Dear Leader McConnell, Speaker Ryan, Minority Leader
Schumer and Minority Leader Pelosi:
The Reform Government Surveillance coalition (RGS) writes
to share with you our priorities for this Congress with regard to reforming
laws that govern when law enforcement and the intelligence community may access
user data. As you shape Congress’
agenda, we look forward to working with you on important legislation that has
an impact on the information of billions of our customers around the
globe.
Our customers, both individual and corporate, no matter
where they are located, expect us to protect the privacy and security of their
data. At the same time, law enforcement
officials should have the resources that they need to better protect our
communities. As a result, we have
adopted the following principles that we believe must define government
surveillance laws in the U.S. and throughout the world:
Limiting Governments’
Authority to Collect Users’ Information – Governments should codify
sensible limitations on their ability to compel service providers to disclose
user data that balance their need for the data in limited circumstances, users’
reasonable privacy interests, and the impact on trust in the Internet. In
addition, governments should limit surveillance to specific, known uses for
lawful purposes, and should not undertake bulk data collection of Internet
communications.
Oversight and
Accountability – Intelligence agencies seeking to collect or
compel the production of information should do so under a clear legal framework
in which executive powers are subject to strong checks and balances. Reviewing
courts should be independent and include an adversarial process, and
governments should allow important rulings of law to be made public in a timely
manner so that the courts are accountable to an informed citizenry.
Transparency About
Government Demands – Transparency is essential to a debate over
governments’ surveillance powers and the scope of programs that are administered
under those powers. Governments should allow companies to publish the number
and nature of government demands for user information. In addition, governments
should also promptly and publicly disclose this data.
Respecting the Free Flow of
Information – The ability of data to flow or be accessed
across borders is essential to a robust 21st century global economy.
Governments should permit the transfer of data and should not inhibit access by
companies or individuals to lawfully available information that is stored
outside of the country. Governments should not require service providers to
locate infrastructure within a country’s borders or to operate locally.
Avoiding Conflicts Among
Governments – In order to avoid conflicting laws, there
should be a robust, principled, and transparent framework to govern lawful
requests for data across jurisdictions, such as improved Mutual Legal
Assistance Treaty — or “MLAT” — processes. Where the laws of one jurisdiction
conflict with the laws of another, it is incumbent upon governments to work together
to resolve the conflict.
Adopting policies that adhere to these principles is
important for fostering our shared commitment to the privacy and security of
our customers and their data, and for preserving the health of the Internet
economy. Accordingly, the following legislative proposals are on RGS’ agenda
for this Congress:
(1) Passage of the Email Privacy Act: As we have in the past, RGS companies
strongly support passage of the Email Privacy Act. The Electronic Communications Privacy Act
(ECPA), which it would amend, was passed when email was virtually unheard of
(and used almost exclusively by businesses) and “mobile” content on cell phones
and tablets did not exist. We applaud the passage of the unanimously supported
Email Privacy Act by the House of Representatives, and we look forward to
continuing to work on reforming ECPA, including with respect to ECPA’s current
regime for secrecy orders. When secrecy around a
government warrant is needed, orders that require email providers to keep these
types of legal demands secret should be the exception and not the rule.
(2) A rights-protecting regime for when law enforcement asks
for data across borders: Governments all over the world are adopting the position
that they can request a suspect’s data regardless of the conflicts of law or
international norms and treaties. This new reality is weakening trust in
technology among business and consumers and is incentivizing foreign
governments to consider data localization laws and other policies that would
fragment the Internet and impede the flow of data and commerce across borders.
At the same time, law enforcement needs mechanisms to lawfully obtain data for
investigations and to protect their citizens. The MLAT process remains an
important tool for this and should be modernized, but a complementary process
is needed to respond to the increased number of requests for cross-border
requests for digital information.
Last year, the Department
of Justice sent to the House and Senate Judiciary Committees language that
would enable law enforcement in another country to issue legal process for
content data held by U.S. companies. A
country could only issue legal process directly to U.S. companies if it enters
into an agreement with the United States that requires the requests that are
issued by a foreign country to meet strong standards of transparency,
oversight, and due process. RGS supports
legislation like this as long as it protects human rights and privacy rights
(set forth in more detail here),
and looks forward to working with policymakers and stakeholders on the
introduction and passage of a bill that would meet these criteria.
(3) Addressing the global nature of data under ECPA: Last year, the United States Court of Appeal
for the Second Circuit held that ECPA is not extraterritorial in its reach; in
other words, a warrant issued under ECPA cannot be used to obtain data from a
US company where that data is not stored in the US. (Since then, a court in the Eastern District
of Pennsylvania has held that ECPA warrants can be used to compel the
production of user data stored abroad.) In order to protect the privacy of
customers both in the US and worldwide, and to ensure that law enforcement can
get the information that it needs pursuant to a lawful order, the International
Communications Privacy Act was introduced last year by Senators Hatch, Coons,
and Heller in the Senate and Representatives Marino and DelBene in the House.
RGS supports the passage of ICPA and welcomes discussion about any other
approaches to this issue that are workable from a technological perspective,
protective of consumers’ privacy and due process rights, and able to meet the
needs of law enforcement.
(4) Reforming the expiring powers of Section 702 of the FISA
Amendments Act of 2008: Section 702 of
the FISA Amendments Act expires at the end of 2017. RGS would like to work with you, law
enforcement, the intelligence community, civil liberties and privacy groups,
and any other stakeholder to help improve oversight of and transparency of this
authority.
Section 702 provides the
legal underpinnings and judicial supervision for intelligence-gathering
programs used by our intelligence community.
As Congress moves towards reauthorizing these powers, we would support
changes to Section 702 that enhance transparency, provide greater programmatic
oversight, and strengthen protection of sensitive personal data. Among the reforms
that we would like to work with you on are narrowing the type of information
that can be collected under Section 702; requiring judicial oversight for
searching the contents of 702 material for the communications of a US person
(given that US persons are not the target of 702); allowing companies to
disclose the number of requests they receive by legal authority; further
declassification of FISA Court orders; and providing greater transparency around how the communications
of US persons that are incidentally collected under Section 702 are searched
and used, including how often it is “queried” using identifiers that are tied
to US persons.
We look forward to working
with you to help ensure that an appropriate balance is struck between the
government’s need for critical information and people’s privacy and due process
rights.
Thank you very much, as
always, for your hard work on these issues that are of central importance to
our government and our economy.
Signed,
Reform
Government Surveillance
cc:
The Honorable Bob Goodlatte, Chairman, House Judiciary Committee
The Honorable John Conyers, Ranking
Member, House Judiciary Committee
The Honorable Devin Nunes, Chairman,
House Intelligence Committee
The Honorable Adam Schiff, Ranking
Member, House Intelligence Committee
The Honorable Chuck Grassley,
Chairman, Senate Judiciary Committee
The Honorable Dianne Feinstein, Ranking Member, Senate Judiciary
Committee
The Honorable Richard Burr, Chairman, Senate Intelligence Committee
The Honorable Mark Warner, Vice Chairman, Senate Intelligence Committee
