What happens when an American economy built in significant part on intellectual property collides with overt second-class treatment of foreigners who entrust their data to American networks and systems? We’re about to find out.
On June 5, the world learned from the Guardian of an order from the Foreign Intelligence Surveillance Court requiring Verizon to provide NSA with “metadata” for all Verizon phone calls involving at least one party within the United States. Metadata can include the calling and receiving phone numbers, location of the parties, and call time and duration, but not the actual audio content. A day later, the Washington Post described an NSA program called PRISM, which reportedly enables NSA to access data carried by “nine leading U.S. Internet companies” to extract “audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets.”
In a pair of statements on June 6 and June 8, Director of National Intelligence James R. Clapper explained that the “collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act” includes “extensive procedures . . . to ensure that only non-U.S. persons outside the U.S. are targeted,” and that “Section 702 cannot be used to intentionally target any U.S. citizen, or any other U.S. person, or to intentionally target any person known to be in the United States.”
Foreign leaders, unsurprisingly, don’t find all of this particularly reassuring. As a spokesman for German Chancellor Angela Merkel quoted in the Washington Post observed, “you can safely assume that this is an issue that the chancellor will bring up” when she meets President Obama in Berlin next week. European Commission Vice President Viviane Reding said, “This case shows that a clear legal framework for the protection of personal data is not a luxury or constraint, but a fundamental right.”
In addition to spurring discussion on the tension between civil liberties and antiterrorism policies, the NSA leaks will have another, less widely recognized consequence: They will significantly increase the level of state-sponsored economic espionage directed against American companies. Why? Because many people overseas will view the NSA’s data collection itself as the defining attribute of the story, with less consideration of the larger American security context that frames it. Some of them will conclude that leveling the playing field requires ramping up their own countries’ efforts to eavesdrop on data from American companies.
NSA is almost certainly using the data it gathers under PRISM and from Verizon (and perhaps other carriers) solely for identifying potential terrorism or espionage threats to the United States. It is exceedingly unlikely that NSA would use PRISM, for example, to help an American company gain a competitive advantage in a bidding war against a foreign rival.
But perception can sometimes matter as much as reality, and some overseas observers appear to believe that the NSA surveillance has an economic component. As Volker Perthes, director of the German Institute for International and Security Affairs, reportedly said, “The German business community is on high alert . . . The suspicion in large parts of the business sector is that Americans would also be interested in our patent applications.”
Surveillance in the name of national security is still surveillance, and last week’s developments remind us all in irrefutable terms that nations have often felt much freer to spy on foreigners than on their own citizens. What varies among nations is the set of priorities that motivate the eavesdropping. In the United States, national security provides the motivation. For some other nations, the goal of maximizing economic success in the global marketplace is viewed as justifying espionage against foreign companies.
Of course, state-sponsored economic espionage is as old as the concept of states itself. But the NSA leaks will put wind in the sails of non-U.S. intelligence services aiming to ramp up espionage targeting American businesses. Budgets for spying on American businesses will grow, and people to do the work will be easier to hire.
According to the most recent EMC-sponsored IDC Digital Universe Study, an estimated total of 2.8 billion terabytes of data were created and replicated globally in 2012. Some fraction that tsunami of data passes through networks accessible to foreign intelligence services. And a small fraction of that, in turn, contains highly confidential information about the products, services, and future plans of American companies. When you start with a few billion terabytes, a fraction of a fraction is still a lot of information. And more than ever before, that information is at risk of being compromised and used to America’s economic disadvantage.