Every major tech company that has been reported to be participating in PRISM, the massive surveillance program revealed by the Guardian and Washington Post, has denied involvement in the program. How should we reconcile their denials with the news reports, which include a PowerPoint slide showing that “PRISM collection' started on a specific date for each provider? There are a couple of possibilities. First, Apple, Google, Facebook, Microsoft, Yahoo, et al., could be lying.
The other possibility is that they don't know they're part of the program — that the NSA has somehow figured out a way to invade these companies' private data. In other words, the NSA could be doing to Facebook what Facebook has been doing to us all these years.
At this point, we don't really know what's going on. And we might never know. In one sense, though, it's not really important whether these companies knowingly participated in the NSA program or whether PRISM operated without their knowledge. Either scenario is profoundly shocking, and if any part of the PRISM program is true, it would be a terrible setback for an industry whose long-term prospects depend on our continued participation in their data-collection schemes.
Over the past decade, more or less implicitly, the giants of Silicon Valley and the people of Earth have made a deal: We allow them to gather up every bit of data about our lives. In return, we get free or very cheap services that we have fun using and (maybe) make us more productive.
The deal has always been a shaky one because it's inherently one-sided. We don't really know, and probably won't ever be able to find out, what kind of data these companies collect about us, what happens to that data, and how secure it is from other parties. All that we know for sure is that the potential for abuse is staggering. Every day, most of us willingly carry around devices whose surveillance capacities would have been a gleam in the eye of any East German security official. Our machines know who we talk to, what we buy, who we worship, how we can be blackmailed, and they know where we are and everywhere we have ever been.
On the other hand, hey, you have a machine that will answer any question you've ever thought to ask, that will let you take pictures of every moment of your kid's life, that will let call your long-lost relatives across the world for free. Thanks to massive data-mining, we may one day get self-driving cars and cures to genetic diseases.
Are these trade-offs worth it? Most of us seem to think so, at least to judge by our continued use of these products. If that's the case, it's mainly because we've been assured by tech giants that our privacy is of utmost importance. They all make a show of safeguarding our data, and, to varying degrees, I think they're all genuine about it. That could be true even for the most cynical of reasons: These companies know that the only way for their businesses to work is if we don't fixate on the potential dangers of the devices in our pockets. Facebook and Google are only viable, as business propositions, if we're enthusiastic, optimistic participants in our own data-mining.
But PRISM changes that calculus. If tech giants really can't stop the U.S. government from observing everything we do on their sites, it represents a giant hole in their assurances about our data. PRISM means that we can't really trust these firms' promises, and it may spark demand for alternatives. PRISM makes search engines like DuckDuckGo — which lets you search anonymously — more attractive. It sets up a market for encrypted email services, for apps that shut down location-tracking on your phone, for Web browsers and plug-ins that prevent you from being followed online. In the long run, these more private services might be less useful than the ones run by data-mining companies — they may not lead to self-driving cars — and they may cost more (if your phone's operating system isn't subsidized by ads, maybe you'll pay a lot more for it) but it's possible we'll prefer that trade-off.
This might be especially true outside the United States. Most of the people who use gadgets and services produced by companies in Silicon Valley do not live in America. When Google, Facebook, and Apple look to China, India, and South America, they see dollar signs, an untapped land of data to collect and analyze. Now we have the American government assuring us that Americans aren't being surveilled by these programs. The government says that there are stringent protections in place to protect the privacy of Americans — which implies that non-Americans, the vast majority of these firms' customers, are fair game for spying. The NSA's slides make this explicit. They point to America's “home-field advantage,' the fact that when one foreign Gmail user emails another, the communication may be routed through the United States. If you run a fledgling search engine, social network, or smartphone company in the developing world, the NSA has just given you a huge marketing gift: Facebook lets America spy on you! Apple is in bed with the feds! Use my thing!
Or, not. Maybe this will blow over. It has before; people always say they're worried about online privacy, and then their actions suggest they really aren't. It's quite possible that many people will shrug about PRISM — that we'll decide, hey, I'm not doing anything wrong, so I don't really care if the NSA is reading my email, and that it's worth that self-driving car.
But let's not let that happen. PRISM is the first, but not likely the last, illustration of the terrible dangers of massive digital data collection. It's perfectly fine for us to decide that we're OK with this invasion. But we can't decide if the trade-off is worth it if it's all secret — if we don't know, and if even the tech industry doesn't know, what's happening to all our digital tracks. So the best that can happen is for the giants of Silicon Valley to see PRISM as an existential threat. If that happens — if they begin to fear that their customers' worries about governmental spying might harm their businesses — Apple, Google, Facebook, and the others might be willing to wield their considerable lobbying power to limit the reach of the security state. There ought to be a law, and if tech giants fear for their existence, they can help make it happen. One can hope, at least.