User security and national security surveillance reform

Thursday, 5 June 2014

In 2013, following the revelations by Edward Snowden about the scope of national security surveillance both domestically and abroad, Twitter joined with a number of other technology companies to seek concrete reform in Washington, D.C. of our surveillance laws and practices.

The Reform Government Surveillance Coalition has been fighting on Capitol Hill to pass the USA Freedom Act. The bill was introduced with clear objectives:

  • explicitly ban bulk collection of telephony and Internet metadata;
  • create a Public Advocate in the Foreign Intelligence Surveillance Court (FISC) — the court that reviews and authorizes government surveillance — to argue against the government when the requested surveillance is perceived to be overbroad or otherwise in conflict with the law;
  • require that the FISC declassify and release its interpretations of the relevant laws in these cases; and
  • allow Twitter and other service providers to be more transparent about the number, type and scope of government requests for user data.

These proposed changes in the law would give more clarity to service providers about how and when to comply when they receive national security requests for the federal government. Perhaps more importantly, they would give more clarity to users about the services they use, and would better inform the public debate about the use of these powers by the government.

As the legislative process moved forward, significant and unfortunate changes were made to the bill in the House of Representatives. The House-passed bill would still represent a slight improvement over the status quo, but it falls far short of real reform of surveillance practices.

Now, one year after the revelations about surveillance, the Senate has the opportunity to pass a version of the USA Freedom Act that would close the loopholes in the House-passed bill, and help restore the confidence of Internet users domestically and around the world, while keeping citizens safe.

While Congress continues to consider legislative reform, in the marketplace Twitter continues our longstanding policy of providing our users with enhanced security to protect their privacy. For instance, since early 2012, all connections between Twitter users and our servers have been protected by HTTPS. More recently, we implemented TLS forward secrecy to improve the security of our connections, and in early 2013, we implemented DMARC, a way to prevent bad actors from spoofing email to our users. These security measures and practices are important, and other initiatives, such as Reset The Net, highlight the need for improvements across industry and government.

In addition to these efforts, strong legislation is essential to reform. The Congress should pass and the President should sign a strong, meaningful reform bill.