The Tech Industry Is Making A Big Mistake: It's Time To Suck It Up And Fight Back Hard Over NSA Surveillance
from the stop-dancing-around dept
We’ve been trying to make the case over the past few months that the tech industry should be furious about what the NSA is doing, while also pointing out that it’s likely to be very costly for a variety of American companies. Unfortunately, many still don’t seem to be getting the message. Even with Lavabit shutting down rather than succumbing to order to do much greater surveillance, it still seems like many in the tech industry either seem to think this isn’t a huge problem or that it will sort of blow over.
They’re taking a really big risk there, and almost certainly making a huge mistake. Asking for the right to be more transparent is a good start, but it doesn’t go nearly far enough. As we noted with President Obama’s speech, it’s not just more transparency that people want here — they want less spying. And, as a part of that, they need to know that companies will stand up and fight for their users’ rights. And while a few tech companies have shown signs of doing that, it’s still be fairly muted.
Bruce Schneier has a great post over at The Atlantic highlighting why many in the tech industry need to be much more proactive in fighting back against government surveillance of their users, showing that they’re protecting their users, rather than acquiescing to lots of government requests. The trust being lost in these companies won’t come back easily. Schneier’s column is targeting the heads of various tech companies directly:
The NSA probably told you that your cooperation would forever remain secret, but they’re sloppy. They’ll put your company name on presentations delivered to thousands of people: government employees, contractors, probably even foreign nationals. If Snowden doesn’t have a copy, the next whistleblower will.
This is why you have to fight. When it becomes public that the NSA has been hoovering up all of your users’ communications and personal files, what’s going to save you in the eyes of those users is whether or not you fought. Fighting will cost you money in the short term, but capitulating will cost you more in the long term.
The fallout from not fighting back is going to be extremely costly. I know that many large companies have been trying to play it safe here, but if they’re going to regain necessary trust, they need to ramp it up, going beyond just seeking greater transparency to being much more proactive in fighting back and standing up for their users’ rights publicly.
Filed Under: nsa, nsa surveillance, privacy, surveillance, tech industry, user rights
Comments on “The Tech Industry Is Making A Big Mistake: It's Time To Suck It Up And Fight Back Hard Over NSA Surveillance”
A proper question here would be: was lavabit listed in the stock market? I’m guessing that once companies are big enough and their “ownership” is more distribute it becomes hard to take short term risks like lavabit did regardless of how extreme it was. You have a horde of share holders breathing right behind your neck. Just look how the very corporative culture of Google changed after they went open. The death of Google labs being the most visible sign for me.
I think that so far they are doing what they managed to reach a consensus to do together not to get too exposed to Govt retaliation. Not that it’s the wisest decision, I agree with you that this will be more damaging in the long term. So far I haven’t switched from Google and I never blindly trusted them but this certainly made me more wary. Thankfully I broke my relations with Microsoft online services a while ago. Right now I’m trying to get fully rid of Windows. Facebook? pffft. And honestly, do we really think there are not less known, smaller companies that are in bed with the NSA?
Re: Re:
No. Lavabit is a small company. So is SilentCircle. You’re right, once a company is big enough, a CEO who tried to shut the company down to protect customers would be ousted by the board or shareholders.
So if you want secure email or cloud services, and can’t/don’t want to run it yourself, the only answer is small companies that are willing to do a “corporate seppuku” instead of appeasing the NSA.
https://www.cryptocloud.org/viewtopic.php?f=9&t=2954&p=3920%23p3920
Privacy Seppuku. This turns the game into whac-a-mole for the NSA. Just like copyright organizations trying to take down file sharing sites, the NSA wouldn’t be able to stop it. As soon as they approach a company to try to get wide access to data, the company dies. But it’s reborn a short while later with a new name, new domain, but same services running from the same (open source) software, on the same hosting provider (or maybe a different one, since there’s lots of hosting providers out there). What is the NSA going to do, arrest the owner? Then they can fight it openly in a real court.
Re: Re: Re:
Agreed.
Another Open Source project along this line :
https://gnunet.org/
I suspect development may get more ‘motivated’.
Mike .. you have a pretty solid name on the web . It would be Interesting If you approached the antivirus (Avast Norton )community and ask them if they’ve been asked to share user data and backups .. I’m extremely curious to hear their responses..
Re: Re:
” I’m extremely curious to hear their responses..”
Statistics.
There are two problems. First, the tech industry is doing the same spying themselves in order to ensure profits. The spying on users that the tech giants are doing is rampant and considered a good thing and it even involves larceny because yes, they own your emails and posts. Second, tech people are rather shallow and greedy and this has been true since at least the Dot Com bubble, when the Gold Rush mentality took hold, and as such they are often not ethical people. The tech industry may talk the talk for people who are dumb enough to believe marketing hype, but they will never walk the walk; only the EFF and FSF do that.
Re: Re:
Wow, way to paint with a broad brush! I’ve been in the industry for a long, long time and I can say that the percentage of individuals I’ve met who are shallow, greedy, and unethical is lower than the percentage in the general population.
Now, if you’re talking about the executives of the multinationals, you might have a point — but those aren’t “tech people”, they’re suits.
Re: Re: Re:
I can only conclude that you live in a bubble.
Re: Re:
A point continues to get overlooked in this debate: the actions taken as a result of data collection. Grant the assertion that tech companies collect and process data on their customers; let’s not even quibble about calling it ‘spying’.
The purpose of government spying is to identify and kill enemies of that government.
The purpose of corporate spying is to sell you products and increase shareholder value.
Conflating the motives of governments and corporations is disingenuous.
Re: Re: Re:
Exactly, there are things I would happily share with a business I frequent I wouldn’t necessarily want the government to know and that is in no way what-so-ever a double standard because each group is offering a different trade-off for getting the information.
Re: Re: Re:
Except where government and corporations should be conflated, as in: contractors that directly benefit from all our ‘war on’s’.
Re: Re: Re:
It isn’t disingenuous if you consider one thing:
That the focus of government has clearly shifted from serving the interests of the American people to serving the interests of the larger corporations. Therefore, over time the purpose of government spying become whatever purpose those large corporations want them to be.
Re: Re: Re: Re:
That the focus of government has clearly shifted from serving the interests of the American people to serving the interests of the larger corporations.
thats Adam Smith for you
Re: Re: Re:2 Re:
I think Adam Smith got it pretty much right. However, the current ‘free market’ as implemented in the US isn’t at all what he thought capitalism should look like. One example is that he was against corporations (in the old meaning of the word), since those cause monopolies or cartels, and a market run by a monopoly or cartel isn’t a free market at all (see for example the US mobile phone industry).
Re: Re: Re:3 Re:
Lack of oversight, lax regulation, globalism, outsourcing, globalism and lobbying are what’s brought the “free market” to this sad state of affairs. The market has become corporate warfare; the monopolists are experts at putting road blocks in the way of otherwise potentially competitive business owners. If not for locking mostly standard ideas under the lock and key of patents, the market would open up vastly to allow for far more competition, forcing bigger companies to actually work to innovate in order to remain relevant. As it is, they can pretty much sit on their hands and rely on all the protectionism and entitlements they’ve lobbied for and the checks will keep rolling in.
Re: Re: Re:4 Re:
Exactly. Without appropriate oversight and regulation, there can be no free market.
Re: Re: Re:5 Re:
‘Oversight and regulation’ lead inevitably toward regulatory capture and cronyism. The best limits are, as always, carefully enumerating rights so that other private parties curtail bad actors rather than depending on some kind of clairvoyant central planner to anticipate problems and ‘regulate’ for them ahead of time.
Re: Re: Re:6 Re:
Exactly how would this work? Are there examples of it working in the past?
Re: Re: Re:4 Re:
You need to realize that protectionism, entitlements, and regulations are all just different words for the same thing.
Re: Re: Re:5 Re:
That’s simply, objectively, untrue.
Re: Re: Re:
He’s not conflating their motives. He’s saying that since the big tech companies are determined to conduct ever vaster and more intrusive spying, however benignly motivated, fighting against spying is fighting against their own self-interest, and that’s why however much we want them to, they are unlikely to.
Corporations are people my friend
The notion that corporations are people irks me to no end, but…
Let’s assume that corporations are people. Wouldn’t the data that users give to those corporations be their property? So, in essence, wouldn’t any large scale, undirected collection of that data be a violation of a corporation’s 4th Amendment rights? Even if you buy the argument that you have no expectation of privacy when you make a phone call or send an email, shouldn’t the corporation be afforded its right of privacy since, technically, that metadata belongs to them? Is that even an argument worth making?
Re: Corporations are people my friend
Corporations are only people when it is useful to those in power to consider them thus. When it is not so useful, then corporations are…corporations.
Aligned interests along which principles?
The real question is: Isn’t this an alignment of interests?
Ultimately several of these companies have built their entire business proposition on people not having, in fact not even wanting, privacy. That goes for Facebook & Google which openly admitted “data drives it all” in less controversial days. So are these companies really interested in a drawn out public discussion and political process to define what privacy people should have? Or wouldn’t they rather that this whole thing dies eventually and business continues as usual?
Perhaps it’s time for people to ask the question of where to find companies and technology that is aligned according to their request. To me that means Open Source and companies where the business model aligns with the user. But that won’t come free. Because if you’re not paying, your’re not the customer, you’re the product being sold.
We focused on offering just such a service with MyKolab.com, see MyKolab.com: Building the Open Source Cloud service that was missing. I’m sure others will follow. Now it is for the people to vote with their feet what kind of society they’d rather be living in. And if what we’ve seen over the last days is any indication there are at least some people who prefer one that offers liberty and privacy.
Re: Aligned interests along which principles?
Because if you’re not paying, your’re not the customer, you’re the product being sold.
Interesting because Microsoft products are generally paid. And yet there are backdoors there. Skype may be free but there are premium features. That logic is flawed.
Re: Re: Aligned interests along which principles?
True. Paying alone won’t solve your problem. You need to pay for the right things. Hence the pointer to Open Source, which is excellent at keeping companies honest.
But no offer is actually “free”. Just sometimes the payment is non-obvious and further reaching than one would think.
Re: Re: Re: Aligned interests along which principles?
Like representation in government? Is that what you mean by paying for the “right things”?
Re: Re: Re:2 Aligned interests along which principles?
You’re too cynical for me, I am afraid.
But paying for software that you have no control over, that in fact you don’t even own, and that curtails your ability to choose freely would qualify as “not the right thing” in my book. Microsoft is the prime example of that.
Re: Aligned interests along which principles?
Why this constant conflation of keeping things private from a government that can accuse and imprison you and keeping things private from a third party you’re interested in getting services from?
Re: Re: Aligned interests along which principles?
@AC: “Why this constant conflation of keeping things private from a government that can accuse and imprison you and keeping things private from a third party you’re interested in getting services from?”
Because there’s VERY little separation left between gov’t and corporations! Snowden says (as the more astute long knew) that NSA has “direct access” to Google’s servers. And as I’ve often said, Google is just a self-funding front for NSA. — It’s not We The People who are “conflating” this: it’s gov’t and corporations intentionally mingling in order to “monetize” our liberty.
And there’s NO need to allow Google and other corporations to operate however they wish: they are not persons, they are legal fictions, meant to serve the people, not rule over us. Didn’t use to be this way, kids: the trend is always this way, but corporatism was set back by anti-trust and the New Deal, and must be again before they gain total power.
Re: Re: Re: Aligned interests along which principles?
And the way to fix government having “direct access” is to curtail what the government is allowed to legally access. Everything else in your comment is nonsensical, anti-corporate gibberish with no meaning. This isn’t an all or nothing proposition. There are checks to Google or anyone else’s ability to use this data that are far stronger than those on the government. I get that that’s your ideology but it’s just mush.
Re: Re: Re:2 Aligned interests along which principles?
@ AC: “There are checks to Google or anyone else’s ability to use this data that are far stronger than those on the government.” — YES, that’s TRUE, but meaningless! Obviously those checks aren’t enough to STOP Google from doing as they wish with MY information AND yours AND billions of other people’s. Where do you see any sort of actual limits?
One valid purpose for gov’ts is to pit that power against corporations so that neither gets more control. The very premise of this piece is that corporations should push back. They’re NOT doing so, but are conspiring WITH gov’t.
Rest of your post is sheer contradiction, not substance. Any ankle-biter can contradict.
Re: Re: Re:3 Aligned interests along which principles?
Any ankle-biter can contradict.
And Blue would know because he’s a pro!
He ankle-bites just about every single article on Techdirt.
Re: Re: Re:3 Aligned interests along which principles?
In other words you’ve noting more to add to ‘blah blah corporations bad’ and you refuse to even address the point that the most direct way to curtail government access is by placing limits on the government and not some round-a-bout method that, surprise surprise, just happens to serve your own personal ends and involves heavily restricting what kinds of agreements consenting parties can enter?
Re: Re: Re:3 Aligned interests along which principles?
It’s been pointed out to you almost every time you bring this up as if Google is the primary agent behind all this and not the government but I’ll repeat it for the sake of being thorough: It requires consent. And with that we have a massive limitation right off the bat. If you don’t Google in your life don’t bring them into your life, a far stronger active defense than anything a citizen could muster against the Government.
Re: Re: Re:4 Aligned interests along which principles?
She’s a crazy cat copyright lady with a girl-boner for Mike. What do you expect from her, rationality?
Re: Re: Re: Aligned interests along which principles?
Whatever you say, Cary Sherman cocksucker.
Re: Re: Re: Aligned interests along which principles?
Why was this post reported until it was hidden? Out of the blue may be 95% crazy but this post seems on topic to me and without the usual attacks on Mike.
…while also pointing out that it’s likely to be very costly for a variety of American companies.
That might be true for the smaller fish out there, but aren’t the larger entities like AT&T and Verizon (and probably Microsoft & Google too) actually profiting from these actions?
https://www.techdirt.com/articles/20130710/14182423760/telcos-volunteered-to-hand-over-data-to-nsa-got-over-100-million-it.shtml
Will some fraction of their user base defecting be enough to dissuade them from such actions?
"fight for their users' rights." -- HA! What's below naive?
Listen, Mike, corporations feed off their users just like ticks: the only use for users is as food to propogate more parasites. — Yot, even your precious Google, which is quite literally building the robots to replace humans.
Edward Snowden: Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren’t fighting for our interests the same way — Ed, those soul-less amoral entities care only about the billions they get BEING snoops!
Re: "fight for their users' rights." -- HA! What's below naive?
Aw, blue. And here I thought with me posting a story that criticizes the tech industry that you and I might finally agree on something. You so hate the industry, based on an astounding level of ignorance that you can’t even recognize when I’m more or less agreeing that they have too much power and aren’t doing enough to protect their users.
Oh well, I guess I’ll go back to my cave and continue to plot about how I might, one day, finally write a post that you’d agree with. Because, you know, all I long for is your approval.
I smell a business opportunity. Imagine if EFF, Public Knowledge, CDT, ACLU, Calyx Institute and other similar organizations banded together to offer an encrypted communications platform. They could offer it ad-free for a low monthly fee. And they shouldn’t lose their non-profit privileges because this would clearly be aligned with their charitable missions. What are they waiting for?
I suspect
that the bigger impact won’t be from individuals going elsewhere, but from foreign corporations that want to avoid being sued under privacy legislation in other countries, and that just want to keep their own corporate secrets secret.
The problem with industry is that the tax breaks they were so fond of receiving to line there own pockets go bye bye when they attempt to bite the hand that feeds them.
And I second the “What’s below Naive?” sentiment from out of the blue.
Re: Re:
The problem with the sentiment is it ignores the possibility that throwing their lot in with the government on this issue will cost them money. No one actually suggested they’d do it out of the goodness of their hearts. What was actually said was “Fighting will cost you money in the short term, but capitulating will cost you more in the long term.” so it’s actually greedier to fight for user’s rights.
What restrictions are placed on how the data collected by tech companies is used? What controls are in place to restrict who can see your information? What transparency is mandated of them?
Every day these companies are restricted by a tenuous form of mutually-assured destruction. You would likely have no legal recourse if Google or Facebook published your entire browsing history in the New York Times. You trust them not to do so presumably because if they did, the loss of reputation would be catastrophic to their bottom line. But let’s assume in 10 years the situation is not so rosy and they are bought out at a corporate fire sale after some financial mismanagement crisis or something. Is your data still safe?
These companies can do nearly anything they want with your data as long as you don’t get too suspicious that they are doing it and their methods remain suitably secret. Witness Eric Schmidt: “Google policy is to get right up to the creepy line and not cross it.” You can complain all you like about the government being precise about the distinction between ability and authority. Google has the ability and is not constrained by authority. They can do anything creepy that they want as long as the creepiness isn’t obvious to end users – and that constraint only exists to keep end users from asking too many questions and causing a scandal, not because there would be any criminal or civil penalties involved.
“But we can opt out of Google!” You can certainly try. Google owns DoubleClick and a huge portion of the Internet ad market. Run AdBlock if you like, and maybe you can partially opt-out. Maybe. Can you simultaneously opt out of the big telecom companies that run the backbone routers? Do they need anything like a court order to read all your Internet traffic? You can opt out of all Internet surveillance too by not using the Internet. Using “I can opt out” as a way to distinguish the government from large data-driven companies is fallacious.
In Europe things are slightly different due to much stricter privacy laws, in some places anyway. But the US is quite a bit more of the Wild West.
Good for you holding the tech companies feet to the fire. Now, exactly what is Techdirt doing about this?
P.S. Railing on a blog doesn’t cut it.
Re: Re:
P.S. Railing on a blog doesn’t cut it.
Says you.
I would think that informing your large readership that is heavily weighted with tech-savoy types of these developments IS doing something and actually does “cut it”, as you put it.
Once other countries start moving away from American IT services and they see their stock prices fall, that’s when you’ll see a privacy fire lit under their butts.
The only one at any tech company who fought the feds was Steve Jobs that fight ended when he died. Time for an android product for me.
a lot of people will try to use foreign companies instead. what they dont realise is that to be able to offer services in the USA, those foreign companies will probably be told they have to include back doors into them for NSA surveillance! and so it will continue. it almost makes me wonder if the real aim here is to get people so pissed off that they stop using the internet so it can fall completely under the control of governments. that way, the transferring of information, particularly about wrong doings of governments, politicians and companies wont get spread around, so they perpetrators will be more safe for longer!
Re: Re:
It doesn’t matter — that’s completely unenforceable. The bigger issue is that the NSA has completely free reign to eavesdrop on foreign companies. For all their sins in the US, they are, in fact, restrained to a degree compared to what they can do outside the US.
The better thing to do, and I expect that people will be doing this more and more as the software to do this will inevitably get easier to use, is to stop using third-party services regardless of where they’re hosted. Run your own.
The more people who bail on US TEch and the more people who start up new Computer Business overseas will surely get the US Companies to lose Money and as they lose more and more then they will try to change.But by then it will be to late for them.I won’t feel any sympathy for them as they should of all United and spoke out but they did not.Just like they would not speak out against the Copyright Maximalists.
You make the bed you sleep in………….their bed is looking messy.
I read this article last night after it came out. Bruce does have some points.
Maybe something I don’t remember him mentioning is that at some point a lot of these other governments are going to decide they need their secrets not so exposed. Now whether that means some open source OS or whether it means they do a Russia and return to typing on typewriters is anyone’s guess. But something will come of this point alone, even if they are co-operating with the NSA.
You’ve had two encrypted emails services shut down and another move to Switzerland in this last week. Those are the early adopters. That’s not those that see the problem only after it hits them, which will be most.
As Bruce mentions by that time it is too late for damage control as the damage is already done. People will then be looking for new companies, not the old ones that assisted in enabling all this spying. *I’m looking at you Microsoft, Google, AT&T, to name a few*. These corporations maybe big but not so big they won’t see their bottom lines changing if people start pulling out in mass where there is a choice. This is kinda like the cable cutting where we’ve heard for years cable cutting isn’t a serious problem.. until this month when the numbers are starting to total up in the hundreds of thousands a year along with very few new subscribers despite new households.
There have already been some comments about which companies fight for their users and which don’t. Skype Chat, for instance, only became “available” to PRISM after Microsoft bought the company. Apple is allegedly happy to just pass stuff over, while Google fights everything. Steve Gibson has been saying quite a lot on TWIT’s Security Now podcast over the last several months.
And of course it sounds like Oracle just bends over and spreads ’em whenever a government agent comes near, based on Larry’s “git those Commie bastards” published views.
There is a big tradeoff and too few people actually understand the concept of digital technology….the storage and recall capabilities are convenient….for everyone, good and bad. Keeping out the bad guys, be they ID thieves or spies of all varieties, will always be a problem.