Governments, People, and the Tech Companies Between Them
Where do governments end and tech companies begin? It can be hard to tell.
It’s tempting to think of our relationship with technology companies as akin to any other private organization: those which sell us mortgages and cars, groceries and coffees.
But as technology has wound itself ever more into our lives, it’s also wedged deeper into the interface between ourselves and governments — our own, and all the rest.
International espionage, sabotage, the Geneva Conventions, and Swiss political neutrality war. These terms tend to evoke images of diplomats in concrete government buildings, not engineers in open-air offices.
But over the past decade or so, that’s become increasingly untrue. Some governments today hack and otherwise punish tech and media companies to punish perceived slights. And others seek their services, working with them — whether the companies want to help or not — to surveil, investigate and prosecute crimes, punish and extradite citizens abroad, and even fight foreign wars.
This will be the first of several posts exploring the many ways in which large technology companies have become inextricably intertwined between national governments and the people they’re meant to care for. This week and next we’ll see just how pervasive this is, and ask whether it might perhaps be of value.
And lest anyone think I’ve abandoned my Pinko Commie ways in questioning government overreach, the week after we’ll learn about tech and Bitcoin billionaires pushing to establish digital “utopian” states.
The meshing of private corporations and national government interests is by no means new. Beginning in World War II, Western Union shared copies of all international cables sent through its service with US Intelligence under a secret agreement known as Project SHAMROCK. The practice continued until 1975, thirty years after the end of the war, when Congress investigated it.
At its peak, the company shared 150,000 cables each month with NSA agents who would print and analyze them. (Which makes the “Please don’t print this email 🍃” footer sound suddenly resonant.)
After 9/11, Western Union again began a sneaky surveillance partnership with the US government — as did AT&T, which maintained a room full of servers in San Francisco designed to “copy the whole Internet” for review by the NSA. And as revealed to the press by Edward Snowden in 2013, NSA’s PRISM program utilized large tech companies to surveil both American and foreign communications, too.
Alan Rozenshtein of the University of Minnesota Law School termed companies like Meta, Google and Apple “surveillance intermediaries.” The term seeks to describe the role these companies fill between governments wishing to surveil a population, and those being surveilled.
As an excellent Harvard Law Review piece writes:
“Surveillance intermediaries hold extraordinary power when they decide how to respond to government requests for information — power that may or may not be to the public’s benefit. While intermediaries must comply with statutory and constitutional law governing law enforcement requests for information, Rozenshtein explains that they still hold a large degree of discretion when processing those requests: discretion in how critically they evaluate the legality of requests, in slowing down the process by insisting on proceduralism, and in minimizing their capacity to respond to legal requests by implementing encryption.
This discretion means that surveillance intermediaries determine, at least in part, the government’s access to information about our personal relationships, professional engagements, travel patterns, financial circumstances, and much more. They also impact the government’s ability to prevent terrorist attacks, solve murders, and locate missing children.
In short, companies such as Facebook, Google, and Twitter are now responsible for decisions that have major consequences for our privacy, on the one hand, and our safety, on the other.”
It may seem odd that these conflicting interests — a pull between protecting the privacy of citizens on the one hand, and ensuring their security on the other — should reside largely in the hands of large, for-profit companies.
And yet that’s where we find ourselves today.
The same Review piece describes these “surveillance intermediaries” as “entities that sit between law enforcement agencies and the public’s personal information, and that have the power to decide just how easy or difficult it will be for law enforcement to access that information.”
But what about tech companies sitting between foreign governments, and companies or private citizens they may wish to hack?
North Korean actors hacked Sony Pictures in 2014, in an ostensible fit of anger over Seth Rogen’s comical depiction of Kim Jong-Un in his film “The Interview.” The hack released troves of private data in what Director of National Intelligence James Clapper called “the most serious cyberattack ever made against U.S. interests.”
And only one year later — again in response to a perceived slight, because they displayed anti-censorship content — Chinese state actors launched a large-scale attack crippling two websites hosted by Github.
Following these and other attacks, Microsoft’s president and chief legal officer, Brad Smith, pushed governments and big technology companies to adopt a “Digital Geneva Convention” in 2017.
As Henry Farrell and Abraham Newman explain in their book Underground Empire, just as the ICRC (Red Cross and Red Crescent) began as private organizations collaborating across states to prevent armed conflict, it seemed reasonable Microsoft might aim to do the same in the sphere of digital conflict.
Microsoft’s main allegiance, so the argument went, wasn’t to America, or other governments. It was to their customers, most of whom were “civilian targets” — as was, of course, Microsoft itself. Farrell and Newman write:
“In return for immunity from attack from governments, they would commit not to help governments in their attacks. The term ‘Digital Switzerland’ implied that tech companies were themselves a new kind of world-spanning country, even if they lacked territory of their own.”
A “Digital Switzerland!” It does sound nice.
The UNHCR applauded this move, writing that:
“Given that [the] main intent of the last Geneva Convention (1949) was to protect civilians and non-combatants during warfare, this call to action—a Geneva 5.0—is both timely and welcome. The nature of conflict has changed throughout history. Today, cyberspace has emerged as the latest front, as both state and non-state actors perpetuate another of history’s certainties, namely the weaponizing of advances in technology. The growing scale and scope of cyber-attacks and their potential to impact the safety and security of civilian populations… highlights the pressing need for international law to reflect this new reality.”
Soon after, France’s Emmanuel Macron and New Zealand’s Jacinda Ardern signed onto a non-binding Paris Call for Trust and Security in Cyberspace, and the Biden administration signed in late 2021 too. And numerous large tech organizations including Facebook, Dell, and Oracle agreed to a related Cybersecurity Tech Accord. (Although notably Apple, Amazon, Twitter, and Google abstained from signing; it’s not immediately clear to me why.)
The lines between citizens, tech companies, and nation states further blurred when Denmark appointed a “tech ambassador” to Silicon Valley in 2017.
As the former ambassador Casper Klynge said in a 2019 interview, “‘What has the biggest impact on daily society? A country in southern Europe, or in Southeast Asia, or Latin America, or would it be the big technology platforms?’”
And as Politico noted at the time, Facebook was worth more than Denmark’s entire 2016 GDP. (It’s more than three times that today.)
The EU opened its own Silicon Valley “Embassy” in 2022 for similar reasons, and in an apparent effort to ease and ensure compliance of new tech-centric EU regulation.
Taken as a whole, it becomes apparent just how firmly fixed a few large technology companies are between individuals and governments — whether their own or others.
Seven years after Microsoft proposed this “Digital Geneva Convention” though, it’s unclear if much has materially changed. In fact, the company announced in 2022, due to the war in Ukraine — years after pledging to become a “digital Switzerland” — it would halt sales to Russia. Soon after, the company described how it worked with Ukraine’s government to relocate vital government services and information to Microsoft cloud servers outside the country.
For his part, Casper Klynge — the former Danish ambassador to Silicon Valley — later became the VP of European Affairs at… Microsoft.
Many of these decisions, taken individually, are not necessarily bad. But on the whole, it becomes clear just how firmly fixed a few large technology companies are between individuals and governments — whether their own or others.
As the Harvard Law Review wrote:
“Do technology companies facilitate or frustrate government surveillance? The answer is that they do both, and this fluctuation should give one pause. Reasonable minds may differ as to what the ideal balance between cooperation and resistance might be, but it seems unlikely that this balance should be left to the judgment of a private corporation.”
“It seems unlikely that this balance should be left to the judgment of a private corporation,” wrote the Review — in 2018, and it appears even more true today.
According to Google’s own Transparency Center, the company received 430,000 requests for user information from global governments in 2023 alone — nearly double the requests made the year the Review published those words. Meta, Apple and many other tech companies maintain similar reports, and Meta that same year received around 575,000 government requests for user information, even more than Google.
Private tech companies receive government requests beyond just surveillance, too. As the Washington Post reported, Google Maps redraws disputed borders according to certain government wishes, depending on where the map is viewed. And the Foreign Minister of Kosovo — a country with contentious recognition status — sent a letter to Tim Cook in 2020 asking Apple to show the country’s borders in Maps, rather than portraying it as a part of Serbia.
And all of this fails to even mention Starlink, which as the New York Times reported has already affected battlefield strategy in the war in Ukraine. As I wrote in June, the company has already extended service to activists in Iran and Turkey, a hospital in Gaza, paramilitaries in Sudan, and even Houthi rebels in Yemen.
So where do countries stop and tech companies begin, really?
Song of the Week: Lady Gaga — Government Hooker