Why NSA Surveillance Will Be More Damaging Than You Think

By James Fallows

This column over the weekend, by the British academic John Naughton in the Guardian, takes us one more step in assessing the damage to American interests in the broadest sense-- commercial, strategic, ideological - from the panopticon approach to "security" brought to us by NSA-style monitoring programs.

Naughton's essay doesn't technically tell us anything new. For instance, see earlier reports like this, this, and this. But it does sharpen the focus in a useful way. Whoever wrote the headline and especially the subhead did a great job of capturing the gist:

In short: because of what the U.S. government assumed it could do with information it had the technological ability to intercept, American companies and American interests are sure to suffer in their efforts to shape and benefit from the Internet's continued growth.

  • American companies, because no foreigners will believe these firms can guarantee security from U.S. government surveillance;
  • American interests, because the United States has gravely compromised its plausibility as world-wide administrator of the Internet's standards and advocate for its open, above-politics goals. 

Why were U.S. authorities in a position to get at so much of the world's digital data in the first place? Because so many of the world's customers have trusted* U.S.-based firms like Google, Yahoo, Apple, Amazon, Facebook, etc with their data; and because so many of the world's nations have tolerated an info-infrastructure in which an outsized share of data flows at some point through U.S. systems. Those are the conditions of trust and toleration that likely will change.

The problem for the companies, it's worth emphasizing, is not that they were so unduly eager to cooperate with U.S. government surveillance. Many seem to have done what they could to resist. The problem is what the U.S. government -- first under Bush and Cheney, now under Obama and Biden -- asked them to do. As long as they operate in U.S. territory and under U.S. laws, companies like Google or Facebook had no choice but to comply. But people around the world who have a choice about where to store their data, may understandably choose to avoid leaving it with companies subject to the way America now defines its security interests.

Here's Naughton's version of the implications:

The first is that the days of the internet as a truly global network are numbered. It was always a possibility that the system would eventually be Balkanised, ie divided into a number of geographical or jurisdiction-determined subnets as societies such as China, Russia, Iran and other Islamic states decided that they needed to control how their citizens communicated. Now, Balkanisation is a certainty.... 

Second, the issue of internet governance is about to become very contentious. Given what we now know about how the US and its satraps have been abusing their privileged position in the global infrastructure, the idea that the western powers can be allowed to continue to control it has become untenable.... Nothing, but nothing, that is stored in their [ie, US-based companies] "cloud" services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. 

The real threat from terrorism has never been the damage it does directly, even through attacks as horrific as those on 9/11. The more serious threat comes from the over-reaction, the collective insanity or the simple loss of perspective, that an attack evokes. Our government's ambition to do everything possible to keep us "safe" has put us at jeopardy in other ways.

One more note: it is also worth emphasizing that this damage was not done by Edward Snowden, except in an incidental and instrumental sense. The damage comes from the policies themselves, just as the lasting damage from Abu Ghraib came not from the leaked photos but from the abuse they portrayed. 

What governments do eventually becomes known. Eventual disclosure is likely when a program involves even a handful of people. (Latest case in point: Seal Team Six.) It is certain when an effort stretches over many years, entails contracts worth billions of dollars, and requires the efforts of tens of thousands of people -- any one of whom, as we've seen from Snowden, may at any point decide to tell what he knows.

In launching such an effort, a government must assume as a given that what it is doing will become known, and then calculate whether it will still seem "worthwhile" when it does. Based on what we've seen so far, Prism would have failed that test.

____

* Of course the "trust" comes with the caveat that the companies have been piling up this data for their own commercial, ad-targeting, data-mining purposes. But that's a known risk, more or less. The demands placed on the companies by the U.S. government are, for the public at large, the main news of the Snowden revelations.

This article available online at:

http://www.theatlantic.com/technology/archive/2013/07/why-nsa-surveillance-will-be-more-damaging-than-you-think/278181/