Privacy Advisor

Tech Biz Urging U.S. Lawmakers, Global Governments To Reform Surveillance Law

A group of eight U.S.-based technology giants—including Google, Microsoft and Apple—are banding together to urge President Barack Obama and Congress to lead a global effort to limit government surveillance amidst evidence that NSA revelations are hurting U.S. business and user privacy

December 9, 2013

By Jedidiah Bracy, CIPP/US, CIPP/E

A group of top technology companies has presented a plan and published an open letter to President Barack Obama and members of Congress on global government surveillance reform. Aol, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo together have rolled out the website reformgovernmentsurveillance.com to express their collected belief “that it is time for the world’s governments to address the practices and laws regulating government surveillance of individuals and access to their information.” The U.S. government, they hope, will lead such reform.

Acknowledging that governments are tasked with protecting citizen safety and security, the group is calling on governments to endorse and implement five principles to reform state-sponsored surveillance.

These principles include limiting government authority on collecting user data and avoiding bulk collection of Internet communications; robust oversight and accountability within a clear legal framework; allowing companies to publish “the number and nature of government demands for user information”; respecting the free flow of information across the Internet rather than requiring service providers “to locate infrastructure within a country’s borders or operate locally,” and avoiding conflicts among governments, including an improved mutual legal assistance treaty. 

“People won’t use technology they don’t trust,” wrote Microsoft General Counsel and Executive Vice President, Legal and Corporate Affairs Brad Smith. “Governments have put this trust at risk, and governments need to help restore it.”

Facebook CEO Mark Zuckerberg said the recent reports on government surveillance “have shown there is a real need for greater disclosure and new limits on how governments collect information,” adding, “The U.S. government should take this opportunity to lead this reform effort and make things right.”

Several companies have raised concerns in recent months about gag orders preventing the disclosure of Foreign Intelligence Surveillance Court requests of user data, saying it compromises the companies’ First Amendment rights. And just last month, Google Director of Law Enforcement and Information Security Matters Richard Salgado testified that government initiatives around the world to localize data storage could cause a “splinternet.”

The group’s open letter to Washington notes, “For our part, we are focused on keeping users’ data secure—deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope.” In recent weeks several companies, including Twitter and Yahoo, have announced they are encrypting all user transactions.

The Electronic Frontier Foundation’s Trevor Trimm said, “It’s now in their business and economic interest to protect their users’ privacy and to aggressively pull for changes,” adding, “The NSA mass-surveillance programs exist for a simple reason: cooperation with the tech and telecom companies. If the tech companies no longer want to cooperate, they have a lot of leverage to force significant reform.”

And evidence that the NSA revelations have harmed U.S. business is mounting. USA Today reports that IBM, Microsoft, Hewlett-Packard and Cisco have reported “substantial drops in sales” in China since this summer’s Snowden revelations.

Shareholders recently asked AT&T, the largest telephone company in the U.S., to disclose U.S. government requests of its users’ data, but last Friday, according to Bloomberg, the company rejected the proposal saying the resolution was impractical. The company said in a letter to the U.S. Securities and Exchange Commission it protects its users’ privacy. A representative from the New York State Comptroller said, “AT&T is trying to prevent the vital issue of customer privacy from coming before its shareholders.”

Late last week, President Obama appeared on MSNBC’s Hardball with Chris Matthews saying he plans to propose limits on the NSA. A five-member panel, known as the Review Group on Intelligence and Communications, is currently examining the intelligence programs.

“I’ll be proposing some self-restraint on the NSA and to initiate some reforms to give people more confidence,” Obama said, adding that Americans “rightly are sensitive to … preserve their privacy and to maintain Internet freedom, and so am I.”

Two rival bills are currently pending in the U.S. Congress. Sen. Patrick Leahy (D-VT) has teamed up with USA PATRIOT Act author Rep. Jim Sensenbrenner (R-WI) to co-sponsor the USA FREEDOM Act. The proposed legistation would end dragnet collection of metadata and provide additional oversight of existing surveillance programs. Sen. Diane Feinstein (D-CA) has also introduced reform legislation, the FISA Improvements Act of 2013. Some have criticized the bill, arguing that it would strengthen the NSA's ability to search troves of collected foreign e-mail and phone data.

Local Law Enforcement Using NSA-Style Methods To Collect Cellphone Data

USA Today also reports on how local police are using similar methods as the NSA to collect cellphone data. According to the report, local law enforcement agencies are employing new technologies, including mobile devices, that can tap into cellphone data in real time. Law enforcement maintains the technology helps solve crimes and prevent terrorism, but several privacy advocacy groups are expressing concerns.

“I don’t think that these devices should never be used, but at the same time, you should clearly be getting a warrant,” said the Electronic Privacy Information Center’s Alan Butler.

Sen. Ed Markey (D-MA) has said he plans to introduce legislation that would narrow law enforcement’s cellphone data requests, The New York Times reports. Last year, cellphone carriers answered 1.1 million police requests for user data. State regulators in California, specifically the California Public Utilities Commission, are considering whether the state needs stronger laws to protect cellphone users’ privacy, according to Los Angeles Times.

Read more by Jedidiah Bracy:
Are Notice and Consent Possible with the Internet of Things?
Google: NSA Could Cause Splinternet
Establishing Trust with U.S. Privacy Regulators
Federal and State Regulators Talk Data Security Lessons