Serious Business Challenges Posed by NSA Surveillance Revelations

Share |

Recent revelations about the National Security Agency’s (NSA) surveillance efforts have clearly changed the privacy landscape for the remainder of 2013, if not much longer. This is a complex policy issue with very broad implications.

Importantly for SIIA members, it is one that poses the following serious business challenges:  (1) enhanced privacy concerns among customers around the world, (2) policymakers around the world seeking to restrict the cross-border flow of data and enact technology localization requirements, and (3) conflation of private sector data collection with government surveillance as an inseparable public-private partnership that necessitates strict new commercial privacy legislation or regulations—FTC Commission Julie Brill has recently made this connection in an op-ed, which has also come from influential thought-leaders such as former White House Chief of Staff John Podesta.

As a preliminary assessment, the Information Technology Innovation Foundation (ITIF) estimates that the U.S. cloud computing industry alone could lose up to $35 billion over the next three years if foreign customers decide the risks of storing data with a U.S. company outweigh the benefits.

SIIA has been very engaged in policy debates surrounding this issue for several months, and we expect to remain highly engaged to combat these challenges for months to come.  Recently, SIIA President Ken Wash was invited to a meeting at the White House in early August, which was one of several consultations leading up to the President’s call for reforms to NSA programs on August 9.

As a follow-up to the discussion with Administration officials and the SIIA this week joined with other leading technology trade associations in sending a letter to Administration officials urging that discussions about national security must be kept separate from conversations about commercial privacy issues, as the policy considerations in these two areas are distinct. In the letter, SIIA and industry partner organizations made the following recommendations for action that are likely to frame our priorities for the remainder of 2013:

  1. Implement transparency with respect to national security programs – in order to separate fact from fiction regarding the intersection of private sector IT companies and the U.S. Government, it is critical that the Administration enhance transparency and enable companies to share information publicly about the scope and frequency of Government inquiries;
  2. Promote policies that allow for unimpeded cross-border data flows such as the U.S.-EU Safe Harbor Framework – We are already seeing that longstanding and effective cross-border data mechanisms are being questioned in light of the recent disclosures about the U.S. government surveillance programs. For instance, recent statements by government officials in the EU indicate a lack of “trust” in the U.S.-EU Safe Harbor framework, which allows for the transfer of information from the EU to the U.S. for participating companies. This is one of many critical policies that facilitate digital trade for U.S. companies, and it is critical that U.S. government must vigorously engage with the international community to promote cross-border data flows while addressing privacy and civil liberties concerns; and
  3. Support reforming the Electronic Communications Privacy Act (ECPA) to enhance privacy in law enforcement investigations – SIIA has been a leading supporter of ECPA, seeking to update the outdated statue by correcting the double-standard that inappropriately provides for a lower level of privacy for communications stored remotely, or “in the cloud.” Currently, the law provides for a challenging legal environment for industry and a disincentive for customers to embrace hosted information and communications technology solutions as an alternative to on-premise solutions.

SIIA believes that these are critical steps to ensuring that concerns about U.S. Government surveillance do not impose an unnecessary impediment to U.S. information technology businesses.  We are also closely monitoring a range of proposals in Congress that would seek to enhance transparency surrounding U.S. Government surveilance.  The  Surveillance Transparency Act of 2013 (S.1452) was introduced by Senator Al Franken on August 1st, 2013, and the Surveillance Order Reporting Act of 2013 (H.R.3035) was introduced by Congresswoman Zoe Lofgren on August 2nd, 2013.  SIIA has not endorsed any bill at this point, but the Lofgren-Franken approach goes in the right direction by allowing companies to reveal how many national security requests they have received, how many they have complied with and how many users or accounts are affected.

We will continue to focus heavily on this critical issue to promote the ability of U.S. businesses to thrive in the U.S. and markets around the world.  To that end, we will provide further updates regarding new developments.

David David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.