Nine members of congress introduced a new bill on Friday that would give tech firms, telecommunications companies, and internet service providers the legal clearance to publicly share the number of government surveillance orders they've received and how many users have been targeted by such requests. Such companies have been in the spotlight lately for complying with surveillance demands, which are made under the Foreign Intelligence Surveillance Act (FISA), the Patriot Act, and other national security laws. These requests are also at the center of the controversy surrounding government spying programs like PRISM. But while the bill — dubbed the Surveillance Order Reporting Act — would change the status quo if passed into law, it would be a small step toward truly exposing how government spying programs work and what is done with the user data currently being siphoned from consumer tech companies.
At this point, it's illegal for companies to disclose that they've specifically received FISA orders, or what those demands consist of. The bill wouldn't bring a halt to FISA requests and it wouldn't give companies the ability to reject such government orders. What the bill would do is give companies the option of disclosing how many times the government has asked them for user data and how many users have been affected — that's about it. The bill doesn't require that companies disclose which government agency is asking for what information, or whether a request was made under a FISA order or some other surveillance law.
Legalizing, but not mandating, some transparency
Furthermore, the bill doesn't mandate that companies provide exact request or user numbers, what sort of data is being requested, or even what spying program the government plans to use the data for. Rather, the bill says that companies would be able to report vague estimated numbers in quarterly, annual, or semi-annual timeframes. Again, all of this would be optional if the bill is passed into law. The Surveillance Order Reporting Act is backed by Representatives Zoe Lofgren (D-CA), Justin Amash (R-MI), Jason Chaffetz (R-UT), John Conyers (D-MI), Suzan DelBene (D-WA), Blake Farenthold (R-TX), Thomas Massie (R-KY), Jerrold Nadler (D-NY), Ted Poe (R-TX), and Jared Polis (D-CO). Similar bills have been introduced in the Senate. And a number of companies reportedly involved in PRISM — including Google, Yahoo, and Microsoft — have called on lawmakers to pass laws that allow them to be more transparent about their roles in government surveillance programs.
"This bill is a needed first step to free Internet companies to provide the public information on how many surveillance orders they receive and how many of their users are affected," Rep. Lofgren said in a statement. While passing the bill into law would be a significant step, much more would need to be done before the public could attain a true understanding of what US surveillance programs are doing with user data. Obviously, a deeper level of detail isn't the sort of thing the NSA, the FBI, the Central Intelligence Agency, or other government factions want tech companies forking over. Then again, a first step — actually passing and not just proposing such a law — would be better then no steps at all.