{"id":277,"date":"2015-04-03T11:56:20","date_gmt":"2015-04-03T19:56:20","guid":{"rendered":"http:\/\/blog.mozilla.org\/netpolicy\/?p=277"},"modified":"2015-04-03T15:04:53","modified_gmt":"2015-04-03T23:04:53","slug":"say-no-to-data-retention-in-surveillance-reform","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/","title":{"rendered":"Say no to data retention in surveillance reform"},"content":{"rendered":"<p>Despite nearly two years of revelations about the scope and scale of government surveillance practices, and the ensuing damage to user trust, security, and privacy, the U.S. Congress continues to delay passing meaningful reforms.<\/p>\n<p>The current surveillance authority under discussion is Section 215 of the USA PATRIOT Act, which has been used to authorize mass surveillance by the NSA, including for all phone metadata. This law expires June 1, and must not be renewed as it stands today.<\/p>\n<p>Our bottom line for this round of surveillance reform in the United States includes four key elements, without which user trust will continue to suffer:<\/p>\n<ol>\n<li>\u00a0\u00a0\u00a0\u00a0A strict ban on bulk collection;<\/li>\n<li>\u00a0\u00a0\u00a0\u00a0Sufficient transparency to be able to tell if bulk collection or mass surveillance is occurring, including declassification of Foreign Intelligence Surveillance Court opinions;<\/li>\n<li>\u00a0\u00a0\u00a0\u00a0No new data retention mandates; and<\/li>\n<li>\u00a0\u00a0\u00a0\u00a0No new surveillance authorities, powers, or programs.<\/li>\n<\/ol>\n<p>One of the most contentious topics in the current legislative debate is whether to include mandatory data retention as part of Section 215 reauthorization and reform. The theory behind this \u201ccompromise\u201d is that, when direct bulk collection by the U.S. government is eliminated, if telecommunications companies are not required to retain data, then some bits might be \u201clost\u201d and not available for later law enforcement or intelligence access.<\/p>\n<p>This is not a compromise, but rather an exercise in misguided pragmatism. The expectation of total after the fact information awareness by the U.S. government of the intimate details of our conversations is at the core of negative reactions to overbroad surveillance regimes and harm to trust online. It is an unnecessary, and harmful, posture for any democratic government to take. Data retention mandates are not a missing piece of the long-term surveillance ecosystem; they are a bridge too far.<\/p>\n<p>Once we accept the principle that the government has a right to force records to be held onto so they can effectively go into the past, where does that stop? \u00a0What&#8217;s the limit? \u00a0Or are we paving the way to a world where nothing can be deleted just in case the government might want to look at it? It\u2019s not hard to see how such a limitless program would quickly move from telephone records to Internet companies.<\/p>\n<p>As the nearly daily parade of data breaches make clear, amassing the personal information of everyone in the United States exposes those data to breach, theft, misuse, and abuse. Data acquired are data at risk, and this threat to user security and privacy is not acceptable. As Foreign Intelligence Surveillance Court Judge Reggie Walton noted in a recent <a href=\"http:\/\/www.emptywheel.net\/wp-content\/uploads\/2014\/03\/14-01_Opinion.pdf\">ruling<\/a>, data retention by government \u201cincreases the risk that information about United States persons may be improperly used or disseminated,\u201d in particular because \u201cthe great majority of these individuals have never been the subject of investigation\u201d for intelligence purposes. These same risks apply to data retention by companies.<\/p>\n<p>In addition to making troves of private user information vulnerable to malicious actors, requiring companies to hold user data longer than necessary for business purposes would create additional liability and risk. In general, storing data for longer than it\u2019s useful for any purpose should be avoided. To do so in support of intrusive surveillance practices is even more harmful. What\u2019s more, at a time when <a href=\"http:\/\/www.pewinternet.org\/2014\/11\/12\/public-privacy-perceptions\/\">91% of Americans say they feel they have lost control over their own data<\/a>, mandatory data retention would preclude new privacy-maximizing business models.<\/p>\n<p>Finally, when Congress was last considering reform of Section 215, Attorney General Holder and Director of National Intelligence Clapper <a href=\"http:\/\/images.politico.com\/global\/2014\/09\/04\/clapperholderleahyltr.pdf\">wrote<\/a> that mandatory data retention was unnecessary, stating that the version of the USA FREEDOM Act then under consideration, \u201cwill accommodate operational needs while providing appropriate privacy protections.\u201d These statements are as true today as they were at the end of last year.<\/p>\n<p>Mandatory data retention under Section 215 reauthorization, or in any other law, will further harm trust online and will compound security risks for users and associated economic costs for the future.<\/p>\n<p>Chris Riley, Head of Public Policy<br \/>\nJochai Ben-Avie, Internet Policy Manager<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Despite nearly two years of revelations about the scope and scale of government surveillance practices, and the ensuing damage to user trust, security, and privacy, the U.S. Congress continues to &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/\">Read more<\/a><\/p>\n","protected":false},"author":665,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Say no to data retention in surveillance reform - Open Policy &amp; Advocacy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chris Riley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/\",\"name\":\"Say no to data retention in surveillance reform - Open Policy &amp; Advocacy\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\"},\"datePublished\":\"2015-04-03T19:56:20+00:00\",\"dateModified\":\"2015-04-03T23:04:53+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/92c467284d1b178dea38bea5386a5263\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/netpolicy\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Say no to data retention in surveillance reform\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/netpolicy\/\",\"name\":\"Open Policy &amp; Advocacy\",\"description\":\"Mozilla&#039;s official blog on open Internet policy initiatives and developments\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/92c467284d1b178dea38bea5386a5263\",\"name\":\"Chris Riley\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/559fa836e2ec3814f8e5ac20d5b8cae6\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4778f215cde88b189620cafd0476b440?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4778f215cde88b189620cafd0476b440?s=96&d=mm&r=g\",\"caption\":\"Chris Riley\"},\"description\":\"Head of Public Policy, Mozilla\",\"sameAs\":[\"https:\/\/blog.mozilla.org\/netpolicy\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Say no to data retention in surveillance reform - Open Policy &amp; Advocacy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/","twitter_misc":{"Written by":"Chris Riley","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/","url":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/","name":"Say no to data retention in surveillance reform - Open Policy &amp; Advocacy","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website"},"datePublished":"2015-04-03T19:56:20+00:00","dateModified":"2015-04-03T23:04:53+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/92c467284d1b178dea38bea5386a5263"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/netpolicy\/2015\/04\/03\/say-no-to-data-retention-in-surveillance-reform\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/netpolicy\/"},{"@type":"ListItem","position":2,"name":"Say no to data retention in surveillance reform"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#website","url":"https:\/\/blog.mozilla.org\/netpolicy\/","name":"Open Policy &amp; Advocacy","description":"Mozilla&#039;s official blog on open Internet policy initiatives and developments","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/netpolicy\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/92c467284d1b178dea38bea5386a5263","name":"Chris Riley","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/netpolicy\/#\/schema\/person\/image\/559fa836e2ec3814f8e5ac20d5b8cae6","url":"https:\/\/secure.gravatar.com\/avatar\/4778f215cde88b189620cafd0476b440?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4778f215cde88b189620cafd0476b440?s=96&d=mm&r=g","caption":"Chris Riley"},"description":"Head of Public Policy, Mozilla","sameAs":["https:\/\/blog.mozilla.org\/netpolicy\/"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/277"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/users\/665"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/comments?post=277"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/posts\/277\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/media?parent=277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/categories?post=277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/tags?post=277"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/netpolicy\/wp-json\/wp\/v2\/coauthors?post=277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}