WASHINGTON — Americans concerned about government collection of their personal data should consider how much data is collected by private companies and what they do with it, according to the top lawyer for the National Security.
“Consider how much information these companies actually know about you, everything from the relatively mundane, like the contact information, to some of your most personal intimate and potentially even unconscious interests and habits” NSAS General Counsel said at an American Bar Association national security conference.
Despite scrutiny of the NSA for its collecting of phone records and electronic surveillance, Gerstell said tech companies, which profit off the sale of user data, as needing more scrutiny.
“We need to be asking ourselves the more fundamental question of what does privacy really mean to us here in the U.S.,” said Gerstell.
He said the NSA’s mass surveillance of citizen emails for terrorist threats done without human intervention and without reading the actual content of the emails, but “my private email provider already reads all my emails looking for spam. How do we reconcile this?”
Through a majority of U.S. citizens have a positive view of tech companies, nearly 75 percent do not believe the companies do enough to protect users’ personal data, according to the Pew Research Center. The NSA does not fare much better in opinion polls, with 54 percent of U.S. citizens disapprove of government anti-terrorism surveillance in a 2015 survey.
The European model, which has extensive protections on consumer data in the private sector, could be preferable, Gerstell and other experts said.
Privacy laws for private companies in the European Union differ from the U.S. approach, with more stringent privacy regulations placed on them. The general Data Protection Regulation, instituted by the EU in 2016, protects consumer data in multiple sectors from health care to banking.
Jennifer Daskal, a law professor at American University, said robust law enforcement in the U.S. surrounding data has lead to a lack of focus on consumer privacy in the private sector.
“This is something that the U.S. has largely ceded to the EU and the other countries that are considering mimicking the EU,” Daskal said. “We need to understand consumer privacy and law enforcement access as completely intertwined.”
Congress expanded the government’s jurisdiction over tech companies earlier this year with a law that forces domestic tech companies to hand over any private data that is subpoenaed regardless if it is stored on domestic or foreign serves. At the time, tech companies welcomed the law as a solution to the contention between tech giants and law enforcement.
Gerstell called the guidelines “too time and labor intensive to meet our needs in this age of rapidly developing technology.”
But Wyndee Parker, National Security Advisor to the Democratic House leadership, argued that the executive branch needs to follow the law.
“Congress passed it, did our part, and quite frankly it’s on the executive branch,” Parker said.