Edward Snowden has stripped us of all illusion about our digital world

For many of us, Edward Snowden is a hero, a whistleblower who could not be silent about a government abusing citizens’ rights, even in the name of a good cause like fighting terrorists — especially when they apparently included the leaders of Germany and Brazil, former girlfriends and boyfriends of NSA employees, and anyone using encryption or the Internet. Whether or not you believe the former National Securirty Agency contractor is a criminal leaker of necessary police tactics, you have to admit that his revelations have changed the digital context we operate in, and they may change our expectations for it.

That’s because we know now that all communication is subject to monitoring, both with and without providers’ complicity and even when thought to be protected — and it’s not just the Chinese seeking access to corporate neworks. Our government does it or enlists allies to do it so as to get around pesky laws. These allies in turn use us the same way.

[ Cyber threats beyond spying: Bob Violino explains how the cyber war is real and our defenses are weak. | Subscribe to InfoWorld’s Consumerization of IT newsletter today. ]

The truth is that Snowden’s revelations will have both positive and negative consequences, as they unmask the true accessibility of digital communications and services, and how they’re used for purposes we didn’t really know. The period of pretense is over.

On the positive side, the citizens of the United States and Europe at least have a chance at an open dialog about what sort of government spying — and to what degree — is reasonable in the name of combating crime and terrorism, a debate that has been kept behind closed doors since those terrible days of the 9/11 attacks. (A federal court ruled on Dec. 16 that spying involving the mass collection of phone records, at least, is not reasonable or even constitutional.)

On the negative side, the arms race among technologists to strengthen encryption will protect not only the privacy of individual citizens and businesses, it will give criminals and terrorists more safe space in which to operate. The focus on the efforts of governments to spy on people and businesses may distract people from the extensive spying built into many companies’ offerings, such as those involving credit cards, online shopping, cloud services, and social networking — for which there are few rules and little accountability, much less redress for mistakes. There are no congressional oversight committees for Google, Experian, Amazon.com, and so on; there’s little appetite for “strong government”; and as the financial meltdown showed, any justice for wrongdoing is long delayed and often weak.

Awareness is the first step for change, and thanks to Snowden we now have that. Some in Congress are beginning to ask questions, judges not sitting in secret courts are finally being asked to weigh in, and even Silicon Valley — which owes much of its existence to military and spy-agency funding — is beginning to wonder if its silent partnership with the government to facilitate spying has gone too far. After all, many American tech and telecom companies have blasted China’s Huawei and ZTE for being a backdoor conduit for the Chinese government, only to be exposed as doing the same for the U.S. government; European companies such as BT also have been shown equally complicit with their governments in opening their records to mass analysis.

Your own government is an advanced persistent threat

Right after Snowden’s revelations about the NSA’s PRISM program, we saw clues that the brouhaha over data security was causing American cloud providers to lose business, but six months later there are signs that’s not happening. It makes sense, because cloud providers in any country are likely to be spied on — willingly or not — by their own government. Thanks to Snowden, we’ve learned that the United States, Great Britain, Canada, New Zealand, and Australia all spy on each other and exchange the results, bypassing laws about spying on their own citizens and companies. Although the relationships aren’t quite as cozy, France, Germany, Israel, Saudi Arabia, Jordan, Turkey, Japan, and other countries work closely with us and each other to share their findings. In other words, it doesn’t matter where the cloud provider operates; it will be spied on and its data shared.

The same is true for any company that matters; the NSA and others are spying on their networks. Yes, the focus of the Snowden revelations has been about spying on individuals’ communication patterns — even in virtual worlds — to determine who should get more deeply spied on (their calls, emails, chats, and other content examined). But the spying clearly includes industrial and political espionage, as Snowden’s revelations around U.S. spying on European leaders and the United Nations showed. You just know it’s also happening to corporations. As NSA chief Keith Alexander told CBS’s “60 Minutes” program on Dec. 15, the NSA spies on whomever the FBI, CIA, and others ask it to.

In other words, to use the words of Microsoft’s chief lawyer, the federal government — or a proxy government — is an advanced persistent threat in your network. That surely should cause a rethink of corporate security and data management, especially for companies that operate in multiple nations and could be used as inadvertent pawns in the secret cyber wars being waged.

If government is spying is bad, what about corporate data-gathering?

The Snowden revelations have also made people aware of how much of their communications and transactions happen over digital networks, the ones that government spies are so broadly monitoring. They’re also being shown how much of that information comes from the tech and telecom companies whose services they use — and often with their complicity, even if court-ordered.

A prevalent business model in Silicon Valley is to gather as much information on customers as possible to analyze it to target ads and other promotions, so they are more likely to be effective and thus profitable. Marketers across the spectrum of comsumer-oriented companies — not just tech — are spending billions of dollars gathering and analyzing such customer data from websites, social media, and various private and public databases (such as those your bank seeks your permission every year by law to sell to “partners”).

Cookies and other means are used to trace your passage through the Web to create profiles of what interests you and what your needs may be. If you go to Amazon.com and search for something, you will very likely see an ad for it at the Reuters website, for example. If you take a home loan, you’ll see ads on the Web and in your email, for home improvement products — not just spam in your physical mailbox.

Most of us have learned how to ignore such direct marketing and often don’t step back to think about how “they” know. But “they” want to go further. Cisco Systems, for example, has partnered with Facebook to encourage people to “like” a hotel or other venue by offering an hour or two of free Wi-Fi access — the “like” is used as permission to send your personal information from Facebook to the venue for marketing purposes. Several companies sell systems for shopping malls that track phones’ unique signatures to identify patterns of behavior in stores, then sell that data to the stores to help them be more effective. They also offer apps that connect the anonymous IDs to actual people, for highly targeted pitches.

Google is a master of this kind of spying, using your searches and activities on its broad set of Web services to figure out what you may want or need. That seems benign, as it may lead you more quickly to something you want or need. But it’s unclear when search results are based on your query versus what Google wants you to see on behalf of a client. These aren’t new concerns, but people may have gained a fresh appreciation for them given the Snowden revelations about our digital footprints. The European governments have been increasingly concerned, and now Canada’s government has started to investigate the antitrust implications of the provider-sponsor relationships formed around your information.

All of this raises several questions:

• What information is collected about you, who gets to see it, and what can they do with it?
• How do you know if the answers to your queries are actually the best answers for you or the best answers for Google’s clients? They may not be the same.
• Why can’t you choose who gets to benefit from the infornation you share — or gets a cut of the value you’re essentially giving away?
• How do you correct mistaken or otherwise off-target information? Even for something that’s regulated and established like credit histories, it’s a very difficult process; for most data collected on you, it’s simply impossible.

As individuals and businesses digest the implications of a digital context in which we all operate, the issues of privacy, content and recommendation independence, appropriate intelligence gathering by governments, and the ownership and management issues around people’s digital footprints and, ultimately, online personas will be too hard to ignore or treat in such a cavalier manner.

The way it’s going, we’re on our way to a digital police state that would make East Germany’s Stasi proud and turn us into global corporate giants’ vassal-consumers, no matter what the Silicon Valley and security apologists would have you believe.

Thanks to Snowden’s revelations, we know all know there are very few secrets, that we are monitored and evaluated constantly. That knowledge will change the behavior of individuals, businesses, and governments in ways we don’t yet know. We can now make the decisions explicitly, and perhaps even help create an enlightened world where all that information is used to empower both society and individuals, not control or steer them away from their best interests.

People may ultimately choose not to care about these issues, and allow the spying to go on behind the scenes as long as there’s no obvious price to pay. If so, even that at least would be a choice made openly, not a fate that happened to befall us in ignorance.

This article, “Edward Snowden has stripped us of all illusion about our digital world,” was originally published at InfoWorld.com. Read more of Galen Gruman’s Smart User blog. For the latest business technology news, follow InfoWorld.com on Twitter.