Edward Snowden's revelations about massive data-mining by U.S. and British electronic spying agencies show that most of the sources they're digging into are privately owned. Often, they merely exploit the piles of revealing data that we have ourselves consented to share with the commercial giants of the IT world, usually by clicking the "I Agree" button. What our spooks collect directly, through undercover agents and the like, is a tiny proportion of what they gather electronically from these commercial sources. The conclusion is clear: Were Big Brother to come back in the 21st century, he would return as a public-private partnership.
Almost the entire infrastructure of the electronically connected world is commercially run. Our highways may be public property, but our information superhighways are privately owned. Thus, for example, the Government Communications Headquarters (GCHQ) in Cheltenham, England, apparently tapped into the supercapacity communications cables that pass through Britain on the basis of secret agreements with the companies that own them. According to reports in the Guardian and Washington Post, the U.S. National Security Agency's Prism program secured the co-operation of Microsoft, Yahoo, Google, Facebook, Skype, YouTube and Apple.
All these companies are interested in learning as much as possible about the people that use their products – but for their own purposes, not for the state. The acceptable reason they have for monitoring you and me so closely is to give us the best service. I like Google search coming up with the most relevant results for me. I like Amazon popping up with book suggestions.
Yet there is also a more troubling reason. Many of these companies make their money by selling you to advertisers. The more they know about your habits, tastes and innermost desires, the better placed they are to offer you as a target for customized advertising.
This commercial accumulation of intimate personal information is worrying in itself. The reassurance we're so often offered – "trust us" – is just not good enough. After all, it now turns out they've been sharing some of it with the spooks. On the whole, I credit them with doing this unwillingly – although it is unsettling to learn that the chief security officer for Facebook went on to work for the National Security Agency.
I first smelled this rat a couple of years ago, when I talked with senior executives at Facebook and Twitter. They became visibly embarrassed when our conversation turned to Foreign Intelligence Surveillance Act (FISA) orders, under which they are compelled to turn over what they know about some individuals or groups to U.S. security agencies. With a grimace, they said they were not allowed to give me even a ballpark figure for the number of FISA orders they had received.
Several of the companies named by the Guardian and Washington Post have come back protesting that they had never heard of Prism, but offering figures for the total number of U.S. law enforcement requests they received in the six months prior to the end of May, most of them apparently related to criminal rather than FISA cases. Thus, Uncle Sam demanded info on some 31,000 to 32,000 Microsoft users, 18,000 to 19,000 Facebook users, and as many as 10,000 Apple accounts and devices. Is that a lot or a little? If the user is you, it's a lot. Yahoo makes their embarassment explicit: "Like all companies, Yahoo! cannot lawfully break out FISA request numbers at this time because those numbers are classified; however, we strongly urge the federal government to reconsider its stance on this issue."
Some readers will have stumbled over my subjunctive: "Were Big Brother to come back …" Big Brother is already back, they might say, in the NSA and Facebook, Google and GCHQ. This is hyperbole. Yes, the quantity and intimacy of what the spooks and companies together know about us is already dangerous. But Britain and America are not totalitarian states. We face a real threat of violence from diverse and elusive radicalized people, as the Boston marathon bombings and the London murder of an off-duty soldier have again showed. They are harder to track than a Soviet nuclear arsenal.
Yet the British and U.S. governments cannot simply assert that the end of keeping us safe justifies the means. It is not sufficient for them to repeat that everything is done within the law – especially when the laws used are made of stretchable old elastic. It is insulting for ministers to fob us off with "we never comment on intelligence matters."
Without telling terrorists anything they don't already know, the U.S. government could allow companies to reveal the number of FISA orders complied with. As the German government has insisted, the British government could issue a proper statement on GCHQ's seemingly gargantuan Tempora program.
There are many operational details we will always have to take on trust, but in a democracy, it is ultimately for the citizens to judge where to place the balance between security and privacy, safety and liberty. It's our lives and liberties that are threatened, not only by terrorism but also by massive depredations of our privacy in the name of counter-terrorism. If those companies want to show that they are still on the side of the angels, they had better join this struggle for transparency, too. A good starting place would be to offer more transparency about the data they themselves collect on us.
Timothy Garton Ash is a professor of European studies at Oxford University and a senior fellow at the Hoover Institution, Stanford University.