Cross posted from Pruning Shears.
About two and a half years ago I posted on the danger of the US turning into a tech pariah over its data collection policies. At the time I thought the main sticking points would be foreign governments’ concerns about their own confidential data being sent abroad, and objections to privacy violations that American companies’ indiscriminate collection practices (e.g. Google Street View) would subject their citizens to.
I was wrong about that issue being a simmering pot getting ready to boil. It just sort of stayed on the back burner, which I still find somewhat surprising. There has been pretty compelling evidence since as least 2006 that US tech companies have been allowing the government to indiscriminately suck up Internet traffic. Though the Wired article characterizes it as being in the service of a domestic surveillance program, it seems clear that the program would not exclude foreign traffic.
Maybe it was an out of sight, out of mind situation; maybe foreign governments weren’t willing to confront the US as long as their own citizens were in the dark; who knows. For whatever reason, the merger of American IT companies’ data and the US government’s surveillance apparatus didn’t seem to trouble anyone too terribly much – until Edward Snowden came along.
The details from his leaks have stirred up serious worries outside the States. The main source of concern (and I feel like an idiot for not anticipating this) is the implication for the business community. Individuals having their data collected and shared without their consent are still pretty much on their own. But companies that are purchasing remote storage – also known as The Cloud and Big Data – in the US do not have to simply resign themselves to having the National Security Agency blind carbon copied on anything they put there.
There is already evidence that purchasing decisions are changing based on this; for just one eye-popping example (emph. in orig.):
In a survey conducted after the Snowden leaks, 10% of the foreign companies using cloud computing services said they’d already cancelled a project with a US cloud provider and 56% said they’d be less likely to use US-based providers.
Those providers are over a barrel now. They can’t just give earnest assurances that they really value their customers’ privacy and work super hard to keep it protected. Everyone knows the US government is pretty much destined to end up with any data that gets stored on American soil. The spying capability has been getting baked into domestic infrastructure for years now, probably to the point that there are more back doors than anyone can even keep track of.
There isn’t really any easy way out, either. An injury that long in the making will take a long time to rehabilitate. One action that might help would be increased Congressional oversight of the NSA, which could help explain why the recent bill reining in the NSA lost by such a surprisingly thin margin. (It would also be a cynically appropriate parallel with Europe: Violation of citizens’ rights are yawned at, but threats to corporate profitability get immediate action.)
The one thing these companies have going for them is a lack of ready competition. I’ll double down on my 2011 prediction that other countries will start to prioritize server farms located on their own soil. It may now start to be seen as a matter of each country’s national security to have its most important data confined within its borders. Until that infrastructure is built, though, American companies have some time to repair their reputations.
While storage providers have gotten the most attention on this issue, there may be an impact on device makers as well. A pecking order could develop based on how tightly integrated they are with US tech. At the bottom would be those like Apple based in America and running American operating systems. Next would be foreign device makers like Samsung, HTC and Nokia that run American operating systems like Windows 8 and Android. Then at the top, funny enough given their dismal market share, would be non-American companies running non-American operating systems. In other words, a company like BlackBerry that has a good (but not bulletproof) reputation for security might be well positioned to thrive in an environment that suddenly undergoes a seismic shift.
Predictions are dicey, obviously. But regardless of what happens going forward, American tech companies are suddenly in a real jam. There’s no easy way out of it either, because outside the US there is openness to alternatives that would have been hard to imagine not too long ago.