Snowden Exposes the ChatGPT Trap
The Digital Sovereignty Crisis of the Global South
(This article has been published in Portuguese in the Brazilian media outlet Outras Palavras.)
On May 13, 2025, a U.S. federal court issued a shocking order: requiring OpenAI to “preserve and segregate all output log data,” even if this data should have been deleted according to user preferences. This order means that from that day forward, more than one billion ChatGPT conversations submitted daily by over 300 million users worldwide are being preserved indefinitely—even when users click “delete.”
The order stems from The New York Times’ copyright lawsuit against OpenAI. But the court’s reasoning is disturbing: users who delete data may be copyright infringers attempting to “cover their tracks.” In other words, exercising the right to deletion—a basic privacy protection measure—is viewed by the court as evidence of criminal suspicion.
OpenAI CEO Sam Altman warned on social media that this ruling “harms user privacy” and “sets a terrible precedent.” But the more unsettling question is: what do these forcibly preserved conversations contain? Medical symptoms users confide to ChatGPT, financial difficulties, career plans, personal secrets—all of which “could be sold or gifted, hacked, or disclosed to law enforcement.”
This is not a hypothetical threat. In 2023, Samsung employees leaked company confidential source code through ChatGPT. Samsung’s lawyers warned that this data was “impossible to retrieve because it is now stored on servers belonging to OpenAI.” Apple, Amazon, JPMorgan Chase, Goldman Sachs, Deutsche Bank... from tech to finance, from healthcare to law, a long list shows: the world’s largest and most resourced companies are restricting employees’ use of ChatGPT. Surveys show nearly 70% of companies block this tool to protect confidential information.
If even these multinational corporations with the most advanced cybersecurity teams cannot safely use ChatGPT, can governments and businesses in the Global South?
But corporate vigilance is just the tip of the iceberg. In June 2024, OpenAI appointed General Paul Nakasone, former director of the NSA (U.S. National Security Agency), to its board of directors. Edward Snowden—the whistleblower who exposed the U.S. mass surveillance program PRISM—issued one of his sternest warnings since exile on social media: “They have literally torn off the mask: never trust OpenAI or its products. This is a willful, calculated betrayal of the rights of every person on Earth. You have been warned.”
Snowden is not speaking casually. In 2013, he risked enormous personal freedom to expose the NSA’s PRISM project—a program that collected data directly from tech giants like Google, Facebook, and Apple, conducting mass surveillance without warrants. The PRISM scandal triggered global shock, prompting countries to strengthen privacy protection laws and the EU to introduce GDPR.
But Snowden now warns that ChatGPT is a more powerful surveillance tool than PRISM. Why? Because PRISM passively collected communication data, while ChatGPT has users actively providing their most private thoughts; PRISM primarily collected metadata (who contacts whom), while ChatGPT collects complete content—people’s thoughts, plans, worries, secrets; PRISM involved millions of users, while ChatGPT has over 300 million users with more than one billion messages daily. More critically, PRISM’s exposure triggered resistance and reform, while ChatGPT’s surveillance practices, though publicly disclosed, continue to be widely accepted and used. Commentators have even called ChatGPT “the largest surveillance database in history—one the NSA could only dream of.”
Iron-Clad Evidence of Surveillance Capabilities: OpenAI’s Self-Exposure
Snowden’s warning is not based on speculation, but on his deep understanding of how the surveillance machine operates. Even more disturbing is that we don’t even need whistleblowers to prove OpenAI is monitoring users—OpenAI’s own reports have already admitted this.
In October 2025, OpenAI released its latest “Disrupting malicious uses of AI” threat intelligence report. The report proudly announced that since February 2024, it has “disrupted and reported” over 40 networks violating usage policies. The report detailed multiple cases: Russian organizations attempting to refine remote access trojans and credential stealers, North Korean hackers creating phishing content targeting South Korea, and certain government-related accounts using ChatGPT to draft proposals for mass social media surveillance systems.
OpenAI frames these disclosures as achievements in combating “malicious use.” But the report inadvertently reveals a deeper truth: to identify these specific “malicious use” cases, OpenAI must possess and be using the capability to routinely monitor all user conversations.
Think about the technical logic: to discover that a user is developing surveillance systems or refining malicious software, OpenAI needs to access and analyze all of that user’s conversation content, deploy real-time or near-real-time monitoring systems, be able to perform content analysis and pattern recognition, link users to specific countries or organizations, and then actively choose which cases to disclose.
The more critical question is: OpenAI primarily discloses cases from countries geopolitically opposed to the United States (Russia, Iran, North Korea, China). What about Western countries? What about U.S. allies? The report remains silent on this. This selective disclosure proves precisely that: OpenAI can monitor all countries but chooses to disclose only those that align with U.S. geopolitical interests. If they can monitor Russia and North Korea, they can monitor Brazil, India, South Africa—all Global South countries.
Evidence of surveillance capabilities doesn’t stop there. In August 2025, OpenAI publicly acknowledged in an official blog post that the company is scanning users’ ChatGPT conversations and reporting content to police. The specific mechanism is: routing conversations of users “planning to harm others” to a dedicated review pipeline, examined by trained human reviewers. If reviewers determine a case involves “imminent threat of serious physical harm to others,” it is forwarded to law enforcement.
But where are the standards? What does “harm others” mean? Who defines it? Will this standard change with political environments? Today it’s “imminent violent threats”—tomorrow will it extend to political dissent, abortion consultations, discussions of sexual orientation?
OpenAI’s official “Law Enforcement User Data Request Policy” clearly states: user conversation content will only be disclosed upon receipt of a lawful search warrant. But what is the reality? OpenAI actively monitors all user conversations (proven by threat intelligence reports), unilaterally determines what constitutes “malicious use,” proactively reports to law enforcement (rather than merely responding to requests), and publishes threat intelligence reports publicly disclosing user behavior—all without any legal process. This is not a minor deviation between policy and practice, but systematic divergence.
European regulators have already seen through this. In December 2024, Italy’s data protection authority fined OpenAI €15 million, citing reasons including “processing users’ personal information without sufficient legal basis” and “violation of transparency principles.” Privacy researcher Łukasz Olejnik stated more directly in his 17-page complaint to Poland’s data protection authority: “OpenAI seems to accept that the way ChatGPT tool models are developed is fundamentally incompatible with GDPR requirements.”
This is not OpenAI’s negligence, but a fundamental issue with its business model. OpenAI’s response to the Italian fine exposed its logic: the fine “is nearly 20 times our revenue”—meaning they earn little in Italy, but data collection is enormously valuable. Fines are merely the “cost” of collecting data.
OpenAI’s Deep Integration with the U.S. National Security Complex
OpenAI’s relationship with the U.S. government far exceeds ordinary business cooperation—it is a strategic deep integration. At the personnel level, OpenAI board member Paul Nakasone is the former NSA director responsible for U.S. intelligence and cyber warfare operations. Another board member, Will Hurd, served as a CIA officer and sits on the board of In-Q-Tel (the CIA’s primary investment arm). These are not ordinary business advisors, but core figures in the U.S. intelligence and security apparatus.
From a business cooperation perspective, OpenAI launched ChatGPT Gov, a service specifically designed for U.S. government agencies. Shocking details include: an agreement with the U.S. General Services Administration to provide ChatGPT Enterprise Edition at just $1 per agency per year—essentially a free giveaway. Since 2024, over 90,000 U.S. federal, state, and local government users have sent more than 18 million messages.
From a technical integration perspective, ChatGPT Gov allows government agencies to input “non-public, sensitive data” into OpenAI’s models, supporting processing of top-secret data. OpenAI’s GPT-4o is integrated into the U.S. government’s top-secret cloud through Microsoft’s Azure, enabling federal agencies like the Department of Defense with classified workloads to use GPT-4o for classified missions.
Most critical is the dual standard for data processing: OpenAI claims it will not use data entered by federal employees to train models, providing a “data firewall” for the U.S. government. But there is no such protection for users from other countries. This dual standard clearly shows: OpenAI prioritizes protecting U.S. government interests, not global user rights.
The $1-per-year price is not a business transaction, but a symbol of strategic cooperation. What content is in the 18 million messages sent by 90,000 U.S. government users? How are these messages being used? Meanwhile, the CIA is also developing its own ChatGPT version called Osiris, for thousands of analysts across 18 U.S. intelligence agencies. The boundary between commercial LLMs and intelligence LLMs is disappearing—or rather, there never was a real boundary.
The Systemic Threat of Neo-Colonialism: From Surveillance to Control
Security expert Bruce Schneier warns that AI causes a qualitative change in surveillance—from “mass surveillance” to “mass spying.” The difference is: surveillance is collection and storage, while spying is understanding and exploitation. Traditional surveillance can only search by keywords; AI can “understand” context and implied meanings, simultaneously analyze billions of conversations, and identify complex patterns. The ACLU points out that large language models enable “a massive scale-up in the quantity of communications subject to meaningful surveillance.”
A more covert threat is training data contamination. Amazon employees actually saw ChatGPT “mimic” company internal data, though not fully reproduced, it was “convincing enough.” This means: even if you haven’t directly input information, ChatGPT may reconstruct sensitive information by aggregating others’ inputs. For Global South countries, even if they prohibit employee use, as long as others (foreign intelligence agencies, multinational corporations) are using it, ChatGPT may still “learn” your national secrets.
Global South countries have begun to become vigilant. On January 29, 2025, India’s Ministry of Finance issued an advisory restricting government employees from using AI tools like ChatGPT and DeepSeek in official work, citing that these tools rely on servers outside the country to store and process data, and the government cannot control the use of sensitive information. Brazilian researchers submitted petitions to the data protection authority to investigate ChatGPT’s violations of LGPD, pointing out that OpenAI even provides CPF numbers (ID numbers) of Brazilian public figures.
But vigilance does not equal the capacity to respond. UNCTAD points out that Global South countries face “a new cycle of digital colonialism.” This neo-colonialism manifests as a triple dilemma: loss of data sovereignty (data flows to the North, processed and sold back to the South), technological dependence (chips, models, cloud services controlled by a few companies), and imposition of values (Silicon Valley values embedded globally through AI). Building new AI may cost $1 billion, chip access is strictly controlled. Even with massive investment, “you still cannot eliminate dependence on foreign countries.”
The power inequality in the AI era replicates historical colonial patterns: Global South countries provide data (raw materials), data flows to U.S. servers to be processed and exploited; the North controls processing capabilities, then sells AI services (finished products) to the South. Profits and control remain in the North. This is not a metaphor, but economic reality. Research shows that Google alone formed an estimated $36 billion in new data assets in 2024, yet international discussions on data valuation, rights determination, and benefit distribution are virtually non-existent.
Deeper colonialism is ideological. Quantitative analysis shows that even non-Western developed large models exhibit moderate to high Western ideological bias—because training corpora heavily rely on English content, and information sources controlled by the West (like Wikipedia) are given disproportionate weight. When students, researchers, and decision-makers in Global South countries use ChatGPT, they are not only providing data but also absorbing a specific set of values and worldviews.
The Time to Act Is Now
In May 2025, when a U.S. court ordered OpenAI to preserve all user conversations indefinitely, how many of the world’s 300+ million users realized: their medical consultations, financial planning, career concerns, personal secrets are now forcibly stored on OpenAI’s servers, potentially “sold or gifted, hacked, or disclosed to law enforcement”?
When a Samsung engineer opened ChatGPT in 2023 seeking code help, he thought it was just a convenient tool. He didn’t realize his company secrets were “now technically in OpenAI’s hands” and “impossible to retrieve.” Samsung can ban ChatGPT, Apple can develop its own AI tools, Goldman Sachs can block the service. But what about small businesses in the Global South? Government departments? Research institutions? Do they have Samsung’s resources? Apple’s technical capabilities?
When Edward Snowden says OpenAI is “a willful betrayal of the rights of every person on Earth,” he is not exaggerating. He issues warnings based on deep understanding of the U.S. surveillance machine. When security expert Bruce Schneier says we are moving from “mass surveillance” to “mass spying,” he reveals the changing nature of surveillance: not just collecting data, but understanding and exploiting it.
For Global South countries, this is not just a privacy issue, but a sovereignty issue. Data is the new oil, AI is the new infrastructure. Handing data and AI control to U.S. companies is like historically handing control of natural resources and infrastructure to colonizers.
The lesson from the May 2025 court order is: even if you click “delete,” data may still be forcibly preserved. The lesson from the Samsung case is: once data is uploaded, it is “impossible to retrieve.” The lesson Global South countries should learn is: once digital sovereignty is lost, it is hard to retrieve.
When your government employees use ChatGPT to draft official documents, when your businesses use ChatGPT for business planning, when your researchers use ChatGPT for research, are you aware: these conversations may be being monitored, analyzed by OpenAI, and shared with U.S. intelligence agencies?
Global South countries need to clearly recognize: digital sovereignty in the digital age is not optional, but a survival necessity. Building independent digital infrastructure, enacting strict data protection regulations, cultivating local technical capabilities—these are no longer distant ideals but urgent practical needs. The historical window may be closing, but the opportunity for choice still exists. What is missing is not solutions, but determination.
The time to act is now.