A year ago this week, it became known outside of secretive circles that the US National Security Agency had been collecting mass amounts of data on the American public and international citizens.
Over the following 12 months, Edward Snowden, the obscure NSA contractor who leaked the documents that revealed the extent to which government agencies have access to personal data, became the face of a movement calling on the US government to be more transparent when it comes to the use of internet technologies for surveillance.
Some of the loudest calls for government surveillance reform are coming from companies that handle and host data on the web. Many, after all, were forced to hand over customer data to government agencies through orders issued by Foreign Intelligence Surveillance Court orders without informing them. The NSA even managed to secretly intercept unencrypted data flowing between Google’s private data centers. Consequently, companies handling private data have been working to strengthen their security and ensure that customer data is encrypted at key points.
But many tech companies think the government could do more to ensure customer data isn’t being unjustifiably subject to search by government agencies.
A group known as Reform Government Surveillance represents many of the largest tech companies including Yahoo, Google, Dropbox, Microsoft, Apple and others, is calling on the government to help restore the confidence of Internet users. They say it’s essential that US surveillance efforts are restricted by clearly defined laws, proportionate to the risks, transparent, and subject to independent oversight.
In a letter from Reform Government Surveillance published as a full-page ad in several major newspapers, the group states, “We understand that governments have a duty to protect their citizens. But the balance in many countries has tipped too far in favor of the state and away from the rights of the individual. This undermines the freedoms we all cherish, and it must change.”
They say that the government’s attempts to limit government surveillance haven’t gone far enough to regain confidence in the Internet. For instance, the USA Freedom Act, which the US House of Representatives passed last month, has been widely criticized for potentially permitting the bulk collection of Internet metadata.
While tech companies are worried that potential customers won’t trust them to host their data if it is subject to government surveillance, Wikipedia founder Jimmy Wales and others worry that US government surveillance set a bad example for regimes who seek to censor and oppress citizens. Wales told reporters in November 2013 that surveillance causes distrust of foreign services, causing many countries to take a more insular approach to internet services, and in many cases this means greater government involvement.
Playing to the distrust of services hosted in the US, foreign countries are creating services designed to keep data away from US surveillance and adhere to strict privacy regulations. Swiss telecom company Swisscom, for instance, revealed plans to create a cloud service that would store data within its borders.
Aaron Levie, CEO of US cloud storage provider Box, has argued that country-specific clouds could lead to balkanization would mean that it would be harder for large international tech companies to enter foreign markets. Levie said this would impose unfair limits on technology.
It appears that companies are more likely than before to be interested in where and how their data is stored, and some foreign corporations and governments don’t trust US corporations to handle their data.
The US government has been forced to respond to the Snowden revelations by introducing measures designed to appease tech companies, and to help restore the public’s trust in the US surveillance machine – with varying success.
President Barack Obama issued a presidential policy directive in January that added certain provisions requiring the Foreign Intelligence Surveillance Court to declassify more of its decisions and allow National Security Letter recipients to divulge more information about them, such as their number and nature. The Department of Justice provided new guidance, authorizing Verizon, AT&T and other telecoms to disclose certain information, in a specified manner, related to the NSL and FISA orders they have received.
Many worry that the government isn’t doing enough, and that the government’s actions might help assuage public outrage over the surveillance, actually allow its internet data collection schemes to carry on.
A year of revelations involving the US government and various other worldwide governments, with whom it often partners, has placed the issue of internet surveillance in the public eye. Developing and putting in place new online privacy principles will be essential in re-establishing trust in third-party services that handle customer data.
Trust is certainly one of the barriers that could make or break the next-generation hosted cloud services likely driven by more and more specific data. Governments may see companies that host and process data as a convenient source of information on “persons of interest,” but there’s a real risk that governments are impinging on personal freedom and hurting tech companies in the process.
For the internet to remain a place where companies can freely choose technologies and communicate without fearing that their data will be unfairly searched and seized, governments need to provide citizens assurances that they are not overstepping their bounds. With 12 months already passed, we’re still waiting for these assurances.
Editor’s Note: To learn more about the impact of Snowden’s revelations on the hosting and cloud sector, consider attending the HostingCon session on Tues., June 17, “The Post Snowden World One Year Later: What Has Changed?”