National Security Agency: The net rips apart

Joel Reidenberg in The Financial Times, June 14, 2013

Media Source

By Richard Waters, James Fontanella-Khan and Geoff Dyer
 
Asked about his biggest worry for the future of the internet, Google chairman Eric Schmidt had a ready answer: that it might suffer a process of “Balkanisation”, a fragmentation brought about by national governments seeking to exert greater influence.
 
Such a process would turn one of the most open communications platforms into a series of tightly controlled national networks, ending the free flow of information that has been its hallmark.
 
He could not have known how quickly his sombre warning would be put to the test. Revelations about US surveillance of the global internet – and the part played by some of the biggest American internet companies in facilitating it – have stirred angst around the world.
 
Far from being seen as the guardian of a free and open online medium, the US has been painted as an oppressor, cynically using its privileged position to spy on foreign nationals. The result, warn analysts, could well be an acceleration of a process that has been under way for some time as other countries ringfence their networks to protect their citizens’ data and limit the flow of information.
 
“It is difficult to imagine the internet not becoming more compartmentalised and Balkanised,” says Rebecca MacKinnon, an expert on online censorship. “Ten years from now, we will look back on the free and open internet” with nostalgia, she adds.
 
At the most obvious level, the secret data-collection efforts being conducted by the US National Security Agency threaten to give would-be censors of the internet in authoritarian countries rhetorical cover as they put their own stamp on their local networks.
 
But the distrust of the US that the disclosures are generating in the democratic world, including in Europe, are also likely to have an impact. From the operation of a nation’s telecoms infrastructure to the regulation of the emerging cloud computing industry, changes in the architecture of networks as countries seek more control look set to cause a sea change in the broader internet.
 
“Rather than a system that is open, free and flat, what you will get is one that is more fragmented,” says Steve Clemons, senior fellow at the New America Foundation, a Washington think-tank. “The scale is tilting much more towards [individual countries] and away from the vision of a connected internet.”
 
Until now, the internet has been a distinctly US-centric medium, despite rapid growth among users elsewhere.
 
US influence over the internet’s governance and technical standards and the disproportionate share of internet traffic that flows through networks on American soil – combined with the global sway of its home-grown internet companies – have all left it with outsized influence.
That has had distinct advantages for its national security and geopolitical influence. In 2006, then-CIA director Michael Hayden was able to boast about the boon for the US intelligence services from having so much of the world’s online traffic on their doorstep. “We’re playing with tremendous home-field advantage and we have to exploit that edge,” he told the Senate judiciary committee.
 
That advantage is no longer a given. If other countries use revelations about NSA surveillance to build barriers around their national networks, then the dominance of US internet companies over important parts of the digital economy could be weakened.
 
In Europe, where alarm over US actions has been intense, this has left a distinct sense of schadenfreude in the air. Neelie Kroes, the EU’s commissioner for digital affairs, says the furore represents a golden opportunity for European companies to make inroads in the cloud computing market, which is dominated by companies such as Google and Amazon.
 
“There’s a market opportunity here,” she says. “Offering high privacy options and investing in the greater trust and security in your product is a smart business move. We want Europe to be seen as the safest corner of the internet and for entrepreneurs to be able to build businesses off the back of that.”
 
Previous attempts to build European internet champions have failed to make an impression against the industry’s US leaders. But as more personal and corporate information flows into the centralised data repositories that act as the hubs of cloud computing, the balance of advantage may be shifting.
 
“Comprehensive and well-enforced privacy legislation would give Europe a global advantage in the booming cloud computing market,” says Joe McNamee, head of European Digital Rights, an advocacy group.
 
If the NSA surveillance prompts a backlash from European regulators, the impact could be even swifter.
 
European laws already give the region’s national data protection regulators the power to block the transfer of customer information to countries deemed to have inadequate privacy protections. By confirming worries about the extent of US intelligence operations, the disclosures could prompt the regulators to act, says Joel Reidenberg, a law professor at Fordham University . They could bar US internet companies from transferring data about their European users to servers in the US.
 
“This kind of dragnet surveillance of non-Americans is just what the [European] privacy regulators feared as a theoretical matter. Now it’s no longer theoretical,” he says.
 
With a new European privacy directive under negotiation and cross-border data flows central to the latest transatlantic trade talks, the ramifications could stretch further. “This couldn’t have come at a worse time for the US,” says Prof Reidenberg.
 
That has not been lost on US internet companies that risk having their wings clipped. “Recent news events are likely to complicate things for us,” says the European privacy officer of a large US tech group. “MEPs [EU lawmakers] are going to seize the opportunity to ask for even tougher rules just to gain some popularity ahead of next year’s elections.”
 
A clear sign that the situation has changed came when a leading member of the centre-right European People’s party, which has been supportive of the US position on data protection, attacked the US this week for having low privacy rights standards.
 
“My data belongs to me, that is the cornerstone of European thinking on data protection,” says Manfred Weber, vice-chairman of the EPP. “It is completely unacceptable that the US [has] different rules [for] US citizens and citizens of other countries.”
 
EU lawmakers also made it clear that the EU-US trade negotiations should be used as an opportunity to gain assurance that US intelligence will respect Europe’s privacy rules.
 
“This issue is very critical for us in Europe,” says Hannes Swoboda, leader of the socialist members of the European parliament. “There will be growing resistance against an agreement with the US unless there are some clear guarantees from their side that our European principles of data protection are respected.”
 
One possible result is that more countries will try to ringfence their national networks, forcing internet companies to comply with local rules for protecting the personal data of citizens. “You are likely to get a federation of different data centres, each fiefdom with its own different rules,” says Mr Clemons. Such an approach would undermine the economies of scale of operating globally under a single technological architecture that cloud computing companies seek.
 
“US firms are aghast at the idea,” says Adam Segal, from the Council on Foreign Relations in New York. “But many other countries are considering the idea, even if it would likely prove unworkable for most of them.”
 
The potential network fragmentation this implies would become more insidious if it were used to further repressive political ends.
It has become common practice for authoritarian regimes to use fears about online security as an excuse to limit internet freedoms, says Ronald Deibert, an internet security expert at the University of Toronto. By handing them a ready reason to act, disclosure of the NSA surveillance “will magnify these trends”, he says.
 
It is clear that countries with a different philosophical approach to the internet than the US will seek to use the revelations to reinforce their own positions. A China Daily article this week quoted Li Haidong, a researcher at China Foreign Affairs University, as saying: “Washington has been accusing China of cyber espionage, but it turns out that the biggest threat to the pursuit of individual freedom and privacy in the US is the unbridled power of the government.”
 
Speaking before the NSA surveillance was revealed, Mr Schmidt offered an example of the distortions that would result if countries sought to subvert the internet: the Iranian government’s plan for an “Islamic Google Earth”, a world map he said that would likely not include Israel.
Jared Cohen, a Google executive and co-author with Mr Schmidt of a book on the future of the internet, raised the spectre of “digital ethnic cleansing” in which ethnic groups are airbrushed out of the online life experienced by a country’s wider population.
There has long been a risk of online aberrations such as this, as nations move to exert greater control over the internet within their borders. But the revelations about US online surveillance may well accelerate the very fragmentation that executives such as Mr Schmidt fear most.