CIO Magazine
NSA Revelations Prompt Tech Industry to Call for Privacy Safeguards
Posted Mon, August 26, 2013
Amid the fallout from the revelations of the National Security Agency’s wide-ranging electronic surveillance program, several leading technology trade groups are calling on the White House to temper the data-collection activities with new transparency and privacy provisions.
In a letter to White House Chief of Staff Dennis McDonough and counsel Kathryn Ruemmler, the groups urged the administration to give their member companies more latitude in making public disclosures about the government’s national security data requests.
The groups, which include the Business Software Alliance, the Internet Association and the Software & Information Industry Association, wrote to “encourage the government to revisit limitations on what private companies can disclose about the orders they receive, recognizing that a lack of transparency on this subject may lead consumers to overestimate the scope of these intelligence programs and, thereby, undermine public trust in both industry and the government’s efforts.
“In particular, companies should be allowed to report the number of orders they receive pursuant to U.S. national security or intelligence gathering and surveillance programs, and the number of users or accounts that are the subject of the orders,” they wrote, recommending further that “the government disclose similar information relating to the orders.”
For the tech sector, the national-security requests are an issue of consumer trust and the bottom line. The perception that the government has direct and unlimited access to data stored with tech firms has created yet another obstacle for U.S. cloud providers seeking to do business in foreign markets such as Europe, where government officials are already wary of the privacy implications when data moves across borders.
The trade groups cite an estimate that U.S. cloud computing providers could lose as much as $35 billion over the next three years as a result of the NSA’s PRISM program.
Small wonder, then, that companies like Google and Microsoft have been trying to debunk the notion that their cooperation with government intelligence requests represents any sort of departure from their longstanding compliance with orders from the Foreign Intelligence Surveillance Act courts, and are seeking greater authority to disclose the frequency and extent of the national-security requests they receive.
The new letter from the trade groups seems an effort to present a unified front amplifying those calls.
“One of the most negative consequences of the recent disclosures would be if it were to result in increased barriers to global cross-border data flows,” the groups wrote. “The free flow of data is critical to the continued growth of our global economy, and such free flow is recognized as one of the most important principles of international trade.”
They are calling for U.S. officials to engage with their counterparts in Europe to restore trust in the safe harbor framework governing cross-border data flow between the United States and European Union, the legal mechanism that underpins much of the operations of domestic cloud providers doing business in EU member states.
Additional, the trade groups are appealing for reforms to an aging electronic privacy law that they say no longer makes sense in the age of cloud computing.
They are asking for the White House to endorse the reforms to the 1986 Electronic Privacy Communications Act, or ECPA, that have been introduced in the Senate and would require law enforcement authorities to obtain a warrant to access the contents of electronic communications stored with all cloud providers.
“We urge the Obama Administration to support efforts to pass a clean ECPA bill and oppose efforts to include carve outs to the warrant requirement, which would weaken the privacy protections the bill seeks to establish,” the groups wrote.
At the outset, the groups contend that commercial privacy issues such as targeting advertisements to consumers’ online behavior must be treated separately from the government’s surveillance programs, “as the policy considerations in these two areas are distinct.”
The letter follows a series of meetings that White House officials held earlier this month with industry representatives, privacy advocates and other stakeholders concerning the privacy implications of the government’s intelligence activities.
The tech trade groups say that they are encouraged by President Obama’s directive to the intelligence community to bring more information about PRISM and other similar programs to light, and are calling for a high level of transparency and detail to be included in a new website that will serve as a hub for public information about the government’s activities.
“The tech industry can be a positive force in helping the government achieve a balance between the needs of law enforcement and national security, and the protection of privacy and civil liberties,” says SIIA President Ken Wasch. “A key element in making this work is improving transparency and giving businesses the flexibility to provide consumers with more information about the extent to which government has access to personal information.”
###
