Listen up Mr President! Top techs talk tough on NSA

Profile picture for user slauchlan By Stuart Lauchlan December 8, 2013
Summary:
It was only a matter of time before the tech industry needed to be seen to take a tougher stand over the NSA PRISM snooping scandal and so it is today that 8 leading firms have drawn a collective line in the sand.

Obama Listening Tour
It was only a matter of time before the tech industry needed to be seen to take a tougher stand over the NSA PRISM snooping scandal and so it is today that 8 leading firms have drawn a collective line in the sand.

But how much of this will actually carry weight with the powers that be and how much of it is gesture politics with an eye to a PR friendly looking piece of resistance?

The Magnificent Eight taking a stand are Google, Microsoft Apple, Facebook, Twitter, LinkedIn, Yahoo and AOL - all firms with a mass consumer market audience.

Excusing Microsoft and Google (who in this case we’ll put into the consumer camp), the absence of leading cloud apps firms such as Salesforce.com might lend some weight to the assertions of the likes of that firm’s CEO Marc Benioff that despite the dire predictions of some, the B2B online market hasn’t seen the same level of concern about privacy incursions as the B2C. (The cloud computing industry could lose $180 billion, or a quarter of its revenue, by 2016, according to Forrester Research.)

The eight companies behind the Reform Government Surveillance campaign have written an open letter to President Obama outlining their demands, a sort of Santa’s letter outlining everything they hope the big guy - Obama and Santa - will bring them for Christmas.

This includes:

  • An end to bulk collection of user information, including e-mail, address books, and video chats
  • A review of surveillance requests by an independent court with an adversarial legal process
  • Public disclosure of government demands for user information, as well as their frequency and nature.
  • An international framework to govern lawful data requests across national boundaries.

That last clause will doubtless be leapt upon by those in the European Commission which issued its own Thanksgiving Day list of demands including greater non-US involvement in US policy making around issues such as data privacy.

But before the Eurocrats get too excited, it’s perfectly obvious that the campaign expects the US Constitution to be used as the lodestone at the base of any reforms. So those in Brussels who insist things must be done Europe’s way from now on can take few crumbs of comfort here: any alliance forged here will be one of utter exediency at best.

The letter says:

"We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide.

“The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish.

"For our part, we are focused on keeping user’s data secure — deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope."

mayerMarissa_5102
The industry participants each get their soundbite out there on the campaign web site and again they want things done the US way.

Facebook CEO Mark Zuckerberg says:

“The US government should take this opportunity to lead this reform effort and make things right.”

while Google CEO Larry Page argues:

“It’s time for reform and we urge the US government to lead the way.”

and Yahoo CEO Marissa Mayer urges:

“It is time for the US government to act to restore the confidence of citizens around the world.”

Assuming anyone pays attention to this in Washington - and there’s always those campaign dollars to be thought about! - then there are five principles being bandied around:

  • Limiting Governments’ Authority to Collect Users’ Information: “Governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users’ reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.”
  • Oversight and Accountability: “Intelligence agencies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry.”
  • Transparency About Government Demands: “Transparency is essential to a debate over governments’ surveillance powers and the scope of programs that are administered under those powers. Governments should allow companies to publish the number and nature of government demands for user information. In addition, governments should also promptly disclose this data publicly.”
  • Respecting the Free Flow of Information: “The ability of data to flow or be accessed across borders is essential to a robust 21st century global economy. Governments should permit the transfer of data and should not inhibit access by companies or individuals to lawfully available information that is stored outside of the country. Governments should not require service providers to locate infrastructure within a country’s borders or operate locally.”
  • Avoiding Conflicts Among Governments: “In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty — or “MLAT” — processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.”

The Obama administration has already begun a review of NSA procedures, the results of which are expected to be delivered this week. Obama said on TV last week:

“Having done an independent review and brought in a whole bunch of folks — civil libertarians and lawyers and others — to examine what’s being done, I’ll be proposing some self-restraint on the NSA, and you know, to initiate some reforms that can give people more confidence.”

So now we must wait and see what that will be and how far it will go - and whether it will meet international as well as US concerns.

In the UK, lobbyist group Big Brother Watch argues that the Reform Government Surveillance move is welcome:

“There can be no doubt that the surveillance laws of Britain, the US or countless other countries around the world are not fit for an internet age. Britain’s own laws were written before many of these companies even existed.

“Governments should not need to be told by private businesses that it is wrong to collect data on every citizen, through secret processes subject to little or no oversight. Sadly that is the position we find ourselves in.

“This statement of principles, by some of the world’s biggest companies, is a watershed moment and one that cannot go ignored in any country that regards itself as a democracy.

“These businesses represent trillions of dollars of global revenue, highlighting the significant risk to the digital economy of those nations who do not take concerns about web surveillance seriously.

“For any Government that seeks to set an example to the world and properly balance security and privacy in an age when the internet is part of the daily fabric of life, these principles offer a clear measure of whether they are living up to their own rhetoric.”