American startups need surveillance reform
There’s an ongoing debate on the Hill over government surveillance that will impact companies with users abroad, especially startups.
With a good idea and a connection to the open internet, a small startup anywhere in the U.S. can reach users all over the world, expanding their business and contributing to economic and job growth back home.
{mosads}But that open global marketplace for even the smallest and newest companies can be at risk if policymakers in other countries create trade barriers in the name of protecting their citizens’ privacy. And while large companies might have the resources and legal teams to navigate those trade barriers, startups often rely on streamlined data sharing agreements to make sure they’re operating legally abroad.
Take, for instance, the Privacy Shield, a transatlantic deal that lets thousands of companies bring European users’ data across the Atlantic to be processed and stored. While a recent review of the Privacy Shield by the European Commission found that the agreement adequately protects Europeans’ privacy, the review points out places for improvements in U.S. surveillance law to ensure European’s fundamental privacy rights are protected.
“The practical implementation of the Privacy Shield framework can be further improved in order to ensure that the guarantees and safeguards … continue to function as intended,” the report states, calling for transparency and oversight improvements, as well codifying Obama-era privacy protections for non-U.S. persons.
Now Congress has a chance to show that it takes those concerns — and the impact they have on U.S. businesses, including startups — seriously. Section 702 of the Foreign Intelligence Surveillance Act is an online spying law that expires at the end of this year, and Congress has already begun the debate about what changes to make as it reauthorizes the law.
Much of the debate over Section 702 has rightly focused on the impact of this surveillance on national security and civil liberties. But lawmakers should factor in how this debate is perceived abroad and how that perception can harm U.S. businesses, especially the small startups that don’t have the resources to navigate complex international data rules on their own.
As the European Commission noted in its report on Privacy Shield, this year’s Section 702 expiration presents a “unique opportunity for strengthening the privacy protections contained in [the Foreign Intelligence Surveillance Act].”
And some lawmakers are already attempting to bolster privacy, transparency, and oversight protections in Section 702. There are some proposals out — including one from House Judiciary Committee members, a more aggressive version of the bill from Sens. Patrick Leahy (D-Vt.) and Mike Lee (R-Utah), and an even more aggressive bill from Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) — that would make changes to the law, including boosting transparency and oversight of the surveillance and codifying the NSA’s decision earlier this year to end “about” collection. “About” collection was the controversial process of collecting communications not just to and from identified foreign intelligence surveillance targets, but collecting communications that merely mention an identifier linked to a target.
But other lawmakers, seemingly unconcerned by the privacy violations and potential threats to U.S. business, are pushing ahead with proposals would make the law worse. The Senate Intelligence Committee recently passed a bill that would, among other things, extend the law for eight years and create a path forward for the intelligence community to restart “about” collection. And the House Intelligence Committee is quickly moving forward with a new bill that would expand Section 702 surveillance.
Ignoring the concerns about Section 702 surveillance both at home and abroad is not the right answer for lawmakers or for the constituents and small businesses in their districts and states.
With the Section 702 expiration date looming, lawmakers have a chance to respond to both the privacy concerns of their constituents and the concerns of U.S. businesses — especially startups that rely on simplified access to their global users — who are watching the conversation about U.S. surveillance unfold abroad.
Kate Tummarello is a policy analyst at Engine , an advocacy and research organization that supports tech startups. She has a background in privacy and security issues, including her work as a journalist and as a digital rights activist.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..