Technology companies: now is the moment when you must answer for us, your users, whether you are collaborators in the US government’s efforts to “collect it all” — our every move on the internet – or whether you, too, are victims of its overreach.
Every company named in Edward Snowden’s revelations has said that it must comply with government demands, including requirements to keep secret court orders secret. True enough. But there’s only so long they can hide behind that cloak before making it clear whether they are resisting government’s demands or aiding them. And now, the time has come to go farther: to use both technology and political capital to actively protect the public’s privacy. Who will do that?
We now know, thanks to Snowden, of at least three tiers of technology companies enmeshed in the NSA’s hoovering of our net activity (we don’t yet know whether the NSA has co-opted companies from the financial, retail, data services, and other industries):
(1) Internet platforms that provide services directly to consumers, allowing government to demand access to signals about us: Google with search, mail, calendars, maps; Facebook with connections; Skype with conversations, and so on.
In its first Prism reporting, the Washington Post apparently unfairly fingered nine of these companies, accusing the NSA and FBI of “tapping directly into the central servers” that hold our “chats, photographs, e-mails, documents, and connection logs”. Quickly, the companies repudiated that claim and sought the right to report at least how many secret demands are made. But there’s more they can and should do.
(2) Communications brands with consumer relationships that hand over metadata and/or open taps on internet traffic for collection by the NSA and Britain’s GCHQ, creating vast databases that can then be searched via XKeyscore. Verizon leads that list, and we know from the Süddeutsche Zeitung that it also includes BT and Vodafone.
(3) Bandwidth providers that enable the NSA and its international partners to snoop on the net, wholesale. The Süddeutsche lists the three telco brands above in addition to Level 3, Global Crossing, Viatel, and Interroute.
So our strongest expectations must turn to the first tier above, the consumer internet platforms. They have the most to lose — in trust and thus value — in taking government’s side against us.
Before Snowden’s leaks, technology CEOs would have had to balance co-operation and resistance, just as the nation supposedly balances security and privacy. If they do not assert that clear control, these technology companies risk losing business — not only from skittish consumers, but also from corporate and foreign-government clients. The Cloud Security Alliance polled companies and found that 10% had canceled US cloud business and 56% were less likely to do business with US providers. Besides taking action to secure technology and oversight within their companies and the industry, right-thinking technology companies also need to band together to use their political capital to lobby governments across the world to protect the rights of users and the freedom and sanctity of privacy and speech on the net. They must take bold and open stands.
I also believe that we must see a discussion of principles and ethics from the technologists inside these companies. One reason I have given Google the benefit of the doubt — besides being an admirer — is that I believe the engineers I know inside Google would not stay if they saw it violating their ethics, even if under government order.