IAPP-GDPR Web Banners-300x250-FINAL
Will Transparency Calm Concerns Over National Security Access?

Following six months of sensational stories emanating from the Snowden-leaked files from the NSA, privacy professionals are taking stock. Recently, we have heard from the president on the subject of the needed balance between privacy and security, and needed reforms. And we have seen the report of the President’s Review Group on Intelligence and Communications Technologies and the report of the Privacy and Civil Liberties Oversight Board.

And yesterday, the Justice Department announced that Google, Yahoo, Facebook, Microsoft and LinkedIn have agreed to withdraw motions demanding that they be allowed to release more information in their transparency reports designed to reflect law enforcement and national security takedown requests and requests for access to personal data in their custody. The Department of Justice announced that it is working to “allow more detailed disclosures about the number of national security orders and requests issued to communications providers.”

Skeptics immediately appeared to question the granularity and timeliness of the now-allowed disclosures. The online journal The Verge had a headline “Department of Justice announces new gag-order deal with Google, Facebook, Microsoft and Apple.”

But as described by The Guardian newspaper, the outlet for the Snowden leaks, “the deal also purports to shed far more light than ever on a question the intelligence agencies have been extremely reluctant to address – the number of people affected by NSA surveillance.”

Presumably, the online companies fought hard for greater transparency precisely because the numbers show a limited number of national security requests (relative to the huge volume of data flowing through their networks). Reports of limited national security access are likely, in part, to assuage concerns over massive government surveillance. More and more companies are likely to issue transparency reports, just as we have seen reports for the first time this year from companies like Verizon.

Hogan Lovells recently released a whitepaper examining the "transparency reports" published by Google, Microsoft, Skype, Twitter and LinkedIn concerning law enforcement requests for data in multiple countries, concluding that when the numbers are adjusted for population sizes and the number of Internet users in each respective country, they reveal that the U.S. government requests information from these providers at a rate comparable to — and sometimes lower than — that of several other countries, including many EU member states.

When the per-capita and per-Internet-user data requests for Google, Microsoft, Skype, Twitter and LinkedIn were combined for 2012, the newest whitepaper shows that the U.S. government requests totaled approximately 96 per capita and 119 per Internet user in 2012, compared to values over twice as high for Taiwan, the UK and Hong Kong, and greater values for France, Australia and Germany.

In 2012 it was reported that the rate at which European governments seek access to private data is at an “all-time high, having increased more than the rate of U.S. government requests during the same period." While there is no comparison of governments' national security requests for data, it is important to note that there is a growing consensus for amendment of the Electronic Communications Privacy Act to expand the warrant requirement in the U.S.

Former U.S. Department of Commerce General Counsel Cameron Kerry, in his valedictory address on international privacy delivered at the German Marshall Fund of the United States, expressly cited this new Hogan Lovells whitepaper and its findings in his plea for a more balanced international view of issues such as national security access to data, which occurs around the world.

As I said last summer, “it is naive to think that European intelligence agencies do not use data collected from phone and Internet companies in their investigations.” The transparency reports, which soon will have greater granularity, should help the world understand that the U.S. is hardly alone in its national security practices and that reform needs to be viewed as a global concern.

Written By

Christopher Wolf


If you want to comment on this post, you need to login.
  • Jonathan Griffith Jan 28, 2014

    I am frustrated by the niavety of both the international and U.S. public, and commercial providers. Espionage is the second oldest profession in the world after prostitution. The collection of intelligence prevents wars and terrorist events more than anything society may do. But the collection of intelligence violates the privacy of individuals to bring visability of potential harm to society. This contention must be overseen by citizen advocates (representatives aka Congressional Oversite by the Intelligence Oversite Committees) As a passionate believer in a "right to privacy" even if not currently supported by the U.S. Constitution, my personal view is that anything collected without a court order is inadmissable. However, data collected by an intelligence agency should always be inadmissable in court. If a Law Enforcement agency collects electronic location or call metadata then it should be only be admissable if gathered under court order. I believe that each national government should determine by law if Intelligence agency collectedinformation may be used as probable cause to request a court order. As far as industrial espionage by national intelligence agencies, there are numerous open source reports of many agencies from China, France, Russia, and now the United States performing industrial espionage. The question is was the collected information provided to competitors, or was the collected information only used in-house to develop exploits in support of intelligence operational capabilities. This creates a grey area; just compare the appearance of the Russian and U.S. Space shuttles. Does/Did either support intelligence operational capabilities? Did the national industrial complex use the information provided outside of the intelligence operational requirments? This is an ethical / moral dilema for each nation. One may disadvantage their nation by maintaining a moral high ground, I believe that the high ground is to provide notice to the international community that intelligence collection will be conducted on any nation friendly or not, not to necessarily to harm the target of collection, but to maintain the situational awareness in todays complex international environment. The next societal question becomes what governs the sharing of collected intelligence, and how the shared information may be used. For example, could GCHQ provide intelligence information collected without a court order to the FBI, and the FBI use the information in court to prosecute a U.S. Citizen or Non-U.S. Person? It is the commercial sector's niavety in not performing the due dilligence of protecting the data of thier customers at rest and in transit. Security by obscurity has been a proven fallicy for at least a decade, if not two. If commercial offerings do not provide confidentiality, integrity, and availability (CIA) then the user agreement must state they do not/ or cannot guarantee that data generated, accessed, or transported by the commercial offering may be accessed by third parties while in transit or by court order. Finally, the public must open their minds and accept that services do not provide CIA without the the service/application making the accertion that it does. Finally, the public needs to get their head out of the sand or other dark place, and run from services/applications which do not assert they protect the CIA of their user’s data and explicitly state how it may be sold/shared either seperately or in aggregate outside the service/application. .


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»