If you have "no place to go," come here!

US tech companies hamstrung by US surveillance

danps's picture

About two and a half years ago I posted on the danger of the US turning into a tech pariah over its data collection policies. At the time I thought the main sticking points would be foreign governments' concerns about their own confidential data being sent abroad, and objections to privacy violations that American companies' indiscriminate collection practices (e.g. Google Street View) would subject their citizens to.

I was wrong about that issue being a simmering pot getting ready to boil. It just sort of stayed on the back burner, which I still find somewhat surprising. There has been pretty compelling evidence since as least 2006 that US tech companies have been allowing the government to indiscriminately suck up Internet traffic. Though the Wired article characterizes it as being in the service of a domestic surveillance program, it seems clear that the program would not exclude foreign traffic.

Maybe it was an out of sight, out of mind situation; maybe foreign governments weren't willing to confront the US as long as their own citizens were in the dark; who knows. For whatever reason, the merger of American IT companies' data and the US government's surveillance apparatus didn't seem to trouble anyone too terribly much - until Edward Snowden came along.

The details from his leaks have stirred up serious worries outside the States. The main source of concern (and I feel like an idiot for not anticipating this) is the implication for the business community. Individuals having their data collected and shared without their consent are still pretty much on their own. But companies that are purchasing remote storage - also known as The Cloud and Big Data - in the US do not have to simply resign themselves to having the National Security Agency blind carbon copied on anything they put there.

There is already evidence that purchasing decisions are changing based on this; for just one eye-popping example (emph. in orig.):

In a survey conducted after the Snowden leaks, 10% of the foreign companies using cloud computing services said they'd already cancelled a project with a US cloud provider and 56% said they'd be less likely to use US-based providers.

Those providers are over a barrel now. They can't just give earnest assurances that they really value their customers' privacy and work super hard to keep it protected. Everyone knows the US government is pretty much destined to end up with any data that gets stored on American soil. The spying capability has been getting baked into domestic infrastructure for years now, probably to the point that there are more back doors than anyone can even keep track of.

There isn't really any easy way out, either. An injury that long in the making will take a long time to rehabilitate. One action that might help would be increased Congressional oversight of the NSA, which could help explain why the recent bill reining in the NSA lost by such a surprisingly thin margin. (It would also be a cynically appropriate parallel with Europe: Violation of citizens' rights are yawned at, but threats to corporate profitability get immediate action.)

The one thing these companies have going for them is a lack of ready competition. I'll double down on my 2011 prediction that other countries will start to prioritize server farms located on their own soil. It may now start to be seen as a matter of each country's national security to have its most important data confined within its borders. Until that infrastructure is built, though, American companies have some time to repair their reputations.

While storage providers have gotten the most attention on this issue, there may be an impact on device makers as well. A pecking order could develop based on how tightly integrated they are with US tech. At the bottom would be those like Apple based in America and running American operating systems. Next would be foreign device makers like Samsung, HTC and Nokia that run American operating systems like Windows 8 and Android. Then at the top, funny enough given their dismal market share, would be non-American companies running non-American operating systems. In other words, a company like BlackBerry that has a good (but not bulletproof) reputation for security might be well positioned to thrive in an environment that suddenly undergoes a seismic shift.

Predictions are dicey, obviously. But regardless of what happens going forward, American tech companies are suddenly in a real jam. There's no easy way out of it either, because outside the US there is openness to alternatives that would have been hard to imagine not too long ago.

No votes yet


danps's picture
Submitted by danps on

I saw that this morning too. The fallout begins...

Submitted by lambert on

We might also remember that encryption -- until it reaches critical mass -- is a red flag.

danps's picture
Submitted by danps on

If the provider is encrypting absolutely everything, that's a huge deal. I agree with you on the need to scale. if I send one encrypted email, red flag. If I encrypt ALL my email, red flag (don't know if it's bigger or not), but it creates a small haystack to hide sensitive information in.

If me and everyone I communicate with encrypt all our email, red flag, bigger haystack. At some point of moving back the critical mass hits, but I think a provider that encrypts everything makes it impossible for a spy agency to know where to zero in. That's too big a haystack.

Alexa's picture
Submitted by Alexa on

for you, please.

You mention the 3 levels of "device makers."

Recently, Mr A and I got matching Androids (Samsung), but I'm not wild about mine (as a phone, that is), so I've kept my Blackberry active, until I decide which way to go.

I'm certainly not a cyber-nerd, so I need a bit of clarification regarding your analysis of the 3 types (American vs foreign) of device makers.

Are you saying that one's personal "security" would not be breached as badly using a Blackberry, since the device maker is a Canadian-owned company?

Or, did I completely confuse/miss your point?

(More to the point, I'm asking since my Blackberry is my Twitter and email phone anyway,will my Blackberry email accounts "escape the same degree of scrutiny" as the emails that I would receive on a Samsung Android (if I should decide to set up an account on that phone)?

Hope what I'm asking makes sense. ;-) Thanks.

danps's picture
Submitted by danps on

Yes, you got my point.

I don't think there's any way to know where all of a company's servers are located, but I do know in the past BB has butted heads with countries like India and the UAE over this.

I'm actually not sure if BB has servers in the US - maybe it does, and I'd actually assume citizens here are having their BB data sucked up as much as with anyone else. (It might be a little bit more protected, but I don't think by much.)

Outside the US, though, that's a whole other issue. BB could assure, say, Egypt that none of their country's data was going through any US infrastructure. And BB certainly is under no obligation to provide back doors or other means for US intelligence agencies to listen in. They are walled off from that in a way Google or Apple isn't. The Canadian government might (under US pressure obviously) lean hard on BB to do just that, though.

Alexa's picture
Submitted by Alexa on

was a fluke with one of our phone accounts a month ago (intended to close out one phone account, but my Blackberry account was accidentally cut off, instead).

Anyway, unlike the other phones we've had with this phone carrier, it takes up to "2 hours" to get a Blackberry phone reactivated, since they don't control the BB Network (so to speak).

You're probably right about the US possibly "leaning on" the Canadian government, though. And with Harper (if he's still the head), it probably wouldn't take much to get him to go along, LOL!

I'm still trying to figure out how Canadians elected the dude!!!

Have to wonder if their electorate, has become as "clueless" as the American electorate, heaven forbid!!!

transcriber's picture
Submitted by transcriber on

I thought all the governments were cooperating, and doing the pea-shell thing on us:

From Craig Murray, UK, 7/3/13:

I have repeatedly posted, and have been saying in public speeches for ten years, that under the UK/US intelligence sharing agreements the NSA spies on UK citizens and GCHQ spies on US citizens and they swap the information. As they use a shared technological infrastructure, the division is simply a fiction to get round the law in each country restricting those agencies from spying on their own citizens.

I have also frequently remarked how extraordinary it is that the media keep this “secret”, which they have all known for years.