Former Microsoft Privacy Chief Says He No Longer Trusts The Company
As Bowden goes on to point out, if you aren't a US citizen, you have no protection whatsoever from PRISM.
The Foreign AngleThis is a point that has real potential consequences for any international company. The NSA claims that there are protections that keep the data of ordinary US citizens out of abusive hands, and that we should trust them with this information. Some people agree with that. Some people don't. But what no one disagrees with is the fact that foreign companies, governments, and citizens have no protections of any kind. To the contrary, some of the NSA's documentation explicitly plays up the fact that huge amounts of foreign traffic travels through the United States on a regular basis.
Much of the NSA's work is devoted to snooping on this foreign traffic to monitor and record what various groups are up to. And these groups have no protection whatsoever under US law. The bigger problem here is that due to the way the Internet routes traffic, there's no guarantee that a message from Point to Point B doesn't travel over US networks. Obviously that's not going to happen if you're sending data from one small town to another in Europe, but a message from, say, Brazil to Canada almost certainly passes through the United States. A message from South or Central America to Europe or China? Same deal.
This is a fundamental problem for nations that aren't interested in exposing their traffic to American observation, whether they're engaged in nefarious activities or not. Long term, the problem could lead to the construction of digital firewalls, in which the United States is effectively isolated behind protective nodes built by local governments to scrub and redirect traffic away from potential capture points. This is directly in opposition to the central concept of the Internet, which is a dynamic structure capable of responding to outages or damage by routing around the problem.
Traffic flows, however, can be rerouted.
It's not that Microsoft is unique, here. In fact, the situation would be simpler to solve if they were. The problem is that the access the NSA has crafted for itself applies to all companies equally. Microsoft, Yahoo, Google, Apple -- your data is as secure as the NSA decides it is, and not one jot more.
Image Credit: OpenRightsGroup - Youtube