Mr. Chairman, Ranking Member Conyers, and members of the Committee, I am
The ongoing revelations about data collection by the
We live in a world where reality is quickly outpacing even our imagination. Today consumers can purchase a watch that is also a phone and a biometric device that monitors your heart rate. We can purchase cars that can slow down on their own to avoid accidents and also alert you to avoid an accident. We have access to three-dimensional printers that one day will produce organs and limbs to expedite transplants. These innovations are not only cool--they are potentially both life-saving and world changing. Further, these inventions rely on an innovation ecosystem that is global in nature, largely because of an Internet governance model that is open, integrated, and borderless. The tech sector is committed to sustaining both because they have served this nation and our world well.
Nonetheless, damage is being done. "Made in America" is no longer viewed as positive for customers of U.S. online services. Indeed, almost every ITI member company is experiencing increased levels of concern about government access to data, specifically access by the U.S. government. Other governments, of course, engage in online surveillance, but the impression being fueled globally in response to the NSA disclosures is that the U.S. government is the source of the problem, with U.S. companies seen as either aiding government surveillance, or particularly vulnerable to it.
The potential losses are tangible, demonstrable, and widespread. In the short term, the resulting commercial losses will likely reach the tens of billions of dollars, translating into lost American jobs. One recent study from the
The potential adverse economic impact here in the U.S. could be even more significant and lasting if other governments enact legislation to force localized data storage and production of technology. Let me take it one step further -- such forced localization measures would also disrupt the current Internet governance model that to date has ignited and sustained the incredible success of the Internet as a global platform for innovation and economic productivity. These problematic policy proposals are spreading across the globe and have the potential of pushing the now-open Internet into a Smoot-Hawley protectionist death spiral, with disruptive global impact on international trade and commerce. We are facing nothing short of a Balkanized Internet, and global innovation will certainly suffer.
The revelations have also received significant attention in the
These types of proposal and requirements would be highly disruptive to business operations, create network architecture inefficiencies that would hinder the performance of ICT services, and Balkanize open platforms, including the Internet, that are key to continued transformative innovations and global commerce.
It is critical the U.S. government take the lead to reverse the erosion of public trust and the acceleration of forced localization and other onerous policies that would Balkanize the Internet and other open platforms.
We need a public policy course correction, and it must begin here in
We are encouraged by the building momentum to reform our surveillance policies, which now must translate into congressional action.
The recommendations I outline below largely derive from a set of seven global principles that ITI has developed with the
Our recommendations, as well as the principles, are guided by a recognition that we don't know what we don't know on national security, and by a realization that privacy and security do not sit on opposite ends of a spectrum. It is possible to advance both.
The companies that make up the technology sector are committed to informing their users and the public about requests received from governments around the world for law enforcement and intelligence purposes. Companies should be able to provide more information about such orders.
The Administration's recent decision to allow companies to disclose certain information is certainly a step forward. Greater transparency, however, should be permitted and legislation enabling such disclosures is desirable.
Specifically, companies should be permitted to disclose the number of government orders for information made under specific legal authorities, including, but not limited to, separate disclosures for Section 215 of the
In addition, as appropriate, the U.S. government should supplement the annual reporting that is already required by law with information similar to what companies should be permitted to disclose: the total number of orders under specific authorities for specific types of data, and the number of individuals or accounts affected by each.
Basic information about how the government uses its various law enforcement related investigative authorities has been published for years without any apparent disruption to criminal investigations. Further, the provision of such data to the public on a time-delayed basis and in aggregate form should not compromise any ongoing investigation.
An additional transparency measure we would recommend relates to the legal decisions of the
FISC proceedings operate in a non-public forum and the U.S. government is the sole party appearing before the judges. An additional party, whether it is referred to as a special advocate or a public advocate, should be appointed in appropriate cases to assist the FISC in evaluating the issues at hand. This additional party would be an advocate for the privacy and civil liberty considerations implicated in the court proceedings.
Steps should be taken, using a transparent, public process, to restore public trust in the central role that the
Recent news reports describe in general terms the efforts of the NSA to defeat cryptographic protections for surveillance purposes. The reports suggest this effort went beyond the use of specially designed high-speed computers to crack encryption codes and involved the NSA in an attempt to introduce weaknesses into the encryption standards followed by hardware and software developers worldwide.
For nearly 20 years, the technology and user communities have welcomed the involvement of the NSA, as one of many stakeholders, in the work of developing cryptographic standards because it brings one of the most knowledgeable and experienced code-writing institutions to the vital task of protecting information from unauthorized access. The public, the technology sector, and the government all have an interest in the creation and widespread use of the strongest possible cryptographic standards. Regardless of the accuracy of these reports, the mere suggestion that the NSA has used its participation in the cryptography development process to introduce weaknesses into cryptographic standards has created a crisis of trust in the technology community. Some security firms have issued advisories to their customers to avoid using algorithms that might contain weaknesses.
We further appreciate NIST's history of extensive collaboration with the world's cryptography experts to support robust encryption. NIST has reopened public comment on some specific standards and stated clearly: "If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible." This initiative is an important step toward regaining trust in NIST's commitment to strong, robust, cryptographic, and other standards that have been vetted by experts globally.
The facts alleged in the news accounts should be investigated and the separate roles played by NIST and the NSA in cryptographic should be reaffirmed.
In addition to the transparency and other measures outlined above that are designed to increase public trust, there is an additional step that would provide greater certainty about how the U.S. government designs and implements the surveillance programs it operates.
This step involves Section 215 of the Patriot Act. There is a great deal of uncertainty surrounding what type of surveillance is authorized by Section 215 of the Patriot Act. Uncertainty leads to distrust, as does indiscriminate collection of private sector data by the government. Any collection of private sector data by the government must have the appropriate legal basis. In addition, especially given the number of technology tools that exist today, the collection of private sector data need not be indiscriminate.
Mr. Chairman, we need to restore "Made in America" as a positive description of U.S. cloud services. The first step forward begins here. We at ITI are ready to work with this Committee and your colleagues on both sides of
Thank you for this opportunity to appear before you today. I will be happy to answer any questions you may have.
Read this original document at: http://judiciary.house.gov/?a=Files.Serve&File_id=05C8F33B-B9E3-4882-AD9C-0E5AE3452B0C
Most Popular Stories
- 3 Shot Dead in Venezuela Unrest
- Chinese May Have Spotted Malaysia Airlines Debris
- Several Texas Cities Top Job Search List
- Why Buffett Bets Big on Green Energy
- Wall Street Rally Heads Off 3rd Day of Decline
- Senate Committee OKs Bill to Sanction Russia
- Better Pay Means Bigger Profits: Strategist
- G7 Presses Russia to Pull Troops Out of Crimea
- Obama's 'Between Two Ferns' Appearance Has Conservatives Upset
- Jan Brewer Out on Term Limits