Today, the Department of Justice announced an agreement that would allow U.S. Internet companies to disclose more details about government requests for user data based on intelligence and national security authorities.
While we appreciate the administration’s effort to make good on its promise of more transparency when it comes to the government’s surveillance activities, much more must be done to fully restore public trust in the Internet industry. There is no doubt that the agreement reached is an improvement over the stifling restrictions previously imposed by DOJ. But for many small and medium sized Internet firms that make up the Internet Infrastructure industry, the devil is in the details.
These companies gain little in the way of trust by disclosing their requests for data in large, vague quantities, or by grouping them in ways that fail to differentiate the type and extent of the request. For example, this lack of specificity may make it appear that a small company has received as many as 999 requests for data when in fact they received few or even none. Ironically, these new rules may be an incentive for small and medium companies not too report at all, thus giving the appearance that the company is hiding something.
A more definitive and longer lasting reporting system is needed that allows companies more leeway to report on the finer details of government data requests – allowing customers to see a complete picture about what is happening when data leaves their hands, not one that may add more ambiguity to the process.