17 Comments

Summary:

Decision time looms. And as painful as it seems, right now it feels like the only responsible response to the PRISM scandal would be to stop using American web services for any private communications.

Snowden

As details of the U.S. government’s PRISM program continue to emerge, much of the debate in the United States has focused on the constitutionality of the program. This is only right for people within those borders, but it’s a debate that sounds a lot less relevant to many of us in the outside world.

The rest of the world has, in effect, long supported and nurtured a technology industry that revolves around the U.S. The main reason, of course, is the fact that much of the innovation in the tech industry has come out of the U.S. However, there is also the fact that the U.S. has been seen as a trustworthy partner – it would be hard to imagine Europeans willingly throwing their personal communications and virtual life into Chinese cloud services, for example.

Necessary readjustment

Now that PRISM is (at least partially) out in the open, thanks to the efforts of NSA contractor Edward Snowden, I can’t help but feel everything has changed. Whether or not the program has been spying on U.S. citizens, it has certainly had people outside the U.S. in its sights. This is really only starting to sink in, but non-Americans using online services from the U.S.-based Facebook, Google, Microsoft, Yahoo, AOL and Apple are subject to monitoring by the U.S. authorities, and have been for years.

The U.S. is using the world’s most-beloved online services to spy on the world. Whether or not those businesses were willing or even witting conspirators in this program is an interesting detail, but not pivotal. Whether or not U.S. citizens are also being spied on is similarly of relatively mild concern to the rest of the world. The point is, we are being spied on.

Many people have long recognized a privacy tradeoff in using Facebook and Google, but this has been framed within the context of commerce: you let businesses know more about you in order to provide services based on that knowledge. I’ve always felt uncomfortable about that, but I accept it’s a choice that people should be able to make for themselves (even though I believe the consequences of the choice should be made more explicit to the average user).

Responsible response

However, few people outside U.S. borders have been making that choice based on the knowledge that U.S. spies are able to trawl through all this information at will. Even for those who trust their own governments with their security, this is not those governments we’re talking about.

How would Americans feel if it emerged that the British could watch everything they did online? Or the Germans? Or Russians? Do they vote for the British or German or Russian governments? Could U.S. citizens exercise power over those administrations and their actions at the polls? Of course not. So why would anyone imagine it’s acceptable the other way round?

In short, whatever tradeoff Americans might or might not accept in order to safeguard their own security, there is no good outcome here for the rest of the world, which constitutes the majority of users of American web services. We’ve been screwed, and now we have to face some difficult decisions.

As a technology journalist not based in the U.S., I certainly have a lot to consider. I’m not rushing it – there’s a lot to take in, and we still don’t know the full picture. But here are the points running through my mind at the moment:

  • I cannot recommend that those outside the U.S. continue to use Google, Facebook or any of the other services known to be linked to the PRISM program, until those companies clearly demonstrate that it is impossible for the NSA and its ilk to read the data of those people. This definitely applies to all business communications, but also any personal communications that may put the sender, recipient or anyone else in a bad light, should someone choose to use it in that way.
  • Other American online services that deal in private communications must unfortunately be viewed with suspicion, too. It’s not like those services have some kind of immunity from the NSA that Google et al do not have.
  • As my profession precludes me from becoming a digital hermit, even on a temporary basis, it is almost impossible for me to stop using these cloud services without a viable alternative that is located outside the U.S., and it’s not clear that any such alternatives exist yet in a scalable and practical sense. So, for me personally, I will have to accept this quandary for now.
  • Where would these new services be situated anyway? Where is safe from such prying? Which countries are already complicit in PRISM in order to derive data on their own citizens? And what does the U.S. get in return?
  • Will this lead to a balkanization of the web? (I hope not.) If we need a re-architecting of business models and processes around online communications, how can we replicate the best of the systems we have today without reintroducing the same vulnerabilities? Is the answer the decentralization of data control, and how could that work? Will a new degree of complexity – strong encryption and so on – become inevitable?
  • And finally, the point I least want to countenance: Will public opinion allow the current situation to be normalized and, if so, how do I as someone who finds the situation repellent continue to operate in this industry while maintaining a clear conscience?

As yet, I have come to no firm conclusions. But I can say this for sure: For web users around the world, everything has changed. It is unacceptable to pretend otherwise, and that means some really tough choices will soon have to be made.

  1. No one cares. EFF has been trumpeting the alarm since at least 2005 on provisions of the “Patriot” Act that the government is using as an excuse for massive surveillance of US citizens. The response has been a collective yawn as we all go back to watching the latest reality show on TV.

    Maybe a few more of the digerati will turn to PGP for a couple of months, but overall the American public clucks a bit, doesn’t really understand the issue, and goes back to sleep.

    Share
    1. David Meyer Monday, June 10, 2013

      I hope that’s not the case this time, now that a we-suspect has become a we-know. But as I say, those outside the U.S. will see this whole affair slightly differently from those within.

      Share
  2. How about your phone OS, how about your router (maybe Huawei and ZTE gear is too secure,not having a NSA backdoor and all) , how about the internet of things – wouldn’t it be lovely if NSA manages your home?
    Besides, we are not giving away just our privacy,we are giving away free will and that is a hell of a lot more dangerous. This has to stop or we will get to the point where they just hijack the browser and display machine generated individually targeted content.

    Share
  3. Ivan Boatwright Monday, June 10, 2013

    I agree

    Share
  4. Quote: “until those companies clearly demonstrate that it is impossible for the NSA and its ilk to read the data”

    Hoe -exactly- do you demonstrate the negative?
    e.g. PROVE to us all that no global “ilk” are monitoring any of YOUR non- US-based services…

    China?? Israel?? Russia?? Iran?? UK?? Tuvalu???

    Share
    1. David Meyer Monday, June 10, 2013

      That’s a fair point, and it may leave those companies in a tricky situation. Perception is a powerful thing. Without wishing to provoke, look at Huawei — vilified for its perceived connections to the Chinese state despite the fact that no-one can prove it’s done anything wrong.

      Share
  5. Just came here to thank you for the article I read on Flipboard (which I possibly won’t use anymore since I am going to stop using smart phones).

    I have been thinking on my strategies from now on. Separating my main PC from the one I use for the internet? Hosting my email server by myself? Covering phone and PC cameras and mics? Not using Android or any other smart phone (aka spying device)?

    I still need to think but like you said, it will never be the same.

    Share
    1. Honestly if you think this problem is limited to one tool or other your sorely mistaken. It has been well known that android has backdoors on their devices but so does apple and Do you think Windoze is different, or maybe Linux is invulnerable? Ubuntu sends anything you type into the dash to Amazon in clear text. Anonymous’ recent op dealing with sex offenders showed how browser ad-ons can be used against you, do you think the US government can’t see anything they wish to see about anybody they decide they are interested in for any reason? I think what it comes to is that yes the Open Source community is going to be better at dealing with these issues, but ultimately we as users of these technologies have to become more responsible too. Run wireshark and see what your OS is leaking about you. For example if using Ubuntu look at packages like zeitgeist. I firmly believe that android needs to remain Open Source so we can peek inside it and audit it thoroughly, this is the advantage we have as android users over the users of Mac IOS. Everyday we are learning more and more and we can begin to approach security, the first step is education. I also think we need to stop being so obsessed with features as any hacker knows that ever new feature is potentially a new attack vector. We live in interesting and exciting times and every new weapon can and is being turned against it’s owners. Look no further than stuxnet for evidence of that.

      Share
    2. David Meyer Monday, June 10, 2013

      I’m also still trying to figure out what changes are necessary and how to make them. So far I’m fairly certain that hosting my own email server will be necessary. There’s a lot to consider…

      Share
      1. Hosting your own email?…and you are explaining that this is a secure manner?…I am missing a point here. If your send me and email with and attachment that is copied on your very own PC, have you wondered that the copy you have sent me can be monitored? Email is about send and receive otherwise it is not an email. As soon as you send, then you accept that it can leak period!

        Share
  6. We have many to consider now. Why the Americans don’t want to share the control of the Internet and allow a foreign institution to does it? Is a good point to think why. For my side, I’m starting to cancel the use of some services and change for others. The only services I was using from Google, the Calendar and the Android Phone, the Calendar sync I substituted for the MyPhoneExplorer application available for Windows and Android and that sync my Thunderbird calendar to the one in the phone. The AndroidOS and the Google Play I hope substitute them for the FirefoxOS, TizenOS, JollaOS or UbuntuOS soon those become mainstream. I’m canceling my account on Skype – that I was using since the creation of the company – to use the Ekiga opensource software. The Facebook will be substitute for the Diaspora soon I get it running on my home server – now I want my data only in my server/personal cloud and Diaspora plus OpenStack will provide this for me. In fact, good point migrate to opensource software developed by a community since no government can push any kind of pressure to allow the systems/services to obligate share user data.

    Share
  7. Back to BlackBerry

    Share
  8. It is a different matter to have an ad company data mining you and having a young ambitious prosecutor data mining you. Especially when all your data is stored for future reference… In a country (USA) where even the DOJ cannot count the number of laws and regulations that exist, a country that has over-criminalized almost every aspect of life – ending up in having the most incarcerated and prosecuted populace in the world – such a massive surveillance apparatus is a grave threat to liberty.

    The parasitic sector of the american society (all these bureaucrats) is devouring the most productive sector of americans. The nine major companies should unite and sue these bust@rds out of existence. The americans finance through their taxes these parasites to create an orwellian society for everybody…

    Share
  9. Michael Sick Monday, June 10, 2013

    “Ilk” seems a bit unfair as if to say the Intelligence Community was operating outside of the mandate that we gave them post-911 (vs say what the IRS is accused of doing). I’ve worked with IC / DoD people and they are in large dedicated and patriotic. I think the problem is far less about the people who implemented this and more about what we’ve asked of them.

    The Patriot act is broad and mandates a large and aggressive IC. Hearing Jim Sensenbrenner act “shocked” about what’s been done with the legislation feels like the last 10 min of Casablanca to me. While it is more fashionable now to push back against freedom lost to anti-terror surveillance (though not as much as it was in the days of say emacs’ spook function or the perl RSA encryption tatooo’s) it was not what the nation asked for post-911. We wanted safety almost at any cost.

    IMO, we asked for it and we got it. Bipartisan. I hope that the upside is improved laws, stronger civil rights, and a strong lack of tolerance for the supporters of both our major parties to allow our representatives to act like civil libertarians ONLY when they are out of power and have little to no impact. We’ll know we’re there when folks like Rand Paul or Paul Wellstone (gbnf) lead significant caucuses in their respective caucuses vs. standing out as generational anomalies.

    Share
  10. Jonathan Richards Monday, June 10, 2013

    Dudes…
    Some great comments. But at the end of the day, (posting from Canada) The US controls the Root DNS’s.
    Cisco has over 90% market share of BGP-IV Routers,
    Drink the kool-aid? Take the blue pill.

    Share

Comments have been disabled for this post