This is a joint international campaign between EFF and Access Now.
The Guardian and the Washington Post recently published slides that indicate that the US government’s National Security Agency (NSA) is engaged in mass surveillance of users around the world through a program called PRISM. The NSA is extracting audio, video, photographs, emails, documents, and connection logs from nine leading Internet companies: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. Furthermore, the US is reportedly sharing this data with the UK government.
These major Internet companies have denied any knowledge of the PRISM program. For instance, Facebook’s CEO Mark Zuckerberg has said, “Facebook is not and has never been part of any program to give the US or any other government direct access to our servers…We hadn't even heard of PRISM before yesterday.”
It’s difficult to square the companies’ denials with the leaked slides and the US government’s admission that the PRISM program does exist—and is capturing data from users all over world.
The time is now for global users of US Internet companies to demand answers, and for those companies to join them in seeking more transparency—and limits to government surveillance of their international and US users.
What does this mean for non-American users of American Internet companies?
This issue affects users of these services all over the globe. The nine Internet companies allegedly cooperating in the PRISM program have hundreds of millions of users worldwide. If Silicon Valley’s Internet giants have been cooperating with the US government to help collect massive and detailed dossiers on Internet users worldwide, this constitutes a tremendous breach of trust. Even if they have acted only subject to court orders, the scope of government access to their customers’ information appears unprecedented and more information is needed.
What does the Obama Administration say about international Internet users?
The Obama administration insists that surveillance of foreigners by the US is acceptable. A senior official in the Administration stated that the NSA and FBI’s surveillance programs involve “extensive procedures... to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.” So targeting of foreigners who use US-based Internet services is fair game and appears to include full communications content..
Is the surveillance of international customers consistent with international human rights law?
International human rights law requires all surveillance measures to be “proportionate,” meaning that no more information is collected than is necessary. A recent report from United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, confirms, “[l]egal frameworks must ensure that communications measures … adhere to the principle of proportionality and are not employed when less invasive techniques are available or have not yet been exhausted.” Mass surveillance or unfettered access to the complete communications and communications records of international customers of American Internet companies is not a proportionate measure.
With regard to extraterritoriality, the U.N. Rapporteur noted that extraterritorial application of surveillance laws raises serious concerns because individuals are unable to know that they might be subject to foreign surveillance, challenge decisions with respect to foreign surveillance, or seek remedies.
And the Rapporteur explicitly referenced the U.S. Foreign Intelligence Surveillance Act, or FISA, citing it as part of an “alarming trend towards the extension of surveillance powers beyond territorial borders," which would increase the "risk of cooperative agreements between State law enforcement and security agencies to enable the evasion of domestic legal restrictions.” As a result, the U.S. delegation to the Human Rights Council declined “to endorse all of the conclusions of the report,” putting forward a statement that surveillance, “used appropriately, supports human rights.”
Mass surveillance is a violation of universal rights. If Internet companies want to clear their names and win back the trust of their users worldwide, their CEOs must demand public answers from the US government.
Denials are not enough. The CEOs must call for an accounting of America's secret spying programs.
When the government was caught spying on American citizens in the 1960s and 70s, Congress created a special committee to investigate that resulted in legal reforms that ensured at least some judicial oversight of surveillance programs. But in recent years the scope of the surveillance has expanded and oversight has been reduced.
And although Congress passed a law in 2008— FISA Amendments Act—allowing the surveillance of foreigners through their use of US-based services (or the passage of their communications through the US), that law did not contemplate wholesale collection or unfettered access to foreign communications.
Now it’s time for another reckoning: Internet companies must join the call for Congress to act in a similar fashion and create committee to uncover the truth about these alarming allegations.
Join EFF in calling on the CEOs of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple to demand for a full investigation by Congress by emailing them today.