One of the most consequential decisions facing U.S. lawmakers this year is whether or not to renew Section 702 of the Foreign Intelligence Surveillance Act. Although the Carter-era FISA is as old as I am, 2008’s Section 702 is a product of the War on Terror and is perhaps best known as the legal basis for the privacy-busting shenanigans exposed by National Security Agency whistleblower Edward Snowden a decade ago.
With Section 702 due to expire at the end of the year unless it is reauthorized, the Privacy and Civil Liberties Oversight Board—which advises the White House—just dropped a major report on the matter. And it will not make easy reading for U.S. Big Tech, nor for Americans in general.
First, the citizens. Section 702 is supposed to only authorize the warrantless surveillance of people outside the U.S., but this new report (PCLOB’s first review of Section 702-based surveillance since 2014) makes clear that the authorized programs “incidentally” collect Americans’ communications all the time, when targeted people communicate with them. Not that any agencies are keeping data on this phenomenon.
The most relevant technique here is “downstream collection” (known as Prism in the Snowden days), which involves forcing a provider like Google to hand over someone’s communications. Both the NSA and the Federal Bureau of Investigation get to make such requests, and PCLOB said in its report that “although all U.S. person queries by the Intelligence Community present privacy and civil liberties risks, FBI’s querying procedures and practices pose the most significant threats to Americans’ privacy.” (This will delight the eyes of Republicans who oppose 702 renewal on the basis of alleged FBI bias, but I’m trying to steer clear of the intra-U.S. political debate here.)
Except in limited circumstances, “government personnel are not required by Section 702 to make any showing of suspicion that the U.S. person is engaged in any form of wrongdoing prior to using a query term associated with that specific U.S. person,” the report continues. “Nor does Section 702 require analysts or agents to seek approval from any judicial authority or other independent entity outside their agency…The government has not demonstrated that such queries [about Americans] have nearly as significant value as the Section 702 program overall.”
The board recommends that the program should be renewed but with changes including a requirement for “individualized and particularized judicial review for all U.S. person query terms.” Problems solved? Well, not so much if you’re looking at this from a non-American perspective.
Here’s where things get tricky for Big Tech. Remember how the EU’s top court has repeatedly blown up tech firms’ legal justifications for sending Europeans’ personal data to the U.S.? That’s largely because of 702-based surveillance programs, which are certain to prove pivotal yet again when EU privacy campaigners challenge the latest EU-U.S. data-sharing agreement, the Trans-Atlantic Data Privacy Framework.
Imagine how the European Court of Justice will react to excerpts from the PCLOB report such as these: “In CY2022, the Section 702 program targeted approximately 246,073 non-U.S. persons located abroad, which represents a 276% increase since CY2013. The surge in Section 702 targeting in recent years increases the privacy and civil liberties risks, both for actual targets and for those whose information has been incidentally or inadvertently collected…The program lacks individualized and particularized judicial review of targeting decisions…This poses risks that targeting can be overbroad or unjustified. These risks are increasing as the target numbers and their associated selectors continue to grow.”
The report also refers to a new, “highly sensitive technique” that the NSA was last year authorized to start using when collecting data about non-Americans directly from U.S. telecommunications networks. Apparently it “involves new privacy risks” and presents “novel and significant legal issues,” which is not going to set anyone’s mind at rest here in Europe.
Max Schrems, the Austrian lawyer-campaigner whose lawsuits sunk the Trans-Atlantic Data Privacy Framework’s two predecessors, tells me his challenge to the new framework will commence within weeks. I think it’s fair to say this PCLOB report will give him plenty of ammunition. Even if Section 702 is reauthorized with the board’s recommended reforms to better protect people in the U.S. from American surveillance, Big Tech has much to fear from abroad.
More news below.
Want to send thoughts or suggestions to Data Sheet? Drop a line here.
David Meyer
NEWSWORTHY
OpenAI’s gadget. More details on OpenAI’s potential consumer device, which seems set to be a collaboration with design legend Jony Ive: The Financial Times reports that OpenAI is in advanced talks to set up a new venture that would take over $1 billion in SoftBank funding. SoftBank chief Masayoshi Son is reportedly also keen to have chip designer Arm (majority-owned by SoftBank) play “a central role.” Ive, who designed the iPhone and is regretful about the smartphone’s encouragement of compulsive behavior, is apparently keen on developing “a way of interacting with computers that is less reliant on screens.”
PlayStation chief retires. Sony Interactive Entertainment is losing its CEO. Jim Ryan will retire next March, having joined Sony all the way back in 1994. Ryan, a Brit, said he has “found it increasingly difficult to reconcile living in Europe and working in North America.” Bloomberg reports that Sony Group CFO Hiroki Totoki will become interim CEO of the firm’s games business until a successor is found.
Apple antitrust. Apple’s legal team is having a busy time on the antitrust front. A U.S. district judge said yesterday that the iPhone maker must face a private antitrust suit from payment card issuers who don’t claim it unfairly shuts out competition for its Apple Pay mobile wallet. And, as Reuters also reports, Epic Games is now trying to get the Supreme Court to reappraise its so far largely unsuccessful case over Apple’s in-app purchase commission.
ON OUR FEED
“There are a lot of things that people think are awesome but may not always come back to. I think some of what people are seeing now around ChatGPT is part of that.”
—Mark Zuckerberg discusses engagement in a lengthy interview with The Verge. And yes, that part of the piece spun off a discussion of Meta’s hot-then-not Twitter rival, Threads. Also: “I think Twitter indexes very strongly on just being quite negative and critical. I think that that’s sort of the design.”
IN CASE YOU MISSED IT
Mark Zuckerberg just launched Meta’s plan to catch up on AI, and it involves Snoop Dogg and Kendall Jenner chatbots, by Alexei Oreskovic
X should be profitable next year, CEO Linda Yaccarino says in contentious interview, by Kylie Robison
A one-year-old U.K. startup says it’s achieved a major breakthrough in AI safety by scoring high on a video game, by Jeremy Kahn
Twitter/X previews what ‘shadowbans’ will look like, by Chris Morris
KPMG offered video game training to some employees. They brought 16% more clients and 36% more in revenue-generating fees, by Paige McGlauflin and Joseph Abrams
BEFORE YOU GO
A new Raspberry Pi. The Raspberry Pi is a teensy yet capable computer that’s brilliant for hobbyists and tinkerers, and it’s just received its first new version in four years.
The Raspberry Pi 5, which will go on sale next month, is a lot more powerful than its predecessors, featuring at least 4GB of RAM, the ability to run two 4K displays at once, and better support for PCI Express peripherals—all for a starting price of $60. And, as TechCrunch notes, it’s “the first full-size Raspberry Pi that uses custom silicon.”
This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.