aNewDomain.net — On Feb. 26, 2014, the Electronic Frontier Foundation published an open letter. It called on Big Tech companies to regain the trust they lost, that trust lost by collaborating with the National Security Agency.
One interesting sidenote: One of the signatories, Mozilla CEO Brendan Eich, has since been ousted as the result of an OKCupid-orchestrated campaign protesting Eich’s 2012 $1,000 donation to California Proposition 8, which would have banned gay marriage.
And here’s how the EFF identifies the problem:
From the Snowden revelations emerge stories of collusion between government spy agencies and the companies whose services are integral to our everyday lives. There have been disturbing allegations published by Reuters indicating that RSA, an influential information security firm, accepted a $10 million contract from NSA that included, among other items, an agreement to use what we now know to be an intentionally compromised random number generator as the default for its BSAFE cryptographic library.”
A future where we cannot trust the very technologies meant to secure our communications is fundamentally unsustainable. It’s time for technology companies to start helping users regain trust, with transparency and active opposition to illegal surveillance.
Nice summary.
But the solutions proposed by the EFF are too weak to cure the disease. Among other things, they ask disgraced tech corporations for more open source code, prompt repairs of bugs after they’re identified, and better UX engineering.
On the PR/political front, they want Google et al to “publicly oppose mass surveillance” and fight government attempts to undermine users’ security in court. Though laudable, these reforms wouldn’t address the concern of Internet users that the NSA is tracking their every move. These reforms also don’t address the fact that tech companies are too cozy with government spooks.
As ubiquitous (Yahoo Tech, CBS News, Scientific America, formerly New York Times) tech writer David Pogue points out in a piece titled “Why We Don’t Trust Technology Companies”:
Our tech companies have a trust problem.”
Over the years they’ve brought it on themselves. Google tested privacy tolerance when it introduced Gmail — with ads relating to the content of your messages. (It doesn’t seem to matter that software algorithms, not people, scan your mail.)
Then a team of researchers discovered that when you synced your iPhone, your computer downloaded a log of your geographical movements, in a form accessible with simple commands. (Apple quickly revised its software.) When Barnes & Noble understated the weight of its Nook e-reader in 2010 or overstated the resolution of the Nook in 2011, suddenly even product specs could no longer be trusted.
Next came news about the National Security Agency and its collection of email correspondence, chat transcripts and other data from Microsoft, Google, Facebook, Apple and others. Those companies admit to complying with the occasional warrant for individuals’ data, but they strenuously deny providing the NSA with bigger sets of data. Do you think that makes the news any easier to take?
Of course not. We’re human. We look for patterns. Each new headline further shakes our trust in the whole system.
An April 9th a Harris poll finds that 67% of Americans believe that “technology companies have violated the trust of users by working with the government to secretly monitor communications of private citizens.” 26% of Americans say they’re less likely to bank or shop online because of what Snowden has told us about the NSA. 24% say they send fewer emails.
Internationally, U.S.-based tech firms are losing out as billions of euros vote with their feet. From The New York Times on March 21:
Despite the tech companies’ assertions that they provide information on their customers only when required under law — and not knowingly through a back door — the perception that they enabled the spying program has lingered.”
“It’s clear to every single tech company that this is affecting their bottom line,” said Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, who predicted that the United States cloud computing industry could lose $35 billion by 2016.
Forrester Research, a technology research firm, said the losses could be as high as $180 billion, or 25 percent of industry revenue, based on the size of the cloud computing, web hosting and outsourcing markets and the worst case for damages.
Re-read that first paragraph of the Times piece that begins: Despite the tech companies’ assertions that they provide information on their customers only when required under law …
IBM’s public statement about the NSA exposes the problem. IBM claims they’re resisting NSA domestic spying on their users’ data. But it’s far from airtight.
“If a government wants access to data held by IBM on behalf of an enterprise client, we would expect that government to deal directly with that client,” explains the company.
If the U.S. government were to serve a national security order on IBM and impose a gag order prohibiting IBM from notifying its clients, “IBM will take appropriate steps to challenge the gag order through judicial action or other means.”
“Appropriate steps” are constrained by federal law. All IBM is saying is that they’ll do the best they can to keep the goons away. The best they can under the law. Which is far from 100 percent.
In other words, the law is the problem. Why? Because Americans don’t agree with it.
Section 215 of the USA Patriot Act, which created the telephony metadata program, never got buy-in from the American public. Passed by Congress in a mad panic after 9/11, it received “yes” votes from representatives who never read it.
There was no public discussion in the media. Lest you think this was a Bush-era anomaly, the Patriot Act was renewed without debate in 2011, under Obama. Most Americans still don’t know what’s in it.
Face it tech CEOs. We’re just not that into your poor excuse for legal cover.
Engineering workarounds, like IBM’s billion-dollar investment in data farms outside the U.S., aren’t going to earn back our trust. 74 percent of respondents to a WeLiveSecurity.com poll conducted in late 2013 said they would admire a company “that took a stand against unlimited government access to my personal information.”
Being admired. Now that would be a big improvement for Big Tech.
Political opposition is a good start — as long as it’s sustained and uncompromising. Apple, Yahoo and the other Big 8 companies who rolled around in the NSA’s bed for over a decade ought to demand, and settle for nothing less than, the wholesale repeal of the Patriot Act and a law prohibiting the NSA from spying on Americans — even when it’s supposedly related to a terror investigation. (That’s the FBI’s role.)
But if they really want us to believe in them again — and maybe get some of those euros back — they’re going to need to go further. Much further.
They’re going to need to take legal risks.
Security analyst Bruce Schneier recommends that Google and the other big tech firms embrace tools like Tor, hiding in the so-called “dark web” to protect their users’ data and communications from the NSA and other bad actors. This would arguably violate the Patriot Act.
I’d go further.
Eric Schmidt, Mark Zuckerberg and the other Big Tech CEOs should issue a public declaration promising Americans that they will never cooperate with the NSA, CIA, DIA or other intelligence agency under any circumstance.
Period.
They should refuse back-channel requests for information about their users. They should tear up “national security letters,” warrants or other court orders. They shouldn’t take calls or emails or meetings with intelligence agencies.
Big Tech ought to view the intelligence community as an existential threat to its business model.
I doubt that the day will ever come that the long arm of the law will ever grab 1 percent of 1 percenters like Zuck.
But if the Hoodied One were to find himself perp-walked up the stairs of the federal courthouse in San Francisco, what he’d get in return would be infinitely more valuable than another billion-dollar stock bonus.
Redemption.
For aNewDomain.net, I’m Ted Rall.
Based in New York, Ted Rall is a nationally-syndicated columnist, editorial cartoonist and war correspondent who specializes in Afghanistan and Central Asia. The author of 17 books, most-recently published The Book of Obama: How We Went From Hope and Change to the Age of Revolt, Rall is twice the winner of the Robert F. Kennedy Journalism Award and is a Pulitzer Prize finalist. Follow him @TedRall, check out his Facebook fan page and definitely follow his Google+ stream here. Ted’s upcoming book After We Kill You, We Will Welcome You As Honored Guests: Unembedded in Afghanistan is due out in 2014.