Eight major technology companies, including mobile heavyweights Apple (NASDAQ:AAPL), Google (NASDAQ:GOOG) and Microsoft (NASDAQ:MSFT), launched a public campaign to reform government surveillance efforts, which could also help restore their customers' trust after widespread disclosures of snooping by the National Security Agency.
The group--which also includes AOL, Facebook (NASDAQ:FB), LinkedIn, Twitter and Yahoo--issued an open letter to President Obama and members of Congress and wrote that while they acknowledge that governments have a duty to protect their citizens, they feel the disclosures by former NSA contractor Edward Snowden show the need for reform.
"The balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution," they wrote. "This undermines the freedoms we all cherish. It's time for a change."
The Snowden disclosures, which started this summer, revealed widespread complicity by the tech companies in government surveillance efforts. Since then the companies have tried to push back against the notion that they are providing wholesale access to customer data, only noting that they comply with specific government requests for data. However, an October Washington Post report that cited Snowden documents and said the NSA had secretly broken into the main communications links that connect Yahoo and Google data centers around the world, may have forced that companies to respond more forcefully.
"It's now in their business and economic interest to protect their users' privacy and to aggressively push for changes," Trevor Timm, an activist at the Electronic Frontier Foundation, told the New York Times. "The NSA mass-surveillance programs exist for a simple reason: cooperation with the tech and telecom companies. If the tech companies no longer want to cooperate, they have a lot of leverage to force significant reform."
On a website they set up, the companies said that "governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users' reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications." They also said courts reviewing intelligence agency's decisions—as the Foreign Intelligence Surveillance Court does in the U.S.—should be "independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry."
Additionally, the companies said governments "should allow companies to publish the number and nature of government demands for user information" and should also "promptly disclose this data publicly." Further, the companies said governments "should not require service providers to locate infrastructure within a country's borders or operate locally," as Brazil is debating in the wake of the Snowden revelations.
Finally, the companies said: "In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty--or 'MLAT'--processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict."
Of course, all of the companies' business models depend on collecting the same customer data that the intelligence agencies often want—such as email messages, search requests, payment information and other data. Perhaps seeking to regain the moral high ground, the companies wrote that they are "focused on keeping users' data secure--deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope."
In the letter the companies urged the U.S. government "to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight."
The Obama administration has started a review of NSA practices and the results of that review could be presented to the White House as soon as this week, the Times noted.
In contrast to the tech companies, traditional telecoms companies have mostly stayed quiet in the furor over the leaks, and have longer-standing relationships with the intelligence agencies, and the NSA in particular. The NSA collects telephone metadata on domestic calls directly from telephone companies.
AT&T (NYSE:T), for example, said in a letter to the Securities and Exchange Commission it opposes a shareholder proposal urging disclosures of government requests for customer information, calling it unworkable and an effort to "micromanage" the company. AT&T asked regulators to let it ignore a shareholder resolution.
"For the phone companies," Tim Wu, a professor at Columbia University studying the Internet and the law, told the Times, "help with federal spying is a longstanding tradition with roots in the Cold War. It's another area where there's a split between old tech and new tech--the latter taking a much more libertarian position."
- see this Reform Government Surveillance site
- see this NYT article
- see this Washington Post article
- see this WSJ article (sub. req.)
- see Bloomberg article
- see this Reuters article
NSA tracking location data on hundreds of millions of cell phones, according to Snowden leak
NSA confirms pilot program that tried to track cell phone location data
Report: NSA can hack into Apple, Google and BlackBerry smartphone data
Apple: We received up to 5,000 requests for user data from government in 6 months
Report: NSA doesn't directly get access to Verizon Wireless, T-Mobile call data
Reports: NSA gets phone records from Verizon, AT&T, Sprint, as well as data from Apple, Google and others