Tech Titans Want Governments to Reform Their Data Surveillance Practices
The data titans of Silicon Valley have said, “Enough is enough!” A coalition of the world’s leading tech companies is asking for the U.S. and other national governments to put a stop to unfettered data collection and surveillance and other practices that inhibit the free movement of lawful data around the globe.
The principal members of the coalition are AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo! Though these companies are rivals in the marketplace, they are united on their stance that governments should not be snooping on the activities and whereabouts of the general population.
Recent revelations about the U.S. National Security Agency (NSA) have shown that this agency has repeatedly forced the tech companies to provide broad swaths of data generated by customers’ usage of these Internet services. The data collection is all done in the name of “national security,” even though there is no direct evidence that the data being collected is tied to terrorists or criminal suspects.
The tech vendors’ reputations have suffered as it has come to light that they have surrendered customer information—albeit based on court orders. The Washington Post has termed this process as “collecting data through the front door.” NSA papers disclosed by Edward Snowden also show that the security agency has secretly tapped the links connecting Google and Yahoo! Datacenters around the world. The NSA’s British counterpart, the Government Communications Headquarters, is reported to be involved in the latter practice as well. The tech vendors deny ever giving this “back door access” to the NSA or anyone else.
To restore credibility in their data privacy practices, and to assert the principles they believe are essential to proper government access to and usage of private data, the coalition of tech vendors has created the website ReformGovernmentSurveillance.com.
The five principles are as follows:
1. Limiting Governments’ Authority to Collect Users’ Information
Governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users’ reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.
2. Oversight and Accountability
Intelligence agencies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry.
3. Transparency About Government Demands
Transparency is essential to a debate over governments’ surveillance powers and the scope of programs that are administered under those powers. Governments should allow companies to publish the number and nature of government demands for user information. In addition, governments should also promptly disclose this data publicly.
4. Respecting the Free Flow of Information
The ability of data to flow or be accessed across borders is essential to a robust 21st century global economy. Governments should permit the transfer of data and should not inhibit access by companies or individuals to lawfully available information that is stored outside of the country. Governments should not require service providers to locate infrastructure within a country’s borders or operate locally.
5. Avoiding Conflicts Among Governments
In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty — or “MLAT” — processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.
There’s a point in Principle #4 stating that “Governments should not require service providers to locate infrastructure within a country’s borders or operate locally.” This is a direct dig on the European privacy laws that restrict the movement of data in the cloud to a datacenter not physically located within the boundaries of the country of origin of the data. In other words, if data originates in Germany, it can’t be stored in a cloud whose servers are in the United States. Such laws make it very expensive for major cloud and SaaS providers to do business because they have to build more data centers than they would if the laws did not exist.
Top executives of all of the coalition members have signed the statement outlining the principles of data access and privacy. They have included a letter to President Obama and members of the U.S. Congress. Now let’s see if the appeal does any good.