All Quiet On The Tech Front As The Clock Ticks Down On Section 702 Renewal
from the a-little-help? dept
Things have been mostly quiet as Congress heads towards the possible renewal of Section 702 surveillance powers. The NSA, oddly, made the most noise by dropping its “about” collection because it simply couldn’t (or wouldn’t) stop harvesting US persons’ communications. As usual, privacy activists are sounding the alarm but the general level of noise at the Congressional level is nothing compared to the runup to Section 215’s renewal.
Quieter is better for the Trump administration, which has already expressed its desire for a clean reauthorization. There are plenty of surveillance hawks who would rather no one messed with the approval process and a few of those have the power to stonewall any legislative reforms that might make their way to the House or Senate in the coming months.
But the noisiest silence is emanating from the tech sector, whose platforms and services are integral to the NSA’s harvesting of internet communications and data.
Facebook, Alphabet’s Google, Apple and other major technology firms are largely absent from a debate over the renewal of a broad U.S. internet surveillance law, weakening prospects for privacy reforms that would further protect customer data, according to sources familiar with the matter.
While tech companies often lobby Washington on privacy issues, the major firms have been hesitant to enter a fray over a controversial portion of the Foreign Intelligence Surveillance Act (FISA), industry lobbyists, congressional aides and civil liberties advocates said.
Some of this could be due to the fact that some surveillance activities happen without any direct assistance from these companies. The NSA also pulls communications from internet backbones and taps on transatlantic cables. Speaking up against this surveillance may subject companies to additional demands, rather than allow them to go comparatively unmolested.
Other contributing factors are mostly business-related. Interfering with collections (or their authority) may make the worldwide transmission of internet communications a bit more hazardous, especially if the NSA’s collections run afoul of foreign privacy laws.
The companies’ relative inactivity is explained by several legal challenges in Europe to an agreement between the United States and the European Union, known as the Privacy Shield, the sources said. The litigation hinges on whether U.S. surveillance practices afford enough privacy safeguards. A coalition of human rights organizations has urged Europe to suspend Privacy Shield unless Section 702 is substantially reformed.
U.S. technology companies have privately bristled at those efforts, three industry lobbyists [said], in part because expectations that 702 reforms will pass Congress are low.
“If you link them and you lose one, you lose both,” said one of the lobbyists, who like the others requested anonymity to discuss private conversations with technology companies.
Rather than step into the fight, tech companies are on the sideline, holding their collective breaths. The chances of serious reform are minimal, what with the President preferring a clean re-auth. If the European Union decides the United States isn’t taking foreigners’ privacy seriously, it may act to block collections by booting American tech companies out or requiring sequestered servers that can’t be reached by American surveillance efforts.
Obviously, neither outcome works for the NSA either. It needs as much cooperation as possible from foreign partners in order to elude privacy protections the US extends to other nations’ citizens. Casting its net in international waters muddies jurisdictions, as do information-routing efforts like Google’s that send communications from server to server based on efficiency, rather than country of origin. Relying on foreign intelligence agencies’ intercepts also helps both partners evade local restrictions.
The Fortune article also notes there’s a distinct lack of clarity to the Section 702 debate at this point, one that doesn’t encourage any company to open its mouth when there’s billions of dollars of services on the line. Some privacy activists hope this changes as the debate moves forward, but considering the programs aren’t directly affecting Americans (unlike Section 230’s domestic collections), it’s a harder sell. No one is asking for the collections authorized by this statute to be shut down completely. Even ardent privacy activists admit the programs are more targeted and more respectful of Americans’ privacy. The problems lie in its oversight, of which there is very little, and other authorities (Executive Order 12333, for one) that aren’t open to debate or periodic renewals.
Despite these possible explanations, the silence isn’t exactly heartening. Tech companies made plenty of noise when the Snowden leaks hit, exposing multiple programs that gathered communications from international cables and service providers. But they’ve said little since, at least in terms of Section 702 programs. Many are fighting for users’ privacy in court, but those efforts deal with demands from law enforcement, rather than surveillance programs that bypass regular courts completely. If the level of noise doesn’t increase in the next few months, it will probably be safe to assume the companies are more interested in salvaging European relationships than possibly upsetting the NSA’s Section 702 apple cart.