James Fallows recommends a Guardian column from this weekend about the real effect of the Edward Snowden affair. John Naughton says it's not about Snowden—and I agree. Rather, it's about what we now know:
Without him, we would not know how the National Security Agency (NSA) had been able to access the emails, Facebook accounts and videos of citizens across the world; or how it had secretly acquired the phone records of millions of Americans; or how, through a secret court, it has been able to bend nine US internet companies to its demands for access to their users' data.
Actually, this isn't really true. We've known for years that federal agencies have been issuing NSLs and warrants to get data from Facebook and others. We've known for years that the NSA was collecting phone records.
Which isn't to say that Snowden's disclosures haven't mattered. They have. The public (and Congress) react far more strongly to documented details than they do to general knowledge that something is going on. Snowden's revelations have plainly galvanized public opinion and spurred Congress into action. That's a big deal. But it's not because we really know all that much more than we did before. This is why I'm a little skeptical of the conclusion Naughton draws from this. I'm going to quote Fallows' version of it since it's a little clearer:
In short: because of what the U.S. government assumed it could do with information it had the technological ability to intercept, American companies and American interests are sure to suffer in their efforts to shape and benefit from the Internet's continued growth.
- American companies, because no foreigners will believe these firms can guarantee security from U.S. government surveillance;
- American interests, because the United States has gravely compromised its plausibility as world-wide administrator of the Internet's standards and advocate for its open, above-politics goals.
Why were U.S. authorities in a position to get at so much of the world's digital data in the first place? Because so many of the world's customers have trusted U.S.-based firms like Google, Yahoo, Apple, Amazon, Facebook, etc with their data; and because so many of the world's nations have tolerated an info-infrastructure in which an outsized share of data flows at some point through U.S. systems. Those are the conditions of trust and toleration that likely will change.
This is one of those arguments that I'd really like to believe. After all, it's perfectly logical, and it helps make the case against a program that I don't like. And yet, for several reasons, I just don't think I buy it.
First, I suspect that the vast, vast majority of overseas Facebook/Microsoft/etc. customers already assume that intelligence agencies can read their files if they want to, and they just don't care. These users aren't spies or terrorists, and rightly or wrongly, they believe that intelligence agencies aren't interested in them and won't find anything interesting even if they are.
Second, would moving to a non-U.S. service protect you? Sure, if it's one of those super-secure, highly-encrypted data vaults you read about once in a while. But that's something very few people are interested in. They just want ordinary internet services: email, social networking, chat, etc. And if you're a foreign national using a non-U.S. service, guess what? The NSA has no restrictions at all about spying on you. It's true that they actually have to figure out how to get your data, since they can't just demand it via warrant. But they can use any method they want to intercept or steal it. There are no rules when it comes to overseas data.
Third, I assume that most foreign governments have police and intelligence agencies that work in much the same way as the FBI and the NSA. We don't hear much about this since they operate on a far smaller scale, but if the French police want access to your email, they can get a warrant issued for it. Likewise, I suspect that French intelligence agencies have some of the same data mining capabilities as the NSA. It's certainly nowhere near as broad, but I'll bet it exists.
Put all this together, and it's really not clear to me that broad public reaction is going to be very strong. Will Danish users stop using Facebook until some Danish company creates an alternate social networking platform? Probably not. The fear of NSA spying is simply nowhere near as compelling as the huge inconvenience of everyone being on a different platform and being unable to chat and share pictures with their friends in other countries.
As for businesses, they're probably less interested in avoiding NSA spying than they are in staying ahead of hackers and concealing their more dubious dealings from ordinary law enforcement agencies. Using a non-U.S. platform won't do them any good on either of these scores.
We'll see, of course. Maybe this is the beginning of a long decline in U.S. information services, as overseas users start to move to other platforms. It's possible. Unfortunately, I sort of doubt it. At most, I suspect we'll start to see a bit more nationalistic reliance on domestic network infrastructure, but that's something that's always been likely anyway. Beyond that, people will just keep on doing what they've been doing.
UPDATE: For a contrary take, read Henry Farrell here. He believes that privacy authorities in Europe will drive major changes in surveillance law, which is a fairly widespread view. I suspect that things will turn out differently than Henry does, but it's worth reading his argument.