Privacy, Security And The Economy: Why The US Government Cares More About Spying On Your Email Than Getting You A Job

How’s this for an alternate reality? Imagine if the U.S. government had created institutional barriers that hindered the development of the American tech sector in the 1980s and '90s. No Microsoft or Apple, no Google nor Facebook. What would the world look like today?

The short answer is simple: The stunted growth of Silicon Valley would have allowed tech companies in other countries to fill the void, to meet the needs of the world that were being fueled by vast technological change.

Fortunately, that hypothetical scenario didn’t happen, but according to Daniel Castro, senior analyst with the Information Technology and Innovation Foundation (ITIF), a modern-day version of it is taking place as we speak. Castro has been studying the effects that the government-surveillance scandal could have on the U.S. tech industry. He said that if privacy-conscious computer users decide that the risks of storing data with a U.S. company simply outweigh the benefits, the results could be devastating.

“U.S. companies, which have really been leaders in this field, will lose their dominance,” he said in a phone interview. “And it won’t be because of technical inferiority, but because of legal restrictions, or perceptions about the implications of legal regimes.”

Earlier this month, Castro released a report showing that the U.S. cloud-computing industry stands to lose $22 billion to $35 billion during the next few years -- all as a result of the National Security Agency’s surveillance and the negative press associated with it. Cloud computing is no niche segment, by the way. According to the technology research firm Gartner Inc. (NYSE:IT), the industry is expected to grow 18.5 percent to $131 billion this year. By 2016, consumers will spend $677 billion on cloud services worldwide. Clearly, a sizable chunk of the tech industry is heading into the clouds, which includes everything from third-party email such as Yahoo Mail and Gmail to free software applications like Google Docs.

It’s the next frontier in technology, and it’s one that American companies currently dominate. But that could change on a dime, Castro warns. Bad press about U.S. tech giants complying with the NSA’s Prism program could scare consumers into going elsewhere to spend that $677 billion. To visualize the domino effect that could have, Castro advises to imagine if privacy concerns had tainted Microsoft Corp. (NASDAQ:MSFT) just as Windows was taking off as the dominant operating system.

“Instead of having Microsoft as one of these leaders, there’d be a French company there, or German or Japanese company,” he said. “It would just be a loss to the economy and a loss to all the types of product development and innovation we’ve seen overall.”

And in some ways, the extent to which the government is or isn’t violating our privacy is beside the point. Castro said the very idea of frumpy NSA agents hunched over computer terminals and reading our private emails could be enough to set the wheels of an exodus in motion. He likened it to the infamous 2005 incident in which a woman fraudulently claimed to have found a severed finger in a bowl of chili at a Wendy’s restaurant. Wendy’s Company (NASDAQ:WEN) later said that it lost $2.5 million in sales due to all the bad publicity.

“It didn’t matter that it didn’t happen,” Castro said. “It was the visual. It was the image.”

Snooped Out Of Business

In fact, there is evidence that Castro’s doomsday scenario is already starting to unfold. On Aug. 8, the private email service Lavabit abruptly shut down. The service, which allowed subscribers to send encrypted email messages, was believed to have been used by the NSA leaker Edward Snowden. Its shutdown was, presumably, the result of a legal skirmish in which the U.S. government attempted to force the company to hand over private data about its users.

In an interview with Democracy Now, Lavabit’s founder, Ladar Levison, said he is under a gag order, and cannot share further details. On the Lavabit website, however, he was quite blunt about his feelings:

“This experience has taught me one very important lesson: Without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

In other words, if you care about your privacy, forget U.S. tech companies. Go somewhere else. It’s a strong statement but one that didn’t surprise Katherine Albrecht, a longtime privacy advocate and co-founder of StartMail, a private email service that is currently in beta testing.

“I think this is a terrible thing,” she told International Business Times. “We have entrepreneurs creating viable and thriving businesses who are being forced to shut down because of this climate we’re operating in.”

Ironically, Albrecht takes that position as someone who stands to gain a competitive edge from the demise of U.S.-based cloud services. StartMail is owned by Surfboard Holding BV, a privately held company based in the Netherlands, and Albrecht has long touted its overseas location as a selling point for privacy-conscious consumers. Long before Edward Snowden became a household name, she and her StartMail colleagues set out to develop an encrypted email service that would be truly safe.

But they understood that it needed to be safe not just from the prying eyes of data-collecting behemoths like Google Inc. (NASADAQ:GOOG) and Yahoo Inc. (NASDAQ:YHOO), but from the U.S. government, which, under the Patriot Act, can force American companies to hand over data. That said, it should come as no surprise that Levison’s decision to shutter Lavabit rather than compromise its users’ privacy has garnered praise from its marketplace competitors.

“I was truly grateful to him for taking that position,” Albrecht said, likening Levison to Snowden. “Here is the second person now who has fallen on his sword, sacrificing himself for the rest of us.”

And Levison and Snowden are not alone with their swords. Following Lavabit’s abrupt closure, Silent Circle, a rival company that offered encrypted communications, made the drastic decision to preemptively shut down its own private email service. Speaking to the MIT Technology Review, Mike Janke, the company’s chief executive, admitted that email can never be truly private. Why? Because metadata -- information about when messages are sent and where they’re sent to -- can’t be encrypted. The basic mechanisms of the Internet prohibit it. Albrecht compares it to sending a piece of snail mail thought the U.S. Postal Service, which operates under the basic premise that all mail must be properly labeled.

“I can have a sealed envelope and encase it in lead and lock it up really tight, but somehow I have to tell the postman where it’s going,” she said. “Encrypted email works the same way. Encryption only seals the contents.”

Backdoor Men

The U.S. government has never been a fan of private encryption services. On its website, the research group Electronic Privacy Information Center (EPIC) has cataloged more than two decades’ worth of efforts by the government to restrict and even ban encryption. One report, dated May 1995, outlines an attempt by then-FBI Director Louis Freeh, who wanted to require companies to provide a “trap door” that would allow the government to access private encrypted information if it needed to. The proposal was a response to the bombing of the federal building in Oklahoma City.

More recently, the FBI has been pushing for updates to the Communications Assistance for Law Enforcement Act of 1994, or CALEA. The current law requires telephone companies to make their lines accessible to interception by the U.S. government. But if the FBI gets its way, that requirement will extend to electronic communications, and tech companies would then need to provide a backdoor that the government could access.

“It would essentially prevent services like what Lavabit was trying to provide from existing in the United States,” said Amie Stepanovich, an attorney with EPIC who specializes in privacy and domestic surveillance.

So what exactly is the government’s beef with encryption? For one thing, private email services -- like Albrecht’s StartMail -- put users in control of their own passwords. That means companies that offer such services couldn’t access their users’ data even if they wanted to, which also means that if the FBI, NSA or any government agency came knocking, there would be nothing for them to find.

“We’re not law enforcement,” said Albrecht. “If they came and asked us for a user’s password, we’d say, you have to take it up with them. We don’t have it.”

That is a far cry from services provided by companies such as Gmail. In a Google court filing posted just this month by Consumer Watchdog, attorneys for the tech giant said Gmail users have no “legitimate expectation of privacy” when they use the service, which automatically scans messages for the purpose of placing relevant ads. Google likened the practice to a secretary screening a boss’s snail mail before delivering it, an analogy that Albrecht doesn’t buy.

“I’ll tell you this,” she said. “If the secretary were opening it and photocopying it and sticking it in her briefcase and taking it home, I’d have a real problem with that secretary.”

If Not Here, Where?

That the FBI is looking to squelch private email services doesn’t bode well for the already-tarnished reputation of U.S. tech companies, which took much heat for reportedly complying with the Prism program despite their denials to the contrary. European firms are seeing the scandal as an opportunity to gain a competitive advantage, with hopes that such initiatives as “Cloud Services Made In Germany” and the “Sovereign Cloud” project in France could lure customers away from snooping U.S. spies. But Stepanovich said such ambitions may not be so easy to realize.

“You also have to ask yourself if you trust [European] governments as well,” she said. “The U.K., for example, has been coming out against any revelations about their own surveillance activities.”

Castro agrees, saying it will be an uphill climb for any one country to establish itself as being fundamentally different from the U.S. in terms of national security and domestic surveillance.

“The question becomes: Will one country emerge as the digital Switzerland or the digital Cayman Islands?” he said. “Will they set up a regulatory regime that is specifically intended to give their country a domestic advantage for cloud computing?”

But just the possibility that the U.S. could lose its cloud-computing dominance should concern lawmakers far more than it seems to be, Castro said. One reason he released the ITIF report on the potential economic effects of Prism was to spark a conversation that he believed not enough people are having. (He said President Obama fell short during a recent speech in which he vowed surveillance reform.) Sure, we’ve heard plenty about privacy, our civil rights and debates over the Fourth Amendment. But to echo James Carville’s famous dictum, “It’s the economy, stupid.” The problem is, few people realize the extent to which snooping and the economy are linked, which is a blind spot evident in the much-publicized NSA slides that Snowden leaked to the Washington Post. According to one of those slides, operating costs for the Prism program are just $20 million a year.

“Ridiculous,” Castro said. “It just reflects a complete failure on the policy side of this, a cost-benefit analysis that ignores this whole column of economic consequences.”