Much of the U.S. media coverage of last week's NSA revelations has concentrated on its impact on the constitutional rights of U.S.-based Internet users. But what about the billions of Internet users around the world whose private information is stored on U.S. servers, or whose data travels across U.S. networks or is otherwise accessible through them?
While the details are still emerging, what is clear is that many of the newly exposed surveillance activities have been shaped by U.S. foreign intelligence surveillance laws. The secret court that rubberstamped the collection of phone records from Verizon came from the Foreign Intelligence Surveillance Court (FISC), a secret court established under the Foreign Intelligence Surveillance Act (FISA); the PRISM requests, the U.S. government has said, were FISA orders intended to target non-American persons outside of the United States.
As U.S. officials have repeated, FISA is designed to protect the rights of "U.S. persons" (citizens, permanent residents, and others on U.S. soil) in the face of operations targeting foreigners. But regardless of their effectiveness (or lack thereof) in achieving this objective, these slim protections offer nothing to the vast majority of Internet users around the world. One privacy expert, Caspar Bowden, has gone so far as to say that U.S. foreign intelligence powers "offer zero protection to foreigners' data in U.S. Clouds."