Opponents of the National Security Agency's electronic surveillance programs cheered Monday when eight giant tech companies issued a manifesto against governments hoovering data online. The principles laid out by Apple, Google and their cohorts, however, stopped well short of the "just leave us alone!" stance that used to be the tech world's default response to all things governmental.
Perhaps that's because they can only go so far in advocating user privacy without flying the hypocrite flag. They are, after all, among the biggest collectors of data about what people do online.
The coalition, which also includes Facebook, Microsoft, Twitter, Yahoo, AOL and LinkedIn, published five principles (and an open letter to governments worldwide) on a new website Monday. Here's each of the five, along with a plain-English translation:
1) Limiting Governments’ Authority to Collect Users’ Information
Governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users’ reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.
The meaty part here is in the second sentence, which argues against wholesale surveillance and dragnet collection of metadata. Proponents argue that the government should have records of online activity on hand when a tip comes in about a potential suspect, rather than relying on the likes of Google to preserve the data they collect. Some also say governments should be able to mine the data for evidence of suspicious activity, although the NSA says it combs through only the data related to specific suspects.
2) Oversight and Accountability
Intelligence agencies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry.
The Foreign Intelligence Surveillance Court established in the late 1970s is independent in the political sense -- its members are federal judges serving seven-year terms by appointment of the chief justice of the United States. But no one represents the public at its proceedings, and its rulings remain secret until the government moves to declassify them.
3) Transparency About Government Demands
Transparency is essential to a debate over governments’ surveillance powers and the scope of programs that are administered under those powers. Governments should allow companies to publish the number and nature of government demands for user information. In addition, governments should also promptly disclose this data publicly.
Tech companies were embarrassed by the early reports about the NSA's PRISM program, which suggested (wrongly) that they had handed the keys to their server farms to government spies. The push for transparency aims to make it clear the government is forcing the disclosure of data, and to generate more public outrage about it.
4) Respecting the Free Flow of Information
The ability of data to flow or be accessed across borders is essential to a robust 21st century global economy. Governments should permit the transfer of data and should not inhibit access by companies or individuals to lawfully available information that is stored outside of the country. Governments should not require service providers to locate infrastructure within a country’s borders or operate locally.
This one seems to aim less at the NSA than at countries such as India that have tried to resist U.S. surveillance by requiring Google et al to store locally the data they collect from users in that country.
5) Avoiding Conflicts Among Governments
In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty — or “MLAT” — processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.
Good luck with that. The whole point of the NSA's programs, ostensibly, is to gather intelligence about other countries' citizens. That's a recipe for cross-border antagonism, as evidenced by the German government's outrage over the alleged hacking into Chancellor Angela Merkel's cellphone.
That's it. There's no demand to end national security letters or for the government to show probable cause in order to collect data. In other words, the companies don't argue that governments shouldn't be surveilling Internet users or that the threshold for justifying data collection should be higher. Instead, they're just urging that governments should do their snooping more selectively.
That's a pragmatic stance, and one worth taking. But it's not the kind of clarion call that rallied the masses so effectively against PIPA and SOPA.
ALSO:Copyright © 2015, The Baltimore Sun