NSA Surveillance Scandal Began One Year Ago. Here’s What Tech Companies Still Need to Do.

The Citizen's Guide to the Future
June 5 2014 11:12 AM

NSA Surveillance Scandal Began One Year Ago. Here’s What Tech Companies Still Need to Do.

ARP3601378
Snowden became an international figure one year ago.

Photo by JOHN MACDOUGALL/AFP/Getty Images

One year ago, Edward Snowden gave the world an unprecedented wake-up call—a shock from which the public, governments, and industry are still stumbling to recover.

The public has reacted, appropriately, with alarm, anger, and demands for information and reform. The U.S. government has responded, predictably, with embarrassment, obfuscation, and invocations of national security. As for the technology companies—which financially benefit from their status as stewards of our private information—well, it’s complicated.

From the start, users’ trust was at the center of the tech companies’ concerns. While companies like Facebook, Google, Microsoft, and Yahoo immediately issued vague statements refuting the suggestion in several leaked documents that the NSA had “direct access” to the companies’ data servers, public skepticism persisted. Eventually, though, these firms started getting their acts together, taking some real steps towards improving their standing with customers by competing on privacy. (One inflection point was surely the Washington Post’s revelation that the NSA had tapped into Google and Yahoo’s overseas data links—as one Google engineer said, “Fuck these guys.”)

Advertisement

A large group of leading tech companies sued the government in the Foreign Intelligence Surveillance Court to allow them to publish more information about the kinds of government requests for user data they receive. The tech lobby has used its clout in Washington to push for some pro-privacy measures, signing on to support meaningful surveillance reform in Congress and publicly breaking with members of the intelligence community who have sought to gut reform bills of important privacy protections. And, of late, Internet companies across the board have rushed to implement technological solutions, like basic encryption, that are aimed at preventing surreptitious government collection of data directly from the Internet backbone.

As encouraging as these steps have been, these technology companies can—and must—do much, much more. The Snowden revelations have upset the latent assumption that these companies’ responsibilities to us end when they give us free, convenient tools. We trust them to be the custodians of our data in part because we believe they will have our backs when it comes to keeping that data private. After all, who knows better than these companies just how much can be gleaned from the aggregated bits and bytes we send their way every single day?

Here are just a few things they can do, starting now:

  • Insist on warrants and resist overbroad demands: As the first line of defense against government requests, companies have not just the right but the obligation to stand in their customers’ shoes and push back when law enforcement makes intrusive or novel demands. Many government requests are informal requests against which firms can push back—and, as Microsoft’s successful resistance to a recent national-security letter demonstrates, the government knows many of these requests would never hold up in court. And even when the government comes with a warrant, companies have the duty to challenge new or expansive uses of surveillance authorities in court, where users themselves are often shut out by law.
  • Notify users of surveillance requests: Only in rare circumstances do law-enforcement requests for data come with court-ordered gags. (Even in those rare cases, the gags are often unconstitutional.) It should be company policy across Silicon Valley to notify users when the government requests customer information—and, both promisingly and increasingly, it is. Changing the practices of Internet companies who receive these kinds of requests will, as tech lawyer Al Gidari told the Washington Post, “serve[] to chill the unbridled, cost-free collection of data.”
  • Encrypt and protect users’ communications in transit: One of the most startling discoveries from the Snowden documents was that even though simple encryption solutions exist to protect communications data in transit, most tech companies were simply not using them. As Snowden explained shortly after his first disclosures, “Encryption works.” Thankfully, there are signs of positive change—just this week, Google effectively shamed Comcast into adopting STARTTLS to protect batches of email sent from one service to another. And, like Apple, more companies should use end-to-end encryption for proprietary services like voice, video, and text messaging. What we say privately deserves protection.
  • Minimize data collection and retention: The best protection that technology companies can provide for private information is simply not having it in the first place. For too long, Silicon Valley’s business model has depended on collecting and keeping as much user data as possible. But, to paraphrase the voice in Kevin Costner’s cornfield, “if you keep it, they will come.” Responsible custodians of private information will minimize what they keep, and how long they keep it, to what is truly necessary for business purposes.

There is clear public support for surveillance reform. While Congress is struggling to pass meaningful changes, tech companies can step up and play their part as true champions of our privacy. We’ve trusted them with our secrets—and they should begin to act like it.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Brett Max Kaufman is a fellow with the American Civil Liberties Union’s National Security Project.

TODAY IN SLATE

Politics

The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

Congress’ Public Shaming of the Secret Service Was Political Grandstanding at Its Best

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

A Plentiful, Renewable Resource That America Keeps Overlooking

Animal manure.

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Politics

Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Hasbro Is Cracking Down on Scrabble Players Who Turn Its Official Word List Into Popular Apps

Florida State’s New President Is Underqualified and Mistrusted. He Just Might Save the University.

  News & Politics
Politics
Sept. 30 2014 9:33 PM Political Theater With a Purpose Darrell Issa’s public shaming of the head of the Secret Service was congressional grandstanding at its best.
  Business
Moneybox
Sept. 30 2014 7:02 PM At Long Last, eBay Sets PayPal Free
  Life
Gaming
Sept. 30 2014 7:35 PM Who Owns Scrabble’s Word List? Hasbro says the list of playable words belongs to the company. Players beg to differ.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Sept. 30 2014 3:21 PM Meet Jordan Weissmann Five questions with Slate’s senior business and economics correspondent.
  Arts
Brow Beat
Sept. 30 2014 8:54 PM Bette Davis Talks Gender Roles in a Delightful, Animated Interview From 1963
  Technology
Future Tense
Sept. 30 2014 7:00 PM There’s Going to Be a Live-Action Tetris Movie for Some Reason
  Health & Science
Medical Examiner
Sept. 30 2014 11:51 PM Should You Freeze Your Eggs? An egg freezing party is not a great place to find answers to this or other questions.
  Sports
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.