To judge NSA reforms, look to the tech industry
In 1976, Senator Edward Kennedy first introduced the Foreign Intelligence Surveillance Act to rein in government scrutiny of Americans. That law made America’s telecommunications companies the gatekeepers of the public’s information. But back then, “Ma Bell” was still around — AT&T wasn’t broken up until 1982 — and mobile phones were a distant dream. Now, nearly 40 years and a tech revolution later, President Obama faced similar questions on how to protect the American people’s privacy.
A majority of Americans think that NSA collection has gone to far, and an even greater percentage think that the data are being used for more that just terrorism. Many don’t trust the government with their personal data. And the public should be worried — the potential for serious abuse of civil liberties is ever-present in today’s surveillance programs. The history of abuses goes back to the Nixon era, and it continued through the Bush administration’s warrantless wiretapping after 9/11. All of that is well-documented.
Now, people at home and abroad want reassurances that there’s real transparency and powerful checks in the system to prevent potential abuses. But they also want to be protected from terrorism.
The president’s proposed reforms are a serious step forward in restoring trust badly bruised by the revelations of Edward Snowden, both at home and abroad. In the United States, the reforms will transition control of bulk metadata out of the government’s hands and require a check with an independent judge before analysts can look at the data. Abroad, the United States will apply similar protections to those it does with US citizens in reviewing the data. He’s proposed steps to improve transparency of the government’s requests to industry.
But as the president acknowledged, more work needs to be done. In addition to leaving open the timeline for implementation of the reforms, he did not address fears that the NSA has been undermining encryption standards and exploiting programming flaws to access data rather than working to protect the security of the internet.
These reforms are an important first step, but are they enough to curb the real and measurable effects of the loss of trust? Beyond the debate between civil libertarians and security experts over the adequacy of the reforms, missing the mark on restoring trust could still had a real and measurable effect on the tech industry.
The tech companies have been upset because they believe the government’s surveillance activities violate the privacy expectations of their customers. They worry that if reforms do not deliver sufficient protections and transparency for their customers, especially those abroad who have the least constitutional protections, they will vote with their feet. If the administration looks like they are delaying implementation of these reforms, customers, especially those abroad, may vote with their feet taking their business to countries with a more favorable privacy environment. Tech companies, like Akamai in Cambridge, predicted negative business impacts in Europe.
The potential economic impacts are enormous. Projections have suggested lost revenue for US cloud computing companies from the “Snowden Incident” range from $35 billion to $180 billion over the next three years alone. If that comes to pass and customers bolt, there’s good reason to think the government has miscalibrated its reform.
The effects of Snowden’s revelations are already beginning to have a real effect on American competitiveness overseas. Last month, Brazil passed over Boeing to sign a contract with Sweden’s Saab. This was done out of pique that the US had been monitoring Brazilian President Dilma Rousseff’s phones. The Cloud Security Alliance, a tech-industry association, found that more than half of their overseas members were less likely to use US cloud providers in the future, and 10 percent reported they had already cancelled a US cloud services project as a result of the surveillance revelations. Canadian and British companies are preparing restrictions against storing their data in the United States.
So the economic and privacy stakes are high for Americans and US companies. Of course too much course-correction could threaten our own security. Obama took an important first step today. Companies from Route 128 to Silicon Valley will be watching to see what he does next.
This oped was originally published via Boston.com