Skip to Content

Free Expression

Bill Aimed at Turning Internet Companies into Government Informants Still an Awful Idea

/ Emma Llansó

Media reports indicate that Senator Dianne Feinstein is planning to reintroduce her proposal to require all Internet companies to report on their users directly to the US government if those companies become aware of apparent “terrorist activity” on their networks.  This may sound familiar: Feinstein snuck this proposal into the Intelligence Authorization Act over the summer as Section 603. This proposal was roundly opposed by human rights and civil liberties organizations, as well as trade associations of tech companies because of the grave threat it posed to fundamental rights to privacy and free expression and the burden it would place on US businesses. Senator Ron Wyden put a hold on the Intel Authorization Act over Section 603, and the proposal was ultimately removed from the bill.

Suffice it to say that this is one idea that should not get an encore performance at the end of the year.

Why is this proposal such a bad idea?  As we described in July, it would create a requirement for all electronic communication services – social media companies, as well as Internet service providers, web hosts, cloud services, and public libraries or coffee shops that offer WiFi access – to make reports about their users’ activity based on a completely opaque set of criteria.  Creating such an obligation, with its vague parameters, would drive Internet companies to one of several likely responses. Some would decide to significantly over-report their customers’ information and private communications to the US government to ensure that the company stays on the right side of the law.  Others would refuse to review any content that was flagged to them, for fear that doing so would mean they obtain the “actual knowledge of any terrorist activity” that triggers the reporting obligation.

Either of these outcomes pose major problems for the free expression and privacy of Internet users. It’s also far from clear that this would generate actionable information for law enforcement or intelligence agencies.  Further, this type of reporting obligation would undermine any sense of trust between Internet users and the companies that provide the service providers that enable them to access information, conduct transactions, and share their perspectives online.  The proposal would essentially deputize US-based Internet companies to act as agents of the government, including potentially requiring entities such as email services to turn over the contents of private communications if they are part of the “facts and circumstances” of alleged terrorist activities – for their users both in the US and abroad.

We hashed out the problems with this proposal in detail earlier this year, but suffice it to say that this is one idea that should not get an encore performance at the end of the year.

Related Reading

The CDT logo. A white "cdt" alongside "Center for Democracy & Technology" on a light blue background.

Context Before Code: Meta’s Oversight Board Policy Advisory Opinion on the Word “Shaheed” Calls for Language and Cultural Nuance in Content Moderation
Graphic for CDT's European office. Pale blue / green pixelated background, with a portion of the EU flag's circle of stars emblazoned in white on top.

EU Tech Policy Brief: March 2024
Testimony for the Colorado Senate Business, Labor, and Technology Committee by Aliya Bhatia, Policy Analyst at the Center for Democracy & Technology’s Free Expression Project. White document on black background.

CDT’s Aliya Bhatia Testifies Before Colorado Senate Committee Raising Equity, Free Speech and Privacy Concerns with Mandating Use of Age Verification Tech