Tech firms send Congress checklist of surveillance reforms

Google, Facebook et al take on Section 702, Apple quiet

More than 30 big internet companies including Google, Facebook, Amazon and Microsoft have sent a letter to the chair of the House Judiciary Committee asking for specific reforms to the law used for carrying out mass surveillance.

The letter [PDF] concerns Section 702 of the Foreign Intelligence Surveillance Act, which has to be renewed by Congress before the end of the year and has been the center of a tussle between Congress and the security services.

Over the years, the security services have creatively interpreted the law to allow them to store information on potentially millions of US citizens – despite the law specifically requiring the opposite. They have allowed that vast database to be searched during investigations of possible crimes committed in the United States – again, an interpretation that goes directly against the explicit wording of the law.

Recent pressure by Congress and civil rights groups caused the NSA to announce that it would end the most controversial aspect of its program: the gathering of information "about" a foreign intelligence target – used to scoop up all information from anyone who mentions a person of interest, rather than simply communication to or from that person.

And the first of five very specific requests for reform from Big Internet asks Congress to make that change permanent.

"Reauthorization legislation should codify recent changes made to 'about' collection pursuant to NSA's Upstream program," the letter reads. "This reform would merely codify changes already embraced by the US government ... to correct deficiencies that implicate the constitutional rights of US citizens."

The second request is related to the first and asks that judicial oversight be required before the government (typically the FBI) queries the vast 702 database for information on US citizens.

Hold onto your hats

Under their mind-boggling interpretation of Section 702, the NSA/FBI claim that searching the database using US citizen identifiers such as name, phone number or email does not break the Fourth Amendment because it does "not result in any new acquisition of data; it is instead only an examination or re-examination of previously acquired information."

The tech companies – and many in Congress – want that to end. And judicial oversight would require the FBI to get a warrant to do so, which would mean proving that they had evidence to believe an individual has committed a crime.

In other words, the system would be pulled back under existing US laws that everyone had assumed were being used in the first place.

The third requested change is that the definition of "foreign intelligence information" be tightened up to limit what can be gathered by the security services. At the moment, many suspect that the NSA/FBI are using their own definition of the term to effectively encompass anything and everything and then use that to tap the internet's backbone and store everything they find.

If the definition is tightened, the authorities would likely need to identify individuals and target them, rather than simply scooping up everything. This approach would be more in keeping with the explicit intent of the law.

The tech companies – which also include Cisco, Yahoo, Dropbox and Cloudflare – ask, fourth, for "increased oversight and transparency" of Section 702 data collection, specifically stating that they should be allowed to disclose the number of requests they receive from the authorities as well as be more precise about what those requests encompass. They also want the orders of the court that oversees such requests to be declassified.

And lastly, they ask for greater transparency "around how the communications of US persons that are incidentally collected under Section 702 are searched and used, including how often 702 databases are queried using identifiers that are tied to US persons." In other words, they want a spotlight shone on how and how often the security services are using what is supposed to be a law covering non-US citizens to spy on US citizens.


It is worth noting that the House Judiciary Committee asked the authorities over a year ago to provide them with an estimate of the number of US citizens whose data is included in the 702 database.

They have stonewalled and continue to stonewall, claiming initially that it was not possible, then that it would be too time-consuming, then promising to come up with a process for figuring out how to do it. In short, the authorities are trying to run out the clock on the request and many people suspect it's because if the true number of US citizens whose personal information has been seized and stored was released, it would completely undermine law enforcement's position and could even see the end of Section 702.

It's not clear what impact the letter will have on the congressional review of the spying power, but it might serve to strengthen the back of the House Judiciary Committee and its chair Bob Goodlatte after the NSA clearly tried to undercut criticisms by saying it would end the "about" collection of information.

The reality is that the measure must be reapproved by Congress so the politicians have all the power they need to make changes to the law and curb years of blatant abuse of the system. The question is: how far are they willing to push back against the security services?

By listing five clear points, the tech companies – who are often the recipients of data requests – have made it easier to put a scorecard on that Congressional effort.

It is however worth noting the companies that have not signed the letter. Notably that includes Apple, which for unclear reasons continues to do its own thing when it comes to security. There are also no security companies on the list and no chip companies. Critically, there are no telcos – as they are perhaps the biggest sources of data for law enforcement and are known to give the NSA direct access to their raw traffic.

Clearly this is a fight some are unwilling to join, even with Congress seemingly onside. ®

Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022