For web users around the world, everything is different now

As details of the U.S. government’s PRISM program continue to emerge, much of the debate in the United States has focused on the constitutionality of the program. This is only right for people within those borders, but it’s a debate that sounds a lot less relevant to many of us in the outside world.

The rest of the world has, in effect, long supported and nurtured a technology industry that revolves around the U.S. The main reason, of course, is the fact that much of the innovation in the tech industry has come out of the U.S. However, there is also the fact that the U.S. has been seen as a trustworthy partner – it would be hard to imagine Europeans willingly throwing their personal communications and virtual life into Chinese cloud services, for example.

Necessary readjustment

Now that PRISM is (at least partially) out in the open, thanks to the efforts of NSA contractor Edward Snowden, I can’t help but feel everything has changed. Whether or not the program has been spying on U.S. citizens, it has certainly had people outside the U.S. in its sights. This is really only starting to sink in, but non-Americans using online services from the U.S.-based Facebook(s fb), Google(s goog), Microsoft(s msft), Yahoo(s yhoo), AOL(s aol) and Apple(s aapl) are subject to monitoring by the U.S. authorities, and have been for years.

The U.S. is using the world’s most-beloved online services to spy on the world. Whether or not those businesses were willing or even witting conspirators in this program is an interesting detail, but not pivotal. Whether or not U.S. citizens are also being spied on is similarly of relatively mild concern to the rest of the world. The point is, we are being spied on.

Many people have long recognized a privacy tradeoff in using Facebook and Google, but this has been framed within the context of commerce: you let businesses know more about you in order to provide services based on that knowledge. I’ve always felt uncomfortable about that, but I accept it’s a choice that people should be able to make for themselves (even though I believe the consequences of the choice should be made more explicit to the average user).

Responsible response

However, few people outside U.S. borders have been making that choice based on the knowledge that U.S. spies are able to trawl through all this information at will. Even for those who trust their own governments with their security, this is not those governments we’re talking about.

How would Americans feel if it emerged that the British could watch everything they did online? Or the Germans? Or Russians? Do they vote for the British or German or Russian governments? Could U.S. citizens exercise power over those administrations and their actions at the polls? Of course not. So why would anyone imagine it’s acceptable the other way round?

In short, whatever tradeoff Americans might or might not accept in order to safeguard their own security, there is no good outcome here for the rest of the world, which constitutes the majority of users of American web services. We’ve been screwed, and now we have to face some difficult decisions.

As a technology journalist not based in the U.S., I certainly have a lot to consider. I’m not rushing it – there’s a lot to take in, and we still don’t know the full picture. But here are the points running through my mind at the moment:

  • I cannot recommend that those outside the U.S. continue to use Google, Facebook or any of the other services known to be linked to the PRISM program, until those companies clearly demonstrate that it is impossible for the NSA and its ilk to read the data of those people. This definitely applies to all business communications, but also any personal communications that may put the sender, recipient or anyone else in a bad light, should someone choose to use it in that way.
  • Other American online services that deal in private communications must unfortunately be viewed with suspicion, too. It’s not like those services have some kind of immunity from the NSA that Google et al do not have.
  • As my profession precludes me from becoming a digital hermit, even on a temporary basis, it is almost impossible for me to stop using these cloud services without a viable alternative that is located outside the U.S., and it’s not clear that any such alternatives exist yet in a scalable and practical sense. So, for me personally, I will have to accept this quandary for now.
  • Where would these new services be situated anyway? Where is safe from such prying? Which countries are already complicit in PRISM in order to derive data on their own citizens? And what does the U.S. get in return?
  • Will this lead to a balkanization of the web? (I hope not.) If we need a re-architecting of business models and processes around online communications, how can we replicate the best of the systems we have today without reintroducing the same vulnerabilities? Is the answer the decentralization of data control, and how could that work? Will a new degree of complexity – strong encryption and so on – become inevitable?
  • And finally, the point I least want to countenance: Will public opinion allow the current situation to be normalized and, if so, how do I as someone who finds the situation repellent continue to operate in this industry while maintaining a clear conscience?

As yet, I have come to no firm conclusions. But I can say this for sure: For web users around the world, everything has changed. It is unacceptable to pretend otherwise, and that means some really tough choices will soon have to be made.