Microsoft and Google are working together in a fight for greater transparency on Foreign Intelligence Surveillance Act (FISA) orders. Not satisfied with the limited out of court agreement that’s already been reached with the US government to disclose summary data relating to national security requests, the two companies are now taking legal action and lobbying for support from Congress.
Recent transparency reports by Google and Facebook have shown that the law enforcement requests that they can talk about impact a relatively small number of users. Since FISA requests are secret the service providers haven’t been able to confirm the scale and scope of their impact on users. As the companies must know these figures internally their hope must be to show that FISA affects few users (and is being precisely targeted against terror suspects rather than being used as a dragnet for political and industrial espionage).
Cloud service providers are being hit by recent revelations about US government spying, which have started to scare away cloud users who are concerned about their privacy. The Indian government has been one of the first movers, announcing that it will soon ask its 500,000 employees to stop using Gmail for official communication. Brazil has also proposed developing its own ‘antisnoop’ email to compete against Gmail and Hotmail. A recent survey by the Cloud Security Alliance has been used by some to contrive estimates of damage to the US cloud industry running into tens of billions of dollars. The established US firms are trying to stop an exodus of users before competitive services become established in other jurisdictions. Microsoft general counsel Brad Smith accepts that it’s unusual for the firm to be working together with Google, but this solidarity highlights a shared concern about government access to data in motion and at rest in the US.
FISA (and its associated court) was put in place in 1978 to protect the US public from covert surveillance. The act intended to shore up the Fourth Amendment and provide a proper legal basis for communications interception by the US government. Unfortunately for the rest of the world the Fourth Amendment only applies to US citizens and permanent residents; there are no protections for foreigners.
The act was of little consequence at the time when it was passed, as whilst the US may have been a hub for key international telephone routes there was no Internet, and US based services weren’t at the heart of daily life for billions of people outside the US. Today FISA provides the US government with a tool to access any data in transit or at rest within the US relating to any foreign user (something which former Microsoft chief privacy officer Caspar Bowden explains in great detail in his Open Rights Group Conference talk ‘How to wiretap the Cloud (without almost anybody noticing)’).