Munich Edward Snowden’s supporters have portrayed him as the champion of Internet freedom. But when senior European and American experts privately discuss the future of cyberspace, their fear is that the Internet may be closing, post-Snowden, rather than opening. “We may be the last generation to take joy from the Internet,” because of new boundaries and protectionism, as one American glumly put it.
Privacy advocates would argue that any dangers ahead are the fault of the pervasive surveillance systems of the U.S. National Security Agency, rather than Snowden’s revelation of them. I’ll leave that chicken-and-egg puzzle for historians. But it begs the question of how to prevent the anti-NSA backlash from shattering the relatively free and open Internet that has transformed the world — and which the NSA (and other security services) exploited. Unfortunately, the cure here could be worse than the disease, in terms of reduced access, cyber-security and even privacy.
As a starting point, Americans need to understand just how angry Europeans are about the NSA’s invasion of their personal space. Secretary of State John Kerry cheerily told the Munich Security Conference last weekend that he foresees a “trans-Atlantic renaissance,” with new trade and diplomatic agreements. For now, such talk is just whistling past the NSA graveyard.
“People in Washington don’t realize how serious feelings on this side of the Atlantic are,” argued one prominent European politician at a high-level private dinner here hosted by the Atlantic Council to discuss cyber issues. He predicted flatly that American companies would lose an estimated $28 billion to $32 billion in revenues to European cloud-computing companies that will market “NSA-proof” data storage.
This boom for Euro-cloud companies is understandable, in terms of corporate opportunism. But it could build fences around European servers that might turn the global information superhighway into a series of bottlenecks and on-off ramps.
The Internet governance issue is fraught, too. For the last several decades, basic standards and architecture have been managed by a private body known as ICANN. But this group, though passionate about privacy, is now seen as American-dominated, and therefore contaminated. An alternative would give more oversight to the U.N.’s International Telecommunication Union. The leading candidate to head the ITU next is a Chinese official, Houlin Zhao, the group’s deputy secretary-general.
Protecting data networks may actually be harder in the post-Snowden environment, argued both Europeans and Americans. That’s because sophisticated cyber-protection involves cooperation between agencies such as the NSA (and its foreign counterparts) and private Internet service providers. Such contacts are now anathema.
Rise in cyber espionage?
Another paradox is that indignation about American snooping may make it easier for Russian and Chinese security services to spy on their own people and conduct cyber-espionage. “The Russians and Chinese will talk about sovereignty and non-interference in cyberspace, which is a proxy for their control agenda,” argued one cyber expert.
“The Snowden disclosures are being used to renationalize the Internet and roll back changes that have weakened government control of information,” argues Stewart Baker, a former NSA lawyer who writes an influential blog on cyber issues.
Many Europeans told me President Obama made a good start with his speech last month outlining new rules for the NSA, especially in his willingness to provide some version of a global Fourth Amendment. One European argued that privacy rights should be reciprocal — the U.S. should offer protections to countries that grant such rights to their own citizens, as well as Americans.
But one senior European politician warned that if his fellow citizens can’t sue in U.S. courts to enforce their new privacy rights, then the European Union will withdraw its so-called “safe harbor” protection for American technology companies. This provision allows U.S. companies to operate in European cyberspace by quickly certifying that they comply with stringent EU privacy rules. Closure of this “safe harbor” could sink U.S. companies and stall e-commerce.
Mistrust of U.S.
The NSA revelations have tapped what another top European official called “a fundamental anti-Americanism and mistrust of the U.S.” He noted that if Europeans question the new post-Snowden call for limits and boundaries, they are accused of being NSA’s lackeys. “Where’s the pushback from the U.S.?” he asks plaintively.
In this tempest of anti-NSA feeling, one of the bravest speeches at Munich was given by German President Joachim Gauck. “We rightly complain when allies overstep the mark when they use electronic surveillance to detect threats. And yet, we prefer to remain reliant on them and hesitate to improve our own surveillance capacities,” he said.
A loose interpretation of his underlying message would be: Get real, fellow Europeans. Protecting cyberspace is more complicated than bashing the NSA.