Privacy groups ask FTC to check tech firms' link to NSA

Several advocacy groups are calling for an investigation into Internet companies Yahoo and Google whose networks were secretly accessed by the National Security Agency (NSA).

In a letter sent last week, the groups asked the U.S. Federal Trade Commission (FTC) find out how the NSA could extract so much data without the knowledge of Google and Yahoo.

"The Commission should pursue this investigation because it routinely holds itself out as the defender of consumer privacy in the United States," the authors said. "It is inconceivable that when faced with the most significant breach of consumer data in U.S. history, the Commission could ignore the consequences for consumer privacy."

The letter, signed by officials from the Electronic Privacy Information Center, Privacy Rights Clearinghouse, Center for Digital Democracy, and other organizations, follows recent reports that the NSA gained access to millions of consumer records by secretly tapping directly into data streams from major Internet companies.

The reports prompted fresh concern about NSA surveillance activities and of the privacy of data being held by the world's largest Internet companies.

Firms deny compliance

Google, Yahoo, Microsoft and others have insisted that they divulge consumer information to the NSA and other government agencies only under appropriate court orders. Each has denied providing any help to the NSA and other spy agencies gathering data on Internet users.

In fact, in a court filing last week the companies demanded that the government release more information about the kind of data that Internet companies are being asked to provide the NSA.

The letter from the privacy groups stands out because it seeks to hold Google and Yahoo responsible for the NSA's data collection activities because of a lack of network security controls.

ftc logo

"We are saying that the companies should do more to protect the privacy of user data and that the FTC has a responsibility to police these practices, particularly since both Google and Facebook are subject to consent orders concerning privacy," said Marc Rotenberg, executive director of EPIC.

Rotenberg said consumer privacy groups have long urged Internet companies to adopt better privacy and security practices to safeguard the information they collect. He noted that privacy groups have asked Internet companies to minimize data collection when possible and to delete unneeded data.

Therefore, Internet companies must be held responsible for breaches of data they store, he said.

A Google spokesperson wouldn't comment on the letter. Yahoo didn't respond to a request for comment.

Subscribe to the Security Watch Newsletter

Comments