Four of the biggest companies in technology are preparing to defy U.S. authorities. Apple, Google, Microsoft and Facebook petitioned the government last year for permission to publish specific information on federal data requests, but their efforts have been met with silence. Each has apparently tired of waiting, as the four companies have announced plans to update their privacy policies to include provisions for notifying users whenever the government requests access to their private data, though there will be some exemptions. Users will be notified of data seizure by the government unless the company is “specifically gagged by a judge or other legal authority,” the Washington Post reports.
Data security hit the headlines last year, fuelled by the scandal surrounding the National Security Administration, as tens of thousands of Americans learned that their Internet data had been appropriated by the NSA to help with criminal investigations. The Post reported in June of last year that the NSA and FBI, in cooperation with British secret services under the PRISM program, had been mining data from nine of the biggest Internet companies in the U.S., including the four mentioned as well as PalTalk, AOL, Skype, Yahoo and YouTube. Facebook at the time stated that they “do not provide any government organization with direct access to Facebook servers,” while an Apple spokesman echoed what many American’s were thinking: “We have never heard of PRISM.” It was technically true — the NSA did not have direct access to the servers of the companies, though all did cooperate with the government in supplying data should it be requested. Leaked documents stated that Google, Yahoo and Microsoft together accounted for 98 percent of PRISM’s production, with the NSA utilizing the data gained through PRISM as the basis for 1 in 7 intelligence reports at the time.
Desperate to distance themselves from the NSA and boost consumer confidence in supplying their personal data, the technology firms called for the NSA to end the bulk data collection that had earned it so much ire. In an open letter to the President and Congress, they stated: “While the undersigned companies understand that governments need to take action to protect their citizens’ safety and security, we strongly believe that current laws and practices need to be reformed.” Evidently, reformation is a slow process, hence the announced changes to privacy policies, which will provide greater transparency to users as to when and why their data is being requested by the government.
Google is the first to change their policy, updating it this week to clarify the situations when users will not be informed of any requests. “We notify users about legal demands when appropriate, unless prohibited by law or court order,” they said in a statement. Google will withhold from notifying an individual of a data request if there is risk of criminal activity or physical harm to a potential victim. Microsoft, Facebook and Apple are all revising their policies, though specific details on the changes have not yet been made public. “Later this month, Apple will update its policies,” the company said in a statement. “In most cases when law enforcement requests personal information about a customer, the customer will receive a notification from Apple.”
Of course, the Department of Justice is less than enthusiastic about the changes being introduced. “These risks of endangering life, risking destruction of evidence, or allowing suspects to flee or intimidate witnesses are not merely hypothetical, but unfortunately routine,” stated department spokesman Peter Carr. The department believes that notifying an individual of a data request puts any potential victims at risk, but did not cite specific examples outside of a case in which early disclosure of a data request put a witness at risk.
For consumers, it will depend on individual circumstances as to whether or not they will be notified. Many, though, will already have received a notification of data request from certain companies. Twitter has been notifying users of government data requests for several years, for example. The relative transparency as to why certain people will not be notified is sure to aid consumer trust in supplying their data to these major tech firms, especially as we become ever more self aware of the relative fragility of putting our entire lives online for the world to see — and potentially steal.
For the NSA, it’s yet another blow to its data collection strategies. It will not dissuade them from collecting data in the first instance, but it should help shed light on the frequency with which it does request personal data from the Americas biggest tech firms. In March of this year, the White House announced plans to curtail the NSA’s bulk collection of phone data and records, taking the collection and storage of data from the NSA and granting the responsibility to the telecommunications companies. Whether any such changes will be announced to reform the NSA’s practices towards Internet data is a guessing game, but, whatever the future holds, it will likely be a long time — if ever — before Americans can trust that security services will refrain from invading their private data at whim.
Image Credit: alexander93/Memecenter