Google, Privacy Groups Seek Refreshed Consumer Protections on Government Surveillance
A 23-year-old law that sets standards for government surveillance of communications should be updated to reflect technological change, said officials from Google and privacy groups in a panel Wednesday at the Computer Freedom & Privacy Conference. Americans are putting more of their information online, through new technologies like cloud computing that aren’t explicitly protected by the Electronic Communications Privacy Act, panelists said. Congressional intervention is needed, said Nicole Ozer, a policy director at the American Civil Liberties Union: “Privacy laws, unlike some technologies, just don’t auto-update.”
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Privacy advocates are planning to send proposals on updating ECBA to Congress in late summer or early fall, said Greg Nojeim, senior counsel of the Center for Democracy & Technology. The Digital Privacy and Security Working Group, of which CDT and other privacy groups are members, is crafting the proposals, Nojeim said. When complete, the papers will go to the Department of Justice and then Congress, he said.
The government “should have to get a warrant for stored content, period,” said Kevin Bankston of the Electronic Frontier Foundation. That includes e-mail and documents stored through cloud computing systems. Law enforcement should need to show probable cause for search terms and location information, he said. The government should do more reporting of activities so citizens can find out how surveillance laws are being applied, he said.
There have been “tremendous changes” in how people behave online, and the Internet industry should encourage Congress to update ECBA to account for them, said Alan Davidson, Google government relations director. But cloud computing apps like Google Docs may not carry the same protections as an ordinary word processor, he said. ECBA should be modified to heighten protection of online content, search information, location data and other private information, he said.
DoJ’s Robert Downing warned that decreasing law enforcement’s surveillance authority could mean fewer arrests of criminals. Downing works in the department’s Computer Crimes and Intellectual Property Section. Government doesn’t do surveillance “because we like it or are interested in what you're doing” but because it’s important to criminal investigations, he said. Identifying criminals who commit crimes online is tough for many reasons, including increasing internationalization of Internet crimes and the prevalence of proxies, free Internet accounts and unsecured Wi-Fi, he said.
“I don’t think any of us … want to unduly hamper law enforcement’s ability to catch criminals,” Ozer replied. But the ECBA is 23 years “out of whack,” she said. Uncertainty over what information is safe from government eyes discourages people from using technology, she said. “We should be able to have our Facebook and our Google, and our privacy too.”
Privacy advocates on the panel said cloud computing is an area where the law on surveillance is particularly unclear. “Who the hell knows?” remarked Bankston. Downing said law enforcement doesn’t need to get a warrant, and can access cloud computing data with a subpoena and notification to the data owner. That policy doesn’t make sense to consumers, said Ozer. Most people expect government access to a document stored online to carry the same judicial oversight as data stored on their PCs, she said.
Requiring subpoenas, which don’t require law enforcement to show probable cause, isn’t a sufficient way to protect privacy, Bankston said. Even though the law requires notification of the data owners when a subpoena has been brought, the government can delay the notification process by demonstrating to a court that the alert may disrupt a criminal investigation. Downing defended the delay practice, noting that the data owner will receive notification in time. Delays are sometimes necessary to prevent “tipping off” a criminal, he said. It’s “not an effort to be crazy or Draconian.”