In today’s fast paced business environment, risk is everywhere and data security is rapidly changing. However, few things remain unchanged: hackers will create more sophisticated scripts to get around your security fortresses trying to steal your identity, money, and corporate secrets while security software developers will improve their defense systems to counter those concerns. In the last several years however, we have been dealing with a completely new type of data privacy violation that pushes the boundaries of the software industry and introduces a geopolitical aspect to data security. With ‘Edward Snowden’s’ disclosures of widespread US spying on its own citizens, a big bad wolf of mass surveillance has emerged making good old firewalls look like children’s toys. Data privacy has been pushed to the level of international politics and concerns are rising towards the tangible negative effects of US government’s surveillance efforts.
Prior to loss of the public’s naiveté, the general expectation was that data can be shared only with authorization of the entity producing this data. Apparently the US National Security Agency (NSA) had another opinion and pursued execution of their goals and objectives with little regard given to what was perceived to be information privacy. Indeed, if there is no law defining these boundaries, why not? Mass surveillance practices have been in place for at least a decade unknown to the general public. Moreover, these practices have encouraged development of very sophisticated spying technology. It has been reported that this technology is being built into software, hardware, and electronic appliances which we are buying, renting and using in the public domain. How much of this is true is not for this particular discussion. For now, let’s just look at the reaction from the governments of other countries.
Following the Snowden disclosure in 2013, the EU demanded changes to the Safe Harbor agreement which allowed businesses to move data generated by Europeans to servers in the US. Ever since then, the EU and the US have been negotiating updates on it. In October 2015, the European Court of Justice invalidated this agreement and ruled that Europeans’ data was insufficiently protected from national intelligence services when transferred to the US. Following the ruling, the EU and the US got into the negotiations about the power given to the national data protection authorities to independently review and suspend data transfers to the US. On October 26, 2015, the EU announced that it had agreed in principle with the US on a new trans-Atlantic data-transfer pact; however European officials are still looking for clear conditions on how to ensure that these commitments are binding enough to meet the court’s requirements and limits to the extent to which the US intelligence services have access to European personal data.
Acceptance of the new pact is not that smooth throughout the EU. Germany, being the most vocal among other state members about the issue, has had multiple run ins with the US authorities over information monitoring, and the newly released Court decision failed to make Germany’s federal and regional data-protection authorities any happier: they stated they wouldn’t approve any new transfers of data to the US. Opponents to such a hard line German position argue that data transfers are crucial to carrying out daily business operations and limiting such transfers would cause market volatility.
Let’s sum it up. The world finds out the US intelligence has been collecting information on all citizens and businesses that entered the US legal space, or businesses touching the interest of national security. Some take it as “good job, thank you for protecting us”. Others are not so joyful about it finding violation of their personal and business privacy unacceptable and contradictory to basic legal rights. Then some countries start a legal fight against these practices. The discovery of the NSA sticking their nose in other countries’ businesses on the premise of national security put relationships between these countries and the US under severe stress. In addition, the negotiations related to the US-EU data-transfer pact created a breach between Germany and more tolerant EU member states. Now we have international tension, loss of trust, and a completely new legal framework. Yet being in embryonic state, this framework has all signs of transforming a self-regulating platform into a completely new global business sector with its law, regulators, service providers, and an oversight system backed up by enforcement, including sanctions.
Skeptics do not expect the NSA stepping too far from its main premise of safeguarding the interests of national security by continuing on its course of global spying. As an outcome, we enjoy the emergence of more services stretching from new Apps promising to protect us from electronic spying, whether it is government, malicious or just curious hackers to off-grid data storage solutions. As a middle ground between them, there are dedicated data storage solutions, which guarantee that your data is not “out there somewhere in the cloud”, but instead is on private servers. And there is another specialty that is getting more traction: cryptography. The development of “cryptosystems” that include elements that render data undecipherable should not fall into the wrong hands is becoming a serious business.