US: NSA leaks should be no excuse for local storage mandates, which harm “organic” internet

The U.S. State Department has warned against countries such as Russia forcing web service providers to store citizens’ data locally, even though such moves are at least in part inspired by Edward Snowden’s revelations of the NSA spying on foreigners’ personal data.

“[People should not] use the Snowden revelations as an excuse for taking what are essentially protectionist measures that will harm the ability of the internet to work in an organic way,” a State Department official said Thursday, ahead of the annual Internet Governance Forum meeting in Istanbul next week.

Russian president Vladimir Putin signed a law in July that mandates local storage, paving the way for the blockage of web services that do not comply. Firms such as Facebook and Twitter do not store Russians’ data in Russia, and the law may well be a precursor to the censorship of such services — especially in the context of Putin’s wider crackdown on free speech.

Although censorship may be the ultimate goal, the law was also very much a reaction to the Snowden revelations, particularly the early ones regarding the PRISM program – said to involve the U.S. intelligence services forcing the likes of Google and Facebook to cough up user information. Foreigners are particularly vulnerable to such programs, as U.S. laws afford them fewer privacy protections than those granted to American citizens.

The move also followed calls by Russian intelligence services to boost data center security there, through physical measures as well as the use of “certified encryption algorithms” developed in Russia — a suspicious desire on the part of the spooks if I ever saw one.

Brazil also contemplated a local storage mandate when it was formulating its bill of online rights, but dropped that contentious element in order to pass the wider legislation. There was also talk soon after the Snowden leaks of countries like Brazil and Germany keeping internet traffic within their borders — a very tall order — but thankfully things have gone quiet on that front.

The State Department official also talked up the U.S.’s desire to promote cybersecurity around the world but, when asked whether the country would pledge to no longer launch cyberattacks of its own, said: “Just so there’s no misunderstanding here, I was talking about folks who were hacking to do malicious damage to businesses.”