The NSA Is Bad for Business

And that’s why all the biggest tech rivals are joining together to limit government surveillance.

Larry Page, Google co-founder and CEO speaks during the opening keynote at the Google I/O developers conference.
Larry Page, CEO of Google, at its developers conference. The company has joined others in calling for restrictions on the NSA.

Photo by Justin Sullivan/Getty Images

Americans may not be paying attention to the NSA scandals—polls inconsistently show that 40 to 50 percent of the country is OK with whatever it is the NSA is doing—but tech companies certainly are. The big-name Internet companies have launched a Reform Government Surveillance (RGS) coalition, arguing for heavy restrictions on the NSA’s ability to do all the economy-size surveillance that’s been revealed over the last seven months. The coalition includes Apple, Google, Microsoft, Facebook, Twitter, and Yahoo, plus LinkedIn and AOL—among the tech behemoths, only Amazon is notably absent. (Disclosure: I used to work at Microsoft and Google, and my wife is a Google software engineer.*)

The continuing fallout from Edward Snowden’s revelations, each one giving lie to the NSA’s prior congressional testimony, has produced some serious embarrassments, from tapping Angela Merkel’s cellphone to hijacking Google and Yahoo’s intercontinental data pipes to refusing to deny that it spies on Congress. Wired has analyzed the reforms proposed by Richard Clarke’s advisory panel and found them to be toothless or, worse, enshrining in law what the NSA has already been illegally doing: vast, warrantless bulk collection of metadata and data of hundreds of millions of people.

The RGS campaign is fairly specific in its demands and goes much further than Clarke’s panel, putting them closer to the Electronic Freedom Foundation than to Dianne Feinstein. This opposition sets the RGS companies apart from the telecoms: AT&T and Verizon have been quite cooperative with the NSA, and got retroactive legal immunity for aiding the mass, illegal surveillance without protest. The RGS coalition asks that “reviewing courts should be independent and include an adversarial process” (gasp!), says the government “should not undertake bulk data collection of Internet communications” (darn!), and “governments should limit surveillance to specific, known users” (sacre bleu!). That last one would put half of the NSA out of business.

It’s notable when nearly all the major Internet competitors, some of them in bloody rivalries with one another, come together take a stance so vastly at odds with that of the government and a large chunk of their customers. Not even the Stop Online Piracy Act, which would have made Internet companies subject to burdensome requirements to battle piracy and persecute pirates, united tech companies with such vigor. (Microsoft and Apple have generally only offered tepid opposition to anti-piracy bills.)

When competitors agree across the board, there is usually only one broad motivator: money. The NSA, it seems, is very bad for business. Aside from damaging the overseas reputations of these international businesses (notably in Europe and China), the surveillance has caused RGS companies to take major financial hits just to protect themselves from the NSA. Google is now encrypting all its internal traffic, and Yahoo is following Google’s lead—expensive, time-consuming, and logistically ugly work. Add that to headaches like the NSA paying off encryption giant RSA (to the tune of $10 million) to add a back door into their default encryption algorithm, and it’s clear that the bottom line is at stake.

Pando journalist Yasha Levine calls the Reform Government Surveillance coalition a charade, citing Google’s lack of willingness to provide their own users with anonymity and freedom from surveillance. Putting aside that only the NSA’s actions were actually illegal, Levine does have a point: The increasing microtargeting of users by Internet and marketing companies allows the aggregation of incredibly detailed profiles of consumers. This profiling targets different characteristics than NSA data, though it’s still intrusive. But have privacy advocates and journalists been suckered by the coalition, as Levine claims?

No. Privacy activists are fully aware of what these large companies are doing, but for them, the NSA revelations are perfect for triangulation. The corporations want the NSA out of their business, and they want to use personal information as a cudgel to direct public opinion against the NSA. Privacy advocates want more protections for personal information, and they want to use the NSA as a cudgel against corporations. If serious oversight is granted and the contents of the NSA’s requests for data are better exposed, that will lead to a lot more exposure of what companies, too, are collecting on consumers. If a standard of privacy can be set for the NSA, it will be easier to demand that companies provide it as well.

The dance of the tech companies can appear baffling. The companies want to hold on to all the useful data (market research, browsing histories, consumer profiles), while dumping as much of the sensitive data as possible (anything relating to health, criminal activity, and as much personally identifiable information as is feasible). They want to make money while being as minimally liable as possible. These goals are complementary, not contradictory, and since what corporations are interested in (viz., money) is very different from what the NSA is interested in (anomalous signals of terrorism or dissidence), the NSA’s data demands do not line up with Google’s or Facebook’s.

But this distinction is far more visible within tech companies than outside of them. To some extent, the largest Internet companies may like the idea that increased government transparency will lead to increased corporate transparency, since the sleaziest practitioners of consumer profiling and targeted advertising aren’t Google, Facebook, and Apple but shadowy third-party marketers like Acxiom and Turn, who don’t have to answer to consumers in the way that the big names do. If increased privacy demands wipe out Acxiom’s market share and force Internet companies to abandon tracking cookies in favor of Google’s or Apple’s own advertiser IDs, Google and Apple won’t shed any tears.

The flaw in Levine’s anti-corporate line is seeing the surveillance debate as a zero-sum game, where any stand taken by corporations must be assumed to be bad for consumers. Often that’s the case, but here it’s not. It is depressing that the only chance of reining in the NSA’s illegal activities comes via the advocacy of multi-billion dollar companies. But activists have often succeeded best when they’ve succeeded in pitting giant societal forces against one another, instead of trying to start the revolution in their faculty lounge. We should be thankful that for once the free market is helping to temper the excesses of our security state.

Update, Jan. 10, 2014: This piece has been updated to include a disclosure that the author used to work at Microsoft and Google. (Return.)