IAPP-GDPR Web Banners-300x250-FINAL

By Jedidiah Bracy, CIPP/US, CIPP/E

A group of top technology companies has presented a plan and published an open letter to President Barack Obama and members of Congress on global government surveillance reform. Aol, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo together have rolled out the website reformgovernmentsurveillance.com to express their collected belief “that it is time for the world’s governments to address the practices and laws regulating government surveillance of individuals and access to their information.” The U.S. government, they hope, will lead such reform.

Acknowledging that governments are tasked with protecting citizen safety and security, the group is calling on governments to endorse and implement five principles to reform state-sponsored surveillance.

These principles include limiting government authority on collecting user data and avoiding bulk collection of Internet communications; robust oversight and accountability within a clear legal framework; allowing companies to publish “the number and nature of government demands for user information”; respecting the free flow of information across the Internet rather than requiring service providers “to locate infrastructure within a country’s borders or operate locally,” and avoiding conflicts among governments, including an improved mutual legal assistance treaty. 

“People won’t use technology they don’t trust,” wrote Microsoft General Counsel and Executive Vice President, Legal and Corporate Affairs Brad Smith. “Governments have put this trust at risk, and governments need to help restore it.”

Facebook CEO Mark Zuckerberg said the recent reports on government surveillance “have shown there is a real need for greater disclosure and new limits on how governments collect information,” adding, “The U.S. government should take this opportunity to lead this reform effort and make things right.”

Several companies have raised concerns in recent months about gag orders preventing the disclosure of Foreign Intelligence Surveillance Court requests of user data, saying it compromises the companies’ First Amendment rights. And just last month, Google Director of Law Enforcement and Information Security Matters Richard Salgado testified that government initiatives around the world to localize data storage could cause a “splinternet.”

The group’s open letter to Washington notes, “For our part, we are focused on keeping users’ data secure—deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope.” In recent weeks several companies, including Twitter and Yahoo, have announced they are encrypting all user transactions.

The Electronic Frontier Foundation’s Trevor Trimm said, “It’s now in their business and economic interest to protect their users’ privacy and to aggressively pull for changes,” adding, “The NSA mass-surveillance programs exist for a simple reason: cooperation with the tech and telecom companies. If the tech companies no longer want to cooperate, they have a lot of leverage to force significant reform.”

And evidence that the NSA revelations have harmed U.S. business is mounting. USA Today reports that IBM, Microsoft, Hewlett-Packard and Cisco have reported “substantial drops in sales” in China since this summer’s Snowden revelations.

Shareholders recently asked AT&T, the largest telephone company in the U.S., to disclose U.S. government requests of its users’ data, but last Friday, according to Bloomberg, the company rejected the proposal saying the resolution was impractical. The company said in a letter to the U.S. Securities and Exchange Commission it protects its users’ privacy. A representative from the New York State Comptroller said, “AT&T is trying to prevent the vital issue of customer privacy from coming before its shareholders.”

Late last week, President Obama appeared on MSNBC’s Hardball with Chris Matthews saying he plans to propose limits on the NSA. A five-member panel, known as the Review Group on Intelligence and Communications, is currently examining the intelligence programs.

“I’ll be proposing some self-restraint on the NSA and to initiate some reforms to give people more confidence,” Obama said, adding that Americans “rightly are sensitive to … preserve their privacy and to maintain Internet freedom, and so am I.”

Two rival bills are currently pending in the U.S. Congress. Sen. Patrick Leahy (D-VT) has teamed up with USA PATRIOT Act author Rep. Jim Sensenbrenner (R-WI) to co-sponsor the USA FREEDOM Act. The proposed legistation would end dragnet collection of metadata and provide additional oversight of existing surveillance programs. Sen. Diane Feinstein (D-CA) has also introduced reform legislation, the FISA Improvements Act of 2013. Some have criticized the bill, arguing that it would strengthen the NSA's ability to search troves of collected foreign e-mail and phone data.

Local Law Enforcement Using NSA-Style Methods To Collect Cellphone Data

USA Today also reports on how local police are using similar methods as the NSA to collect cellphone data. According to the report, local law enforcement agencies are employing new technologies, including mobile devices, that can tap into cellphone data in real time. Law enforcement maintains the technology helps solve crimes and prevent terrorism, but several privacy advocacy groups are expressing concerns.

“I don’t think that these devices should never be used, but at the same time, you should clearly be getting a warrant,” said the Electronic Privacy Information Center’s Alan Butler.

Sen. Ed Markey (D-MA) has said he plans to introduce legislation that would narrow law enforcement’s cellphone data requests, The New York Times reports. Last year, cellphone carriers answered 1.1 million police requests for user data. State regulators in California, specifically the California Public Utilities Commission, are considering whether the state needs stronger laws to protect cellphone users’ privacy, according to Los Angeles Times.

Read more by Jedidiah Bracy:
Are Notice and Consent Possible with the Internet of Things?
Google: NSA Could Cause Splinternet
Establishing Trust with U.S. Privacy Regulators
Federal and State Regulators Talk Data Security Lessons


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»