by eight companies, including Google and Microsoft, in the wake of revelations in The Guardian and The Washington Post about National Security Agency surveillance, is a typical blend of noble aspiration, self-interest and naivety. Ultimately, it is useless. If you have a jar of jam, expect wasps.
As Mark Zuckerberg, Facebook’s chief executive, has complained, President Barack Obama’s careful reassurance that there is no mass surveillance of Americans is “really bad” for his international business. What are the chances of foreigners being granted the same (limited) protection from NSA surveillance as US citizens? Very poor.
Intelligence agencies will not stop spying on foreigners and they will not negotiate transparent rules of engagement on how they operate in order to limit the collateral damage to private sector businesses. Spies are paid to be sneaky.
Silicon Valley has to help itself, and it has done too little to stem a loss of confidence in how it operates around the world. The companies’ open letter puts the responsibility for reform on governments that are not likely to help, while emanating corporate inertia.
The companies were shocked by the revelation that the NSA and its UK equivalent, GCHQ, had tapped the fibre optic cables linking Yahooand Google’s global network of servers and siphoned large amounts of data to search for suspicious activity. They are now scrambling (literally) to encrypt data that they naively believed was secure.
This complacence continues. Eric Schmidt, Google’s chairman, argues that censorship and surveillance of the internet could be stopped “in a decade” by advances in encryption. “First they try to block you; second, they try to infiltrate you; and third, you win. I really think that’s how it works because the power has shifted,” he said recently.
This reminds me of Bill Gates’ 2004 prediction that the problem of spam would be “ended” by 2006. No matter how rapidly companies adopt “perfect forward encryption” or double the length of encryption keys, the NSA and its allies (and rivals) will carry on cracking.
Silicon Valley always puts its faith in a technological solution to a problem, no matter how implausible, rather than a structural one that would affect its business. The letter’s signatories gain huge economies of scale from being able to collect, analyse and distribute information and data seamlessly, and do not want to lose flexibility.
Their most valuable assets – pools of data on hundreds of millions of people – are also attractive to spies and official agencies. “They hoard data and want freedom to use it for a profit but they also want governments to keep their hands off it,” says Janneke Slöetjes, a legal adviser at Bits of Freedom, the Dutch digital rights group.
This paradox gives the letter an unworldly air. The demand that governments “should not undertake bulk data collection of internet communications” sounds odd coming from a group that does so itself. In this context, the idea that “where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together” is a pipe dream.
The initiative has merits. Google has pushed the US government to be allowed to disclose the number of requests it makes for intelligence data on individuals. That the largest internet companies (with the exception of Amazon) are united in seeking reform is preferable to a culture of secret complicity.
But they advocate nothing that would be inconvenient or difficult for themselves. On the contrary, under the heading “respecting the free flow of information”, they sneak in a demand that governments must not force companies to “locate infrastructure within a country’s borders or operate locally”.
It takes cheek to oppose such an idea on the grounds of freedom of expression when it is a perfectly understandable foreign response to NSA and GCHQ tactics. Brazil has drafted a law that would force companies to keep its citizens’ data inside the country; and the EU’s “safe harbour” agreement with the US, allowing transfer of data across borders, is under strain.
Such initiatives are hardly a surprise given that intelligence agencies clearly have the technology to hijack data in transit. Germany, for example, is obliged under its 1949 constitution (drafted in the shadow of the Gestapo) to protect the “privacy of correspondence, posts and telecommunications”. Having discovered that the NSA monitored Chancellor Angela Merkel’s mobile phone, it wishes to enforce it.
The companies find all of this unpalatable. It would disrupt the way in which they hold and analyse data and could impose costs similar to those faced by other global/local businesses, such as banks. Also, the measures may not work as intended. US companies (and all in business there) must obey legal demands for intelligence, no matter where the information sits.
But they urgently need to re-establish their credibility as stewards of confidential information, rather than conduits to the NSA. Failing in that task will cause a lot more long-term damage than adjusting the operating model. Blue-sky thinking about the future of technology will not cut it this time.
No comments:
Post a Comment