When the German version of the FBI needs to share sensitive information these days, it types it up and has it hand-delivered.
This time last year, it would have trusted in the security of email. But last year was before Edward Snowden and the public revelations of the scope of the National Security Agency’s PRISM electronic intelligence-gathering program. After Snowden, or post-PRISM, is a new digital world.
“We’re now carrying our information to our allies on foot,” said Peter Henzler, the vice president of the Bundeskriminalamt, known as the BKA. He was speaking recently at a German Interior Ministry panel on the country’s digital future. The focus of the panel was how to counter U.S. surveillance measures and what it will take for Germans to be safe again on the Web. “We’re no longer using the open Internet.”
The message is clear: The United States no longer can be trusted not to spy on any and every facet of German life and policy. Henzler’s concerns might sound extreme, but he was hardly alone on his panel, and the worries appear to be an accurate reflection of the wider German, and even European, concern about the reach of the NSA’s surveillance program.
Hardly a week passes here without some new revelation about the dastardly depths to which the American spy program invaded German privacy, or at least a new way in which to react to the scandal.
A week ago, for instance, the news broke that the United States had tapped the cellphone of Gerhard Schroeder when he was the German chancellor from 1998 to 2005. Given that it’s been four months since news broke that the same American surveillance program was tapping the cellphone of the current chancellor, Angela Merkel, and had been tapping her phone for several years before she was chancellor, the revelation could hardly have been surprising. Merkel, after all, was seen as an American ally. Schroeder, who sharply criticized U.S. intentions and efforts in Iraq and was visibly uncomfortable in the presence of then-President George W. Bush, was seen as something less than an American booster.
But there are many more examples, beyond the news stories: Thirty-two percent of Germans tell pollsters they’ve either left or reduced their time on Facebook for fear of spying. German television ads note the peace of mind and freedom that come with email that doesn’t leave European servers. Providers very publicly say that they now encrypt all email. Anti-surveillance NSA protests are common in Berlin.
Such thoughts aren’t limited to Germany. A $900 million French deal with the United Arab Emirates for two new intelligence satellites appears to be in doubt after the buyers noticed U.S. components in the French satellites that they feared could compromise their data.
Florian Glatzner, a policy officer with the German Federal Consumer Protection Agency, said they were fielding a lot of consumer questions about how to ensure that their communications and data were safe from the electronic spying of the NSA.
“A lot of the trust in the big Internet companies is gone,” he said. “And most of the big Internet companies were based in the United States.”
Thomas Kremer, a data privacy board member for Deutsche Telekom, the German phone giant, recently noted that “Regardless of what one thinks of Edward Snowden, he created an awareness for Internet security and we should be grateful for that.”
Experts note that there may be no better place to find the effect this distrust is having on the United States than in the emerging cloud computing market. Before Europe met Snowden, there was little doubt that it was moving fast to an American-dominated cloud computing future.
The biggest players in the market were U.S. companies. The best products were generally accepted to be American products. There were some folks insisting that a European cloud, governed by European privacy laws, was needed to protect European communications and data. But they were ignored, or cast as tin hat loonies.
But that was before Germans and French and Brazilians and on and on learned that the NSA – in the name of counterterrorism – peeked at essentially any and all communications and data that crossed its path.
The American dream of total cloud domination might just be drifting away now. The predictions, at least, see signs of that: By 2016, U.S. companies are expected to miss out on $21 billion to $35 billion in new contracts that they’d been expected to collect, according to some estimates.
German cloud companies are posting better-than-expected earnings. There have been signs that some U.S. tech companies might be suffering. Network equipment maker Cisco, for instance, noted government issues when it predicted a revenue drop for the current quarter.
The new reality is simply that data that passes through the United States isn’t safe.
“A year ago, a German cloud was a bad idea,” said Daniel Castro, a senior analyst for the Information Technology & Innovation Foundation in Washington. “German business didn’t want a German product to help them in a global market, they wanted the best product. Today, even if businesses still believe a German cloud is a bad idea, they’re accepting it as a necessary idea.”
There’s even a new initiative, “German Cloud,” backed by a variety of German tech companies. The motto is “My company data stays in Germany.” The group offers a German Cloud stamp of approval to imply safe data.
Castro noted that this is a bad time for the American brand to lose luster. The market is growing, rapidly. Castro is looking for hard evidence that confirms his earlier predictions that the international market share of U.S. cloud providers should fall by 5 percent this year, and up to 20 percent by 2016, because of the spying allegations.
“The reaction we’re seeing from the administration appears to be that they’re hoping these concerns will blow over,” he said. “They’re not blowing over. We see long-term problems because once a consumer picks a provider, they tend to stay with that provider.”
The news could be even worse for American companies. Castro put together his predictions before the news reached the current level. The recent Interior Ministry panel showed just how paranoid Germany has become. Reinhold Achatz, the head of technology and innovation at the German steel giant ThyssenKrupp, noted that “whoever can read data is also likely to be able to change data.”
“For example, they could switch off a power station,” he said. “So from my point of view, it wouldn’t be surprising if someone came up with the idea of switching off Germany. I’m serious about that.”
Christian Stoecker, editor of Spiegel Online, the Web version of Germany’s most prestigious newsmagazine, was taken quite seriously when he noted: “Before Snowden, I did not know that the NSA intercepts hardware shipped to European telecommunications companies by U.S. manufacturers and swaps the BIOS to make the equipment usable for NSA purposes.” BIOS is the basic operating system that starts up a PC.
It seems a paranoid thought, though no more so than the story his magazine broke about Merkel’s cellphone being bugged. His magazine, after all, was one of the news organizations to which Snowden leaked the documents.
“The NSA practically turned the Internet into a weapons system,” Stoecker said. “If we want to change things, we have to enter into disarmament talks.”
German Interior Minister Thomas de Maiziere summed up the fears of Germans, asking “whether the Internet can be made secure again or whether this is an illusion.”
But there was less to wonder about in his conclusion: “We are dealing with a crisis of confidence.”