Five years ago this week, Edward Snowden handed over a vast cache of close to ten thousand highly classified documents to reporters, revealing the scope and scale of the US government’s mass surveillance effort — and of its many global intelligence-gathering partners.
First, the world learned that the National Security Agency (NSA) had been collecting the daily phone records of millions of Americans. Then, Silicon Valley was accused of willful participation in the PRISM data collection program. And the disclosures kept coming.
Reporters have published the most explosive stories that focus on government abuse and unethical intrusions — said to be only a fraction of the total number of documents taken from NSA’s Hawaii complex, where Snowden worked. He upended years of government work in the space of just a few days.
In an interview this week, the now 34-year-old whistleblower — wanted by the US authorities and now in exile in Moscow — is said to have no regrets about leaking the files.
But five years on, some are disappoined by how little progress has been made. Beyond a law nixing much of the domestic collection of Americans’ phone records, the government continues to conduct surveillance on foreigners — and Americans — under the same legal framework the NSA was subject to prior to the leaks, after lawmakers reauthorized the bulk of the government’s surveillance powers this year with almost no debate. And, a little-known ‘catch all’ executive order gives the government unrestricted powers to collect data, which a former NSA executive turned whistleblower called a “direct threat” to Americans’ privacy.
And, since then, the UK, a key ally in the NSA’s surveillance efforts, has doubled down on its spying efforts by introducing what was described by one civil liberties advocate as the “most extreme surveillance law ever passed in a democracy.”
But where lawmakers failed to make any meaningful reforms, the tech industry — also implicated by the Snowden leaks — stepped up.
Silicon Valley tech giants, keen to regain their users’ trust after the leaks were first published, took matters into their own hands. Bound by secrecy and gagging orders where data was turned over to the government, the tech companies could only limit any such intrusive access in the future.
The Snowden leaks inspired five years of technological change, knocking the NSA and its partners back after each revelation.
Today, we have near-ubiquitous encryption across our devices — from end-to-end encryption in messaging and calling apps like iMessage and Signal to full-disk encryption that protects the contents of the device, locking out the government in most cases from accessing private data. Apple pioneered the changes a year after the leaks first hit.
Encryption was also added behind the scenes. After the government was caught tapping the private fiber cables between Yahoo and Google’s data centers, the companies began encrypting the links. It wasn’t just reactive — companies not thought to be affected by the link tapping, like Microsoft, proactively began encrypting their cables in an effort to shut out the spies.
In the space of a few years, encryption forced the NSA and its allies to knock on the companies’ front doors with a legal order, rather than sneaking around the back, surreptitiously grabbing data without their consent.
That gave rise to the transparency report, a Google-inspired change from the turn of the decade, which presented the number of legal requests the company received from the government to turn over user data. Twitter followed suit in 2012, and many of the companies implicated by the PRISM program began releasing their own following the Snowden leaks.
Apple, Facebook, Microsoft, and Yahoo quickly began reporting their data demand figures to quell concerns that the companies were giving over bulk data to the government. And, later, cell giants and smaller companies began publishing their own figures.
But where many have yet to see change is how private industry, including tech companies, handle their users’ data. Tech firms began aggressively mining user data to serve advertising and the interests of third-parties, sparking concerns. These companies are largely unregulated and not covered by the same laws as the government, giving them near unfettered control over your data. Private surveillance — building voter profiles and conducting data analytics to predict how someone will vote at the ballot box — has drawn ire from lawmakers, at a time where many are worried about state-actors influencing elections.
The Snowden leaks didn’t save everyone from government surveillance, but they helped to spark a cultural shift where we reclaimed control over our private information by securing it. The leaks were also the catalyst the tech industry needed to put security and privacy first after years of rapid growth and a laser focus on money making.
Whether it’s irony — or capitalism — as much as the tech industry pushed back against government information gathering, many companies stepped up their own.
Now with a new focus on how the vastly unregulated private industry handles user data, Silicon Valley may be soon in for its own reckoning.