Privacy
issues and the freedom of the people are at the helm of the push for National
Security Agency (NSA) reform. Eight companies – Google, Apple, Facebook,
Twitter, AOL, Microsoft, Yahoo and LinkedIn – have formed the Global Government Surveillance Reform group. As reported on ZDNet, these companies,
usually fierce competitors, have banded together and formally requested
“wide-scale changes” to the NSA regime after the U.S. government’s spying
programs were brought to light by former NSA contractor Edward Snowden.

As
TechRepublic’s Global Editor in Chief Jason Hiner reported on ZDNet,
the technology story likely to have the biggest long-term impact is the Snowden
revelations of the startling NSA digital surveillance programs. 

Opinions
vary among tech and business professionals vary on the potential for reform.
TechRepublic talked to several IT experts and technology journalists to find
out more on the impact, with the discussion touching upon subjects including
the cloud, data security and enterprise scrutiny.

Participating
in the TechRepublic roundtable were:

  • Jason Hiner, global editor in
    chief for TechRepublic
  • Mary Shacklett, president of
    Transworld Data and frequent contributor to TechRepublic
  • Patrick Gray,  Technology
    Strategy consultant at a large global firm and frequent contributor to
    TechRepublic
  • Michael P. Kassner, technology
    writer and frequent contributor to TechRepublic
  • Ethan Oberman, CEO and founder of
    SpiderOak
  • Eric Dynowski, CEO and co-founder
    of Turing Group
  • Stephen Cobb, Senior Security
    Researcher, ESET North America

Hiner:
“I appreciate the fact that these eight companies have come together to
stand up for the rights of citizens and warn against the dangers of
over-reaching surveillance programs. Kudos to them for their spirit of unity in
this. It’s also important to remember that the actions of the U.S. government
have hurt the global credibility and competitiveness of these U.S. companies
since there’s now a perception that the NSA has easier access to them and their
customer data. This has the potential to hurt their business, especially with
international companies, organizations, and governments. So, this move is also
about them trying to recover some reputation points.”

Shacklett:
“The ‘trust’ impact of what appears to be over-reaching
government surveillance on major technology purveyers like Microsoft,
Google, and others can submit these companies to increased consumer and
enterprise scrutiny – especially when surveillance issues are combined with
reliability and outage issues that these cloud service providers are already
contending with at a time when more enterprises would like to move to the
cloud. Naturally, these same companies would be concerned about a potential
over-reaching of surveillance. They also have a responsibility to their
clients to protect the data that is entrusted to them.

On
the enterprise side of the surveillance discussion, there are other challenges
in the area of governance. How long do you retain your data? What levels of
guarantee can you provide your customers, your auditors and your examiners that
the data is protected?

Finally,
there are the insurers. How far will they be willing to go to indemnify companies
and pay claims from clients when data protections are breached that enterprises
and cloud providers have no control over?” 

Gray:
“This is a challenging issue for businesses on a couple of levels. First of
all, much of the surveillance from organizations like the NSA was extra legal,
at least in the U.S. This begs the question that if the NSA skirted the law,
what will passing more laws accomplish? The second challenge is that the
companies like Google and Facebook pushing for surveillance reform use many
similar (or in some cases the same) technologies to gather data and behavioral
patterns about their customers. Rather than purportedly looking for terrorists,
they’re looking for marketing and revenue opportunities by gathering this
information. Can these companies express indignation at various governments
when they’re performing similar activities for arguably less noble reasons?

At
the individual professional level, I’ve already noticed clients are asking
about privacy and data security more frequently than they used to. Cloud
computing used to be seen as a low-risk opportunity for many companies, and NSA
surveillance has now put a damper on the enthusiasm many in IT had about the
cloud. Some countries are even generating legislation forcing companies to keep
data geographically local, potentially undoing years of data center
consolidation and globalized IT infrastructure. These are interesting and
complex topics IT and business professionals will need to consider and address.

On
a personal level, I find the NSA’s activities abhorrent, and as a citizen of
the U.S., anathema to the principles that have shaped this country. I’m
personally not willing to tolerate extensive surveillance and violations of
privacy, even if lives might be saved. As citizens, it’s worth considering how
you feel about these policies, and what level of freedom you’re willing to
exchange for assurances of safety. I don’t believe the Googles and Facebooks of
the world will be able to fundamentally reshape these policies, rather it will
be citizens demanding change or allowing these activities to continue by
turning a blind eye.”

Kassner:
“When asked for my opinion on how the Global Government Surveillance Reform
initiative will affect tech and business professionals; the first thing that
came to mind was trust. Do you trust that governments are doing the right thing
to protect their citizens? Do you trust the companies wanting reform, to have
the interest of their members, and those who use their services first and
foremost?

The
Electronic Frontier Foundation, an organization concerned about citizens and
our digital rights, considers this to be a good thing: ‘This is a
victory for users—with the companies taking a giant step forward in supporting
their customers’ rights.’

As
for me, it’s a start. Hopefully, something becomes of it.”

Oberman:
“Post-Snowden, these collective companies have to rebuild trust with not
just U.S. citizens, but users around the world. This reestablishment of trust
is critical to maintaining continued growth based on the business model of
monetizing collected data. It is not surprising that they are doing whatever
they can to now show fight for their users. Whereas they have a bit less
leverage than had they spoken out prior to being complicit, banding together to
impact change is an important move, and there is no downside by doing so.”

Dynowski:
“Companies using the cloud and concerned about government snooping should
first determine what cloud means to them. If the cloud means Gmail, Basecamp or
Office 365, then they have cause to be concerned about government snooping.
When a company uses these kinds of services, they are inherently giving the
provider access to their information. However, this does not mean that the
government accessing a company’s private data is inevitable. 

However,
if cloud computing means a company is using Amazon Web Services, Rackspace,
GoGrid, Azure or Google, then there are viable options for ensuring privacy
from the government in the cloud.

Think
about data security from the ground up. It’s up to the company to build an app
or product that’s already safe from government surveillance.

In
addition to designing with security in mind, there are several ways a company
can keep their information safe in the cloud. First, data in transit should always,
always be encrypted. This avoids issues of wire and fiber taps. Similarly data
not in transit and stored on cloud provider storage should also be stored using
encryption. This avoids issues with requests a government might make of your
cloud provider.

Hire
a security audit firm to review your current operations and identify data
leakage. And, most importantly, create a formal policy that describes the fact
you store and transmit data in a way that is secure from prying eyes. This will
give you legal ground to explain yourself.

If
a company is extra concerned, then they can encrypt data in a way that only
their clients can decrypt it. Then even if they demand data, the company can
say they don’t have access to it.”

Cobb:
“Technology and business professionals who have been
increasingly concerned about excessive government surveillance will welcome
this initiative for the way it legitimizes those concerns, and supports efforts
to address them. We already know this initiative makes economic sense for the companies
behind it. Our survey of 360 American adults in September found that 74 percent
of them said they would admire a company, ‘that took a stand against unlimited
government access to my personal information.’ That’s the good news for tech
companies and their employees. The bad news? The same survey also found that,
even before we heard about the NSA taps on data centers used by Google and
Yahoo, a solid 50 percent of people already said they were ‘now less trusting
of technology companies, such as Internet service providers and software
companies.’

With
one in five people doing less online banking in the wake of the Snowden
revelations, and a similar number saying they were now less inclined to use
email, the implication for tech and business professionals is clear. We need to
be seen doing something to rein in nation state surveillance before the
Internet economy experiences its first-ever recession. This new initiative
looks like a good step in the right direction.”