Sunday, June 9, 2013

Why the NSA Prism Program Could Kill U.S. Tech Companies

http://www.popularmechanics.com/technology/military/news/why-the-nsa-prism-program-could-kill-us-tech-companies-15564220?click=pm_latest

Why the NSA Prism Program Could Kill U.S. Tech Companies

Within 24 hours, the leak of two documents has revealed a vast network of National Security Agency (NSA) surveillance operations that were authorized by FISA (Foreign Intelligence Surveillance Act) courts with the oversight of the U.S. Congress. The first document, which Popular Mechanics detailed yesterday, was a FISA court order demanding all telephony metadata from Verizon Business Network Services over a three-month period, though it hinted at a much broader program of call log data mining. The second document referred to a different—and apparently much larger—program aimed at real-time analysis of web traffic from nine large technology firms, including Microsoft, Yahoo, Google, Apple, and ("coming soon") Dropbox. Details are still murky, but it's clear that this was not some clandestine sniffing effort—it was done with the full cooperation of the companies involved (though many of the companies have denied that this represents an automatic backdoor into their servers).

According to the document, a bizarrely low-budget internal PowerPoint from the NSA, this Prism surveillance program could give the NSA access to email, video chat, VoIP conversations, photos, and stored data from the participating companies. Unlike the call data collection program, this program focuses on mining the content of online communication, not just the metadata about them, and is potentially a much greater privacy intrusion. James Clapper, the director of national intelligence, said in a statement that the Prism program "could not be used to intentionally target any U.S. citizen"—a statement that, given the nature of how data mining is done, should do little to allay the fears of civil libertarians.

Let's say we take Clapper at his word: How much should we worry about a program that is aimed at monitoring the digital communications of foreigners? We should worry quite a bit, because this issue goes far beyond just respecting the civil liberties of non-Americans.

Think for a second about just how the U.S. economy has changed in the last 40 years. While a large percentage of our economy is still based in manufacturing, some of the most ascendant U.S. companies since the 1970s have been in the information technology sector. Companies such as Microsoft, Apple, and Google are major exporters of information services (if you can think of such a thing as "exportable") through products such as Gmail, iCloud, Exchange, and Azure. Hundreds of millions of people use these services worldwide, and it has just been revealed to everybody outside the U.S. that our government reserves the right to look into their communications whenever it wants.

If you lived in Japan, India, Australia, Mexico, or Brazil, and you used Gmail, or synced your photos through iCloud, or chatted via Skype, how would you feel about that? Let's say you ran a business in those countries that relied upon information services from a U.S. company. Don't these revelations make using such a service a business liability? In fact, doesn't this news make it a national security risk for pretty much any other country to use information services from companies based in the U.S.? How should we expect the rest of the world to react?

Here's a pretty good guess: Other countries will start routing around the U.S. information economy by developing, or even mandating, their own competing services. In 2000, the European Union worked out a series of "Safe Harbor" regulations mandating privacy protection standards for companies storing E.U. citizens' data on servers outside of the E.U. For U.S. companies, that means applying stronger privacy protection for European data than for our own citizens' data. And now there is considerable reason to believe that Prism violated our Safe Harbor agreements with the E.U.

Has it come to this? Are we really willing to let the fear of terrorism threaten one of the most important sectors of the U.S. economy? Frankly, I expect the Prism program to fall apart on its own, not because of public outcry but because the companies that participated will now see it as a toxic association that could threaten their status in fast-growing foreign markets. If U.S. intelligence agencies try to compel participation through the courts, I expect companies such as Apple and Google to start putting up a legal fight—not just because Prism is bad public relations, because it's bad for business.

No comments:

Post a Comment