Hi-tech firms battle with NSA fallout

A year after the first stories emerged, American tech companies continue to struggle with the fallout from US intelligence leaker Edward Snowden's allegations.

Senior figures from Google and Microsoft have told the BBC damage has been done globally and more needs to be done to address public concerns.

The allegations have also highlighted broader concerns about how the private sector as well as governments collect and use data from individuals, which may well reshape the way we think about privacy.

"It has really undermined trust in the web has made people outside the US very wary of the internet and of US internet companies in a way - in our view - that is unfounded. So it has been quite damaging," says David Drummond, senior vice-president and chief legal officer for Google.

"We do have customers who talk about not wanting to move forward with cloud computing because of their concerns with this issue," he says.

Initial reports about the US National Security Agency's (NSA) Prism programme created the perception tech companies - such as Google and Microsoft - were in close partnership with the NSA and might be providing information beyond the legal requirements. All have denied this charge.

But in October 2013 came further claims the NSA had also found a backdoor route and hacked into the data centres of companies such as Google and others to get at data.

That generated a lot of anger, says Mr Drummond. "We would expect that we would be working with the US government and other governments to protect security for users not having to worry about those governments finding every sort of exploit they can in order to get information from us."

That view is echoed by Brad Smith, executive vice-president and general counsel of Microsoft, which also saw the October 2013 allegations as a turning point.

"It absolutely changed everything because we could no longer rely on the premise that… governments were acting pursuant to proper legal process," he says.

"We saw the legal orders that we received. We assumed that our government was relying exclusively on legal orders and legal process when it was coming to tech companies. So to learn that there was another piece of this that potentially dwarfed everything else, naturally caused everyone across the tech sector to react with great concern."

On the international front, Microsoft says it is working to try to limit the reach of the US government.

Mr Smith points to the battle it is fighting in a federal court in New York over US government demands for data that sits in the company's data centre in Ireland. It is pushing to ensure that US law stops at the boundaries of the US and cannot be used to get data from other countries when there are other avenues.

He says: "We want the US to use international legal process rather than put the onus on tech companies to go collect data from other countries for it."

Mr Smith says there is a broad need to reset the balance in government, law and policy around the world regarding technology, surveillance and privacy whilst also acknowledging different countries will want to take different approaches.

"I think technology has a trust problem," he says. "The issues of the last year have caused people to ask who else gets to see their data. Governments created this problem - governments need to act decisively to help solve it."

Transparency alone about how data is used may not be enough, he cautions.

"We need to look beyond transparency. We need to ensure that in appropriate ways the public is in control how data is being collected. When it comes to government, the instrument of control is the law, and when it comes to companies the instrument of control is the contracts in effect between consumers and businesses."

In a broader sense, this, Mr Smith says, is part of a redefinition of privacy away from the idea that it only relates to secrets you share with a few people and towards a world in which you might share information with a growing number of people but want to retain the ability to control that information as it is shared.

Mr Drummond, at Google, says the debates about private-sector use of data and government intelligence collection should be kept separate. He says his company welcomes ideas about regulation and transparency for customers but maintains "it is very different from government spying and collection of data in secret".

He also says the company will be working hard to restore provisions in the US Freedom Act currently before Congress. That act seeks to limit the so-called "dragnet" collection of data and impose deadlines on when agencies can gather data.

He says the act had been "gutted" when the sections requiring an end to bulk collection of domestic metadata were taken out. "We think bulk collection needs to be ended," says Mr Drummond. "We will be working hard to restore those provisions."

Google also announced this week that it was pushing ahead with its campaign to encrypt more data. After the allegations about the NSA hacking into its systems, it accelerated plans to encrypt internal systems and is now providing tools to allow user to carry out end-to-end encryption.