AXEL.org

snowden

The Fallout of Edward Snowden and his Leaked Documents, Eight Years Later

On June 21, 2021, Edward Snowden celebrated his 38th birthday in Russia. He’s been in the country for over eight years, having been granted permanent residence in the country in October 2020 [1]. Snowden, an American, has not returned to his native country since leaking millions of classified documents detailing the massive surveillance programs that the United States undertook.

While many have heard Edward Snowden’s name, the programs that he uncovered have seemingly faded in the public consciousness in recent years. Snowden’s reveal of massive global surveillance programs in 2013 was a wake-up call for many Americans, when modern technology and digital communication were truly becoming everyday tools at work and home. His leaked documents highlighted how so many Internet activities are never truly private.

Snowden’s Career Beginnings and Disillusionment

Snowden began his career by joining the Army in May 2004, but was discharged four months later due to broken legs he suffered in a training accident [2]. Following his short time in the Armed Forces, he gained a position as a “security specialist” at an NSA-contracted facility, beginning his time in the intelligence community. He then joined the CIA in 2006 until 2009, years that disillusioned his faith in America’s intelligence community [3]. He described an incident where the CIA purposefully intoxicated a Swiss banker and encouraged him to drive home. When the banker was arrested for drunk driving, the CIA offered him help in exchange for becoming an informant. 

Following his resignation from the CIA, Snowden worked as an NSA contractor in Japan with high-level security clearance for three years before moving to Hawaii to join Booz Allen Hamilton, another private contractor. He joined Booz Allen Hamilton with the sole intent of gaining clearance to new classified files. After just a few weeks on the job, Snowden gained access to the classified material, downloaded it on a flash drive, and fled the United States shortly afterward. Finally, he distributed the materials to media outlets he trusted, particularly The Guardian, with the first revelations posted publicly in June 2013.

What Programs Did Snowden Reveal?

The biggest revelation in Snowden’s leaked documents was the existence of a National Security Agency program called PRISM. Under the program, the NSA had direct access to the servers of the biggest tech companies, including Google, Apple and Facebook without their knowledge [4]. Using this direct access, the NSA could collect users’ emails, search history, and file transfers without a court order. Even if you were an American citizen, you could have been subject to this surveillance if your messages ever touched a non-American server.

Snowden explained the horrifying simplicity of the NSA’s programs, stating “I, sitting at my desk, [could] wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email [5].” This allegation was initially denied by government officials, yet leaked documents showed a program called XKeystore allowed analysts to search enormous databases with just one piece of identifying information [5].

In addition, Snowden revealed NSA phone-tapping of allied leaders, including German Chancellor Angela Merkel and then-Israeli Prime Minister Benjamin Netanyahu [6]. These revelations caused an uproar among American allies, particularly in Europe. The NSA also monitored various charity organizations and businesses including UNICEF, the United Nations’ agency dedicated to providing aid to children worldwide and Petrobras, Brazil’s largest oil company.

The Legal Justification

All of these programs were justified by Section 702 of the FISA Amendments Act, a bill signed in 2008 that amended the original Foreign Intelligence Surveillance Act of 1978. The 2008 amendment rid FISA of its warrant requirement, allowing the NSA to spy on any foreign communications without a court order. In practice, this meant any communications that touched a foreign server were legally allowed to be collected.

Snowden explained “Even if you sent [a message] to someone within the United States, your wholly domestic communication between you and your wife can go to New York to London and back and get caught up in the database [7].” Because the data had reached a foreign server, no matter how short of a time, the NSA was able to collect, store and potentially analyze that data through Section 702’s legal framework. 

The Effects

A Washington Post investigation found that approximately 90% of account holders in a leaked data cache were ordinary Internet users, with just a tenth of the account holders being NSA targets [8]. These account holders were subject to daily tracking, with NSA analysts having access to intimate conversations unrelated to national security. Put simply, the NSA had access to millions of Americans’ personal data, able to be perused by low-level analysts with little more than an email address.

In addition, government officials’ responses to Snowden’s leaks were swift and severe. Then-Secretary of State John Kerry stated that Snowden’s leaks “told terrorists what they can now do to (avoid) detection [9].” Various other officials agreed with Kerry’s assessment, stating that suspected terrorists had begun changing their communication tactics following Snowden’s revelations [10]. While the NSA claimed that digital surveillance helped prevent over 50 “potential terrorist events,” then-President Obama stated that other methods could have prevented those attacks [11].

Data Privacy vs. Protection

Above all, the NSA has been criticized for conducting digital surveillance beyond the scope of national security. While government officials have stated that the surveillance saved countless lives by preventing terrorist attacks, claims that these programs solely stopped potential terror attacks are dubious. The inappropriate collection of everyday Americans’ data, however, is undeniable. Millions of Americans’ emails, video calls and search histories were readily available to low-level NSA analysts. While Edward Snowden remains a highly controversial figure today, his revelations of mass global surveillance undoubtedly increased Americans’ concern for data privacy. And while some still view Snowden as a criminal or traitor, some see him as a brave whistleblower who revealed just how exposed our data, and our lives, can be.

  1. Ilyushina, Mary. “Edward Snowden Gets Permanent Residency in Russia – Lawyer.” CNN. October 22, 2020. https://edition.cnn.com/2020/10/22/europe/edward-snowden-russia-residency-intl/index.html.
  1. Ackerman, Spencer. “Edward Snowden Did Enlist for Special Forces, US Army Confirms.” The Guardian. June 10, 2013. https://www.theguardian.com/world/2013/jun/10/edward-snowden-army-special-forces.
  1. Harding, Luke. “How Edward Snowden Went from Loyal NSA Contractor to Whistleblower.” The Guardian. February 01, 2014. https://www.theguardian.com/world/2014/feb/01/edward-snowden-intelligence-leak-nsa-contractor-extract.
  1. Greenwald, Glenn, and Ewen MacAskill. “NSA Prism Program Taps in to User Data of Apple, Google and Others.” The Guardian. June 07, 2013. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.
  1. Greenwald, Glenn. “XKeyscore: NSA Tool Collects ‘nearly Everything a User Does on the Internet’.” The Guardian. July 31, 2013. https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data.
  1. Ball, James, and Nick Hopkins. “GCHQ and NSA Targeted Charities, Germans, Israeli PM and EU Chief.” The Guardian. December 20, 2013. https://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner.
  1. Sanders, Katie. “PolitiFact – Fact-checking John Oliver’s Interview with Edward Snowden about NSA Surveillance.” Politifact. April 9, 2015. https://www.politifact.com/factchecks/2015/apr/09/edward-snowden/fact-checking-john-olivers-interview-edward-snowde/.
  1. Gellman, Barton, Julie Tate, and Ashkan Soltani. “In NSA-intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are.” The Washington Post. July 05, 2014. https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html.
  1. “Kerry: Edward Snowden Should “man Up” and Come Home.” CBS News. May 28, 2014. https://www.cbsnews.com/news/sec-kerry-edward-snowden-should-man-up-and-come-home/.
  1. Nakashima, Ellen, and Greg Miller. “U.S. Officials Worried about Security of Files Snowden Is Thought to Have.” The Washington Post. June 24, 2013. https://www.washingtonpost.com/world/national-security/us-officials-worried-about-security-of-files-snowden-is-thought-to-have/2013/06/24/1e036964-dd09-11e2-85de-c03ca84cb4ef_story.html.
  2. Gerstein, Josh. “NSA: PRISM Stopped NYSE Attack.” POLITICO. June 19, 2013. https://www.politico.com/story/2013/06/nsa-leak-keith-alexander-092971.

Why the Data Localization Movement is Misguided

Data localization, or data residency, is the concept of storing certain data collected on a nation’s citizens within the country of origin at all times. It gained steam after whistleblower Edward Snowden revealed the scope of government mass surveillance in 2013[1]. Governments worldwide enacted data localization legislation to protect state secrets and their citizens’ personal information from the watchful eyes of perceived competitors.

Governments expected and hoped these regulations would bring a host of benefits, including domestic IT job growth, more-hardened national cybersecurity, and increased data privacy. The truth is a bit murky, however, as the desired advantages haven’t materialized.

Countries and regions with data localization laws

First, let’s look into some examples of countries with data residency laws on the books. It is not a comprehensive list but illustrates how many nations are concerned about their data security.

The European Union

The EU’s sweeping data privacy law, the GDPR, sets many expectations for handling sensitive information, such as:

  • Profile data
  • Employment data
  • Financial data
  • Medical and health information
  • Payment data

The GDPR specifies that the above data types stay secured within the EU.  If any transfers are required out of the European Union, the countries receiving the information must have similar privacy regulations.

China

Unsurprisingly, China wants to keep a tight grip on its data. Basically, domestic network operators must store all data within China. They can transfer info across borders, but anything deemed “important” by the government must undergo a security clearance beforehand. What the CCP considers important is fairly broad. It includes:

  • Anything related to national security
  • Information that could identify Chinese citizens

As the country embraces Big Data collection on its citizens[2], you can expect the CCP to strengthen these laws.

Russia

The Russian Federation requires any personal identifying information about its citizens to be stored locally. This could mean:

  • Profile data
  • Financial information
  • Medical and health records

Interestingly, as long as companies initially stored the data in a Russian database, they can send it out of the country for further processing.

Their regulations don’t only apply to domestic organizations. Anyone doing business in the country is subject to the law, so multinational corporations there must have Russia-specific data centers.

These three regions alone account for over a quarter of the world’s population, and there are many more countries with data localization laws.  So, it’s pretty widespread. But what’s the United States’ opinion on the matter?

The United States viewpoint

The United States’ general belief is that data residency laws unduly stifle commerce and don’t offer the expected benefits. Analysts estimate half of the services trade depends on cross-border data flows[3]. With the United States being a service-dominant economy, it makes sense the government would oppose such regulation.

And oppose it, they have! In fact, it has been a point of contention in nearly all of its recent trade deal negotiations, though the EU and Korea have pushed back on outright bans. The USMCA, the North American trade agreement replacing NAFTA, formally prohibits the practice as a condition of doing business[4]. There are similar provisions in the U.S.-Japan Digital Trade Agreement[5] and the U.S.-Kenya Trade Agreement of 2020[6].

So, what are the downsides of data localization that countries like the United States want to avoid?

Technical issues

There is a multitude of technical headaches accompanying data localization. For instance, what if tech personnel in other countries access it regularly for debugging or maintenance purposes? Or, a company uses foreign backup databases for redundancy?

It’s challenging to build separate data centers in all applicable territories, even for large companies with sizable revenues. That makes it downright impossible for even the pluckiest startup to consider. But that should open up markets for smaller, domestic companies, right?

Lack of domestic stimulus

Unfortunately, significant job growth does not occur due to data localization. There are short-term construction jobs available if the data center requires a new building. After that, however, jobs are scarce. This is because the modern data center is mostly automated. The CBRE’s Data Center Solutions Group estimates that the average data center results in between 5-30 permanent, full-time positions[7]. Given the investment required for implementing data residency, it hardly seems worth it based on employment opportunities.

Privacy and security

Well, it has to be more secure and offer more data protection, though! That’s the biggest piece of the benefit pie. Not so fast.

In reality, the exact opposite appears to be true. Regarding privacy, you’d hope that housing data in the country of origin would benefit the citizens. But think back to some of the countries passing data localization laws. Is a full data set of personal information housed in a single jurisdiction good for the people in China? Or Russia? Very debatable. These nations are already surveillance states. Any data housed within their borders is at the control of their totalitarian governments.

Cybersecurity is another issue where expectations don’t match up with the real-world. Consider that these implementations aren’t in a vacuum and that they’ll inevitably cost a significant amount of money. That’s money the company will need to divert from other areas of the business. Cybersecurity could be one of those areas.

Additionally, data residency results in server centralization. This provides a larger attack surface for malicious agents and could ultimately mean more data breaches, not less.

So, paradoxically, data localization could make it easier for state-sponsored threat actors to carry out successful attacks. Combined with the economic inefficiencies, privacy concerns, and technical problems, it becomes plain to see that decentralization is a better path forward. Companies can employ other, less-expensive methods such as end-to-end encryption to protect sensitive information.

The AXEL Network

The AXEL Network is a decentralized, distributed system of servers backed by blockchain technology and the InterPlanetary File System. It gives users a secure, private way to share and store files on the internet. With server nodes located throughout the world, the AXEL Network offers both resiliency and performance. AXEL Go a the next-generation file-sharing platform using the AXEL Network. It combines all of the advantages listed above with optional AES 256-bit encryption to provide exceptional privacy and security. Download it today for Windows, Mac, Android, or iOS and receive a free 14-day trial of our unrestricted Premium service. Enjoy the power of a decentralized, distributed network.

 

[1] Jonah Force Hill, “The Growth of Data Localization Post-Snowden: Analysis and Recommendations for U.S. Policymakers and Business Leaders”, ResearchGate, Jan. 2014, https://www.researchgate.net/publication/272306764_The_Growth_of_Data_Localization_Post-Snowden_Analysis_and_Recommendations_for_US_Policymakers_and_Business_Leaders#:~:text=Abstract,geographies%2C%20jurisdictions%2C%20and%20companies.

[2] Grady McGregor, “The world’s largest surveillance system is growing- and so is the backlash”, Fortune, Nov. 3, 2020, https://fortune.com/2020/11/03/china-surveillance-system-backlash-worlds-largest/

[3] United States International Trade Commission, “Global Digital Trade 1: Market Opportunities and Key Foreign Trade Restrictions”, usitc.gov, Aug. 2017, https://www.usitc.gov/publications/332/pub4716_0.pdf

[4] Agam Shah, Jared Council, “USMCA Formalizes Free Flow of Data, Other Tech Issues”, The Wall Street Journal, Jan. 29, 2020, https://www.wsj.com/articles/cios-businesses-to-benefit-from-new-trade-deal-11580340128

[5] “FACT SHEET ON U.S.-Japan Digital Trade Agreement”, Office of the United States Trade Representative, Oct. 2019, https://ustr.gov/about-us/policy-offices/press-office/fact-sheets/2019/october/fact-sheet-us-japan-digital-trade-agreement

[6] ITI, “ITI: U.S.-Kenya Trade Agreement Can Set New Global Benchmark for Digital Trade”, itic.org, Apr. 28, 2020, https://www.itic.org/news-events/news-releases/iti-u-s-kenya-trade-agreement-can-set-new-global-benchmark-for-digital-trade

[7] John Lenio, “The Mystery Impact of Data Centers on Local Economies Revealed”, areadevelopment.com, 2015, https://www.areadevelopment.com/data-centers/Data-Centers-Q1-2015/impact-of-data-center-development-locally-2262766.shtml