Privacy Advisor

Google: NSA Could Cause “Splinternet”

In a Senate hearing on the Surveillance Transparency Act of 2013, Google testified that NSA disclosures and subsequent lack of transparency are hurting U.S. business and causing the Internet to fracture

November 13, 2013

By Jedidiah Bracy, CIPP/US, CIPP/E

For nearly six months, the almost rhythmic and unauthorized disclosure of NSA surveillance programs has been an eye-opening series of revelations for citizens, businesses and governments across the globe. Nor is it news that this may be having detrimental effects on U.S. business.

Today, Google’s head of information security made it clear the search giant is deeply concerned about those detrimental effects.

“The current lack of transparency about the amount of government surveillance in democratic countries undermines the freedom and trust most citizens cherish,” said Richard Salgado, Google’s director of law enforcement and information security matters. “It also has had a negative impact on our economic growth and security and on the promise of the Internet as a platform for openness and free expression.”

Salgado made these comments during a Senate Judiciary Subcommittee hearing on the prospects of The Surveillance Transparency Act of 2013. Sponsored by Sen. Al Franken (D-MN), the bill aims to mandate intelligence transparency measures. Today’s hearing featured three panels in all, including Sen. Dean Heller (R-NV), representatives from the Office of the Director of National Intelligence and Department of Justice as well as testimony from Google and the Center for Democracy and Technology.

Most notable for privacy pros was the testimony from Salgado, who made the case for why the now-publicly known NSA programs are balkanizing the Internet and harming U.S. business.

He said there are now a number of initiatives being proposed across the globe that would halt the free flow of information. Such initiatives “could have severe unintended consequences such as a reduction in data security, increased cost, decreased competitiveness and harms to consumers. Proposals like data localization,” he said, “pose a significant threat to the free and open Internet. If they’re adopted then what we face is the creation of a splinternet, broken up into smaller national, regional pieces with barriers around it to replace the global Internet we know today.”

But, he added, “this bill could be a first step in reestablishing the trust that’s necessary.”

Salgado argued, “Transparency and national security are not mutually exclusive.” He noted Google has published a transparency report of law enforcement requests for user data they’ve received from governments around the world. And earlier this year, Google worked with the DoJ to publish reports on the National Security Letters it has received in more generalized ranges. Salgado pointed out the DoJ has not demonstrated that publishing such reports have damaged national security. Google then asked the DoJ if it could publish aggregated reports on FISA requests. The DoJ would only allow such disclosures if the data was published in sum with all other federal, state and local law enforcement requests.

“But this would be a significant step backwards for Google’s users and the broader public,” Salgado testified. “Rather than promote transparency, this proposal would actually obscure important information about the volume and type of all government demands that Google may receive, not just national security demands.” Additionally, not being allowed to speak about national security demands would obscure consumer perception of Google’s services, he said.  

[Update: Thursday, November 14] In fact, today, Google released its latest transparency report, while noting that government requests for data have doubled over the last three years.

Image from Google's latest transparency report

During the hearing, Franken asked Salgado why Google is teaming up with business rivals—including Facebook and Microsoft—in supporting increased transparency of government requests for data. “The Snowden disclosures show programs have potential to do great damage to the Internet as a whole,” he said. “We are stewards of (consumer) data and we don’t want to have confusion around the rule requiring us to disclose their data. We want consumers to have trust and no confusion entrusting their data with us.”

Later, he added, “We’ve already seen the business impact. There are real concerns around the entire structure of the Internet.”

Salgado added that the cloud is being seriously hurt by global perception of U.S. government intrusion. Companies are not taking advantage of the efficiencies and cost savings that can be provided by cloud services, thereby hurting the economy.

He also testified that there are “several flavors” of threats to the free flow of information on the Internet. Several countries are proposing data localization laws that would force companies to locate collected data within a given country, or “blocking statutes” that would mandate that companies working within that country not be able to share consumer data with the U.S. government.

Sen. Patrick Leahy (D-VT) also made a surprise appearance and mentioned his legislation, the USA FREEDOM Act. He said the tech industry has realized that transparency of government requests and law that reforms surveillance will both be needed to help restore trust in the marketplace, but asked Salgado if transparency was enough to restore global confidence in U.S. business.

“It’s an important step,” Salgado said, “but more is needed. We expressed support for your legislation. We need reform allowing users to know that their data is collected under the law, that is narrowly tailored and that there is oversight and transparency.”   

And to make a point about the gag orders placed on companies such as Google and the subsequent First Amendment and prior restraint concerns, Leahy asked Salgado if Google is permitted to say if it has received any FISA court orders.

“I’m sorry, Mr. Chairman, I would have to decline that until the bill that we are discussing today is passed,” said Salgado.

“Is our country safer because you can’t answer the question?” Leahy asked.

“I can’t imagine the country is safer as a result of that,” said Salgado.

Read more by Jedidiah Bracy:
Establishing Trust with U.S. Privacy Regulators
Federal and State Regulators Talk Data Security Lessons
Hack the Trackers Taps Into the Post-Snowden Zeitgeist
U.S. Intel Officials Defend Programs; EU Fallout Continues