Google, Facebook, ACLU, and others urge Senate to fix watered down NSA bill
Tech companies, civil liberties groups and human rights organizations are calling on the Senate to re-introduce a more comprehensive version of a once-promising NSA reform bill. The USA Freedom Act, which was passed by Congress on May 22, lost the backing of privacy advocates after the House took out several provisions to garner bipartisan support.
Reform Government Surveillance — a coalition comprised of Facebook, Google, Microsoft, Apple, Twitter, Dropbox, LinkedIn, Yahoo, and AOL — called on Senators to fix the bill, citing the need to inspire more confidence in the Internet around the world.
Credit Connie Zhou/Google
“Unfortunately, the version that just passed the House of Representatives could permit bulk collection of Internet “metadata” (e.g. who you email and who emails you), something that the Administration and Congress said they intended to end. Moreover, while the House bill permits some transparency, it is critical to our customers that the bill allow companies to provide even greater detail about the number and type of government requests they receive for customer information,” the coalition said in a press release.
A coalition comprised of Facebook, Google, Microsoft, Apple, Twitter, Dropbox, LinkedIn, Yahoo, and AOL called on Senators to fix the bill.
Civil liberties and human rights organizations echoed the group’s sentiments, saying that the current version of the legislation may give authorities enough leeway for abuse. In a letter addressed to Senate leaders, a coalition led by the American Civil Liberties Union, the Electronic Frontier Foundation, Amnesty International and Human Rights Watch stated that it is “very concerned” about the changes introduced to the bill.
“All of the undersigned organizations believed the original version of the USA Freedom Act introduced in both the House and the Senate was an important step towards comprehensive reform. However, we are very concerned about the changes made to the bill in the House and the breadth of the surveillance that the bill could abusively be read to authorize,” the group said in a press release.
“Before passage by the House, both the Judiciary and Intelligence Committees marked up the bill and reported out identical language. However, the final bill passed by the House markedly differs from both the original bill and the bill reported out of the committees … We respectfully submit that careful, public and deliberate consideration of this legislation by the Senate, beginning with full process in the Senate Judiciary and Intelligence Committees, is now necessary to ensure that the legislation truly achieves its unambiguously defined objectives.”
While one of the bill’s authors, Rep. Jim Sensenbrenner (R-Wi), admits that the legislation is weaker than its original version, he still insists that it can still prevent the NSA from collecting phone metadata.
The EFF disagrees. In an earlier press release, the organization withdrew its support of the bill, saying: “The Electronic Frontier Foundation cannot support a bill that doesn’t achieve the goal of ending mass spying.”
The most contentious part of the bill is its new definition of “specific selection term,” which outlines who or what the NSA can monitor. The original definition of specific selection term was information “uniquely describes a person, entity, or account.” In the new version of the bill, it was expanded to “person, entity, account, address, or device.”
“The new version not only adds the undefined words “address” and “device,” but makes the list of potential selection terms open-ended by using the term “such as.” Congress has been clear that it wishes to end bulk collection, but given the government’s history of twisted legal interpretations, this language can’t be relied on to protect our freedoms,” the EFF said.
Sen. Patrick Leahy (D-Vt.), who is credited as a co-author of the bill, said that the legislation will be taken up in the Judiciary Committee this month. While he expressed dismay over the version of the bill that passed Congress, he indicated that he is looking to bring back the tougher version of the bill.
“I hope we can add back in some of the reforms they had to take out of the House, reforms that both Congressman Sensenbrenner and I strongly support,” he said.
Internet Giants Erect Barriers to Spy Agencies (New York Times)
N.S.A. Collecting Millions of Faces From Web Images
Vodafone reveals that governments are collecting personal data without limits
EU: Facebook must meet privacy rules
Companies based outside the European Union must meet Europe’s data protection rules, ministers agreed on Friday, although governments remain divided over how to enforce them on companies operating across the bloc.
The agreement to force Internet companies such as Google and Facebook to abide by EU-wide rules is a first step in a wider reform package to tighten privacy laws – an issue that has gained prominence following revelations of U.S. spying in Europe.
Vodafone’s disclosure on Friday of the extent of telephone call surveillance in European countries showed the practice is not limited to the United States. The world’s second-largest mobile phone company, Vodafone is headquartered in the United Kingdom.
“All companies operating on European soil have to apply the rules,” EU Justice Commissioner Viviane Reding told reporters at a meeting in Luxembourg where ministers agreed on a position also been backed by the Court of Justice of the European Union (ECJ).
Non-European companies with operations in Europe currently comply with data protection laws in the country in which they are based, which some say leads to “jurisdiction shopping” whereby businesses set up shop in countries with a more relaxed attitude to privacy.
But under the new rules all EU countries will have the same data protection laws, meaning companies will no longer be able to challenge which laws apply to them in court.
Earlier this year a German court ruled that Facebook was subject to German data protection law even if its European headquarters are located in Ireland.
Facebook declined to comment on Friday’s agreement.
Germany and the European Commission, the EU executive, have been highly critical of the way the United States accesses data since former U.S. National Security Agency contractor Edward Snowden last year revealed U.S. surveillance programmes.
Disclosures that the United States carried out large-scale electronic espionage in Germany, including bugging Chancellor Angela Merkel’s mobile phone, provoked indignation in Europe.
“Now is the day for European ministers to give a positive answer to Edward Snowden’s wake-up call,” Reding said.
Commenting on Vodafone’s disclosure, she said: “All these kind of things show how important it is to have data protection clearly established.”
The reform package, which was approved by the European Parliament in March, has divided EU governments and still needs work to become law despite Friday’s progress.
While ministers also agreed on provisions allowing companies to transfer data to countries outside the European Union, there was no decision on how to help companies avoid having to deal separately with the bloc’s 28 different data protection authorities.
That issue was thrown into stark relief by a ruling from Europe’s top court requiring Google to remove links to a 16-year-old newspaper article about a Spanish man’s bankruptcy.
The search engine has since received tens of thousands of requests across Europe, and under current rules has to deal with each national authority.
A “one-stop-shop” arrangement would allow companies to deal exclusively with the data protection authority in the country where it has its main establishment. But governments are concerned about a foreign data protection authority making binding decisions that they would then have to enforce.
For example, if a complaint originated in Denmark against a company based in Ireland, the Danish authorities would have to implement a decision by the Irish data protection body, something that is both legally and politically difficult.