NSA Surveillance Scandal Began One Year Ago. Here’s What Tech Companies Still Need to Do.

The Citizen's Guide to the Future
June 5 2014 11:12 AM

NSA Surveillance Scandal Began One Year Ago. Here’s What Tech Companies Still Need to Do.

ARP3601378
Snowden became an international figure one year ago.

Photo by JOHN MACDOUGALL/AFP/Getty Images

One year ago, Edward Snowden gave the world an unprecedented wake-up call—a shock from which the public, governments, and industry are still stumbling to recover.

The public has reacted, appropriately, with alarm, anger, and demands for information and reform. The U.S. government has responded, predictably, with embarrassment, obfuscation, and invocations of national security. As for the technology companies—which financially benefit from their status as stewards of our private information—well, it’s complicated.

From the start, users’ trust was at the center of the tech companies’ concerns. While companies like Facebook, Google, Microsoft, and Yahoo immediately issued vague statements refuting the suggestion in several leaked documents that the NSA had “direct access” to the companies’ data servers, public skepticism persisted. Eventually, though, these firms started getting their acts together, taking some real steps towards improving their standing with customers by competing on privacy. (One inflection point was surely the Washington Post’s revelation that the NSA had tapped into Google and Yahoo’s overseas data links—as one Google engineer said, “Fuck these guys.”)

Advertisement

A large group of leading tech companies sued the government in the Foreign Intelligence Surveillance Court to allow them to publish more information about the kinds of government requests for user data they receive. The tech lobby has used its clout in Washington to push for some pro-privacy measures, signing on to support meaningful surveillance reform in Congress and publicly breaking with members of the intelligence community who have sought to gut reform bills of important privacy protections. And, of late, Internet companies across the board have rushed to implement technological solutions, like basic encryption, that are aimed at preventing surreptitious government collection of data directly from the Internet backbone.

As encouraging as these steps have been, these technology companies can—and must—do much, much more. The Snowden revelations have upset the latent assumption that these companies’ responsibilities to us end when they give us free, convenient tools. We trust them to be the custodians of our data in part because we believe they will have our backs when it comes to keeping that data private. After all, who knows better than these companies just how much can be gleaned from the aggregated bits and bytes we send their way every single day?

Here are just a few things they can do, starting now:

  • Insist on warrants and resist overbroad demands: As the first line of defense against government requests, companies have not just the right but the obligation to stand in their customers’ shoes and push back when law enforcement makes intrusive or novel demands. Many government requests are informal requests against which firms can push back—and, as Microsoft’s successful resistance to a recent national-security letter demonstrates, the government knows many of these requests would never hold up in court. And even when the government comes with a warrant, companies have the duty to challenge new or expansive uses of surveillance authorities in court, where users themselves are often shut out by law.
  • Notify users of surveillance requests: Only in rare circumstances do law-enforcement requests for data come with court-ordered gags. (Even in those rare cases, the gags are often unconstitutional.) It should be company policy across Silicon Valley to notify users when the government requests customer information—and, both promisingly and increasingly, it is. Changing the practices of Internet companies who receive these kinds of requests will, as tech lawyer Al Gidari told the Washington Post, “serve[] to chill the unbridled, cost-free collection of data.”
  • Encrypt and protect users’ communications in transit: One of the most startling discoveries from the Snowden documents was that even though simple encryption solutions exist to protect communications data in transit, most tech companies were simply not using them. As Snowden explained shortly after his first disclosures, “Encryption works.” Thankfully, there are signs of positive change—just this week, Google effectively shamed Comcast into adopting STARTTLS to protect batches of email sent from one service to another. And, like Apple, more companies should use end-to-end encryption for proprietary services like voice, video, and text messaging. What we say privately deserves protection.
  • Minimize data collection and retention: The best protection that technology companies can provide for private information is simply not having it in the first place. For too long, Silicon Valley’s business model has depended on collecting and keeping as much user data as possible. But, to paraphrase the voice in Kevin Costner’s cornfield, “if you keep it, they will come.” Responsible custodians of private information will minimize what they keep, and how long they keep it, to what is truly necessary for business purposes.

There is clear public support for surveillance reform. While Congress is struggling to pass meaningful changes, tech companies can step up and play their part as true champions of our privacy. We’ve trusted them with our secrets—and they should begin to act like it.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Brett Max Kaufman is a fellow with the American Civil Liberties Union’s National Security Project.

TODAY IN SLATE

Politics

Don’t Worry, Obama Isn’t Sending U.S. Troops to Fight ISIS

But the next president might. 

The Extraordinary Amicus Brief That Attempts to Explain the Wu-Tang Clan to the Supreme Court Justices

Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.

The Human Need to Find Connections in Everything

It’s the source of creativity and delusions. It can harm us more than it helps us.

How Much Should You Loathe NFL Commissioner Roger Goodell?

Here are the facts.

Altered State

The Plight of the Pre-Legalization Marijuana Offender

What should happen to weed users and dealers busted before the stuff was legal?

Surprise! The Women Hired to Fix the NFL Think the NFL Is Just Great.

You Shouldn’t Spank Anyone but Your Consensual Sex Partner

Moneybox
Sept. 17 2014 5:10 PM The Most Awkward Scenario in Which a Man Can Hold a Door for a Woman
  News & Politics
Weigel
Sept. 17 2014 7:03 PM Once Again, a Climate Policy Hearing Descends Into Absurdity
  Business
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
  Life
Outward
Sept. 17 2014 6:53 PM LGBTQ Luminaries Honored With MacArthur “Genius” Fellowships
  Double X
The XX Factor
Sept. 17 2014 6:14 PM Today in Gender Gaps: Biking
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
  Arts
Brow Beat
Sept. 17 2014 8:25 PM A New Song and Music Video From Angel Olsen, Indie’s Next Big Thing
  Technology
Future Tense
Sept. 17 2014 7:23 PM MIT Researchers Are Using Smartphones to Interact With Other Screens
  Health & Science
Bad Astronomy
Sept. 17 2014 11:18 AM A Bridge Across the Sky
  Sports
Sports Nut
Sept. 15 2014 9:05 PM Giving Up on Goodell How the NFL lost the trust of its most loyal reporters.