The web is one of the greatest inventions of human history because it has made the world more transparent. Fundamentally, that's what the web does: it takes information that was inaccessible and opaque and makes it available and lucid.
At CloudFlare, our mission is to build a better web. We hire great engineers to invent the technical systems that provide anyone a global platform through which to share their ideas. But, beyond the technical, if we are to build a better web, we believe it is also incumbent on us to engage in policy making in furtherance of that mission.
Troubled Waters
It is from this perspective that we have watched the recent disclosures over government Internet surveillance with increasing concern. We are troubled, and I think it is fair to say that the web in general is troubled, at the secrecy surrounding these programs. No sensible person disputes that there is a proper and limited role for law enforcement online. However, the secrecy of this role as it is currently framed, its lack of transparency, strikes against the core of what the web stands for. And it is this secrecy that is fundamentally contrary to CloudFlare's mission.
We need to have a public debate about the extent to which governments should or should not surveil the Internet. But, in order to even begin that debate, first we need to properly understand the current state of affairs.
Muzzled
What's absurd is that, today, the Internet's largest stakeholders are muzzled from disclosing this topic in any sensible way. If we follow the letter of the law, we cannot disclose even the fact that we've received certain kinds of legal orders, let alone their contents or what we've done to challenge them. That's resulted in a sort of Kabuki dance, where Internet giants find themselves forced to parse the meaning of phrases like "direct access," rather than answering their users' legitimate questions about what's going on and how this applies to them and their private data.
Fundamentally, CloudFlare, Google, Microsoft, Twitter, and all the Internet giants are in the business of trust. Revealing our customers' private information to governments or anyone else risks that trust and is therefore something we will always fight vigorously against.
Silent Fight
At CloudFlare, we hold the data our customers trust with us sacrosanct. While, to date, we have never been approached to take part in PRISM or any other similar program, we have on occasion received legal requests we believe are unreasonable. When that has happened, we have challenged them on our customers' behalf—sometimes even going so far as to take the government to court to fight for our customers' rights.
We have great stories to tell about how we've stood up for our customers. Hopefully someday we will be able to tell them.
I am encouraged that, from what I've seen, by in large just arguments can still carry the day. I recognize it doesn't always look that way from the outside, and I am troubled that our courts and governments may be headed in the wrong direction. If the goal is justice, then it is in everyone's best interest that we be as transparent as possible about exactly what is going on. It is time for us to have a public debate, but the first step is to get the most basic facts on the table.
Challenges
When law and technology intersect there have always been challenges. Technology often serves to undercut law and flow around the restrictions law puts in place. Occasionally, at the opposite extreme, technology serves to amplify law and extend its reach beyond where we, as a society, were ever comfortable.
When the laws that gave rise to the FISA court and National Security Letters (NSLs) were passed, only just a decade ago, it was hard to imagine you could record and store every telephone conversation. Today that is conceivable. Without a public vote or any conscious decision, technology has amplified the reach of the law to a place where many of us are no longer comfortable.
It is time for us, as a society, to have a debate about what laws we are comfortable with given today's technology. In order to do that, we need to have a clear and honest accounting of the current state of affairs. And, in order for that to happen, we need to remove the muzzle and allow companies and governments to talk honestly about what is going on.
Next Steps
Today we did a very modest thing: CloudFlare joined with more than 40 other companies and organizations signing a letter calling for greater transparency in law enforcement actions online. This is not the end, but it is a necessary beginning. It is time for us to have a public debate and the first step is getting the basic facts on the table.
President Barack ObamaThe White House
Director of National Intelligence James R. ClapperOffice of the Director of National Intelligence
The Honorable Harry ReidSenate Majority Leader, United States Senate
The Honorable John BoehnerSpeaker of the House, United States House of Representatives
The Honorable Patrick J. LeahyChairman, Committee on the Judiciary, United States Senate
The Honorable Bob GoodlatteChairman, Committee on the Judiciary
The Honorable Dianne FeinsteinChairman, Senate Permanent Select Committee on Intelligence, United States Senate
The Honorable Mike RogersChairman, House Permanent Select Committee on Intelligence
Attorney General Eric HolderUnited States Department of Justice
General Keith AlexanderDirector, National Security Agency
The Honorable Mitch McConnellSenate Minority Leader, United States Senate
The Honorable Nancy PelosiHouse Minority Leader, United States House of Representatives
The Honorable Charles E. GrassleyRanking Member,Committee on the JudiciaryUnited States Senate
The Honorable John Conyers, Jr.Ranking Member, Committee on the Judiciary
The Honorable Saxby ChamblissVice Chairman, Senate Permanent Select Committee on IntelligenceUnited States Senate
The Honorable Dutch RuppersbergerRanking Member, House Permanent Select Committee on Intelligence
July 18, 2013
We the undersigned are writing to urge greater transparency around national security-related requests by the US government to Internet, telephone, and web-based service providers for information about their users and subscribers.
First, the US government should ensure that those companies who are entrusted with the privacy and security of their users' data are allowed to regularly report statistics reflecting:
The number of government requests for information about their users made under specific legal authorities such as Section 215 of the USA PATRIOT Act, Section 702 of the FISA Amendments Act, the various National Security Letter (NSL) statutes, and others;
The number of individuals, accounts, or devices for which information was requested under each authority; and
The number of requests under each authority that sought communications content, basic subscriber information, and/or other information.
Second, the government should also augment the annual reporting that is already required by statute by issuing its own regular "transparency report" providing the same information: the total number of requests under specific authorities for specific types of data, and the number of individuals affected by each.
As an initial step, we request that the Department of Justice, on behalf of the relevant executive branch agencies, agree that Internet, telephone, and web-based service providers may publish specific numbers regarding government requests authorized under specific national security authorities, including the Foreign Intelligence Surveillance Act (FISA) and the NSL statutes. We further urge Congress to pass legislation requiring comprehensive transparency reporting by the federal government and clearly allowing for transparency reporting by companies without requiring companies to first seek permission from the government or the FISA Court.
Basic information about how the government uses its various law enforcement-related investigative authorities has been published for years without any apparent disruption to criminal investigations. We seek permission for the same information to be made availableregarding the government's national security-related authorities.
This information about how and how often the government is using these legal authorities is important to the American people, who areentitled to have an informed public debate about the appropriateness of those authorities and their use, and to international users of US-based service providers who are concerned about the privacy and security of their communications.
Just as the United States has long been an innovator when it comes to the Internet and products and services that rely upon the Internet, so too should it be an innovator when it comes to creating mechanisms to ensure that government is transparent, accountable, and respectful of civil liberties and human rights. We look forward to working with you to set a standard for transparency reporting that can serve as a positive example for governments across the globe.
Thank you.
CompaniesAOLApple Inc.CloudFlareCREDO MobileDiggDropboxEvocaFacebookGoogleHeyzapLinkedInMeetupMicrosoftMozillaRedditsalesforce.comSonic.netStripeTumblrTwitterYahoo!YouNow
InvestorsBoston Common Asset ManagementDomini Social InvestmentsF&C InvestmentsNew Atlantic VenturesUnion Square VenturesY Combinator
Nonprofit Organizations & Trade AssociationsAccessAmerican Booksellers Foundation for Free ExpressionAmerican Civil Liberties UnionAmerican Library AssociationAmerican Society of News EditorsAmericans for Tax ReformBrennan Center for Justice at NYU Law SchoolCenter for Democracy & TechnologyCenter for Effective GovernmentCommittee to Protect JournalistsCompetitive Enterprise InstituteComputer & Communications Industry AssociationThe Constitution ProjectDemand ProgressElectronic Frontier FoundationFirst Amendment CoalitionFoundation for Innovation and Internet FreedomFreedom to Read FoundationFreedomWorksGlobal Network InitiativeGP-DigitalHuman Rights WatchInternet AssociationNational Association of Criminal Defense LawyersNational Coalition Against CensorshipNew America Foundation's Open Technology InstituteOpenTheGovernment.orgProject On Government OversightPublic KnowledgeReporters Committee for Freedom of The PressReporters Without BordersTechFreedomWikimedia FoundationWorld Press Freedom Committee