DPI15_300x250_Banner_FINAL
Webcon_PA_300x250_ad_MARCH_2015-01

Will Transparency Calm Concerns Over National Security Access?

Following six months of sensational stories emanating from the Snowden-leaked files from the NSA, privacy professionals are taking stock. Recently, we have heard from the president on the subject of the needed balance between privacy and security, and needed reforms. And we have seen the report of the President’s Review Group on Intelligence and Communications Technologies and the report of the Privacy and Civil Liberties Oversight Board.

And yesterday, the Justice Department announced that Google, Yahoo, Facebook, Microsoft and LinkedIn have agreed to withdraw motions demanding that they be allowed to release more information in their transparency reports designed to reflect law enforcement and national security takedown requests and requests for access to personal data in their custody. The Department of Justice announced that it is working to “allow more detailed disclosures about the number of national security orders and requests issued to communications providers.”

Skeptics immediately appeared to question the granularity and timeliness of the now-allowed disclosures. The online journal The Verge had a headline “Department of Justice announces new gag-order deal with Google, Facebook, Microsoft and Apple.”

But as described by The Guardian newspaper, the outlet for the Snowden leaks, “the deal also purports to shed far more light than ever on a question the intelligence agencies have been extremely reluctant to address – the number of people affected by NSA surveillance.”

Presumably, the online companies fought hard for greater transparency precisely because the numbers show a limited number of national security requests (relative to the huge volume of data flowing through their networks). Reports of limited national security access are likely, in part, to assuage concerns over massive government surveillance. More and more companies are likely to issue transparency reports, just as we have seen reports for the first time this year from companies like Verizon.

Hogan Lovells recently released a whitepaper examining the "transparency reports" published by Google, Microsoft, Skype, Twitter and LinkedIn concerning law enforcement requests for data in multiple countries, concluding that when the numbers are adjusted for population sizes and the number of Internet users in each respective country, they reveal that the U.S. government requests information from these providers at a rate comparable to — and sometimes lower than — that of several other countries, including many EU member states.

When the per-capita and per-Internet-user data requests for Google, Microsoft, Skype, Twitter and LinkedIn were combined for 2012, the newest whitepaper shows that the U.S. government requests totaled approximately 96 per capita and 119 per Internet user in 2012, compared to values over twice as high for Taiwan, the UK and Hong Kong, and greater values for France, Australia and Germany.

In 2012 it was reported that the rate at which European governments seek access to private data is at an “all-time high, having increased more than the rate of U.S. government requests during the same period." While there is no comparison of governments' national security requests for data, it is important to note that there is a growing consensus for amendment of the Electronic Communications Privacy Act to expand the warrant requirement in the U.S.

Former U.S. Department of Commerce General Counsel Cameron Kerry, in his valedictory address on international privacy delivered at the German Marshall Fund of the United States, expressly cited this new Hogan Lovells whitepaper and its findings in his plea for a more balanced international view of issues such as national security access to data, which occurs around the world.

As I said last summer, “it is naive to think that European intelligence agencies do not use data collected from phone and Internet companies in their investigations.” The transparency reports, which soon will have greater granularity, should help the world understand that the U.S. is hardly alone in its national security practices and that reform needs to be viewed as a global concern.

Written By

Christopher Wolf

1 Comments

If you want to comment on this post, you need to login
  • Jonathan Griffith Jan 28, 2014

    I am frustrated by the niavety of both the international and U.S. public, and commercial providers. Espionage is the second oldest profession in the world after prostitution. The collection of intelligence prevents wars and terrorist events more than anything society may do. But the collection of intelligence violates the privacy of individuals to bring visability of potential harm to society. This contention must be overseen by citizen advocates (representatives aka Congressional Oversite by the Intelligence Oversite Committees) As a passionate believer in a "right to privacy" even if not currently supported by the U.S. Constitution, my personal view is that anything collected without a court order is inadmissable. However, data collected by an intelligence agency should always be inadmissable in court. If a Law Enforcement agency collects electronic location or call metadata then it should be only be admissable if gathered under court order. I believe that each national government should determine by law if Intelligence agency collectedinformation may be used as probable cause to request a court order. As far as industrial espionage by national intelligence agencies, there are numerous open source reports of many agencies from China, France, Russia, and now the United States performing industrial espionage. The question is was the collected information provided to competitors, or was the collected information only used in-house to develop exploits in support of intelligence operational capabilities. This creates a grey area; just compare the appearance of the Russian and U.S. Space shuttles. Does/Did either support intelligence operational capabilities? Did the national industrial complex use the information provided outside of the intelligence operational requirments? This is an ethical / moral dilema for each nation. One may disadvantage their nation by maintaining a moral high ground, I believe that the high ground is to provide notice to the international community that intelligence collection will be conducted on any nation friendly or not, not to necessarily to harm the target of collection, but to maintain the situational awareness in todays complex international environment. The next societal question becomes what governs the sharing of collected intelligence, and how the shared information may be used. For example, could GCHQ provide intelligence information collected without a court order to the FBI, and the FBI use the information in court to prosecute a U.S. Citizen or Non-U.S. Person? It is the commercial sector's niavety in not performing the due dilligence of protecting the data of thier customers at rest and in transit. Security by obscurity has been a proven fallicy for at least a decade, if not two. If commercial offerings do not provide confidentiality, integrity, and availability (CIA) then the user agreement must state they do not/ or cannot guarantee that data generated, accessed, or transported by the commercial offering may be accessed by third parties while in transit or by court order. Finally, the public must open their minds and accept that services do not provide CIA without the the service/application making the accertion that it does. Finally, the public needs to get their head out of the sand or other dark place, and run from services/applications which do not assert they protect the CIA of their user’s data and explicitly state how it may be sold/shared either seperately or in aggregate outside the service/application. .

Related