"Who Has Your Back?" In Depth: Fighting for User Privacy in Congress
EFF has called on companies to stand with their users when the government comes looking for data. (If you haven’t done so, sign the petition urging companies to provide better transparency and privacy.) This article will provide a more detailed look at the last of the four elements required for a company to earn a gold star in our campaign: Fight for user privacy in Congress.
In prior blog posts about the "Who Has Your Back?" campaign, we've explained that companies largely rely on internal policies when the government comes seeking data about users. If those policies are weak, murky, or left unshared, we as users are prevented from making informed decisions about the privacy risks we face.
But we shouldn't be dependent on company policies to protect our privacy. The law should protect it too, even as technologies change. And the companies that hold our data should stand with users in making the necessary legal updates. That's why the "Who Has Your Back?" campaign urges companies to take steps like joining in the effort towards lasting, permanent improvements — an industry-wide raising of the bar for user privacy — by joining the Digital Due Process coalition (DDP). Members of DDP are working to set legal standards that uphold due process, privacy, and law enforcement effectiveness — like requiring search warrants from the government when it seeks private communications and information, and requiring the government to prove to a court that the data being requested is relevant to actual, authorized law enforcement action.
More specifically, the companies and advocacy organizations essentially agree that the outdated Electronic Communications Privacy Act (ECPA) needs to be simplified, updated, and unified by Congress to reestablish meaningful rules of the road when it comes to government requests for user/customer data from a company. To that end, the coalition has been successful so far: Senator Leahy has already introduced S. 1011, an ECPA reform bill that's the first step in the process of baking stronger and clearer privacy protections into the law.
Having these standards made into law will go a long way in clarifying what a company's obligations are when the government comes knocking in search of user data. Ambiguity in the existing law is one challenge faced by companies struggling to develop privacy and transparency commitments that benefit users and increase trust. That's why standing up for your privacy in Congress—with actions like joining the Digital Due Process coalition, as Amazon, AT&T, Facebook, Google, and Microsoft have—is a gold-star move.