The latest scoop to come out of the documents that former National Security Agency contractor Edward Snowden has been providing to journalists is that the NSA has been harvesting vast numbers of emails and other contacts from online contact lists around the world.
The Washington Post reported yesterday that "hundreds of millions of contact lists" are being sucked up from web servers abroad, many of them inevitably of American citizens. It's the sort of bulk data collection that privacy activists have been angry about. The US isn't going after, say, the contact lists of identified potential terrorists or other foreign intelligence targets. Rather, it appears to be hoovering up everything it can get its hands on.
But given past Snowden revelations about NSA practices, the fact that the NSA was likely to be doing this kind of thing isn't a surprise. Which is why I find this sentence in the thorough article so interesting: "The collection depends on secret arrangements with foreign telecommunications companies or allied intelligence services in control of facilities that direct traffic along the Internet’s main data routes."
In the debate about NSA data-mining from telecommunications companies and popular Web services like Google, the US has often been framed as a sort of rogue actor - a big bully spying willy nilly on people around the globe simply because it can. For instance, Guardian columnist Glenn Greenwald, who broke the first Snowden stories, has crafted his pieces to make the US look as bad as possible, while generally neglecting the spying of other nations.
In a story for Brazil's O Globo based off Snowden material, for instance, Greenwald wrote about US spying on the Brazilian government, while neglecting to mention Brazil's own spying on foreigners and its own citizens. Greenwald resides in Brazil.
In the broader Internet discussion about the revelations, there's been talk about ending the key US role in routing global Internet traffic. Brazilian President Dilma Rousseff is considering measures requiring Brazilian Internet users' information to be stored only on servers in the country. The move is ostensibly to make it harder for the NSA to get at it. Deutsche Telekom of Germany has said it will start channeling all domestic Internet traffic through servers in the country (emails within a country are often bounced through servers abroad), and says it wants an agreement with other telecommunications companies in Germany to do the same.
But it's clear that while the US is a data-mining heavyweight, large numbers of other governments are in on the act. A recent story in Ars Technica points out that Germany has legal measures that require email and other Internet services to provide customer data if handed a court order. They're also legally bound from saying if they've received an order for data. While laws vary from country to country, Europe in general does not, at first glance at least, seem like a haven from surveillance.
European Union "law does not explicitly protect against access by European intelligence services, but member states law and practice does," Ralf Bendrath, the senior policy adviser to a German member of the European Parliament, told Ars.
Elsewhere? Russia maintains a vast domestic surveillance state of its own. A report in Russia last week alleged that the government's FSB security service has installed a surveillance system that will enable them to intercept and read virtually every digital communication in Sochi during the 2014 winter Olympics.
Returning to the Washington Post story, who are the foreign telecommunications companies and foreign governments assisting the NSA? Regarding the first group, the article doesn't say. The story does refer to data collection by an "Australian intelligence service on the NSA’s behalf" but doesn't name any other countries. There are certainly many more. And if foreign governments are willing to collect Internet data on behalf of the US, you can count on it that they're collecting for themselves.
This is not to suggest the expansion of surveillance enabled by the Internet age isn't troubling. It's just that the US is not alone, with many partners and enemies abroad doing much the same. And those countries haven't found their Snowden yet.