Top Tech Firms Appeal To Curb Government Surveillance


Leading U.S. technology firms, including Microsoft, Google and Apple, have formed a data security and privacy alliance to urge the U.S. government to pull back on its global surveillance program.

The three firms join five other companies -- AOL, Facebook, LinkedIn, Twitter and Yahoo -- in an open letter to President Barack Obama to curb the U.S. government's global Internet data-gathering programs. The companies formed the alliance in response to the sustained news coverage of the National Security Agency's global surveillance activities.

"This summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide," the tech firms stated in the open letter. "The
balance in many countries has tipped too far in favor of the state and away from
the rights of the individual -- rights that are enshrined in our Constitution.
This undermines the freedoms we all cherish. It’s time for a change," the letter stated.

[Related: 5 Ways To Keep Big Data From Going Bad]

The companies unveiled a
surveillance reforms website
, pledge to focus strongly on data security to strengthen antigovernment surveillance efforts. The firms said they would deploy encryption wherever possible in protecting customer information "to prevent unauthorized surveillance on our networks." The firms pledged to push back on government requests to "ensure they are legal and reasonable in scope."

Together, the companies said they are embracing five core principles: Limiting government's authority to collect user information; oversight and accountability; transparency about government demands; respecting the free flow of information; and avoiding conflicts among governments.

The process of bulk data collection of Internet communications should cease, the firms said. Intelligence agency requests for data should be made under a clear legal framework, they said. Reviewing courts should be independent and include an adversarial process.

In addition, the cmpanies are calling for the creation of a standard framework for lawful requests for data across jurisdictions. As an example, they pointed to the Mutual Legal Assistance Treaty (MLAT), which provides nation states the ability to share data with law enforcement for criminal investigations and prosecutions. The firms also said all governments should allow the companies to publish the number and nature of government demands for user information.

Technology firms are bracing for the potential backlash against the use of cloud-based services from U.S. providers. Microsoft announced last week that it was taking steps to bolster the data security of its cloud-based services.Some consumers, including small and midsize businesses in Europe and Asia, have reportedly sought ways to use local services where possible. Solution providers told CRN that it is too soon to measure any potential fallout from NSA revelations. Firms should work to bolster trust in cloud services by increasing transparency into their processes, said Dipesh Patel, principal of Pariveda Solutions, a cloud strategy and solution provider based in Dallas.

"They are much more aware; they want to know where the data lives and how it is maintained," Patel told CRN.

Patel said firms are increasingly requesting independent pen testers to determine whether the cloud-based services they are evaluating are stable and secure. "For us, it comes down to being a good partner with our clients and advising them appropriately based on their needs," Patel said.

Some cloud experts say a backlash against U.S. technology providers is unlikely given that they are so embedded into the core services so many people have come to rely on. Questions about data security and privacy are a normal part of evaluating a cloud solution, said Derik VanVleet, director of cloud strategy at Cloud Sherpas, a consultancy and cloud services provider in Atlanta.

"Overall, people understand what is happening with surveillance, and understand that from a corporate perspective it's not practical to make any extreme measures that could impact the business," VanVleet said.

PUBLISHED DEC. 9, 2013