The Snowden effect: Privacy is good for business
Tech companies didn't look so good when Edward Snowden revealed they were helping governments spy on average people. But the revelations have worked in the industry's favor.
- 2022 Eddie Award for a single article in consumer technology
On June 6, 2013, Edward Snowden -- holed up in a Hong Kong hotel room with two Guardian reporters and a filmmaker -- told the world about a secret surveillance program that let the US National Security Agency grab people's emails, video chats, photos and documents through some of the world's biggest tech companies.
That program was called Prism, and the journalists revealed the extent of its reach just one day after reporting that the NSA was collecting phone records in bulk from Verizon. Top-secret slides intended for NSA senior analysts -- and leaked by Snowden -- listed Apple, Google, Microsoft, Yahoo, AOL, Facebook and a video chat company called PalTalk as willing partners in the surveillance program. The public uproar was immediate, even as all of the companies denied giving the NSA unfettered access to such data.
All of the companies, except Microsoft and PalTalk, declined to discuss this story on the record.
Prism was just one of Snowden's many revelations, but its disclosure kicked off a crisis of confidence and conscience throughout the technology industry. In the three years since Snowden's initial leak, Apple, Google, Microsoft, Facebook and Yahoo have become some of the biggest advocates of consumer privacy. They've beefed up encryption and other safeguards in their products and services. A few have challenged the US government in courts -- and in the court of public opinion -- in the debate over national security and personal privacy.
Edward Snowden poses for a photo during an interview in an undisclosed location in December 2013 in Moscow, Russia.
"These companies are now engaged in a genuine commitment to demonstrate that they're willing to protect privacy even against the US government," says Glenn Greenwald, who broke the Snowden story while a reporter for the Guardian. "That has really altered the relationship between the US government and these tech companies, and made it much, much harder to spy."
That debate reached a crescendo early this year when Apple resisted a court order forcing it to write software that would have circumvented encryption built into an iPhone 5C used by a terrorist in San Bernardino, California. Such software "would be the equivalent of a master key, capable of opening hundreds of millions of locks -- from restaurants and banks to stores and homes," CEO Tim Cook wrote in an open letter in February to customers. "No reasonable person would find that acceptable."
Good for business
Since 2013, Snowden has been called everything from a whistleblower and patriot to a criminal and traitor.
That characterization seems to be fluid. Take former US Attorney General Eric Holder. He oversaw the Department of Justice when it unsealed charges against Snowden on two counts of violating the Espionage Act of 1917 and theft of government property.
But earlier this week, Holder told political commentator David Axelrod he thought Snowden had performed a "public service by raising the debate that we engaged in and by the changes that we made." That said, Holder also believes Snowden should return from his self-imposed exile in Russia to stand trial for his actions.
"I think there has to be a consequence for what he has done," Holder says. "But I think in deciding what an appropriate sentence should be, I think a judge could take into account the usefulness of having had that national debate."
Holder's softening perspective shows just how much the debate colors our worldview.
Consider the tech giants' public stance on privacy, which coincidentally (or not) happens to be good for business, says Greenwald. He believes they're "petrified" of being seen as NSA collaborators and of losing customers to rivals based outside the US.
Yahoo provided the first glimpse of pushback against surveillance demands. As the public uproar began in 2013, company higher-ups immediately saw the value of telling the public another story: Yahoo had its customers' backs. They even had proof: The company had already fought and lost a constitutional challenge to the law that authorizes Prism's collection of user data.
In 2007, the online media portal and email service fought a court order under Section 702 of the Foreign Intelligence Surveillance Act Amendments Act that compelled it to disclose the content of email and other communications so long as 51 percent of the people targeted were foreign.
A week after Snowden spilled the beans on Prism, Yahoo filed a request to unseal documents from that challenge. Why the rush to go public? To make sure Yahoo's 225 million monthly email users didn't lose their trust in the company, says Chris Madsen, Yahoo's assistant general counsel.
Or put another way, to protect business. All of the other companies named as Prism participants faced the same issue.
"A failure to do that in this particular industry means a significant loss in market share," Madsen says candidly.
Battle lines
But losing customers wasn't these companies' only concern. The tech industry sincerely wants to push back, says Snowden's attorney, Ben Wizner of the American Civil Liberties Union. That's because Snowden disclosed the frightening power of the NSA's other technology efforts. These include the Muscular program, which exploited weak points in Yahoo's and Google's data centers to scoop up unencrypted data, and Bullrun, which used superfast computers to decipher encrypted emails and documents.
"There was material in the Snowden disclosures that was genuinely shocking," Wizner says. "That radicalized a lot of people in the technology community."
Encryption became the tech industry's best defense in its advocacy for consumer privacy.
Apple put itself at the vanguard of that battle, upgrading its Mac OS and iOS mobile software with stronger encryption. It also showed a very public willingness to defy the FBI and courts that demanded Apple create backdoors into its most important product.
"When the FBI has requested data that's in our possession, we have provided it," Cook wrote in an open letter to customers on February 16. "Apple complies with valid subpoenas and search warrants....We have also made Apple engineers available to advise the FBI, and we've offered our best ideas on a number of investigative options at their disposal."
But the company won't bend on encryption, according to Cook, signaling his willingness to challenge the FBI in front of a federal judge. In March, more than 40 top tech companies signed amicus briefs supporting Apple as it prepared to face the government in a court case that, ultimately, never took place. Then last month, Apple rehired crypto expert Jon Callas, who co-founded PGP (Pretty Good Privacy), Silent Circle and Blackphone. Callas had worked for Apple in the 1990s and again between 2009 and 2011.
Google is fighting its own encryption battle in several undecided court cases related to phones running its Android mobile software.
That means we can expect governments to escalate their efforts to get around encryption, says Greenwald. "It's going to be like an arms race," he says. As governments develop new tools for spying, "private companies and privacy activists [will try] to use math to build a wall of numbers, essentially, around people's communication."
Edward Snowden, seen here being interviewed in December 2013, has been living in self-imposed exile in Moscow for three years.
That's how it should be, says Denelle Dixon-Thayer, chief legal and business officer at Mozilla, which coordinates the development of the Firefox open-source web browser.
Governments spy, she says. "It's not our job to make that easy for them."
The great debate
Snowden's revelations did more than pit the tech industry against government and law enforcement, and spotlight the warring demands of personal privacy and national security.
Ironically, even unexpectedly, it also made the US government more transparent about its efforts. Less than two months after those first disclosures in 2013, the office of the Director of National Intelligence declassified documents explaining the government's bulk collection of US phone records.
In March 2014, President Barack Obama said that the government should stop acquiring phone data in bulk from the phone companies. That June, the Director of National Intelligence released its first annual transparency report, revealing more than 1,760 court orders to collect personal data.
In November 2015, five public advocates, all private attorneys with expertise in privacy law, began advising the courts on ways to minimize the impact of foreign surveillance on people in the US.
And last month, Reuters reported Congress no longer supported draft legislation that would have let judges force tech companies to help law enforcement crack encrypted data.
None of this means the US and other governments will end their widespread surveillance. It does, however, signal a degree of openness in telling the public how often the US goes after that data.
"Government officials have been more willing to engage in a conversation," says Margaret Nagle, Yahoo's head of US government affairs. "That has made it increasingly important that providers engage in that conversation as well."
It's a beginning.
Snowden says his goal wasn't to personally end surveillance. It was to alert people that surveillance was actually happening.
"The public needs to decide whether these programs and policies are right or wrong," Snowden says in a video published by the Guardian in June 2013. "This is the truth. This is what's happening. You should decide whether we should be doing this."
For now, the tech industry has become our proxy in that debate.