What issues should companies be considering when it comes to handing over privileged information? Karen Epper Hoffman investigates.The issue of how much access a government is and should be allowed to its people's private electronic information is perhaps the biggest privacy issue of current times. And one that Nate Cardozo is keeping a close watch on.
As senior staff attorney for the Electronic Frontier Foundation's (EFF) digital civil liberties team, Cardozo focuses on the group's free speech and privacy litigation, which includes the on-going and increasingly complicated concerns surrounding government requests to companies for access to their customers' data.
“We're seeing a big increase in the government making these requests, it's increasing at a pretty algebraic slope,” Cardozo says, adding that the federal investigators are starting to “catch up with technology,” realizing they could use it to their advantage. State and local law enforcement agencies are starting to see data requests as a potential resource.
But Cardozo, like many legal experts and technology industry insiders, has a fair share of concerns about the growing number of data requests being fielded by the likes of Apple, Microsoft, Facebook, Google, Snapchat and virtually every other technology, telecommunications and social media company. The main underlying question is: Where do we draw the line?
“Our financial data is very sensitive and a lot of us may view our bank transactions and balances as our most private data,” Cardozo explains. “But most of that information is not as sensitive or [encompassing] as what we all have put online and on our phones over the past decade.”
Mike Janke (left), co-founder and chairman of Silent Circle, an encrypted communications firm based in Geneva, Switzerland, says that while these data requests are on the rise among many sectors, technology and telecommunications companies receive the lion's share. “Our digital life has so many footprints, we now see government asking companies like Netflix, Hulu, HBO and cable providers for information,” Janke says, adding that services-oriented outfits like Uber, Lyft and Airbnb are seeing them too.
Indeed, government agencies or federal law enforcement have for many years been requesting access to relevant data – be it proprietary corporate data or customer information – to help in solving or stopping a crime, finding a potential terrorist, or to determine a paper trail of proof. But it has been in the last few years that these requests are aimed more often and more frequently at leading tech companies like Apple, Microsoft, Google, Reddit, LinkedIn, Snapchat, and a host of other companies that are privy to millions of customers' texts, emails, photos, calendars, contacts, search and dating histories, GPS information, and other details and preferences.
“There's just a lot more information available than before and much more of personal and business activity, a much richer trail of information,” says Bill Anderson (right), CEO of OptioLabs, and a long-time cryptography and mobile security expert. “Law enforcement is just being really practical collecting clues. It stands to reason that is happening, the information is there.”
Requests on the rise
There simply was not the sheer amount of stored electronic data on phones, laptops and in the corporate cloud, 10 or even five years ago as exists today, points out Daniel Castro, vice president of the Information Technology and Innovation Foundation (ITIF), a leading science and tech policy think tank. And, with the addition of smart home devices like Alexa, and the ongoing march toward the Internet of Things, there will be a rising tide of more information that governments and law enforcement may want to access for the purposes of an investigation.
Indeed, government data requests worldwide to Google had already increased 29 percent from 2014 to 2015 alone, according to the search engine's publicly posted “transparency report.” And Facebook's recent transparency report cited a 27 percent increase in government requests for user data in the first half of 2016, compared to the last half of 2015.
Further, in recent years, more Silicon Valley companies are publishing these transparency reports as a means of laying out their position on information privacy and where the company stands on what it will and will not share with a government. Google has been publishing a semi-annual transparency report since 2011, and Apple, Microsoft, Dropbox and many other technology companies do something similar. (While LinkedIn, Twitter and Reddit spokespersons all declined to comment for this story, they all sent links to their own companies' transparency reports.) For his part, Cardozo authors the EFF's “Who Has Your Back?” report, which describes companies' various practices and policies related to government data requests and data retention – and even ranks their efforts on a one-to-five score.