Spying is great business -- as long as it stays secretJune 10, 2013: 9:23 AM ET
What's next for the companies involved in the NSA leaks scandal.
By Ryan Bradley, senior editor
FORTUNE -- On Sunday, a 29-year-old Booz Allen Hamilton employee named Edward Snowden stepped forward and (via the Guardian) told the world why he chose to make public top-secret National Security Agency documents. The NSA files, particularly those concerning a program called PRISM, describe how the agency could access data from several of America's largest communications and technology companies. Verizon, Microsoft, Facebook, Google, Yahoo, Apple, and AOL are all implicated, and all have offered some version of the same denial using variations of the phrase "direct access."
And yet, NSA experts and even ex-NSA-employees other than Snowden have described how the agency could still track and log users' personal data without such "direct access" to the companies' servers. The arrangement has been described as each company's data moving to and from its servers and passing through a locked mailbox, with a key that belongs to the government. An imperfect metaphor, but sit on it a moment and ask yourself: How many copies of this key exist? How many people can open this mailbox? And how many are, like Snowden, ex-CIA staffers now employed by a government contractor?
Snowden could access e-mails, chats, videos images and had, he told the Guardian, "the authorities to wiretap anyone, from you or your accountant, to a fedral judge or even the President, if I had a personal e-mail." As clearly brave and well-spoken this young man is, Snowden is not a high-level employee at Booz (BAH). He is a high school dropout who took some computer classes at a community college. Slate's Farhad Manjoo wrote, "He's the IT guy, and not a very accomplished, experienced one at that."
Booz Allen released a statement on its website that reads, in part, "News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm. We will work closely with our clients and authorities in their investigation of this matter." One of the company's biggest and most lucrative clients is the U.S. government. The New York Times reports that the company earned $1.3 billion, 23% of its total revenue, from intelligence work during its most recent fiscal year.
The U.S. intelligence industry is more privatized than ever before. According to a Washington Post investigation, nearly 2,000 companies work on programs related to counterterrorism, homeland security, and intelligence in about 10,000 locations across the United States, and the industry employs an estimated 854,000 people with top-secret security clearances (both government and non-government employees). Booz Allen is just one among many, including Verizon (VZ), Google (GOOG), and Microsoft (MSFT).
And now, as the Snowden leaks rope in still more tech giants such as Apple (AAPL) and Facebook (FB) in the massive NSA data mining operation, the companies' business abroad may suffer. "I am amazed at the flippant way in which companies such as Google and Microsoft seem to treat their users' data. Anyone who doesn't want that to happen should switch providers," Joerg-Uwe Hahn, the justice minister in Hesse, told the Handelsblatt, a German business newspaper. Hahn also called for a boycott of the companies involved. As a report in Reuters notes, Europe has long lagged behind the U.S. in the use of cloud-based services, and in Germany, privacy protection has long been a primary concern.
The irony of such concern is not lost on Chinese companies like Huawei, the world's second-largest supplier of telecom and Internet gear. Huawei has barely made a dent in the U.S. market, the largest telecom market in the world. The reason, of course, is the fear of a company based in China -- a country actively engaged in hacking and sifting through its citizens data -- controlling the movement of American's information. At the Fortune Global Forum in Chengdu last week, Guo Ping, Huawei's deputy chairman (one of three executives who rotate through the CEO post), told the Wall Street Journal that "We are basically not present in the U.S. telecom equipment market ... So if they have security problems they are not coming from us."
A more immediate threat to the U.S. tech giants may come from within. How many of these companies' employees are like Snowden and support the Electronic Freedom Foundation and Tor -- an online platform that helps anonymize Internet information -- and spend time on Reddit and believe, like Snowden, that they "don't want to live in a world where there's no privacy and therefore no room for intellectual exploration and creativity?" How long before another one of these high-access, low-level employees steps forward? It's a question, again, of the number of keys, and how effective security can possibly be when so many seem to have access.
The NSA leaks paint a picture of an agency trying to capture as much data as possible. But the leaks have also proven that better security does not necessarily equal bigger data. Gathering all this information requires the participation of so many people in so many companies to analyze it. So many keys to that mailbox filled with our personal information. A massive, government-backed spying effort may have been great for business when it was still secret (though, as many have pointed out, the hints have been there for years). Now that it's public, it may well be time to rethink how we involve U.S. businesses in government surveillance.