Today, there are full-page advertisements running in the New York Times, Washington Post, Politico, Roll Call, and The Hill. They all have the same message: big tech companies are calling on Congress to rein in the mass surveillance. You can read the full message on the newly-launched Reform Government Surveillance site.
This is a victory for users—with the companies taking a giant step forward in supporting their customers’ rights. The five basic principles they announced today include:
- Limiting Governments’ Authority to Collect Users’ Information
- Oversight and Accountability
- Transparency About Government Demands
- Respecting the Free Flow of Information
- Avoiding Conflicts Among Governments
While these are all valuable, the first one particularly heartened us: “Governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.” With these principles, the companies are joining digital citizens worldwide in demanding a stop to the unrestrained, mass surveillance of our digital lives.
This is an important moment in the fight for surveillance reform. Right now, the United States Congress is facing a fundamental decision about how it will handle mass surveillance confirmed by the Snowden disclosures. There are bills that would rein in the mass surveillance in a meaningful way and others that would entrench the worst of the NSA’s surveillance practices into law. The primary bill championing reform is the USA FREEDOM Act, which EFF has praised as a strong step in the right direction even if it doesn’t go as far as we’d like. On the other hand, Senator Feinstein is pushing the so-called FISA Improvements Act, which attempts to legalize the bulk data collection of the NSA. (Join EFF in killing the bill.)
The events of the last six months have shown that pressure from the general public can help change things for the better. Since June, users around the world have been demanding an end to bulk collection of our digital communications—and have been calling on companies to join us in the fight. Just after the world began to see internal NSA documents exposing massive unchecked spying, EFF and Access Now launched a petition calling on big companies to demand surveillance reform. We targeted it at those companies that had been named in the Washington Post and Guardian articles about PRISM, the code-name for a secret NSA surveillance program.
The leaked files indicated the government had access to servers of nine major U.S. companies, including Facebook, Google, and AOL. The companies dispute that they had cooperated with the government in allowing direct access to millions of peoples’ digital communications, though sometimes with strange phrasings in their denials. We asked questions about the program, and then launched a grassroots campaign in partnership with Access Now demanding that US tech companies join individuals in calling for surveillance reform.
More recently, we learned that the NSA was getting direct access to major service providers, by stealing information off of links between the companies’ data centers—without the companies’ knowledge. This shows that policy reform is not the only thing necessary. While policy reform can protect against unconstitutional surveillance orders coming through the front door, encryption is just as important, protecting the backdoor against warrantless spying. In response, EFF called for tech companies to take steps to encrypt their data, as well as take the policy fight to Congress and the courts.
Over the last few weeks, several major companies have announced plans to increase encryption (see Encrypt the Web Report). Companies like Twitter, Facebook, and Google already had many of the encryption measures we think should be standard across the board; companies like Microsoft and Yahoo have committed to taking definite steps the near future.
But notably absent from the coalition are telecom companies, like Verizon and AT&T. These companies have long been considered the weak link when it comes to government access request. AT&T just announced that it would not respond to shareholder requests to be transparency about its relationship with the NSA.
So while this is a moment to celebrate, the battle is far from won. We’re looking forward to encouraging these companies to engage even more in fighting for users’ privacy rights in Congress even as they increase their digital security. We also urge companies to sign onto our robust international surveillance and human rights principles, which are in alignment with the five principles published by the tech companies, but include more protections for users.