Will Transparency Calm Concerns Over National Security Access?
Following six months of sensational stories emanating from the Snowden-leaked files from the NSA, privacy professionals are taking stock. Recently, we have heard from the president on the subject of the needed balance between privacy and security, and needed reforms. And we have seen the report of the President’s Review Group on Intelligence and Communications Technologies and the report of the Privacy and Civil Liberties Oversight Board.
And yesterday, the Justice Department announced that Google, Yahoo, Facebook, Microsoft and LinkedIn have agreed to withdraw motions demanding that they be allowed to release more information in their transparency reports designed to reflect law enforcement and national security takedown requests and requests for access to personal data in their custody. The Department of Justice announced that it is working to “allow more detailed disclosures about the number of national security orders and requests issued to communications providers.”
Skeptics immediately appeared to question the granularity and timeliness of the now-allowed disclosures. The online journal The Verge had a headline “Department of Justice announces new gag-order deal with Google, Facebook, Microsoft and Apple.”
But as described by The Guardian newspaper, the outlet for the Snowden leaks, “the deal also purports to shed far more light than ever on a question the intelligence agencies have been extremely reluctant to address – the number of people affected by NSA surveillance.”
Presumably, the online companies fought hard for greater transparency precisely because the numbers show a limited number of national security requests (relative to the huge volume of data flowing through their networks). Reports of limited national security access are likely, in part, to assuage concerns over massive government surveillance. More and more companies are likely to issue transparency reports, just as we have seen reports for the first time this year from companies like Verizon.
Hogan Lovells recently released a whitepaper examining the "transparency reports" published by Google, Microsoft, Skype, Twitter and LinkedIn concerning law enforcement requests for data in multiple countries, concluding that when the numbers are adjusted for population sizes and the number of Internet users in each respective country, they reveal that the U.S. government requests information from these providers at a rate comparable to — and sometimes lower than — that of several other countries, including many EU member states.
When the per-capita and per-Internet-user data requests for Google, Microsoft, Skype, Twitter and LinkedIn were combined for 2012, the newest whitepaper shows that the U.S. government requests totaled approximately 96 per capita and 119 per Internet user in 2012, compared to values over twice as high for Taiwan, the UK and Hong Kong, and greater values for France, Australia and Germany.
In 2012 it was reported that the rate at which European governments seek access to private data is at an “all-time high, having increased more than the rate of U.S. government requests during the same period." While there is no comparison of governments' national security requests for data, it is important to note that there is a growing consensus for amendment of the Electronic Communications Privacy Act to expand the warrant requirement in the U.S.
Former U.S. Department of Commerce General Counsel Cameron Kerry, in his valedictory address on international privacy delivered at the German Marshall Fund of the United States, expressly cited this new Hogan Lovells whitepaper and its findings in his plea for a more balanced international view of issues such as national security access to data, which occurs around the world.
As I said last summer, “it is naive to think that European intelligence agencies do not use data collected from phone and Internet companies in their investigations.” The transparency reports, which soon will have greater granularity, should help the world understand that the U.S. is hardly alone in its national security practices and that reform needs to be viewed as a global concern.
Note from the Editor:
Wolf will moderate a panel at the IAPP Global Privacy Summit on “Governmental Access to Private-Sector Data: The Realities and Impacts in the U.S. and EU” on Thursday, March 6, from 4:30 to 5:30 p.m., featuring former NSA General Counsel Stewart Baker, Civil Liberties Protection Officer in the Office of the Director of National Intelligence/Privacy and Civil Liberties Office Alexander Joel, CIPP/US, CIPP/G, and Chris Calabrese from the ACLU.
About the Author
Christopher Wolf leads the global privacy practice at Hogan Lovells US LLP and has practiced privacy law since the earliest days of the discipline. Wolf also is the founder and chair of the Future of Privacy Forum. He was the editor and lead author of the first PLI treatise on privacy law and is a frequent author and speaker on privacy and data security issues. Wolf was the first privacy lawyer to testify before the Senate Judiciary Privacy Subcommittee and is a member of a group advising the OECD on the OECD privacy guidelines.
Wolf is a cum laude graduate of Bowdoin College and graduated magna cum laude Order of the Coif from the Washington & Lee University School of Law. He participated in the general course at the London School of Economics. Following law school, he clerked for U.S. District Judge Aubrey E. Robinson Jr. in Washington, DC. He has practiced law for 32 years. Wolf is active in charitable organizations and serves on the boards of the Anti-Defamation League, WETA Public Broadcasting, Food & Friends (a social services agency), the George Washington University Hospital and Young Concert Artists.