In recent years, there has been an increase worldwide in government demands for data held by the private sector, driven by a variety of factors.
Comparative Study of Standards for Government Access
Chart 1 – Framework
Chart 2 – Business Records
Chart 3 – Law Enforcement
Chart 4 – National Security
Online Interactive Data (all charts)
This includes an expansion in government requests for “systematic access:” direct access by the government to private-sector databases or networks, or government access, whether or not mediated by a company, to large volumes of data. Recent revelations about systematic access programs conducted by the United States, the United Kingdom and other countries have dramatically illustrated the issue and brought it to the forefront of international debates.
This report is the culmination of research, funded by The Privacy Projects, that began in 2011. In the first phase of the study, outside experts were commissioned to examine and write reports about laws, court decisions, and any available information about actual practices in thirteen countries (Australia, Brazil, Canada, China, France, Germany, India, Israel, Italy, Japan, South Korea, the United Kingdom, and the United States).
Two roundtables were held with private-sector companies, civil society, and academics. Based on that research, a number of common themes were identified about the countries examined and a descriptive framework for analyzing and comparing national laws on surveillance and government access to data held by the private sector was developed. Also developed was a normative framework based on a series of factors that can be derived from the concept of “rule of law,” from constitutional principles, and from existing international human rights jurisprudence.
United States:
1. “In accordance with law” – Standards provided by the Wiretap Act and ECPA.
2. Court order required – Yes
3. Approval of senior official required – Authorization from Attorney General or designee required to apply for warrant. 18 USC § 2516
4. Limited to serious crimes – Limited to long list of predicate crimes. 18 USC § 2516
5. Particularity as to target – Yes; roving wiretaps allowed. 18 USC § 2518; 50 USC §1805(c)(2)(b).
6. Showing of suspicion required – Probable cause to believe that a crime has been, is being or is about to be committed. 18 USC § 2518(3)(a).
7. Exhaustion of less intrusive means – Allowed if normal investigative procedures reasonably appear unlikely to succeed or too dangerous. 18 USC § 2518 (3)(c).
8. Limit on duration – 30 days; subject to renewal.
9. Limit on scope (minimization of irrelevant data required) – Yes
10. Limit on use and disclosure – Disclosure limited to “proper performance of … official duties.” 18 USC §2517(1).
11. Retention limit/limit on storage – At least 10 years, unless ordered destroyed by a judge. 18 USC 2518 (8)(a).
12. Notice to target – Required within 90 days of termination of wiretap order. 18 USC § 2518(8)(d).
13. Oversight (protections against abuse) – judicial, executive, legislative – Limited to long list of predicate crimes. 18 USC § 2516.
14. Redress (remedy) – Administrative Office of the U.S. Courts annual report to Congress. Congressional oversight. 18 USC § 2519.
About The Privacy Projects (TPP)
TPP’s goal is to create ongoing momentum to update personal information handling policies, practices and tools to match the world-class technologies that power our networked world. We believe that we can support advances in the ways organizations, including business and government, collect, store, use, share and manage personal information, encouraging more respect for the ‘digital human’ the data represents. To this end, TPP sponsors research and facilitates informed dialog to promote practical solutions and policy frameworks that foster responsible information sharing while preventing, to the extent possible, inappropriate access to and use of personal information.
2013 Research Proposals Process
We live in a world of growing interconnection where technology is ever more integrated into both our work and personal lives, resulting in both significant economic and societal benefits. Those beneficial uses of technology may also create more possibilities for exposing personal information including interests, beliefs, associations, thoughts and actions; these uses connect individuals, communities, the public and the government in new and unexpected ways. Apart from exposing information as incidental to the use of a service, a new range of bad actors has emerged that seeks to exploit such information accessibility for financial gain.
Technology developments and innovation outpace government’s ability to create new laws, regulations and policies to protect personal data. In a world of diverse devices and interconnected, networked environments, existing tools have limited ability to address many privacy and data protections issues. Even commercial and government tools are challenged to keep pace with emerging business models and ways in which information can be used.
In this ever more interconnected context, TPP is committed to directing targeted research, fostering appropriate stakeholder dialog, and promoting practical technical solutions and policy frameworks related to existing and emerging models of information collection, use and governance. Our goal is to facilitate and enhance the collaboration among government, business and individuals to design and implement frameworks and systems that address emerging privacy, security and governance concerns through the development of policy and technical solutions that promote responsible information sharing while preventing, to the extent possible, inappropriate access to and use of personal information.
TPP will consider, on an ongoing basis, research proposals in line with our mission statement that consider the following factors:
- Addresses practical challenges and seeks solutions to real world conditions
- Supports developing public policy reforms that address challenges faced by organization who collect, store, use, share and manage personal information
- Helps organizations to enhance data governance capabilities and capacities
- Capable of broad deployment, adoption and implementation
Please submit a brief abstract describing your project including timeline and researches involved with the work. Please note that TPP prefers to take on projects for which we are not the sole funders. Submissions will be accepted at info@theprivacyprojects.org.
Review and Approval Process
Proposals will be accepted for consideration upon submission. The Board of Directors will review and evaluate each proposal based on the following elements:
- Distinct Contribution: TPP will strive to support innovative research that brings new issues and perspectives to the privacy policy dialogue;
- Impact: TPP will strive to support research on topics that will advance organizations’ management and stewardship of personal information; and,
- Influence: TPP will strive to support research that will be influential.