This post was co-authored by Susan Morgan, Executive Director of the Global Network Initiative.
Amid the contentious global debates about privacy and surveillance since the Snowden revelations, few proposed reforms have attracted more consensus than calls for greater transparency. Although the devil remains in the details, the need to increase transparency around the requests that governments make of companies to hand over personal data or restrict content online is one of the rare points on which governments, companies, and civil society at least somewhat agree. Transparency is a necessary first step in supporting an informed public debate on whether domestic laws adequately protect individuals’ rights to privacy and freedom of expression.
This call for transparency has been echoed at the highest levels. The UN High Commissioner on Human Rights, Navi Pillay, called attention to “the disturbing lack of governmental transparency associated with surveillance policies, laws and practices, which hinders any effort to assess their coherence with international human rights law and to ensure accountability,” in her seminal report on the Right to Privacy in the Digital Age.
Companies have also taken steps to be more transparent with their users about the requests they receive from governments. Since the Snowden revelations, U.S. companies have filed legal challenges and supported legislation seeking the right to report about the national security requests they receive, and scores of companies have begun publishing transparency reports on government requests for user data. Internationally, telecommunications companies such as Vodafone have also begun to disclose this information, or to be transparent about where they are legally prohibited from reporting.
Some governments have started to signal a willingness to make improvements on transparency. For example, in June 2014 the Ministers of the Freedom Online Coalition, a partnership of 23 governments working to advance Internet freedom, committed to:
“Call upon governments worldwide to promote transparency and independent, effective domestic oversight related to electronic surveillance, use of content take-down notices, limitations or restrictions on online content or user access and other similar measures, while committing ourselves to do the same.”
CDT and the Global Network Initiative (GNI) believe that the time has come for a much more specific discussion of the transparency expectations and responsibilities of governments and companies that would facilitate this informed public debate around necessary reform. Working with other stakeholders over the past 9 months, we’ve developed a preliminary set of specific, actionable criteria for transparency, which we provide below.
Transparency is about more than just reporting numbers. Governments should make publicly available the laws and legal interpretations authorizing electronic surveillance or content removal, as well as report the aggregate numbers of requests, and the number of users impacted by these requests.
Governments should also permit companies to issue analogous reports. The combination of government and company reporting can help the public understand the scope of restrictions on rights and dispel myths about surveillance or content removal. And the progress towards greater reporting on national security requests in the United States demonstrates there is more that both governments and companies can say about interception requests without endangering national security.
In the coming weeks, GNI and the Telecommunications Industry Dialogue will be convening learning forums in California and Geneva to dive deeper into questions concerning how transparency can advance human rights online, and the barriers that both governments and companies face in providing the public with this information. CDT and GNI are also pleased to be working on these issues with other advocates, companies, and members of government through the Freedom Online Coalition Working Group on Privacy and Transparency Online. We welcome feedback on the recommendations below from all stakeholders, and we look forward to continuing this conversation online and around the world.
- Publicly post laws authorizing surveillance as well as official legal interpretations of the law, including executive orders, legal opinions that are relied on by executive officials, and court orders.
- Disclose the information about:
- Which intelligence agencies/bodies are legally permitted to conduct surveillance;
- The scope of the surveillance authorities of each of those entities;
- The judicial, ministerial, other oversight mechanisms required for the authorization of each instance of surveillance;
- The judicial, ministerial or independent oversight mechanisms that oversee the implementation of surveillance;
- And the mechanisms for redress victims of unlawful surveillance may pursue.
- Disclose to the victim of unlawful surveillance that unlawful surveillance has taken place as soon as practical considering the needs of the specific pending investigation.
- Public disclosure of the scope of unlawful surveillance and remedial and disciplinary actions taken.
- Disclose aggregated information about the surveillance demands they make on companies including:
- The number of surveillance demands;
- The number of user accounts affected by those demands;
- The specific legal authority for each of those demands; and
- Whether the demand sought communications content or non-content or both, and how the authorities define these terms.
- Permit companies to disclose, with the level of detail set out above, aggregated information on number of surveillance demands that they receive and how they respond to them on at least an annual basis.
- Permit companies to disclose technical requirements for surveillance that they are legally bound to install, implement, and comply with such as requirements to design lawful intercept capability into communications technology and to decrypt encrypted communications.
Content removal or restriction
- Publicly post laws authorizing orders to remove or restrict content as well as official legal interpretations of the law, including executive orders, legal opinions that are relied on by executive officials, and court orders.
- Disclose the information about:
- Which government agencies/bodies are legally permitted to order takedowns;
- The types of information by subject that can be ordered removed;
- The judicial, ministerial, or other oversight mechanisms required for the authorization of each instance of content removal;
- The judicial, ministerial, or independent oversight mechanisms that oversee the implementation of content takedowns;
- And the mechanisms for redress that victims of unlawful censorship may pursue.
- Public disclosure of the scope of unlawful censorship and remedial and disciplinary actions taken.
- Permit companies to disclose the number of takedowns requests that they receive by number, subject matter, and specific legal authority, and how the company responded to the request.
Any deviations from these transparency requirements would be made only as strictly necessary.