The web is one of the greatest inventions of human history because it has made the world more transparent. Fundamentally, that's what the web does: it takes information that was inaccessible and opaque and makes it available and lucid.
At CloudFlare, our mission is to build a better web. We hire great engineers to invent the technical systems that provide anyone a global platform through which to share their ideas. But, beyond the technical, if we are to build a better web, we believe it is also incumbent on us to engage in policy making in furtherance of that mission.
It is from this perspective that we have watched the recent disclosures over government Internet surveillance with increasing concern. We are troubled, and I think it is fair to say that the web in general is troubled, at the secrecy surrounding these programs. No sensible person disputes that there is a proper and limited role for law enforcement online. However, the secrecy of this role as it is currently framed, its lack of transparency, strikes against the core of what the web stands for. And it is this secrecy that is fundamentally contrary to CloudFlare's mission.
We need to have a public debate about the extent to which governments should or should not surveil the Internet. But, in order to even begin that debate, first we need to properly understand the current state of affairs.
What's absurd is that, today, the Internet's largest stakeholders are muzzled from disclosing this topic in any sensible way. If we follow the letter of the law, we cannot disclose even the fact that we've received certain kinds of legal orders, let alone their contents or what we've done to challenge them. That's resulted in a sort of Kabuki dance, where Internet giants find themselves forced to parse the meaning of phrases like "direct access," rather than answering their users' legitimate questions about what's going on and how this applies to them and their private data.
Fundamentally, CloudFlare, Google, Microsoft, Twitter, and all the Internet giants are in the business of trust. Revealing our customers' private information to governments or anyone else risks that trust and is therefore something we will always fight vigorously against.
At CloudFlare, we hold the data our customers trust with us sacrosanct. While, to date, we have never been approached to take part in PRISM or any other similar program, we have on occasion received legal requests we believe are unreasonable. When that has happened, we have challenged them on our customers' behalf—sometimes even going so far as to take the government to court to fight for our customers' rights.
We have great stories to tell about how we've stood up for our customers. Hopefully someday we will be able to tell them.
I am encouraged that, from what I've seen, by in large just arguments can still carry the day. I recognize it doesn't always look that way from the outside, and I am troubled that our courts and governments may be headed in the wrong direction. If the goal is justice, then it is in everyone's best interest that we be as transparent as possible about exactly what is going on. It is time for us to have a public debate, but the first step is to get the most basic facts on the table.
When law and technology intersect there have always been challenges. Technology often serves to undercut law and flow around the restrictions law puts in place. Occasionally, at the opposite extreme, technology serves to amplify law and extend its reach beyond where we, as a society, were ever comfortable.
When the laws that gave rise to the FISA court and National Security Letters (NSLs) were passed, only just a decade ago, it was hard to imagine you could record and store every telephone conversation. Today that is conceivable. Without a public vote or any conscious decision, technology has amplified the reach of the law to a place where many of us are no longer comfortable.
It is time for us, as a society, to have a debate about what laws we are comfortable with given today's technology. In order to do that, we need to have a clear and honest accounting of the current state of affairs. And, in order for that to happen, we need to remove the muzzle and allow companies and governments to talk honestly about what is going on.
Today we did a very modest thing: CloudFlare joined with more than 40 other companies and organizations signing a letter calling for greater transparency in law enforcement actions online. This is not the end, but it is a necessary beginning. It is time for us to have a public debate and the first step is getting the basic facts on the table.
President Barack Obama
The White House
Director of National Intelligence James R. Clapper
Office of the Director of National Intelligence
The Honorable Harry Reid
Senate Majority Leader, United States Senate
The Honorable John Boehner
Speaker of the House, United States House of Representatives
The Honorable Patrick J. Leahy
Chairman, Committee on the Judiciary, United States Senate
The Honorable Bob Goodlatte
Chairman, Committee on the Judiciary
The Honorable Dianne Feinstein
Chairman, Senate Permanent Select Committee on Intelligence, United States Senate
The Honorable Mike Rogers
Chairman, House Permanent Select Committee on Intelligence
Attorney General Eric Holder
United States Department of Justice
General Keith Alexander
Director, National Security Agency
The Honorable Mitch McConnell
Senate Minority Leader, United States Senate
The Honorable Nancy Pelosi
House Minority Leader, United States House of Representatives
The Honorable Charles E. Grassley
Ranking Member,Committee on the Judiciary
United States Senate
The Honorable John Conyers, Jr.
Ranking Member, Committee on the Judiciary
The Honorable Saxby Chambliss
Vice Chairman, Senate Permanent Select Committee on Intelligence
United States Senate
The Honorable Dutch Ruppersberger
Ranking Member, House Permanent Select Committee on Intelligence
July 18, 2013
We the undersigned are writing to urge greater transparency around national security-related requests by the US government to Internet, telephone, and web-based service providers for information about their users and subscribers.
First, the US government should ensure that those companies who are entrusted with the privacy and security of their users' data are allowed to regularly report statistics reflecting:
- The number of government requests for information about their users made under specific legal authorities such as Section 215 of the USA PATRIOT Act, Section 702 of the FISA Amendments Act, the various National Security Letter (NSL) statutes, and others;
- The number of individuals, accounts, or devices for which information was requested under each authority; and
- The number of requests under each authority that sought communications content, basic subscriber information, and/or other information.
Second, the government should also augment the annual reporting that is already required by statute by issuing its own regular "transparency report" providing the same information: the total number of requests under specific authorities for specific types of data, and the number of individuals affected by each.
As an initial step, we request that the Department of Justice, on behalf of the relevant executive branch agencies, agree that Internet, telephone, and web-based service providers may publish specific numbers regarding government requests authorized under specific national security authorities, including the Foreign Intelligence Surveillance Act (FISA) and the NSL statutes. We further urge Congress to pass legislation requiring comprehensive transparency reporting by the federal government and clearly allowing for transparency reporting by companies without requiring companies to first seek permission from the government or the FISA Court.
Basic information about how the government uses its various law enforcement-related investigative authorities has been published for years without any apparent disruption to criminal investigations. We seek permission for the same information to be made available
regarding the government's national security-related authorities.
This information about how and how often the government is using these legal authorities is important to the American people, who are
entitled to have an informed public debate about the appropriateness of those authorities and their use, and to international users of US-based service providers who are concerned about the privacy and security of their communications.
Just as the United States has long been an innovator when it comes to the Internet and products and services that rely upon the Internet, so too should it be an innovator when it comes to creating mechanisms to ensure that government is transparent, accountable, and respectful of civil liberties and human rights. We look forward to working with you to set a standard for transparency reporting that can serve as a positive example for governments across the globe.
Boston Common Asset Management
Domini Social Investments
New Atlantic Ventures
Union Square Ventures
Nonprofit Organizations & Trade Associations
American Booksellers Foundation for Free Expression
American Civil Liberties Union
American Library Association
American Society of News Editors
Americans for Tax Reform
Brennan Center for Justice at NYU Law School
Center for Democracy & Technology
Center for Effective Government
Committee to Protect Journalists
Competitive Enterprise Institute
Computer & Communications Industry Association
The Constitution Project
Electronic Frontier Foundation
First Amendment Coalition
Foundation for Innovation and Internet Freedom
Freedom to Read Foundation
Global Network Initiative
Human Rights Watch
National Association of Criminal Defense Lawyers
National Coalition Against Censorship
New America Foundation's Open Technology Institute
Project On Government Oversight
Reporters Committee for Freedom of The Press
Reporters Without Borders
World Press Freedom Committee