Photo via Flickr user Ludovic Toinel
Revelations about the National Security Agency's most controversial surveillance program, which centers on the bulk collection of hundreds of billions of records of Americans' phone conversations, were quickly greeted with calls for reform by major internet powerhouses like Facebook, Google, Microsoft, and Yahoo last year. But all four companies, along with dozens of other major tech firms, are actively opposing an initiative to prevent NSA spying known as the Fourth Amendment Protection Act, leaning on secretive industry lobbying groups while they profess outrage in official statements.
Virtually immediate public condemnation of government spying put the industry in an uncomfortable position when the Snowden leaks began pouring out in June 2013, and in carefully written responses to news reports claiming that they'd cooperated with the now notorious PRISM apparatus, these tech companies emphasized their compliance with existing laws that require them to hand over user data under certain conditions.
"When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if [it] is required by law," Mark Zuckerberg, the CEO of Facebook, wrote in a blog post last June. "We will continue fighting aggressively to keep your information safe and secure."
Statements like this suggest Zuckerberg and his industry peers would support legislative efforts to rein in surveillance, and it's true that they've called for reform in letters to the Senate Judiciary Committee applauding a bill known as the USA Freedom Act. Google, Facebook, and six other tech giants have even hired a firm that claims to fight NSA surveillance on their behalf.
The real action, however, has been much subtler, with the industry wielding its influence behind closed doors using two lobbying groups to oppose certain restrictions on internet surveillance: the IT Alliance for Public Sector (ITAPS) and the State Privacy and Security Coalition (SPSC). A look at the actions of these two groups suggests that the companies want reform, sure, but only on terms that don't affect their day-to-day business.
In particular, VICE has uncovered that ITAPS and SPSC have sent letters to politicians lobbying against the Fourth Amendment Protection Act, a wide-sweeping bill that would limit the NSA’s ability to read private electronic communications without a warrant.
Anti-surveillance bills have been introduced over the past year in more than half the states in the union, ranging from narrow laws that would require warrants for location data and email to more sweeping efforts to fight back against federal intrusions by outlawing cooperation with government agencies that engage in electronic-data collection without a warrant. The Fourth Amendment Protection Act, which has been introduced in more than a dozen states, denies state resources to federal agencies that collect electronic data without a warrant, and to companies that do the agencies’ dirty work for them. Drafted last year by a small group of nonpartisan legal activists affiliated with the Tenth Amendment Center and the Bill of Rights Defense Committee, the bill is a grassroots attempt to force the NSA to change its data-collection practices—a position that has since been endorsed by the president and members of Congress, albeit in more limited form.
"I think this bill is in the finest traditions of state governments opposing federal encroachments," said Bruce Fein, a former associate deputy attorney general and general counsel to the Federal Communications Commission at a March hearing in Maryland. "It's important to remember that the Fourth Amendment right to privacy was the spark of the American revolution."
State legislatures around the country have held a number of hearings on the bill, including one last month in Maryland. During these hearings, groups representing law enforcement and district attorneys have complained that the proposed legislation is too broad and would hamper criminal investigations and prosecutions. But corporate adversaries of the act have been conspicuously absent. They haven't engaged in a public debate about the law, such as the one Google’s Larry Page called for during his appearance at the TED 2014 conference in Seattle.
In states such as California, Tennesse, and Missouri, state legislators aren't required to discole their contacts with industry front groups under existing public records laws. When I tried to verify which government officials have been contacted by ITAPS and the SPSC, elected officials were naturally reluctant to acknowledge them. Two lawmakers—State Senator Stacey Campfield, a Republican from Tennessee, and State Senator Joel Anderson, a Republican from California—indicated they had not been contacted by the groups, though documents obtained by VICE confirmed that they had both received letters from ITAPS.
Only one lawmaker, State Senator Ted Lieu of California, voluntarily provided a copy of the letter he had received from ITAPS, a division of the Information Technology Industry Council (ITI). Founded in 1916, ITI claims to be the tech industry's oldest trade association. It describes itself as the "premier advocacy and policy organization for the world’s leading innovation companies" and prides itself on providing "creative solutions and policy advocacy that advance the development and use of technology around the world." In addition to the internet giants, the 56 members of ITI listed on its website include Apple, Dell, Hewlett-Packard, Intel, IBM, Oracle, and Samsung.
In a February 20 letter to State Senator Lieu, Carol Henton, a vice president of ITAPS, said that the anti-surveillance bill would have "negative implications for companies that are seeking to make manufacturing and business investments in the state of California." Henton specifically objected to a provision of the bill that barred state agencies, employees, and contractors from using public funds to engage in any activity that aids the federal government from collecting any individual's electronic data without a warrant. "Many California-based companies provide technology goods and analytic services which are important to the provision of national and homeland security for U.S. citizens and this would seem to unnecessarily jeopardize their ability to compete for business with the state or political subdivisions," Henton wrote.
Henton met with Lieu's office in the first week of April. In an interview responding to some questions I had about the meeting, Lieu said that Henton and others appeared to be misinterpreting the bill, but added that he has been contacted by multiple companies and stakeholders and that he was going to amend the bill to reflect their concerns.
James Halpert, general counsel for the SPSC, said in an interview that it wasn't fair that companies that complied with requests from the NSA—as is required by existing law—would be barred from state contracts. "The bill would place many of our members in an impossible, Catch-22 situation—be held in contempt of court or be disqualified from contracts with the State of Arizona or any political subdivision," he wrote in a February 10 letter to State Senator Kelli Ward of Arizona. Formed in 2008 with the goal of harmonizing state and federal legislation, the SPSC includes AT&T, Verizon, Comcast, Cox Communications, and Time Warner Cable, along with Facebook, Google, Microsoft, and Yahoo. Members discuss state legislation in a weekly call with Halpert.
In his letter, Halpert warned that the bill would have unintended consequences. "For example, if the Arizona state government or any locality uses Microsoft Outlook or Google email services, it would not be able to continue doing so under SB 1156 (Arizona's version of the Fourth Amendment Protection Act) because both companies are legally required to provide evidence to the federal government. Instead, Arizona and its subdivisions would have to cease using those services and find new—potentially more expensive—providers," he wrote.
Michael Maharrey, a spokesman for the Tenth Amendment Center, said Halpert's concerns could be addressed relatively easily with an amendment that clarifies that the bill would not apply to companies that were forced to provide user data in response to a court order. But Henton's letter indicates the tech companies’ objections run much deeper. "ITAPS is essentially opposed to the bill because it will do what the bill is intended to do," Maharrey said in an interview. "The intent of that section is to stop the companies from cooperating with the NSA and violating our civil liberties. We want companies to make a choice."
It's not a choice the companies themselves care to make. Principles such as requiring the government to obtain a search warrant based on probable cause to access a person's private communications or documents stored online sound great in the abstract, but not, apparently, at the expense of achieving traditional business goals.