Eight prominent Internet technology companies unveiled an open letter last week calling for reforms to the government surveillance programs revealed by Edward Snowden. “The balance in many countries has tipped too far in favor of the state and away from the rights of the individual—rights that are enshrined in our constitution,” reads the letter, published on a website that lays out five principles for reform, including greater oversight and transparency, as well as an end to bulk data collection.
Executives from seven of the firms will meet with President Obama on Tuesday, in the shadow of a federal judge’s ruling that the collection of domestic phone records is "almost certainly" unconstitutional. The opinion from US District Judge Richard Leon reinforces the impression that NSA overreach constitutes a primary threat to privacy and civil liberty. But some privacy advocates caution that even if the NSA’s programs are scaled back, surveillance infrastructure will persist in the private sector—thanks to the same companies now calling for reform, whose business models depend on the collection and sale of vast quantities of personal information.
“It’s one-stop shopping for the NSA,” warned Jeffrey Chester, the executive director of the Center for Digital Democracy, a consumer privacy advocacy group. “What they’ve done is create a global commercial surveillance system that is engaged in the same kind of pervasive tracking and analysis [as the NSA].”
The engagement of IT companies in the debate about the state’s surveillance powers seems like a clear win for reformers. Though they lack detail, the firms’ principles align with many of the changes called for by privacy advocates. This is the first time that the tech giants—including Google, Facebook, Yahoo, Twitter and Apple—have made a joint political statement, and the move is well-timed: early in the new year Congress will weigh competing legislation with the potential to roll-back some of the NSA’s overreach, or enshrine data collection programs in law. With a combined value of $1.4 trillion and a growing lobbying presence in Washington, these companies wield considerable influence.
“We’re happy to have them in this fight,” said Michelle Richardson, a lobbyist for the American Civil Liberties Union. “Of course the real question is the next step—whether they are willing to put lobbying muscle behind it.”
Another question is how far the interests of the Internet giants really overlap with the concerns of civil libertarians. Nowhere in their calls for reform do the IT companies address the privacy implications of selling troves of personal information collected from millions of Americans to online advertisers. Substantial investment and innovation in data collection by the private sector has enriched shareholders, and enabled the government’s spying programs.
“The accumulation of corporate power in terms of having these very powerful dossiers of every individual, their networks and locations, gives them tremendous influence over our lives. These corporations have agendas as well,” said Chester.
This agenda—in short, to convert users into a source of profit—is less sinister at face value than the prospect that the NSA’s surveillance programs will ossify into the architecture of a police state. Unlike government spying, data collection and tracking by the private sector is largely opt-in: no one forces us to click “agree” at the end of a long and opaque user agreement. And the risks of sharing personal information seem low; Facebook will not haul you off to jail because of who your friends are.
But the national security apparatus is deeply entangled with Silicon Valley, as the Snowden revelations have illustrated. In early December, The Washington Post reported that the NSA is “piggybacking” on the tracking tools that allow advertisers to follow and target users, “using ‘cookies’ and location data to pinpoint targets for government hacking and to bolster surveillance.” Google’s PREF cookies are particularly useful to the NSA, according to the Post, and it isn’t clear to what extent the company cooperates with the agency.
The Snowden disclosures revealed that many Internet and telecom companies have both complied with the agency’s requests for data and been unwitting prey for back-door data collection. Several IT firms have asked the government for authorization to share information about the requests for data they receive, and the open letter assures consumers the companies are “deploying the latest encryption technology to prevent unauthorized surveillance on our networks.” (Other companies implicated by the Snowden leaks, notably Verizon and AT&T, have not indicated any willingness to be more open about their relationship with the NSA.)
When it comes to its own practices, however, the IT industry has a record of fighting consumer protections. Silicon Valley has lobbied aggressively against legislation in Europe that would help users evade online tracking and targeted advertising. Google has paid more than one multi-million dollar settlement for evading privacy protections built into the Internet browser Safari, and a related lawsuit is pending in the United Kingdom. It appears that, as Christopher Soghoian of the ACLU tweeted last week, Google and other companies “just want to be the exclusive spying source for their customers’ data.”
While the open letter pays lip service to civil liberties, the real concern it expresses isn’t for the rights of the people per se, but for consumer confidence—read, the companies’ bottom line. “Recent revelations about government surveillance activities have shaken the trust of our users, and it is time for the United States government to act to restore the confidence of citizens around the world,” Yahoo CEO Marissa Mayer wrote on the new website. Microsoft’s Brad Smith put it more bluntly: “People won’t use technology they don’t trust.” One analyst predicts that Internet companies will lose as much at $180 billion by 2016 because of the damage done to their reputations by the leaks.
That message may have more resonance with lawmakers than concerns about individual rights. The national security apparatus has a compelling interest in maintaining the dominance of US Internet companies, as Marcy Wheeler points out. “Our stewardship of the Internet is not just one of the few bright spots in our economy, but also a keystone to our power internationally. And it gives us huge spying advantages,” she writes.
How the government will reconcile its competing interests in extensive spying and in maintaining the dominance of America’s Internet services industry is an interesting question. At this point it looks likely that any voluntary changes will be cosmetic, designed to appease angry foreign leaders and reassure Internet users. Even strong checks from the legislative branch now cannot guarantee a permanent firewall between private data pools and the government; Intelligence agencies and administration officials have repeatedly demonstrated their aptitude for contorting the law to fit their designs.
Still, some of the reforms in play in Congress and addressed by the IT giants, particularly those related to transparency, could allow for a more thorough examination of the relationship between the private sector and government surveillance programs.
“We’re not going to stop the collection of data because our digital behaviors have transformed how we live our lives,” said Chester. “There’s no way to dismantle this system. However, we can create some limits. What’s needed are rights for consumers.”