State and business get aggressive in privacy battle

Anyone who thinks there isn’t a market for privacy needs only to look at the festering tensions evident between companies named in Edward Snowden’s leaks about the US National Security Agency’s surveillance programmes and the US government.

Several of the technology and internet companies named as being involved in Prism – a programme or system (it is not quite clear exactly what) for collecting and sifting through data obtained from the firms – issued initial statements denying they were involved in any way that went beyond legally mandated requests.

Many placed formal requests to the US government to be allowed to reveal more information about the types of requests they receive, how the companies comply with them and the nature of the information.

But as more time passes, and as US government lawyers have refused the companies this permission, the companies are becoming far more aggressive.

Yahoo this week won court permission to disclose details from a key 2008 court case it says will show it has been in a battle with the NSA over Prism for some time – although the court will retain the right to redact documents as it sees fit. The 2008 case was reportedly central to the establishment of Prism.

In a statement, Yahoo said the released court documents would “contribute constructively to the ongoing public discussion around online privacy”.

The fact that this permission has been granted is seen as a win for other companies that may wish to go to the same court – the Foreign Intelligence Surveillance Court that oversees NSA surveillance programmes – for the release of further documents.

Attorney general
Meanwhile, in the wake of Yahoo's court win, Microsoft general counsel Brad Smith posted a lengthy statement on the company's legal blog.

He said the company had brought a plea directly to US attorney general Eric Holder for Microsoft and other companies to be allowed to reveal more about the NSA data requests it receives.

“We believe the US constitution guarantees our freedom to share more information with the public, yet the government is stopping us . . . We hope the attorney general can step in to change this situation,” he wrote.

Snowden revealed documents that indicated a significant level of co-operation between Microsoft and the NSA, a story published in the Guardian claimed last week.

Smith stated there were “significant inaccuracies in the interpretations of leaked government documents reported in the media last week”. The main concern is claims that Microsoft provided “direct access” to data for the NSA (a claim not made in the Guardian story).

“We have asked the government again for permission to discuss the issues raised by these new documents and our request was denied by government lawyers,” writes Smith.

Taking these arguments public in this way is being done for one reason: concern about the impact the Snowden documents will have on business reputation, sales and usage of products and services, and the corporate bottom line.

This increasingly aggressive, visible response is a major shift from the past when companies accused of, say, incorporating secret “back doors” into products that would allow for government surveillance and tracking of users, would simply ignore the accusations and go about business as usual.

What has changed?

The availability of public scrutiny and discussion, thanks to the internet and social media, for one. This has made sharing information, and keeping topics on the public agenda, much easier.

I think we also have reached a delicate balancing point between people’s eagerness to use powerful, more cost-effective communications and business technologies that are internet-based, and their concern about the management of data trusted to internet companies or sent off to the “cloud”.

Thanks to numerous major and well-publicised data breaches, everyone – both businesses and consumers – is far more aware of data privacy and protection now than a decade ago.

The Snowden revelations have emerged just at a point when people – whether consumers or business users of technologies – are increasingly uneasy about what happens to their personal information in internet land – and significantly just at the point when the companies implicated in Prism are pushing businesses to buy into their cloud offerings, software as a service, online email and call services and other “trust us” technologies.

Commercially sensitive
Those companies are clearly aware they will lose customers if users believe they cannot provide a secure and private service that isn't steering data into the maw of the NSA. Not because businesses or consumers fear they have something to "hide" (as that empty surveillance argument, trotted out by our own government too, goes) – but because business data can be commercially sensitive, personal information can be unexpectedly revealing and all of us rightly expect to have some closed doors where the state does not pry.

The Prism companies are acutely aware that if they are not seen to provide that privacy guarantee and ensure a trustworthy relationship, new companies that will are likely to challenge them in a ready market for proper data protection.