Although America may be more divided, more politically and ideologically polarized, than at any time in the last 50 years, on at least one issue—the National Security Agency’s surveillance of phone and internet communications—there appears to be a near consensus of disapprobation.
Everyone distrusts the NSA and wants to see its activities curbed. Democrats and Republicans, liberals and conservatives, nerds and Luddites, all share a high level of discomfort about the federal government gaining access to their personal information stored on the servers of Google, Facebook, Yahoo and others.
But here’s the question: If we object to NSA’s use of our metadata—revealing our whereabouts, relationships, preferences and more—why is it okay for Google, Facebook et al to possess the same information? Or to put it another way: if tech companies are free to use our voluminous personal data to sell advertising, why are we so offended by NSA’s use of the same information to fight terrorism?
This question, though rarely asked, is at the heart of the debate over US government surveillance programs.
American tech companies have much to lose from Edward Snowden’s revelations about NSA. Google, Facebook et al have thrived by convincing their billions of customers that they can be trusted to protect users’ privacy. Customers are told that their internet searches and browsing histories, their use of email and cloud-based storage, and their sharing of information, photos etc. on social media, will not be compromised.
Customers believe those assurances. They do so not because they think the tech companies are a new species of corporation, different from traditional businesses in their focus on profits and growth. On the contrary, they trust Google, Facebook et al because, when it comes to privacy, they understand that their interests and the tech companies’ interests are aligned.
Central to the tech companies’ business models is the safeguarding of users’ anonymity. Although the companies, of course, know who their users are, their lips are sealed. Customer information may be shared with advertisers, but not customers’ identities. Even subpoenas and other government demands for identifying information are resisted (when the relevant laws afford a basis for doing so). This is true of routine demands in litigation, as well as orders from the secret FISA Court, acting on requests from NSA and the Justice Department.
The tech companies are threatened because Snowden’s leaked documents confirm their worst fears that, without the companies’ knowledge, NSA has had a secret “backdoor” access to their users’ emails and other information. As first reported by the Washington Post, NSA exploited unprotected gaps in communication links between European data centers operated by Google, as well as others across the world owned by Yahoo. NSA had access to the full flow of unencrypted data.
While NSA’s secret harvesting of the data was very likely legal, the revelations nonetheless were seen as a casus belli. Google’s board chairman called NSA’s actions “outrageous,” which is not the sort of language one often hears from top corporate execs discussing government policy. Google—as well as Yahoo and other affected companies—-were angry and fearful because, contrary to their promises, they had failed to protect users’ privacy.
The companies understood that the data breach would undermine users’ trust— so essential to their continued growth. They have been particularly concerned about the impact on their foreign markets (where US legal protections are weakest). More than half of Google’s gmail subscribers reside outside the US. And virtually all of the anticipated growth in Google’s and Facebook’s business is projected to occur abroad.
Overseas users, the companies worry, will opt for indigenous alternatives to Google, Yahoo and Facebook, avoiding the American firms in order to steer clear of NSA snooping.
These concerns are legitimate. But the tech companies, in planning how to respond to NSA’s overreaching, find themselves in the quandary discussed above. Any strategy that depends on building public support for legislation to reform NSA runs the risk of morphing into a broader measure that would also regulate the tech companies.
It’s hard to imagine federal legislation that would limit NSA’s access to the mountains of user data collected by Google and Facebook—yet leave Google’s and Facebook’s collection, analysis and use of that same data completely intact.
In the end, the tech companies’ best defense against the threat posed by NSA surveillance may lie not in politics or public policy, but in technology. Google and Facebook, with their legions of world-class engineers, should develop and deploy technical defenses that will beat NSA at its own game.
A successful defense would block NSA’s secret access through the “backdoor,” forcing the agency to use legal procedures, courts and lawyers. This may not be a complete victory, but it will allow us all to sleep better at night. –PETER SCHEER
——-
Peter Scheer, a lawyer and journalist, is executive director of the First Amendment Coalition. This article does not necessarily reflect the view s of FAC’s Board of Directors.