Government surveillance has a massive impact on the Internet. Even legitimate surveillance activities can harm user trust, safety and security. It’s time we innovate. We propose that governments adopt basic principles that guide the scope of their surveillance activities, balancing their legitimate needs with the broader good:
Governments need to strengthen user security, including the best encryption, not weaken it.
Encryption is critical to protecting user security. Requirements to weaken encryption make it easier for bad actors to attack the technology we all depend on, exposing users to financial, physical and other harms.
Government surveillance should minimize impact on user trust and security.
Governments should collect only the information that is needed and, whenever possible, only data about specific, identifiable users. Governments should avoid compromising systems and such actions should be viewed as unacceptable if other options for obtaining information are available.
Surveillance activities need empowered, independent, and transparent oversight.
Oversight bodies should be independent of surveilling agencies, with broad mandates, enforcement authority, and transparent processes. They should have technical expertise and assess both the demonstrable national security benefits and the potential harms of the surveillance.