Dear Leader McConnell, Speaker Ryan, Minority Leader Schumer and Minority Leader Pelosi:
The Reform Government Surveillance coalition (RGS) writes to share with you our priorities for this Congress with regard to reforming laws that govern when law enforcement and the intelligence community may access user data. As you shape Congress’ agenda, we look forward to working with you on important legislation that has an impact on the information of billions of our customers around the globe.
Our customers, both individual and corporate, no matter where they are located, expect us to protect the privacy and security of their data. At the same time, law enforcement officials should have the resources that they need to better protect our communities. As a result, we have adopted the following principles that we believe must define government surveillance laws in the U.S. and throughout the world:
Limiting Governments’ Authority to Collect Users’ Information – Governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users’ reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known uses for lawful purposes, and should not undertake bulk data collection of Internet communications.
Oversight and Accountability – Intelligence agencies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry.
Transparency About Government Demands – Transparency is essential to a debate over governments’ surveillance powers and the scope of programs that are administered under those powers. Governments should allow companies to publish the number and nature of government demands for user information. In addition, governments should also promptly and publicly disclose this data.
Respecting the Free Flow of Information – The ability of data to flow or be accessed across borders is essential to a robust 21st century global economy. Governments should permit the transfer of data and should not inhibit access by companies or individuals to lawfully available information that is stored outside of the country. Governments should not require service providers to locate infrastructure within a country’s borders or to operate locally.
Avoiding Conflicts Among Governments – In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved Mutual Legal Assistance Treaty — or “MLAT” — processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.
Adopting policies that adhere to these principles is important for fostering our shared commitment to the privacy and security of our customers and their data, and for preserving the health of the Internet economy. Accordingly, the following legislative proposals are on RGS’ agenda for this Congress:
(1) Passage of the Email Privacy Act: As we have in the past, RGS companies strongly support passage of the Email Privacy Act. The Electronic Communications Privacy Act (ECPA), which it would amend, was passed when email was virtually unheard of (and used almost exclusively by businesses) and “mobile” content on cell phones and tablets did not exist. We applaud the passage of the unanimously supported Email Privacy Act by the House of Representatives, and we look forward to continuing to work on reforming ECPA, including with respect to ECPA’s current regime for secrecy orders. When secrecy around a government warrant is needed, orders that require email providers to keep these types of legal demands secret should be the exception and not the rule.
(2) A rights-protecting regime for when law enforcement asks for data across borders: Governments all over the world are adopting the position that they can request a suspect’s data regardless of the conflicts of law or international norms and treaties. This new reality is weakening trust in technology among business and consumers and is incentivizing foreign governments to consider data localization laws and other policies that would fragment the Internet and impede the flow of data and commerce across borders. At the same time, law enforcement needs mechanisms to lawfully obtain data for investigations and to protect their citizens. The MLAT process remains an important tool for this and should be modernized, but a complementary process is needed to respond to the increased number of requests for cross-border requests for digital information.
Last year, the Department of Justice sent to the House and Senate Judiciary Committees language that would enable law enforcement in another country to issue legal process for content data held by U.S. companies. A country could only issue legal process directly to U.S. companies if it enters into an agreement with the United States that requires the requests that are issued by a foreign country to meet strong standards of transparency, oversight, and due process. RGS supports legislation like this as long as it protects human rights and privacy rights (set forth in more detail here), and looks forward to working with policymakers and stakeholders on the introduction and passage of a bill that would meet these criteria.
(3) Addressing the global nature of data under ECPA: Last year, the United States Court of Appeal for the Second Circuit held that ECPA is not extraterritorial in its reach; in other words, a warrant issued under ECPA cannot be used to obtain data from a US company where that data is not stored in the US. (Since then, a court in the Eastern District of Pennsylvania has held that ECPA warrants can be used to compel the production of user data stored abroad.) In order to protect the privacy of customers both in the US and worldwide, and to ensure that law enforcement can get the information that it needs pursuant to a lawful order, the International Communications Privacy Act was introduced last year by Senators Hatch, Coons, and Heller in the Senate and Representatives Marino and DelBene in the House. RGS supports the passage of ICPA and welcomes discussion about any other approaches to this issue that are workable from a technological perspective, protective of consumers’ privacy and due process rights, and able to meet the needs of law enforcement.
(4) Reforming the expiring powers of Section 702 of the FISA Amendments Act of 2008: Section 702 of the FISA Amendments Act expires at the end of 2017. RGS would like to work with you, law enforcement, the intelligence community, civil liberties and privacy groups, and any other stakeholder to help improve oversight of and transparency of this authority.
Section 702 provides the legal underpinnings and judicial supervision for intelligence-gathering programs used by our intelligence community. As Congress moves towards reauthorizing these powers, we would support changes to Section 702 that enhance transparency, provide greater programmatic oversight, and strengthen protection of sensitive personal data. Among the reforms that we would like to work with you on are narrowing the type of information that can be collected under Section 702; requiring judicial oversight for searching the contents of 702 material for the communications of a US person (given that US persons are not the target of 702); allowing companies to disclose the number of requests they receive by legal authority; further declassification of FISA Court orders; and providing greater transparency around how the communications of US persons that are incidentally collected under Section 702 are searched and used, including how often it is “queried” using identifiers that are tied to US persons.
We look forward to working with you to help ensure that an appropriate balance is struck between the government’s need for critical information and people’s privacy and due process rights.
Thank you very much, as always, for your hard work on these issues that are of central importance to our government and our economy.
Reform Government Surveillance
The Honorable Bob Goodlatte, Chairman, House Judiciary Committee
The Honorable John Conyers, Ranking Member, House Judiciary Committee
The Honorable Devin Nunes, Chairman, House Intelligence Committee
The Honorable Adam Schiff, Ranking Member, House Intelligence Committee
The Honorable Chuck Grassley, Chairman, Senate Judiciary Committee
The Honorable Dianne Feinstein, Ranking Member, Senate Judiciary Committee
The Honorable Richard Burr, Chairman, Senate Intelligence Committee
The Honorable Mark Warner, Vice Chairman, Senate Intelligence Committee