Opinion

Will Transparency Calm Concerns Over National Security Access?

Following six months of sensational stories emanating from the Snowden-leaked files from the NSA, privacy professionals are taking stock. Recently, we have heard from the president on the subject of the needed balance between privacy and security, and needed reforms. And we have seen the report of the President’s Review Group on Intelligence and Communications Technologies and the report of the Privacy and Civil Liberties Oversight Board.

And yesterday, the Justice Department announced that Google, Yahoo, Facebook, Microsoft and LinkedIn have agreed to withdraw motions demanding that they be allowed to release more information in their transparency reports designed to reflect law enforcement and national security takedown requests and requests for access to personal data in their custody. The Department of Justice announced that it is working to “allow more detailed disclosures about the number of national security orders and requests issued to communications providers.”

Skeptics immediately appeared to question the granularity and timeliness of the now-allowed disclosures. The online journal The Verge had a headline “Department of Justice announces new gag-order deal with Google, Facebook, Microsoft and Apple.”

But as described by The Guardian newspaper, the outlet for the Snowden leaks, “the deal also purports to shed far more light than ever on a question the intelligence agencies have been extremely reluctant to address – the number of people affected by NSA surveillance.”

Presumably, the online companies fought hard for greater transparency precisely because the numbers show a limited number of national security requests (relative to the huge volume of data flowing through their networks). Reports of limited national security access are likely, in part, to assuage concerns over massive government surveillance. More and more companies are likely to issue transparency reports, just as we have seen reports for the first time this year from companies like Verizon.

Hogan Lovells recently released a whitepaper examining the "transparency reports" published by Google, Microsoft, Skype, Twitter and LinkedIn concerning law enforcement requests for data in multiple countries, concluding that when the numbers are adjusted for population sizes and the number of Internet users in each respective country, they reveal that the U.S. government requests information from these providers at a rate comparable to — and sometimes lower than — that of several other countries, including many EU member states.

When the per-capita and per-Internet-user data requests for Google, Microsoft, Skype, Twitter and LinkedIn were combined for 2012, the newest whitepaper shows that the U.S. government requests totaled approximately 96 per capita and 119 per Internet user in 2012, compared to values over twice as high for Taiwan, the UK and Hong Kong, and greater values for France, Australia and Germany.

In 2012 it was reported that the rate at which European governments seek access to private data is at an “all-time high, having increased more than the rate of U.S. government requests during the same period." While there is no comparison of governments' national security requests for data, it is important to note that there is a growing consensus for amendment of the Electronic Communications Privacy Act to expand the warrant requirement in the U.S.

Former U.S. Department of Commerce General Counsel Cameron Kerry, in his valedictory address on international privacy delivered at the German Marshall Fund of the United States, expressly cited this new Hogan Lovells whitepaper and its findings in his plea for a more balanced international view of issues such as national security access to data, which occurs around the world.

As I said last summer, “it is naive to think that European intelligence agencies do not use data collected from phone and Internet companies in their investigations.” The transparency reports, which soon will have greater granularity, should help the world understand that the U.S. is hardly alone in its national security practices and that reform needs to be viewed as a global concern.

Note from the Editor:

Wolf will moderate a panel at the IAPP Global Privacy Summit on “Governmental Access to Private-Sector Data: The Realities and Impacts in the U.S. and EU” on Thursday, March 6, from 4:30 to 5:30 p.m., featuring former NSA General Counsel Stewart Baker, Civil Liberties Protection Officer in the Office of the Director of National Intelligence/Privacy and Civil Liberties Office Alexander Joel, CIPP/US, CIPP/G, and Chris Calabrese from the ACLU.

More from Christopher Wolf

About the Author

Christopher Wolf leads the global privacy practice at Hogan Lovells US LLP and has practiced privacy law since the earliest days of the discipline. Wolf also is the founder and chair of the Future of Privacy Forum. He was the editor and lead author of the first PLI treatise on privacy law and is a frequent author and speaker on privacy and data security issues. Wolf was the first privacy lawyer to testify before the Senate Judiciary Privacy Subcommittee and is a member of a group advising the OECD on the OECD privacy guidelines.

Wolf is a cum laude graduate of Bowdoin College and graduated magna cum laude Order of the Coif from the Washington & Lee University School of Law. He participated in the general course at the London School of Economics. Following law school, he clerked for U.S. District Judge Aubrey E. Robinson Jr. in Washington, DC. He has practiced law for 32 years. Wolf is active in charitable organizations and serves on the boards of the Anti-Defamation League, WETA Public Broadcasting, Food & Friends (a social services agency), the George Washington University Hospital and Young Concert Artists.

See all posts by Christopher Wolf

Comments

  • January 28, 2014
    Jonathan Griffith
    replied:

    I am frustrated by the niavety of both the international and U.S. public, and commercial providers. Espionage is the second oldest profession in the world after prostitution. The collection of intelligence prevents wars and terrorist events more than anything society may do. But the collection of intelligence violates the privacy of individuals to bring visability of potential harm to society. This contention must be overseen by citizen advocates (representatives aka Congressional Oversite by the Intelligence Oversite Committees) As a passionate believer in a “right to privacy” even if not currently supported by the U.S. Constitution, my personal view is that anything collected without a court order is inadmissable. However, data collected by an intelligence agency should always be inadmissable in court. If a Law Enforcement agency collects electronic location or call metadata then it should be only be admissable if gathered under court order. I believe that each national government should determine by law if Intelligence agency collectedinformation may be used as probable cause to request a court order.  As far as industrial espionage by national intelligence agencies, there are numerous open source reports of many agencies from China, France, Russia, and now the United States performing industrial espionage.  The question is was the collected information provided to competitors, or was the collected information only used in-house to develop exploits in support of intelligence operational capabilities. This creates a grey area; just compare the appearance of the Russian and U.S. Space shuttles. Does/Did either support intelligence operational capabilities? Did the national industrial complex use the information provided outside of the intelligence operational requirments? This is an ethical / moral dilema for each nation. One may disadvantage their nation by maintaining a moral high ground, I believe that the high ground is to provide notice to the international community that intelligence collection will be conducted on any nation friendly or not, not to necessarily to harm the target of collection, but to maintain the situational awareness in todays complex international environment.  The next societal question becomes what governs the sharing of collected intelligence, and how the shared information may be used. For example, could GCHQ provide intelligence information collected without a court order to the FBI, and the FBI use the information in court to prosecute a U.S. Citizen or Non-U.S. Person?
      It is the commercial sector’s niavety in not performing the due dilligence of protecting the data of thier customers at rest and in transit. Security by obscurity has been a proven fallicy for at least a decade, if not two.  If commercial offerings do not provide confidentiality, integrity, and availability (CIA) then the user agreement must state they do not/ or cannot guarantee that data generated, accessed, or transported by the commercial offering may be accessed by third parties while in transit or by court order.
    Finally, the public must open their minds and accept that services do not provide CIA without the the service/application making the accertion that it does.  Finally, the public needs to get their head out of the sand or other dark place, and run from services/applications which do not assert they protect the CIA of their user’s data and explicitly state how it may be sold/shared either seperately or in aggregate outside the service/application.
    .

To post your comment, please enter the word you see in the image below:

To post your comment, please enter the word you see in the image below:

Get your free study guide now!
Get your free study guide now!