Allegations of mass, indiscriminate government surveillance have sparked a global spat about its proper limits. In defending their programs, the United States and Britain have exposed a troubling, two-tiered approach to the right to privacy in the digital age. Neither government seems willing to recognize the privacy interests of people outside its borders. One thing is clear: as our lives become more connected through the Internet, the right to privacy has never been under a greater global threat.

The perception that the US and UK are exploiting their unique position within the Internet’s ecosystem fuels the international outrage. Only 12 percent of the world’s 2.5 billion Internet users are in the US and UK, but significant portions of the world’s Internet traffic still moves through the US, even if it doesn’t involve a US-based user.

American companies operate the dominant global social media and e-mail services and store massive amounts of the world’s user data. And the U.K.’s historical status as a global hub makes it a key chokepoint for trans-Atlantic data flows, making interception of undersea cables exceptionally efficient. These factors make it easy for the US and UK to spy on their own citizens, but also on potentially hundreds of millions of users around the world, who have no ability to hold the two countries accountable.

Technologically speaking, things are only going to get worse. Conventional surveillance techniques are labor-intensive, which constrained arbitrary and abusive practices. If police wanted to track your movements, it would require many people working around the clock. Today, authorities can paint a detailed portrait of a person’s life with one request to a mobile phone company. The costs of data storage and computer processing continue to fall, which will only goad governments to collect more. Meanwhile, more aspects of our lives will be digitized, like health, financial, and social data, which can then be easily combined and analyzed. These are the realities of “Big Data” and it means that governments will be able to track our location, associations, and communications more effectively and efficiently than ever before.

For the phone metadata program, the US claims it needs its “collect it all” approach to draw out associations between possible suspects over a period of years, even if only a tiny fraction of phone users are suspected of wrongdoing. Gen. Keith Alexander, director of the National Security Agency, has argued that the massive data gathering is necessary to combat terrorism, saying, “You need the haystack to find the needle.” Governments now have a huge digital haystack and can preserve that data for purposes that were not possible before.

Officials have tried to play down the intrusiveness of the metadata collection. Yet technologists now recognize that metadata can reveal incredibly sensitive information, especially when collected in bulk and used in composite, even if the law doesn’t. Technology won’t stop advancing, leaving slow-moving laws to struggle to adapt to protect privacy on the global Internet.

Right now, the law falls far short. President Barack Obama’s defense that NSA spying is lawful because it targets non-Americans offers little comfort to more than two billion Internet users outside the United States. UK law allows cable interception with little regard for the privacy interests of users outside the British Isles. In an age of instant, cross-border communications, where transnational companies provide the services, this conception of privacy is a relic of an un-networked past. More important, this attitude flies in the face of the idea that human rights are universal.

While the current controversy has focused on the US and Britain, there is no reason for users to assume that other governments’ laws or practices are better. Most surveillance regimes were enacted in the Internet’s infancy, before social media even existed and cross-border communication was relatively rare. Concerned citizens should also scrutinize their own country’s approach.

Meanwhile, the US and Britain have provided a roadmap to governments of all political persuasions on enlisting telecom and Internet firms in overbroad surveillance, lowering the bar even further. In Turkey, where dozens of people were detained for their Twitter use during the Gezi Park protests, authorities are mulling new regulations that could require social media companies to maintain a local presence or otherwise make it easier for the government to identify and monitor users. Russia and Brazil are also considering measures to force companies to store user data locally so it is more accessible to authorities. Similar proposals are almost certain to emerge elsewhere.

The Internet is at a crossroads. Online tools have promoted economic development and strengthened the work of journalists and human rights defenders. At the same time, terrorists have also adopted the Internet while governments, in response, seek to exploit new, powerful surveillance technologies. The right to privacy is universal and the Internet defies territorial boundaries by design. Yet users cannot hold far-flung governments accountable when they spy, unchecked, on users beyond their borders.

The US and UK have led the world in promoting Internet freedom and helped secure international recognition at the UN Human Rights Council that rights should be protected as much online as offline. The truest test of moral leadership, however, comes when you have immense power over others and you choose to constrain exercise of that power. These governments should address the global impact of their bordered approach to privacy.

The US and UK should convene a dialogue with like-minded allies, civil society organizations, and technology companies to confront the human rights implications of digital surveillance in a more connected world. This dialogue should lead to concrete recommendations for reforming national laws, starting with their own, to meaningfully protect the privacy of all users.

On a global network, it is untenable for governments to argue that the right to privacy stops at their border while surveillance is borderless. The US and UK need to show moral leadership or else risk undermining the Internet’s incalculable value.

Cynthia M. Wong is the senior Internet researcher at Human Rights Watch. You can follow her on twitter @cynthiamw.