Just about everyone assumed all along that the U.S. government makes the most of modern technology to keep an eye on its overseas enemies. The disclosures of former National Security Agency system administrator Edward Snowden detailing the comprehensive harvesting by the NSA of U.S.-based data have exceeded people's imaginations, however, and created some clear winners and losers. How the White House manages the ongoing disclosures over the next three months will determine whether these wins and losses become permanent.
Winner: EU privacy hawks
In May, right before the Snowden revelations, EU privacy hawks were on the ropes. At issue was the much-anticipated and ballyhooed reform of the European Directive on Data Protection. Here is some inside baseball on that reform, and why the hawks are crowing now.
Simply called "the Directive" in privacy circles, it was the shot heard round the world when the young European Union first adopted it in 1995. Until then, only the United Nations had recognized data privacy as a fundamental human right.
But the elevation of data privacy to the same status as the freedoms of speech and religion across the vast European market spurred a decade of reverberations. EU member states implemented their own versions of the Directive in ways that American corporations found bureaucratic, costly and inimical to smooth international commerce. As a result, Americans led the way in deriding the Directive as an obsolete, pre-Internet dinosaur.
A Franco-German axis of privacy hawks, however, held the line undeterred, pushing back against the privacy practices of Google, Facebook and other American icons. Brussels clashed with Washington over data transfers of passenger-name records and SWIFT financial transactions. This decade-long transatlantic confrontation spawned a generation of European privacy attorneys who enlisted in the battle, sometimes with the same vim and vigor as ACLU volunteers and gun-rights activists.
Somewhere around 2009, more business-friendly moderation began to prevail at France's data-protection authority. The Franco-German axis weakened. Moderates in Brussels seized the opportunity, and by 2011 Europe was looking at draft legislation to overhaul its approach to data protection.
The new draft privacy law was more balanced, in parts taking aim squarely at Silicon Valley and imposing a jaw-dropping 2% fine on global revenues for egregious violations. In other parts, however, the draft provided new provisions for cloud computing and streamlined compliance.
American corporations heavily lobbied the bill. The various EU committees charged with reviewing the legislation considered hundreds of amendments, many of them watering it down. With the vice president of the EU herself championing the passage of the bill, the privacy hawks were on the defensive. It looked as if they were going to get steamrolled in an eleventh-hour flurry of compromises.
Within a week of the first Snowden revelations, however, the bill was dead for the summer. Trust in America as an honest broker on privacy had precipitously dropped. When European politicians return to work next week to renew their reform of data protection, the privacy hawks will be in the driver's seat.
Loser: U.S. cloud providers
Cloud computing was always a tough sell in Europe. This was for two reasons: Europeans' data could move from a server in Europe to a server in a country with lower privacy standards, putting their human rights at risk, and all the cloud-computing jobs were in America.
Amazon Web Services was one of the first to address these concerns by creating a Europe-only cloud based in Ireland. Many American companies followed suit, and now the east part of Dublin looks like a miniature Silicon Valley. European clients were signing up, and cloud computing was on the road to acceptance. Even in Brussels, the EU adopted "binding safe processor rules," a way for cloud providers to obtain an EU housekeeping seal of approval.
Within a month of Snowden's disclosures, however, these dynamics had all changed. If data stored in the United States could theoretically be sucked up by the NSA, it was, from their perspective, no longer safe, no matter what promises the cloud provider made in a contract. The snippets of the NSA programs that Snowden disclosed appeared to the Europeans to look like the Patriot Act on speed.
By July, German government officials were encouraging German businesses to stop using U.S. cloud providers. On Aug. 5, the Information Technology and Innovation Foundation released a report estimating that the Snowden revelations would cost U.S. cloud providers a 20% reduction in revenues, or $35 billion. Indeed, a small Swiss data hosting service reported a 45% increase in revenue the month following the first Snowden releases.
Winner: Law firms and consulting firms
Change and uncertainty are the mother and father of the consulting industry. As corporations face new laws and risks, they turn to outsiders closer to the action to help steer the way.
For U.S. multinationals, the task ahead is to navigate a stricter regulatory environment in Europe and find new data architectures that assure customers both at home and abroad. For U.S. providers of cloud and software-as-a-service offerings, the rest of 2013 will be a scramble to develop EU-based operations that are outside the reach of U.S. government surveillance.
U.S. firms with deep privacy benches, such as law firms Morrison and Foerster and Hogan Lovells and consultancies PricewaterhouseCoopers and Deloitte, are best positioned to aid in the post-Snowden transition.
Loser: U.S. government political capital
By the time President Bush left office, global approval ratings of the United States had fallen by some measures to 19%. The invasion and occupation of Iraq had squandered just about all of the goodwill built by Reagan's defeat of communism and Clinton's decade of prosperity. The election of Obama gave the U.S. an instant shot of credibility, sending approval ratings tracked by Gallup and the BBC to nearly 50%. The world applauded that we could overcome our slavery past and move away from bellicose unilateralism at the same time.
Cracks were already showing pre-Snowden, however, with the Obama effect wearing off and U.S. approval ratings falling toward 40% as of May 2013. Neither Gallup nor the BBC has released a global poll post-Snowden, but the anecdotal evidence is everywhere to see. The Nobel laureate in the White House hasn't decreased the war-making or surveillance of his unpopular predecessor, but maintained or increased both. The one who would rescue America from unilateralism is appearing outside America not up to the task, and this will affect the government's political capital on all issues going forward.
As Snowden continues to drip information and Europe retrenches over the next three months, the ball will be in Washington's court. If it's business as usual, data, dollars and power will flow from San Francisco, Seattle, New York and Washington to Paris, Berlin, Dublin and wherever that Swiss data host is located.
Jay Cline is president of Minnesota Privacy Consultants. You can reach him at cwprivacy@computerworld.com. See more by Jay Cline
Read more about privacy in Computerworld's Privacy Topic Center.
