Jamie's Blog

Ruby developer. CTO. Swimmer. Always trying to write more

Don’t fear the PRISM

I read this article at the weekend which argues that we should view the PRISM-debacle as an opportunity to start EU-specific internet services.

I disagree in a few ways.

The best are popular because they’re the best

First, many of these services are popular not because they are unique but because they are the best. There’s a new Dropbox clone every week and I have absolutely no interest in them because Dropbox has a rock solid syncing ability, it’s extremely fast, it integrates with all the apps I want and it causes no local issues on my machines. You start to realise how hard it is to get this right when you look at all the competing “cloud storage” providers. None of them have reached the polished experience of Dropbox (even Google Drive) so funding an “EU-based, privacy-compatible Dropbox-clone” will result in an “Yet Another EU-based substandard Dropbox clone”. I’m sorry but getting to “best of breed” is frigging hard and “best of breed” will always win consumer’s hearts. There are already many EU-based cloud storage providers that consumers are gleefully ignoring because a) they’re not as good as Dropbox and b) people don’t really care about their privacy (or rather, won’t trade convenience for better privacy).

Throwing money at a problem just makes you poorer

Second, I have an strong aversion to inferring in free markets and innovation. I’ve benefitted in the past from EU-funding on several research projects but, in hindsight, I’m not convinced that it was good value for money. I just don’t believe that throwing €100bn into a fund will produce anything other that bloat, waste and substandard products. Why are these Internet giants where they are today? Because they had to fight for it. They have ruthlessly pursued new customers and new business models so that they can be profitable. If you over-fund an industry, you create an imbalance and remove that strong life-or-death desire to make a great product (and, therefore, money). In fact, you see this today with many “revenue-less” startups that are so well-funded that they don’t actually need to make money from their users.

I don’t want to live in a European China

Thirdly, I dislike the smell of protectionism which emanates from this article.

“The goal should be to build our own tech industries, operating under EU law, taxed under an EU jurisdiction and encouraging the future development of our own capabilities

[emphasis mine]

I’ll admit that I don’t have the strongest attachment to a national identity; if I didn’t have an Irish passport, then I’m not sure I’d label myself as anything. I’m quite satisfied that as a global population we have particular capabilities without needing to replicate them locally. It seems like an unnecessary waste of human effort to duplicate services which are available from other countries. Yes, somethings are better done locally (e.g., food & energy) but I don’t want to live in a world where nations don’t trade between each other because each has their own national clones. The article also throws in the pet peeve that these U.S. companies aren’t paying enough tax. Well, let’s get this straight. If the EU really wants to extract more taxes from these companies then it is entirely within their power to start that process (and for the record, the problem is not corporate tax rates but the treaties which allow those taxes to be avoided altogether).

Fear not the enemy afar

Lastly, I think the notion of a creating a “privacy-focused” replacement for Google/Microsoft/etc is just ridiculous. Every government wants the ability to spy on their citizens and, when push comes to shove, every government will get their wishes. Do you realise that all telephone and Internet traffic into and out of Sweden is wiretapped? The EU hasn’t done anything to stop that. An “EU-Google” would be just as susceptible to forced wiretapping by EU governments as Google is to the U.S. government. Also, many of the EU governments I’m sure have delightfully benefitted from material gathered by the U.S. intelligence services – it suits a government to get someone else do this dirty work (there’s some suggestions that the U.S. uses Israel to spy on it’s own citizens and GCHQ in the UK are being questioned about what data they received from the NSA). It makes me feel icky but the Internet is a surveillance state: there’s no privacy regardless of where our data is hosted and the EU has no desire to change that.

Some people might think that wiretapping by our own governments is preferable to wiretapping by a foreign government. To those people I say: I’d prefer wiretapping by a hostile government far away than a slightly less hostile government that directly controls me. Sure, if I was a real threat to the U.S., I could expect a visit from Seal Team 6 regardless of where I live but I’m talking about regular citizens here. I fear the actions of my own government (probably more through incompetence than malice) more than those of any foreign government. Yes, I’d be more concerned about PRISM if I had to regularly travel to the U.S. but I haven’t been in 10 years for just this reason. I basically consider the U.S. a hostile environment due to everything from the passive-aggressive TSA to the draconian search powers and their inability to regulate firearms.

What could the EU do?

If we really valued our privacy the only solution is something like the ‘data haven’ from Neal Stephenson’s novel, Cryptonomicon but I suspect there’s no real appetite for that. And no government would let it exist independently for long — you need an army to defend a freedom and armies are run by governments.

I thought that the “EU Safe Harbor” laws would have protected my data from the U.S. government but they are actually fairly weak and I suspect don’t apply to the security services.

Perhaps we could require services operating in the EU to keep our data within the EU? That’s a possibility. Most of the popular cloud hosting providers (Amazon, Rackspace, Linode etc) have data centres in the EU so this wouldn’t be too much of a hardship. If you wanted to spend €100bn on something then I’d build some of the biggest data centres in the world and the fastest Internet links between them. Making those data centres economically attractive and performant would reduce the reasons why servers are generally located in the United States.