The scandal which broke on June 7 around articles published in the American newspaper The Washington Post and the British paper The Guardian could very well be more damaging to the United States than the scandal surrounding Wikileaks. While Assange revealed secrets which were, for the most part, American, the scandal surrounding PRISM has put the entire world on the spot.
Thanks to the facts revealed to the press by former CIA employee E. Snowden, it became known that beginning in 2007, the U.S. National Security Agency (NSA) and Federal Bureau of Investigation were able to access text, audio and video recordings which passed through the servers of the large American companies Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. The first companies to join the project were Microsoft, Yahoo, Google and Facebook. The lion's share of all personal data throughout the world passes through these companies’ servers. Most likely there were more companies participating, but only the IT giants were exposed.
Many experts took a rather melancholy view of the scandal, saying, «Didn't we already suspect as much?» Yes, of course we suspected. Much has been written about Microsoft's collaboration with the NSA, which has been going on for around 15 years and of which Microsoft is even rather proud. Moreover, many specialists in the field of cyber security were suspicious of the company's role in the scandal surrounding the appearance of the Stuxnet virus. J. Assange has also spoken in his interviews of the collaboration of the largest American social networks with the NSA, the CIA and the FBI. However, it is one thing to guess, and quite another to know for sure, with all the facts at your fingertips.
The scandal is all the more intense due to the volumes of information about each Web user which were collected by American intelligence agencies thanks to the cooperation of American companies. After all, Microsoft, Google, Facebook, Skype, YouTube and Apple are not just brands. Microsoft accounts for 80-90% of all operating systems installed on personal computers, which means it has indirect control of these systems. Google is a system which knows an exceptional amount about what we are interested in, and if we add the data from Android-based smartphones, the scale of the information collected becomes especially significant. Facebook contains the contact information of the lion's share of people, first and foremost businesspeople. It includes their correspondence and files they send to one another. Skype is our conversations. The system which marketed itself as the most secure from eavesdropping by intelligence agencies turned out to be completely under their control.
After the scandal surrounding PRISM one may say with confidence that American intelligence agencies had for a time a unique opportunity to compile detailed portraits of practically any person, incorporating information about him, his interests and his thoughts into a single informational block. This is not even Orwell's Big Brother (which simply pales in comparison to the capabilities of modern information technology), but something significantly greater.
A piquant detail is that not only the U.S. knew about PRISM, but Great Britain and Holland knew as well. And they didn't just know; they also received data from the system. That is, the world is still in a bipolar standoff, where there is «us» (those with whom information may be shared) and «them».
It was also surely no accident that the scandal broke on the very same day as the beginning of an informal U.S.-China summit. It was perhaps the first time that cyber security was one of the dominant themes at negotiations of that level. Thanks to the scandal, China, which the Americans are constantly accusing of cyber-espionage attempts, got a serious bargaining chip in the negotiations. The revelation of the cyber-spying system makes the West's position as a whole very vulnerable when speaking of «universal rights», and particularly human rights.
Chinese leaders are now able to give tough and authoritative responses on many complex issues arising between them and the West (and first of all the U.S.). For example, on criticism of their censorship policy. Or, more importantly, on accusations that Chinese telecommunications companies are engaging in espionage on behalf of the government of the PRC. The latter was even the basis for sanctions against Huawei and ZTE, when the U.S. government prohibited the purchase of Chinese-made components as part of government procurements in spring 2013, even though there were no established facts justifying such a step…
PRISM could potentially open Pandora's Box with respect to American companies when they will have to prove that they are not connected to American intelligence agencies in order to have the opportunity to operate in a given market. Moreover, a significant number of government organizations (especially in the former Soviet Union) which got «tangled up» in the activities of some such companies and were maneuvered into a corner by the same companies as a result of debts (for example, the relations between Microsoft and government organizations in Ukraine) are getting the chance to break the vicious circle of these relations and take serious measures for their cyber security.
Now the question not only of maintaining «digital sovereignty» but of defending it actively and defining its boundaries is especially acute. On June 7, all the key services used by 70-80% of Internet users were compromised in one stroke. Each person must realize that by using these systems he is informing U.S. intelligence about his actions and must be prepared for this information to be used against him.
For example, the participants in the well-known ECHELON monitoring project do not only use the data received in the interests of national security; they also transmit the data to their multinational corporations to increase their competitiveness on the world market. Thus, to consider sending privileged information via «western communications channels» a threat to national security is to take the only sensible approach in the conditions of the modern information society.
But the reaction to new challenges should be appropriate. An example of such an appropriate reaction is China. China's long-term policy in the Internet sphere is «clone and close the originals». That is, it's a policy of «smart censorship», creating fully functional and state-supported analogs of foreign services, but on the condition that these services are located within the country and are managed by companies registered (and preferably created) in that country. And that's the way it should be for everything, from processors and operating systems to specific software products.
We need to accept a simple thesis: security in the information society is even more «nationally oriented» than classic security.
Now, when the world is still in shock from what is happening, is the time to implement the initiatives of Russia and China for the international regulation of cyberspace. It may be that even those countries which previously hesitated to support these initiatives could significantly change their positions and a resolution of the issue might finally get off the ground…