In 2011, The Privacy Projects began to fund research into what seemed to be a growing interest on the part of governments in obtaining systematic access to data held by the private sector for investigative and intelligence purposes.
As used in this project, “systematic” government access refers both to (1) direct, unmediated access by the government to private-sector data, where the government seeks some kind of automated interface with a corporation’s data systems; and (2) government access, whether or not mediated by a company, to large volumes of private-sector data, rather than seeking access to the data about one person or a small number of people at a time. Systematic access may be statutorily authorized or rely on more informal, cooperative arrangements between the executive branch and major firms with large data stores.
The goals of the project are to (1) illuminate the legal bases, interests, and activities of governments related to obtaining systematic access to stored business data; (2) determine the extent to which such access is, or should be, of concern to companies; and (3) begin the process of understanding the dimensions of that concern and strategizing about how most effectively to address it.
Phase I of the project, led by Fred Cate of Indiana University, commissioned a series of short papers addressing how these issues are developing in selected countries, the legal context in which those developments are occurring, and the authors’ perspective on the challenges and potential ramifications of those developments. The countries studied in Phase I were Australia, Canada, China, Germany, India, Israel, the United Kingdom, and the United States. Those papers were published online: http://idpl.oxfordjournals.org/content/2/4.toc.
Phase I of the project also included a workshop in Washington, DC in April 2012. Under the Chatham House Rule, participants from leading companies and privacy experts met to discuss the government access issue and to begin to identify common themes. An overview paper capturing highlights of the country studies and the workshop discussion was published here: http://idpl.oxfordjournals.org/content/2/4/195.full.pdf+html.
Phase II, led by the Center for Democracy & Technology, commissioned papers on Brazil, France, Italy, and South Korea, which will also be published online. In addition, Phase II categorize the issues involved in governmental access, in a way that allows comparative analysis and the identification of cross-cutting themes. This site represents an effort to display that data in an accessible format.
Phase II also included a second workshop, held in London on June 3, 2013, bringing together representatives from compnaies based in the US and in Europe, academics, and civil society advocates.
Based on the country reports, the workshop, and the flood of material that began with the leaks by Edward Snowden, CDT worked with two leading privacy experts (Ira Rubinstein of New York University and Ronald Lee of Arnold & Porter) to prepare a comparative analysis, with conclusions and recommendations for future action.