The data privacy scandal occupying the attention of everyone from the US president down to the most deranged Guardian-reading keyboard-worrier is at the same time both full of crap and a significant deal. We have long known that intelligence agencies have easy access to the servers of US-incorporated cloud providers, and a few relevant details are beginning to emerge.
Technical hyperbole aside – and there is a fair amount of that in the current public debate – in political terms it is hugely embarrassing for a number of western governments. The wider impact is yet uncertain. All we can say with any confidence is that the story is a massive scoop for the Guardian. It is much bigger than Wikileaks, and a damn sight more interesting to boot.
Whilst one may admire the courage of CIA technician turned whistleblower Edward Snowden, who on the face of it would seem to be a more ethical creature than his “least untruthful” former bosses, I cannot help but question the way in which he has handled his outing and self-imposed exile in Hong Kong. There is an extradition treaty between Hong Kong and the United States, and the political exclusions contained within it may not protect Snowden given the recent cosying up between the American and Chinese presidencies. This has to do with a new trade drive that has major economic and political benefits for both parties.
What do Snowden’s revelations mean for cloud service providers and users? When it comes to the latter the majority will no doubt continue as heretofore, with little or no care for privacy and data security. We are talking of people who willingly share their most intimate purchasing preferences with multinational supermarket chains in return for worthless loyalty card points. Leading lives of blameless bourgeois and aspirational working class domesticity, such people have nothing to hide, save, perhaps, for some anti-social habits captured by ubiquitous but largely unmonitored CCTV cameras. The more technically-savvy among the younger generation will adapt their behaviour in order to preserve and maximise privacy and autonomy.
Technology firms could suffer in the shorter term, with some normally early-adopting consumers choosing to forego the convenience of cloud data syncing between computers and mobile devices. Instead of being kept on remote servers outwith their control, email could from now on be archived on and accessible only from users’ main computers. Private and business address books and calendars may likewise be synced locally rather than through the cloud, and less use made of document servers, which could impede the work of community interest groups that have come to rely on facilitative technologies such as Google Docs.
All this could impact negatively on Google, and to a lesser extent Microsoft, but not the business models of firms that provide paid-for-based multimedia streaming services. Corporate reputations will suffer, at least initially, and in the longer term it could stifle innovation in consumer-focused information technologies. It is surely time for the commercial concerns to challenge the secrecy culture fostered by neurotic politicians and über-managerialist public officials. To do so may result in closer tax scrutiny from vengeful authorities, but in the long run the technology companies’ relationship with consumers is more important.
Should non-Americans care about the US National Security Agency and Prism? Indeed they should, if they use email for anything other that inconsequential chat. But they should also be mindful of their data protection responsibilities. Aside from issues of identity theft and financial cyber crime, private individuals and companies are legally liable if confidential information for which they are responsible is leaked into the public domain. Cloud service providers invariably indemnify themselves against loss or damage for which they (or the state) are the cause.
Can one get around data hoovering carried out by US spooks, though the use of EU-based cloud services? In practice no, as data belonging to non-Americans routinely pass through servers under the control of US corporations. That is how the global internet is engineered. Short of encrypting everything at a level that can only be cracked with the aid of supercomputers, the only protection you have is legal. Unless, that is, you decide live entirely or largely off-grid.
Better to campaign for stronger privacy laws, greater transparency and public accountability of executive agencies, and against the prevailing securocratic mentality. Surveillance society or no, the basic democratic channels remain intact.