The NSA's Overreach And Lack Of Transparency Is Hurting American Businesses

Economics

from the the-economy-has-been-drafted-into-the-War-of-Terror dept

One major negative side effect of the NSA leaks is the problem it’s causing for US-based tech companies. Not only have they been forbidden to discuss the details and scope of their interactions with American intelligence agencies, they’ve also been put in the worst possible light by some of the revelations.

Very simply put, the actions of the NSA harm American businesses. The NSA’s control of the narrative only makes it worse as existing and potential customers have no way of knowing the full extent of the protection (or lack thereof) surrounding their data. Under the current law, companies can’t even acknowledge they’ve received FISA court orders, much less provide statistics on frequency and compliance. With these restrictions in place, the government becomes the mouthpiece for American tech companies, and that mouth isn’t saying much.

Pointing to the potential fallout from the disclosures about the scale of NSA operations in Europe, [Neelie] Kroes, the European commissioner for digital matters, predicted that US internet providers of cloud services could suffer major business losses.

“If businesses or governments think they might be spied on, they will have less reason to trust cloud, and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets if you suspect or know they are being shared against your wishes?” she said.

“It is often American providers that will miss out, because they are often the leaders in cloud services. If European cloud customers cannot trust the United States government, then maybe they won’t trust US cloud providers either. If I am right, there are multibillion-euro consequences for American companies. If I were an American cloud provider, I would be quite frustrated with my government right now.”

As it stands right now, hardly anyone trusts the American government. Those who are loudest in their defense of these programs also stand to gain the most by their continued existence. And while a lot of the discussion centers around the constitutional issues of harvesting of data on American citizens, the rest of the world isn’t exactly thrilled either, especially considering these rights (even if ignored domestically) aren’t extended to foreigners.

As far as anyone can tell, it’s open season on foreign data and hardly anyone is showing any interest in rolling that back. If a foreign company suspects the NSA might want to sift through its data, why would it make it easier by using US-based companies to store its info or handle its traffic?

For foreigners who don’t regularly read American surveillance statutes, this all came as an unpleasant surprise. And the details of how the NSA administers the mass surveillance programs do not make the surprise any more palatable. Individuals subject to NSA surveillance are almost never notified. The proceedings authorizing the surveillance are secret. The orders and directives are classified. The Internet companies that respond to the U.S. government’s information demands are under gag order, or otherwise obligated not to disclose. And from a foreigner’s perspective, all this happens at the request of a government they can’t hold to account and is approved by a secret foreign court they can’t petition.

In addition to its broad legal authority to spy on foreigners, the U.S. now has a distinct technological advantage in doing so. In the past, the nature of the telecommunications infrastructure meant that NSA commonly had to operate abroad to intercept in real-time phone calls between non-Americans. But today, most communications flow over the Internet and a very large percentage of key Internet infrastructure is in the United States. Thus, foreigners’ communications are much more likely to pass through U.S. facilities even when no U.S. person is a party to a particular message. Think about a foreigner using Gmail, or Facebook, or Twitter — billions of these communications originate elsewhere in the world but pass through, and are stored on, servers located in the U.S.

Because of this, US companies are now viewed as “security risks.” The lack of any avenue for recourse makes the use of US services even less palatable. American companies wishing to do business with foreign companies may find themselves having to set up local servers in other countries, or risk losing that business altogether. The surveillance net cast by the NSA (and others) shows no sign of being pulled back soon, if ever. If attempts at transparency on government requests continue to be rebuffed by the administration, the deleterious side effects of these spy programs will be permanent.

So the first unintended consequence of mass NSA surveillance may be to diminish the power and profitability of the U.S. Internet economy. America invented the Internet, and our Internet companies are dominant around the world. The U.S. government, in its rush to spy on everybody, may end up killing our most productive golden goose.

A recent survey by the Cloud Computing Alliance bears this out. When asked if the “Snowden incident” would make them less likely to use a US-based cloud service, 56% of respondents said, “yes,” with an additional 10% indicating that they had already cancelled a project to use a US cloud service. 36% of respondents from American companies said the Snowden incident made it harder to do business outside of the US.

Also noted in the CSA’s report is that a little transparency would go a long ways towards mitigating the fallout. When asked to rate their government’s data harvesting processes (for security and law enforcement purposes), only 10% rated theirs as “excellent” in terms of understanding the process and having clear documentation. Nearly half (47%) rated theirs at the lowest rung: “Poor, there is no transparency in the process and I have no idea how often the government accesses my information.”

Transparency would help, but so far, the administration and the agencies themselves have shown a reluctance (if not complete antagonism) towards revealing any of the inner workings, much less allowing affected companies to separate FISA requests from normal law enforcement activity. There’s been some pushback from tech companies and rights groups, but for the most part, the NSA seems comfortable with conjuring up the specter of terrorism in order to fight off any requests for transparency.

With no openness and no effective limits on US surveillance efforts, US companies are going to continue paying the price for the government’s lack of credibility.

Kroes warned that US firms could be the biggest losers from the US government’s voracious appetite for information.

“Concerns about cloud security can easily push European policy-makers into putting security guarantees ahead of open markets, with consequences for American companies. Cloud has a lot of potential. But potential doesn’t count for much in an atmosphere of distrust.”

Filed Under: harm, nsa, nsa surveillance, trust, us businesses