The National Security Agency has had such an easy time of it when it comes to tapping telephones and Internet traffic because the international network through which all of that data runs is largely an American phenomenon. That's current fact, but it's not written in stone. There's no particular reason why the world should continue routing its communications through a country whose government has a known penchant to eavesdrop. And there's no particular reason why Internet users around the world should continue to entrust private data and security to companies based in the U.S. and highly vulnerable to the NSA's snoopy ways. In fact, the U.S.-dominated Internet may be a ship that has sailed.
Writes Brian Fung at the Washington Post:
One of the reasons electronic surveillance tools such as PRISM work so well is because much of the world's Internet traffic goes through U.S. servers. The American companies that own and operate that equipment can be subpoenaed and the data handed over to the government. Voila — intelligence secured!
But that works only so long as the traffic keeps going where intelligence agencies want it to go. There are signs now that the gravy train of easy data is coming to an end. Foreign companies who once considered hosting their information on U.S. servers are beginning to change their minds. And they're not the only ones. Governments are growing more wary, too.
Not having an American connection has already become something of a selling feature for companies offering communications security. After closing the doors of his encrypted email company, Lavabit owner Ladar Levison cautioned, "I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States." Mega promises a new encrypted email service based outside the United States, with privacy-friendly Iceland mentioned as a possible home. German telecoms advertise that they have home-grown security on their email that relieves users of the risk of using American services (though experts blast the move as largely marketing hype). And secure voice communications and texting outfit Seecrypt touts its base in South Africa as making it immune to U.S. laws.
As in the German example, a lot of this is sales patter. And, frankly, if you think the NSA is unreasonably intrusive, try Britain's GCHQ or France's DGSE. And those are free-ish countries with a tad more restraint than the likes of China or Russia.
But privacy and data security are suddenly a big part of the world's conversation. Not everybody cares, but enough individuals, companies and governments do want to keep their conversations private to invigorate an industry that can locate it itself in friendly locales and offer services around the world.
Going forward, more of the world's communications traffic is likely to be encrypted and running through services based outside the United States. Some of the trust placed in new services be misplaced and the NSA and its sister spy agencies around the world will still be looking to drill its way into the flow. But meeting privacy expectations and defeating the spooks shows every sign of being a popular service and a lucrative marketing niche.
Outside the United States.