We need to know: companies, civil society call for transparency on surveillance

Katherine Maher contributed to this post.

This morning, Access joined a collection of companies, investors, civil society groups, and trade associations in sending a letter to U.S. government officials, including President Barack Obama, U.S. Attorney General Eric Holder, and the majority and minority leaders of the U.S. Senate and House of Representatives. The letter calls on the U.S. government to a) ensure internet, telephone, and web-based service providers be allowed to regularly report specific data regarding intelligence information requests, and to b) establish its own transparency report with specific data on number of requests, statutes, authorities, and affected individuals.

Transparency: from them, for us, by law
The letter asks that companies be granted far greater freedoms for communications providers than currently exist: the ability to publish information on specific numbers of requests, the specific authorities making those requests, and the specific statutes under which those requests are made. Furthermore, the report calls for the ability to differentiate requests based on content vs. non-content data, and enumerate the number of persons, accounts, or devices affected.

The letter’s demand for government transparency is similarly unprecedented. Currently, the government is only required to provide annual reports to Congress on the number of surveillance requests made to the Foreign Intelligence Surveillance Court (FISC) and requests for business records under Patriot Act Section 215, but last year’s vague report failed to indicate the extent of surveillance—it only listed 212 requests for business records when that provision justified the collection of records of millions of Verizon, Sprint, and AT&T customers. The letter calls for the federal government to augment these minimum requirements with comprehensive transparency reporting on the same information provided by companies: the total number of requests under specific authorities for specific types of data, and the number of individuals affected by each.

Currently, the companies that do report limited information on national security-related data requests, such as National Security Letters (NSLs), do so with permission from the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), or the Foreign Intelligence Surveillance Court (FISC). This letter asks Congress to pass legislation stipulating the right of these providers to disclose this information, as well as legally establish augmented reporting requirements for the U.S. government’s national-security related authorities, including judiciary, intelligence, and federal law enforcement agencies.

President Obama, his chief appointmented officials, and the leaders of Congress should heed this call for transparency, and demonstrate their respect for the fundamental and constitutional right to due process. Despite their protestations otherwise, the absence of information about the scope and scale of government intelligence surveillance programs has precluded informed public debate: Americans have been denied essential information regarding the activities sanctioned in their names, and international users of U.S. based services have been deprived critical information about the privacy and security of their communications.

Corporate and government data: two sides of the same transparency coin
The release of transparency reports by the government could help provide a more complete portrait of surveillance, as many companies do not yet release their own transparency reports — and when they do, the information they release may be limited and not disaggregated enough to be meaningful. While some companies may not disclose data simply because they fail to recognize their responsibilities to users, many others have pointed to legal limitations on their abilities to disclose detailed information as a significant hindrances to meaningful reporting.

Some transparency reports differentiate between requests for data made by law enforcement agencies and those made by national security authorities, which are generally subject to greater disclosure restraints. Although the U.S. government has permitted the release of some aggregated requests, such as those for National Security Letters (NSLs), companies have historically not been permitted to release information regarding requests under Patriot Act Section 215 and FISA Amendments Act (FAA) Section 702, respectively the legal bases for the mobile metadata and PRISM collection programs. Since the information regarding these programs was first leaked, Google and Microsoft have challenged these gag orders in court, but have not yet been provided injunctive relief. Today’s letter asks for the immediate provision of that right to disclosure, and the legally-mandated ability to reveal such information going forward.

The administration has claimed that revealing more information on the details of its surveillance programs would interfere with investigations, but as the letter argues, years worth of systemic transparency on investigatory authority in criminal investigations has had no apparent detrimental effect. Similarly, existing transparency reports published by companies offer no specific identifying information, ensuring ongoing investigations are not compromised while providing general clarity on the frequency of the practice.

In order to complete the picture, the government must also begin active disclosure of basic information regarding the extent of application of national security data requests. Any such complete government disclosure must be substantive and fully respond to the reported allegations regarding the ongoing surveillance programs. For example, although the U.K. has previously released reports regarding its intelligence communications intercept activities, these reports consistently failed to convey the systemic depth of surveillance conducted under Tempora, the program which allows the U.K. and U.S. authorities to intercept information traveling through U.K. fiber optic cables; this lack of true transparency provided an incomplete picture and precluded informed public discourse among British citizens. The U.S. must do better.

A comprehensive coalition for remedy
The letter has been signed by six of the nine companies mentioned in the PRISM slides, including Microsoft, Yahoo!, Google, Facebook, AOL, and Apple (Skype and YouTube are fully owned subsidiaries of Microsoft and Google, respectively) along with other major tech companies, including Mozilla, Twitter, Tumblr, LinkedIn, and Reddit. They have been joined by major tech sector investors, including Union Square Ventures and Y Combinator, and more than thirty industry associations and civil society organizations (including Access), together composing composing the largest private-public push for transparency since the initial disclosure of the programs.

The letter comes in addition to other efforts by the companies to challenge the government’s gag orders. Yahoo! deserves special mention: for the past six years, the company has been embroiled in a challenge to the government around requests for user data. In 2007, Yahoo! challenged an order in front of the FISC, and when it lost, appealed to the three-member Foreign Intelligence Surveillance Court of Review appellate court. Yahoo! lost there, as well, and the company’s challenge remained a secret until it was revealed by the New York Times in mid-June. Since the initial revelations, both Google and Microsoft have petitioned the FISC for the ability to disclose FISA requests separately from other law enforcement requests; Microsoft went so far as to follow up with a blistering letter to U.S. Attorney General Eric Holder, requesting his direct personal intervention, and a return to ‘common sense,’ in light of a “suffering” Constitution.

Efforts by the companies to seek further transparency on behalf of their users is in line with their commitments to provide access to remedy for human rights abuses under the “Protect, Respect, and Remedy” Framework of the UN Guiding Principles for Business and Human Rights. Disclosure that these violations have occurred, and transparency about their extent and scope, are meaningful first steps towards providing victims and rights defenders with critical information necessary for identifying perpetrators, mechanisms of redress, and avenues to limit further violations.

Of course, companies are not motivated by altruism alone. They have compelling self-interest to seek further transparency, in order to — in the words of Microsoft General Counsel Bradford Smith — “publicly explain practices… misinterpreted in news stories around the world.” As reports continue about the degree and extent of private sector co-operation with the NSA, and facts remain unclear, the companies have come under pressure from consumer and civil liberties groups in the U.S. and overseas with regards to their handling of user data, including legal actions filed in Europe on behalf of European users.

Transparency is only the first step
The meaningful suggestions made in this letter add to the rich landscape of U.S. surveillance reform demands emanating from civil society and industry, in the United States and around the world.

Among the first calls to reform came from the global StopWatchingUs coalition (of which Access is a core member), which launched in immediately after news of the NSA spying program broke in early June, consists of more than 550,000 individual signatories and more than 100 political, civil, and non-profit organizations calling for comprehensive reform to FAA Section 702 and PATRIOT Act 215, a Congressional investigatory committee into government surveillance, and accountability for public officials involved in administration of the programs. That same week, a coalition of more than 350 global organizations and notable individuals signed onto a letter to the U.S. Congress on behalf of the international community, registering protest against the surveillance programs.

In late June, these civil coalitions were joined by a statement from the Global Network Initiative (GNI), a coalition of businesses and civil society groups — including Google, Microsoft, and Yahoo! — dedicated to protecting human rights online, in calling for reform. In their statement, the GNI urged the government to increase transparency and oversight by declassifying more FISC rulings. Despite an incredible authorization rate, authorities insist that the FISC is not just a rubber stamp, so declassifying opinions would bring some needed clarity to the secret FISC process.

An increase in transparency is just one element of the fight for due process in U.S. surveillance. Members of the United States Senate have taken notice. Senator Blumenthal has suggested introducing an independent advocate to argue against government FISA requests, introducing an element of adversarial process into the court. Another suggestion, made by Senators Durbin and Leahy, is to implement minimization processes for the collection of metadata under Patriot Section 215, ensuring individuals not suspected of wrongdoing are not targeted. If the U.S. government is in tune with the demands of many of the country’s largest businesses and a majority of population, they will enact sensible reform.

Today’s letter provides the companies a unified front to allay any fear of individual repercussion from fighting the government’s programs. We support the companies in their defense of users’ rights and the objective of greater disclosure outlined in this letter. We urge the U.S. government to set a global precedent for transparent and accountable governance in the context of national security. However, we recognize these are only the first steps: transparency around the scope and scale of national security requests will give us insight into the interpretation and use of the statutes in question, but this transparency is most meaningful as the basis for collective, renewed efforts for meaningful, rights-respecting reform.

The the full text of letter can be read here.