Companies Can’t Hide From U.S. Surveillance Renewal Debate

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Debates beginning in Congress over reauthorization of a surveillance data collection law may have implications for the corporate bottom line, privacy advisers told Bloomberg BNA March 2.

Section 702 of the Foreign Intelligence Surveillance Act (FISA) authorizes the National Security Agency to collect digital communications of foreign citizens outside the U.S. from internet service and other communications providers. It is set to expire Dec. 31 but will likely be renewed. For U.S. communications companies, how much customer information they are compelled to surrender to the government may affect whether consumers are willing to keep using their services. Maintaining limits on the law is also important to sustaining European Union trust in cross border data transfers.

Under Section 702, the U.S. government can examine the email, internet activity and phone calls of foreign citizens believed to be outside the U.S. Warrants aren’t required—even if the communications of U.S. citizens are involved in the targeted communication.

Internet communications services, such as Apple Inc. and Alphabet Inc.’s Google, are subject to Section 702 requests. The consumer-facing giants are the largest technology companies in the world, with $718.7 billion and $576.2 billion market capitalization, respectively, Bloomberg data show.

Companies need to closely watch the Section 702 debate, Edward R. McNicholas, privacy and data security partner at Sidley Austin LLP in Washington, told Bloomberg BNA March 2. If Congress or President Donald Trump seek to alter changes to FISA that banned bulk collection of communications of U.S. citizens, “companies that depend on the frictionless global flow of data may pay a heavy price,” he said. McNicholas, who is the co-leader of Sidley’s privacy, data security and information law practice, said his comments weren’t directed toward any specific company.

In the first of what may be many hearings on the matter, the House Judiciary Committee heard from private- and public-sector stakeholders at a March 1 hearing that followed a classified closed session with national intelligence officials. The witnesses were supportive of reauthorization of Section 702, but some sought increased transparency regarding requests for communications data and warned against misuse of the law to target U.S. citizens’ communications.

The White House didn’t immediately respond to Bloomberg BNA email requests for comment.

Is Privacy Shield Safe?

FISA reauthorization without expansion is also important for the EU-U.S. Privacy Shield cross-border data transfer program, McNicholas said. The Trump administration and Congress should avoid enacting “measures that ignore the civil liberties of persons outside the U.S.” if it doesn’t want to “endanger the Privacy Shield and other related agreements,” he said.

The Privacy Shield allows U.S. companies that self-certify with the U.S. Department of Commerce their compliance with EU-approved privacy and security principles to legally transfer personal data from the EU to the U.S. It provides critical support for the more than $260 billion in trade in services between the U.S. and EU, Commerce has estimated. Over 1,000 U.S. companies and tens of thousands of EU companies rely on the Privacy Shield to transmit data to the U.S.

The Privacy Shield replaced the Safe Harbor framework, which was invalidated, in part, due to fears that it was inadequate to protect EU personal data sent to the U.S. from widespread government access.

Bijan Madhani, senior policy counsel at open access advocacy group Computer & Communications Industry Association in Washington, told Bloomberg BNA March 2 that the Privacy Shield review slated for this summer will likely be unaffected by FISA reauthorization developments. The review should be “limited to the four corners” of the agreement as the European Commission, the EU’s executive arm, assesses whether the program adequately protects EU citizens’ privacy interests.

But not everyone thinks FISA Section 702 won’t harm the Privacy Shield. Alan Butler, senior counsel at advocacy group Electronic Privacy Information Center (EPIC) in Washington, told Bloomberg BNA that reauthorization may “very well be the basis of invalidation of the Privacy Shield agreement.” Section 702 was the basis for invalidating the Safe Harbor agreement and could very well be the reason why the Privacy Shield runs into problems, he said.

Slow and Steady Reform

The system isn’t perfect, but uprooting the NSA’s intelligence programs isn’t in companies’ best interests, at least with respect to national security, Madhani said. “As long the program is deemed constitutional and there are sufficient oversight protections,” then the private sector would support the surveillance programs, he said.

However, private sector support should be met with an open mind on surveillance reform, Madhani said. The biggest area for reform would be the “backdoor search loophole,” which allows “incidentally collection information” on U.S. citizens to be searched “on the back end by government agencies” even for non-national security interests, he said. U.S. companies would like for the government to limit the scope of requests and to protect consumer privacy interests, Madhani said.

Butler agreed that the backdoor search loophole is concerning to U.S. privacy interests. Without reform, the U.S. is able to target individuals with only “minimal restrictions,” he said.

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

Further information on the House Judiciary Committee hearing is available at https://judiciary.house.gov/hearing/section-702-fisa-amendments-act/.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security