Tricky leaks: Snowden vs NSA

Hearing the word “Snowden” a year ago, you would most likely have thought of the highest mountain in Wales or even the British royal photographer Lord Snowdon. What a difference a year – and a vowel – makes.

A year ago Edward Snowden was a 29-year-old nobody, working as a data analysis contractor inside a National Security Agency base in Hawaii.

What we now know: the NSA was so busy watching the rest of the world that it didn’t notice the rogue contractor departing its Hawaii station with what one agency official admits were “the keys to the kingdom”.

Under the guise of computer-network maintenance, Snowden asked 25 NSA employees in Hawaii for their passwords and then began downloading an estimated 1.7 million classified NSA documents.

Snowden left the US in May; in June the Guardian revealed that the NSA had collected customer data of the US telecom company Verizon. Then the Washington Post revealed the "Prism" programme, which granted the NSA access to data held by Apple, Facebook, Google and others.

From a Hong Kong hotel room Snowden revealed himself to the world as the whistleblower behind the NSA leaks. In exposing what he viewed as blanket government abuses of the constitutional right to privacy, Snowden triggered an unprecedented game of international cat and mouse.

Fearing extradition to the US, Snowden left Hong Kong for Moscow and spent two months in limbo in the transit area of the Russian capital’s airport before, in August, he was granted a year’s asylum. By then the lid had blown off the tapping scandal. The NSA had spied on EU representatives in Brussels and Washington and tapped Google and Yahoo mail services. Britain’s GCHQ intelligence agency, meanwhile, had intercepted data cables in and out of the UK, and listened in on world leaders at the G20 meeting in 2009.

US intelligence chiefs insist that their activities have thwarted terrorist attacks – although the number is disputed – and that their eavesdropping was not directed at US citizens; cold comfort for the rest of the world.

The Snowden revelations followed President Obama to Berlin in June, when he insisted that the US is "not rifling through Germans' emails". But what of German phone calls? On October 24th Berlin summoned the US ambassador to explain why the NSA had been tapping Chancellor Angela Merkel's mobile phone for 11 years from the US embassy in Berlin. For Merkel, who governs Germany by text message, the revelations put transatlantic relations "to the test".

Damaging political blowback
But she knows that the louder she protests, the greater the danger of damaging political blowback. For all the German outrage at NSA spying, Snowden's leaks have already revealed regular pilgrimages to the US by German intelligence officials anxious to learn NSA surveillance methods. Publicly, Berlin demands answers. Privately, it hopes to use the revelations as leverage for a no-spy agreement with Washington or, even better, access to its "Five Eyes" intelligence-sharing ring.

Though Washington is cool on these ambitions, Merkel still rejected calls to suspend EU free-trade talks with the US until NSA surveillance is explained. She dismissed, too, an offer by Edward Snowden to testify at a Bundestag inquiry.

But just as striking as the scale of digital surveillance revealed by the Snowden affair – the biggest data leak in US history – is the scale of public apathy. So will the Snowden affair redefine the rules of engagement in the 21st-century digital world or will future disclosures fall victim to the law of diminishing returns in our attention-deficit digital world?

Privacy advocates say the answer depends largely on whether individual citizens realise the importance of data protection.

Preserve of computer geeks
Until now data privacy was viewed as the preserve of paranoid computer geeks. Snowden has demonstrated the wide reach of a global data dragnet, where the collection of data we all generate online is guided pragmatically by the ever-expanding technical possibilities of the digital era, not the limits of legal frameworks from the analogue era. The consequences in Europe became clear when, in response to a challenge from an Irish privacy group, the European Court of Justice issued a legal opinion this month that a 2006 EU directive obliging telecom companies to retain user data was a "serious interference" in citizens' fundamental right to privacy.

Privacy advocates have their work cut out for them generating public interest in the era of the selfie. They are concentrating their efforts on pointing out the fundamental gap between the data people think is being collected on them and what companies – and governments – are actually collecting.

A Cambridge University study of 58,000 Facebook users this year revealed that by simply collating users’ “likes”, researchers could determine their race, sexuality and religion – information users had never knowingly shared on the social network – with accuracy rates of 95 per cent, 88 per cent and 82 per cent respectively.

“Instead of 58,000 people, imagine a billion users, add location data, and you end up with a whole shadow world of information to which you don’t have access,” said Joe McNamee, executive director of the Brussels-based lobby group European Digital Rights. “This is a world where you don’t know what positive or negative discrimination is happening on the basis of the assumptions of personal data that may or may not be correct.”

For all their outrage, EU leaders have yet to move beyond lip service on the Snowden revelations. Five months after Chancellor Merkel demanded swift agreement on a new regulation to take European data protection into the 21st century, privacy advocates complain that Berlin officials are leading a go-slow to block agreement before next year’s European elections. If that happens, European data protection will remain a collection of conflicting national regulations from a pre-Google, pre-Facebook era.

And, as European home to Facebook, Google and others, Ireland will find itself on the increasingly uncomfortable fault line between e-commerce and e-privacy.

Edward Snowden has sparked a long-overdue debate on the conflict between the most profitable resource of our digital age – big data – and its consequences for legal precepts of privacy and protection of personal data.

The battle could yet catch fire, like the labour struggle of a century ago or the environmental struggles of the 1980s. Or it could peter out, smothered by private lobbying and public apathy.