“The problem isn't data protection; the problem is data collection.”
Six years on from his world-changing revelations about the global surveillance programmes being run by the US and European Governments, whistleblower Edward Snowden has become an authority on online privacy and digital security. Lucy Ingham hears his thoughts on the current state of data security, and how he hopes to see it evolve in the future
Images courtesy of Web Summit
The global perception of data privacy has changed radically in the six years since former National Security Agency (NSA) contractor Edward Snowden blew the whistle on the mass global surveillance being conducted by governments across the West.
Back in 2013, the average user didn’t give a second thought to uploading a myriad of personal details to the web, whereas now privacy has become one of the most discussed internet-related topics in the world.
Now living in Russia after being granted asylum and subsequently permanent residency, Snowden has spoken at numerous conferences via video link over the last few years. Most recently, he spoke at Web Summit in Lisbon, in a talk following the release of his memoir Permanent Record. And while he reflected on his experience of blowing the whistle on the US Government, he also took aim at what he characterises as the structural abuse of personal data that has become a key part of the digital economy.
“Looking six years on, the world is changing and we are at a point of primary vulnerability. But I think, as much as we see the anger rising, as much as I think we see awareness of problems beginning to develop, people are quite frequently mad at the right people for the wrong reasons,” said Snowden.
“Yes, these people are engaged in abuse, particularly when you look at a Google and Amazon, Facebook, but their business model is abuse. And yet every bit of it, they argue, is legal.
“And whether we're talking about Facebook or the NSA, that is the problem: we have legalised the abuse of the person through the personal. We have entrenched a system that makes the population vulnerable for the benefit of the privileged.”
“A Faustian bargain”
This state of affairs has, according to Snowden, come to pass as a result of numerous companies entering “a Faustian bargain” on data handling, in part to assist governments, entirely independently of each other.
“They had made the deal with the devil, as it were, where they went: ‘in this way, in this particular circumstance and we're going to construct a data sharing method for us to go beyond what the law requires to do this government a favor, because we believe this government is positive force for the world’,” he said.
“I think we can all understand and appreciate where that initial drive comes from: you want to believe the government is going to have the tools they need to investigate serious crimes, to prevent acts of terrorism. But when we look at what these programs, actually were used for, and what the results of them were over many, many years, we saw the tools that had been intended to protect the public, had been in many ways, used to attack the public.”
A particular problem, according to Snowden, is that companies have enabled governments to access and restrict data on blind faith, without access to information about how this will be used, which has ultimately turned many corporations into unwitting governmental agents.
“When we see governments and corporations working in concert, we begin to see the birth of a complex between the two where neither truly act independently, or adversarially, but rather they become the left and the right hand of the same body.”
“The government's not going to tell these companies why, in many cases, they need this information. They're simply going to try to create those methods of exchange, those systems of information sharing, as they call it, and ultimately what they're doing is they're deputizing these companies to act in what are increasingly quasi governmental roles, deciding what can and cannot be said on the internet, deciding what can and cannot be shared,” he said.
“And ultimately, turning over perfect records of private lives on-demand to institutions that are no longer meaningfully accountable to the public at large.”
This, in turn, has given tremendous power to big technology companies such as Facebook, which comes with its own concerns and challenges.
“When we see governments and corporations working in concert, we begin to see the birth of a complex between the two where neither truly act independently, or adversarially, but rather they become the left and the right hand of the same body. What we see is the concentration of power,” he said.
“Now when we have institutions which were already powerful before and now they are combining their powers to control, or at least influence, what everybody who is outside of those institutions are able to do, that I think raises real questions of: is the ultimate benefit worth the cost?
“Because if you create an irresistible power, whether it's held by Facebook or whether it's held by any government, the question is: how will you police, the expression of that power when it is used against the public rather than for it?”
Edward Snowden on GDPR: “A paper tiger”
There have, of course, been some efforts to police this power, most notably with the establishment of the General Data Protection Regulation (GDPR) in Europe. However, while Snowden sees GDPR as “a good bit of legislation in terms of the effort that they're trying to do”, he does not believe it effectively tackles the issue.
“The problem isn't data protection; the problem is data collection,” he said.
“Regulating the protection of data presumes that the collection of data in the first place was proper, that it was appropriate, that it doesn't represent a threat or a danger. That it's okay to spy on everybody all the time whether they're your customers or whether they're your citizens, so long as it never leaks, so long as only you are in control of what it is that you’ve sort of stolen from everybody.
“My generation, particularly the generation after me, they no longer own anything. They are increasingly not allowed to own anything.”
“And I would say that not only is that incorrect, but if we learned anything from 2013 it's that eventually everything leaks.”
He also took aim at the headline-grabbing maximum fine of 4% of global annual revenue, arguing that this creates a false sense of security over how companies can use data.
“Until we see those fines being applied to every single year to the internet giants until they reform their behavior and begin complying not just with the letter but the spirit of the law, it is a paper tiger,” he said.
“And I think that actually gives us a false sense of reassurance, because these companies that are the ones who that fine is most threatening to are also the ones with the most lawyers who are able to undermine the meaning of that law the most effectively.”
“Show them why they don’t have to trust you”
The idea of restructuring the internet may be a bold and seemingly insurmountable challenge, but Snowden argues that for companies wishing to take a more customer-friendly approach to data, “it’s much more simple than that”
“Rather than asking people to trust you, rather than asking them to trust your service as all of your ailing competitors do, show them why they don't have to trust you,” he said.
“Have [it so that] all of the intermediaries between you and the people that you're talking to, are not in control of you, they do not understand your content, it is private to them,” he said.
“The only people you have to trust are the people that you're talking to, the people on the ends of the communication, and the reason that is important, even if you are for the NSA even if you are for Facebook, is that there are companies, there are laws, that do not apply to these countries. There are different jurisdictions and the internet is global.
“The law is not the only thing that can protect you. Technology is not the only thing that can protect you. We are the only thing that can protect us and the only way to protect anyone is to protect everyone.”