All around the world, governments are devising creative ways to torment American technology companies. It started last year after leaks revealed that the U.S. government basically uses services like Google and Facebook as arms of the surveillance state. In response, some countries - - including Germany, Brazil and now France -- have toyed with the idea of forcing Internet companies to route traffic or store data locally.
As public policy, this is inept both technologically and economically. As symbolism, it illustrates the damage that overly ambitious espionage can cause -- and reinforces, yet again, how insecure the foundations of the digital marketplace really are.
Since the intelligence contractor Edward Snowden began exposing surveillance programs by the National Security Agency last June, trust in U.S. technology companies has plummeted overseas. In some cases sales have slowed. And foreign regulators have been licking their chops in anticipation of a crackdown. Estimates of the cost to these companies have ranged from $21.5 billion to $180 billion by 2016.
Now, more than a dozen governments are considering laws to require Internet companies to store information collected on their citizens at onshore data centers. This is a bad idea for all the usual reasons protectionism is a bad idea: It will obstruct the free flow of trade (in this case, bits of data), inhibit innovation, increase inefficiency, raise business costs and slow economic growth. If adopted widely, it could threaten the trust and openness the Internet is built on. Not to mention the logistical inanities it will cause.
One thing this idea will not do: offer much protection from spying. Quite the opposite. The NSA, under authorities granted by Executive Order 12333, has extremely broad latitude to conduct intelligence gathering outside the U.S., without oversight from the Foreign Intelligence Surveillance Court. And U.S. technology companies would still be required to turn over data on specific users at the government’s request, regardless of where they store it.
Local data storage won’t offer a practical impediment to spying either. The NSA has shown itself quite capable of infiltrating foreign communications companies, and local spy agencies would undoubtedly find it very convenient to have all their citizens’ data in one place. (The French government, it should be noted, is no slouch when it comes to surveilling its citizens’ digital habits.)
All of which suggests that the real reason governments want to require local data storage is to promote local businesses. Or, more perniciously, to control information a little more tightly within their borders. Both are provincial bureaucratic urges that should be resisted. And both should be considered more collateral damage of the NSA’s poor cost-benefit calculations.
This very bad idea does, however, have the virtue of illustrating a deeper problem. Many technology companies have based their businesses on collecting precisely the kind of user information that the spies are after. The architecture of the Internet makes sharing that information effortless, but protecting it effectively impossible. That dichotomy won’t go away. In fact, it’s going to define your life, more and more, every day.
To contact the editor responsible for this article: David Shipley at firstname.lastname@example.org.