Our democracy has thrived over the last 237 years because patriots have actively defended the core values that lay the foundation for freedom and civil rights. The president may think he’s quieting the storm, but his technical review group is already widely perceived as a hollow gesture. Until the White House implements a truly transparent and independent review, it should expect to fail in its attempts to win the public’s trust.
Sascha Meinrath, Vice President of the New America Foundation and Director of the Open Technology Institute.
In other words, the administration isn’t doing much to assure the people that the current procedures will be studied or modified to prevent present and future abuses. It seems that the 2013 parody of Sherpard Fairy’s 1998 sticker (on the right in the image above), says it best: “Yes We Scan – Deal With It.”
With regards to the issue, Americans seem to be divided into three main groups. Those who are outraged and do little-to-nothing about it. Those who say “they’ve been doing it for years, what else is new?”. Finally, those that take the “I have nothing to hide thus I have nothing to fear” route. This last group is the most detrimental to the survival of democracy.
Democracy, privacy and freedom aside, the administration’s lackadaisical attitude has serious impacts for US based cloud providers. As predicted, the US government’s stance on the issue is already hurting US cloud based businesses and experts say losses could amount to $35 billion by 2016. As if that wasn’t enough, this 35 billion figure by the ITIF accounts only for lost business. It does not take into consideration the potential increases in operating costs, which could be significantly higher if other countries decide to follow Brazil’s lead and require Facebook, Google and others to store data generated by Brazilians on servers physically located inside Brazil, in order to shield it from the NSA.
Keeping Brazilian’s citizen’s data in Brazilian soil seems like a poor solution: most of said data will, at some point or another, travel thru US pipes, routers and servers, invalidating all other efforts. Sascha Meinrath, in an Associated Press piece, says “there’s nothing viable that Brazil can really do to protect its citizenry without changing what the U.S. is doing”. But what about encouraging availability and ease of use of encryption for services such as email, chat and storage? It sounds sensible policy to pursue, though Mr Meinrath seems to disagree that encryption usage can be made more prevalent with the help of policy, such as a government sponsored open source, encrypted, alternative email service. Regardless of being pushed by policy or not, and while use of alternative services does nothing to protect data that is being placed onto Facebook and Twitter, it is undeniable that switching to an off US soil open-source email/chat/storage service does enhance the privacy for the people around the world using such services.
While longer keys and other measures can help safeguard people’s privacy, as Bruce Schneier puts it, “The math is good, but math has no agency. Code has agency, and the code has been subverted.” So the move to open source, off US cloud providers makes even more sense. And policy can definitely help with this. With leadership of Europe, which has a very different stance from the US in terms of online privacy, the rest of the world could essentially build a parallel service ecosystem, one where online privacy is taken more seriously.
Eventually, as more and more people move off US cloud services, so will advertising dollars, which could further accelerate the trend in losses for US based providers. “Yes We Scan” will likely continue to take an increasing toll on US based cloud service providers. This could end up being a blessing in disguise for the US: since the people and the government don’t seem to be taking much action in this regard, the market itself might end up having to fight for a change. Market forces which, in the case of the US, have a lot more pull than their counterparts in Europe:
The different approaches of the EU and US towards data protection probably stem from history. In Europe, where people have had dictatorships, data protection is declared as a human right and regulated by comprehensive data protection legislation. In this regard, it is worth mentioning that the STASI, the official state security service of the German Democratic Republic or GDR (informally known as East Germany), employed 500,000 secret informers. The task of 10,000 of these informers was to listen to and transcribe the phone calls of citizens. In contrast, in the US, the attitude towards data protection is governed mainly by market forces.
Daniel Dimov, from the Infosec Institute, on “Differences between the privacy laws in the EU and the US“
What’s your opinion?