This is already shaping up as a “December to Remember” in the security area.  On the same day that The Guardian voted Edward Snowden their person of the year, a coalition of the tech world’s biggest names—AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo—sent an open letter to the President Obama and the U.S. Congress asking them to lead global efforts to reform government surveillance laws and practices.    

For the record

Below is the letter:

Dear Mr. President and Members of Congress,

We understand that governments have a duty to protect their citizens. But this summer's revelations highlighted the urgent need to reform government surveillance practices worldwide. The balance in many countries has tipped too far in favor of the state and away from the rights of the individual--rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It's time for change.

For our part, we are focused on keeping users' data secure­­--deploying the latest encryption technology to prevent unauthorized surveillance on our networks and by pushing back on government requests to ensure that they are legal and reasonable in scope.

We urge the US to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight. To see the full set of principles we support, visit  www.reformgovernmentsurveillance.com.

And, just in case we did not think that each of the signatory executives had strong opinions, Microsoft was kind enough to aggregate quotes from each coalition member.

"AOL is committed to preserving the privacy of our customers' information, while respecting the right of governments to request information on specific users for lawful purposes. AOL is proud to unite with other leading Internet companies to advocate on behalf of our consumer." - Tim Armstrong, Chairman and CEO, AOL.

"Reports about government surveillance have shown there is a real need for greater disclosure and new limits on how governments collect information. The U.S. Government should take this opportunity to lead this reform effort and make things right." -­ Mark Zuckerberg, CEO, Facebook

"The security of users' data is critical, which is why we've invested so much in encryption and fight for transparency around government requests for information. This is undermined by the apparent wholesale collection of data, in secret and without independent oversight, by many governments around the world.  It's time for reform and we urge the US government to lead the way." -­ Larry Page, CEO, Google

"These principles embody LinkedIn’s fundamental commitment to transparency and ensuring appropriate government practices that are respectful of our members' expectations." ­- Erika Rottenberg, General Counsel, LinkedIn.

"People won't use technology they don't trust. Governments have put this trust at risk, and governments need to help restore it." ­­--­­­­­­ Brad Smith, General Counsel and Executive Vice President, Legal and Corporate Affairs, Microsoft

"Twitter is committed to defending and protecting the voice of our users. Unchecked, undisclosed government surveillance inhibits the free flow of information and restricts their voice. The principles we advance today would reform the current system to appropriately balance the needs of security and privacy while safeguarding the essential human right of free expression." ­- Dick Costolo, CEO, Twitter

"Protecting the privacy of our users is incredibly important to Yahoo. Recent revelations about government surveillance activities have shaken the trust of our users, and it is time for the United States government to act to restore the confidence of citizens around the world. Today we join our colleagues in the tech industry calling on the United States Congress to change surveillance laws in order to ensure transparency and accountability for government actions." -­ Marissa Mayer, CEO, Yahoo.

 The five principles of government surveillance reform

Finally, I will save you the time of going to the link in the letter by providing the full text of the coalition’s five reform principles, rather broad strokes, for policy makers to consider.

1. Limiting Governments’ Authority to Collect Users’ Information: Governments should codify sensible limitations on their ability to compel service providers to disclose user data that balance their need for the data in limited circumstances, users’ reasonable privacy interests, and the impact on trust in the Internet. In addition, governments should limit surveillance to specific, known users for lawful purposes, and should not undertake bulk data collection of Internet communications.
2. Oversight and Accountability: Intelligence agencies seeking to collect or compel the production of information should do so under a clear legal framework in which executive powers are subject to strong checks and balances. Reviewing courts should be independent and include an adversarial process, and governments should allow important rulings of law to be made public in a timely manner so that the courts are accountable to an informed citizenry.
3. Transparency About Government Demands: Transparency is essential to a debate over governments’ surveillance powers and the scope of programs that are administered under those powers. Governments should allow companies to publish the number and nature of government demands for user information. In addition, governments should also promptly disclose this data publicly.
4. Respecting the Free Flow of Information: The ability of data to flow or be accessed across borders is essential to a robust 21^st century global economy. Governments should permit the transfer of data and should not inhibit access by companies or individuals to lawfully available information that is stored outside of the country. Governments should not require service providers to locate infrastructure within a country’s borders or operate locally.
5. Avoiding Conflicts Among Governments: In order to avoid conflicting laws, there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty — or “MLAT” — processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict.

It is all about the money

I hate to sound cynical during the holiday season, but in looking at the five principles, they seem to me to be the international version of, “As American as motherhood and apple pie.” Another way of saying this, given the coalition members’ recognition that, if the Internet cannot be trusted, i.e., we fear to use it based on the perception of the government is spying on us. So, e-commerce becomes massive collateral damage. This is, at the end of the day, not about personal freedom but about money and the prospect of not making as much as possible.

It is also the reason why since the beginning of the Snowden revelations, all of the above have worked over time to:

• Distance themselves from being seen as willing and co-conspirators with U.S. intelligence agencies,
• Requested the ability to publish the number of times they have been asked to provide the government with personal information
• Make sure we know they are adding encryption to their services so as to better prevent unlawful data intercepts by government and others
• Publicized that the use of their services should not give people cause for concern

As somebody who happens to agree with the view that just because everybody, in this case governments, spy on everyone all the time, it does not mean they should not at least have on the record constraints to such activities, including significant penalties. The suggestions above all make sense in theory.  However, even given the political heft/financial power of the coalition members, the devil will be in the details and reforms given national security concerns and geo-political considerations seem problematic. ‘Tis the season to be jolly, but also pragmatic.

Finally, while I like the list above, I am wondering when there will be a similar manifesto, regarding what in impolite terms can be called commercial spying on all of us.  The Internet happens to run on companies gathering and sharing our personal information. We agree to a certain amount of use of this information as part of our contract for obtaining “free” services.  However, abuse is rampant, and many of the above have been caught as perpetrators of business practices that are neither “transparent” or at a minimum are unethical, if not illegal. 

Who knows, maybe next week the coalition will come up with five principles they intend to follow regarding their behavior.  It would make a nice bookend to what they would like to see from the governments around the world.  And, since all of the above are U.S.-based multi-nationals, they could take the lead on such an effort just as they want the president and Congress to do.   That would be a terrific stocking stuffer.