In the post-Snowden world, the location and security of data is not just a political issue, it’s a personal issue. Customer concerns over data privacy are having a drastic and unprecedented impact on how internet service providers, telecommunications companies and web hosting providers do business – and who they do business with.
Two recent examples in Germany are particularly telling. First, the German government ended its contract with Verizon in late June, saying the U.S.-based telco was a liability due to its relationship with intelligence agencies like the NSA. Then, in early July, Deutsche Telekom unveiled a new highly secure German data center, which it touted as “Fort Knox” for data protection. Germany is well known for its strict data privacy standards, and clearly, new privacy concerns are reshaping how service providers do business within German borders.
This phenomenon is by no means limited to countries like Germany, though. A survey commissioned by Peer 1 Hosting found that 25 percent of U.K. and Canadian companies would move their data outside the U.S. this year due to NSA-related privacy and security concerns. That’s bad news for the U.S. tech industry, but it’s also a clear signal that businesses (and consumers) are far more sophisticated on issues of data protection than they used to be. In fact, if the NSA’s notorious surveillance activities have had any positive outcome, it’s that they’ve prompted even technically illiterate people to think about the privacy of their data on the internet, practically overnight.
A more concerned internet customer
As legal counsel in the web hosting industry, I can personally attest to how the average customer has evolved from knowing little to nothing about government data collection, to now having real material knowledge of these issues. The stock answers that many technology companies used to give customers who expressed concern over data privacy (“we make every effort to ensure your data is safe and protected”) are no longer sufficient – customers are asking detailed privacy questions, often involving the legal department.
One question that service providers rarely heard before, but that is now quite frequent among non-U.S. customers, is whether their data will travel through the U.S. at all, even if it’s not stored there. Even if data is just routed through the U.S., this can be a big concern for some companies. Eighty-one percent of those surveyed by Peer 1 want to know exactly where their data is hosted. That has a serious impact when a service provider is planning to build a new data center, as Deutsche Telekom just proved. For the U.S., that’s not just lost tax revenue, it’s lost jobs.
Fortunately, businesses’ pleas for privacy and reform are not falling on deaf ears. Through my work with the Internet Infrastructure Coalition (i2), I’ve made several trips to Washington D.C. to speak to members of the U.S. Congress about the importance of data privacy. Contrary to what some might assume, Congress is becoming much more receptive to concerns over government data collection. It’s an uphill battle and an ongoing education process, because public servants aren’t always subject matter experts on technology, so much of the underlying issues around data privacy may be new to them. The more they learn, the more they open up to the conversation – particularly when the business impact comes into play.
A way forward for service providers
While data laws are being hashed out in Washington, the internet industry is at a crossroads. For the first time in history, the status of being a “leader in internet innovation” is being threatened by public perception. There is a clear way forward, though.
Service providers today must embrace a more enhanced role than they had before. ISPs, telcos and hosting providers all have a responsibility to advocate for their customers. Customers aren’t aware of what’s going on behind the scenes, and they need an intermediary to act in their best interests whenever possible. That means service providers need to push back whenever possible. The truth is, government agencies often rely on voluntary compliance on the part of providers. It’s more important than ever that technology companies demand a warrant before freely handing over personal data. Fortunately, the Snowden disclosures have turned it into good business for service providers to take a more customer-friendly attitude when it comes to privacy. Let’s hope that continues.
The true potential of the internet
Saying privacy is a personal issue isn’t just a play on words. The internet is a tool and its greatest value is to arm people around the world with information. Service providers are therefore change agents, in a way, enabling access to information that has the potential to create wealth in developing countries, educate people without access to schools, and even help overthrow totalitarian governments.
Service providers cannot and should not become political organizations; instead, they should be the enablers for unleashing the true potential of the internet. Right now, that means advocating for customers by protecting their data and keeping them fully informed of where their data is and how it’s being used. It’s the pragmatic business strategy – but it’s also the right thing to do.
Ben Young is VP and general counsel at Peer 1 Hosting.