The New York Times last week provided new information that clarified how a key, yet unnamed, National Security Agency surveillance program designed to "target" foreigners' Internet communications actually worked, namely by secretly snatching and sifting virtually all Americans' international communications.
This ubiquitous government surveillance harms more than just our personal privacy, and American businesses need to pay particular attention. Within the piece, a key point was buried in a discussion about the program's ineffectiveness at finding terrorists. An unnamed government official explained "[t]he surveillance was used for other types of foreign intelligence collection, not just terrorism."
"Foreign intelligence" is defined broadly in the statute, to include any information relating to U.S. "foreign affairs," which the government interprets to include trade, travel, currency transactions, and international business matters. We believe this puts American companies in the crosshairs of these collection programs. Here is a letter I wrote several years ago in preparation for a meeting with business groups when Congress passed the first version of the bill that authorized this type of broad surveillance. Unfortunately, our concerns haven't changed much. (The following has been slightly edited to account for a 2008 update to the law):
On August 4, 2007 Congress changed the nature of the relationship American citizens have with their government. The Fourth Amendment to the U.S. Constitution guaranteed the right of the people "to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures," or put more simply, the right to be left alone absent probable cause and a warrant issued by a neutral magistrate. But now our government can seize the private international communications of all Americans and search them for "foreign intelligence information" without any suspicion that anyone has done anything wrong.
Congress accomplished this ignoble task by altering the definition of "electronic surveillance" so as to exclude any government eavesdropping that is directed at an entity "reasonably believed" to be outside the United States from coverage under the protections of the Foreign Intelligence Surveillance Act. Now when an American is calling his aunt in Italy, or e-mailing his business associate in Canada, or engaging in an Internet chat where one of the parties could be overseas [snip] the government can listen in without any court oversight. This is a fundamental change that has serious ramifications for all Americans, but especially for American companies that do business in the global economy. Congress gave the government this eavesdropping authority not to listen to terrorists, but rather to collect "foreign intelligence," which is loosely defined in FISA to mean any information that "relates to" the conduct of U.S. foreign affairs. Make no mistake, this means business.
The rapid expansion of e-commerce now allows small mom-and-pop companies in the heartland of America to sell their products in foreign markets. Because of the bill Congress passed your international business transactions can now be monitored by the government. Globalization and free trade agreements have made it easier for U.S. companies to have an international workforce. Now your communications with those foreign employees can be monitored by the government. The "flattening" of the world opened new opportunities for Americans to invest in growing world markets and to provide charitable gifts to areas in desperate need. Now your international investments and philanthropy can be monitored by the government- not because you are suspected of doing anything wrong, but simply because the government wants foreign intelligence information. Congress could have easily restricted this new authority to investigations of suspected terrorists, but it did not.
Any businessperson can easily see the ramifications of such unwarranted surveillance. How are trade secrets going to be protected? Are negotiations regarding government contracts being conducted in good faith, or are they being compromised by intercepted communications? How are confidential relationships- employer/employee; attorney/client; journalist/source; doctor/patient; priest/penitent; husband/wife- going to be protected? How are these captured communications going to be used against you and your business? The answer is nobody knows because it's all being conducted behind a massive cloak of secrecy.
American companies have much to lose from these government surveillance programs. When foreign businesses and customers lose confidence that American companies can maintain confidentiality in their business dealings and financial transactions, they will likely look for other, more secure partners. According to a report released last week by The Information Technology & Innovation Foundation, NSA surveillance could cost the U.S. cloud computing industry anywhere from $22 to $35 billion over the next three years if "foreign customers decide the risks of storing data with a U.S. company outweigh the benefits."
And trying to find privacy-protecting workarounds appears to be getting more difficult, as Ladar Levison of the Texas-based secure e-mail provider Lavabit, LLC recently learned. He suspended operations last week rather than submit to government surveillance demands, warning, "I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States."
A few hours later, Silent Circle, another secure communications company, followed suit by shutting down its e-mail service. Referencing Lavabit's decision, the company's blog stated, "We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now."
Privacy isn't just good for protecting our rights. Privacy is good for business.