Microsoft legal chief seeks global rules on spying, data

As the World Economic Forum kicks off, Microsoft General Counsel Brad Smith calls for an international convention to create surveillance and data-access rules across borders to protect privacy and businesses.

Microsoft General Counsel Brad Smith Jean-Christophe Verhaegen/AFP/Getty Images

As President Obama made clear in his NSA speech last week, surveillance reforms aren't going to happen overnight, and on Tuesday a blog post by Microsoft's chief legal officer gave a glimpse of the international back-and-forth that may need to take place for civil liberties, national security -- and cross-border business -- to be protected as the digital era moves ahead.

Microsoft General Counsel Brad Smith called for "an international legal framework -- an international convention -- to create surveillance and data-access rules across borders," saying current legal structures are out of date and have prompted "some governments, as we've learned over the past take unilateral actions outside [the] system" -- not the best way forward, Smith said.

"One problem today is that governments still rely on international legal processes that were created in the 1800s. Under the so-called Mutual Legal Assistance Treaty -- or MLAT -- government authorities must go through bureaucratic hurdles that address 21st century problems at 19th century speed," Smith wrote.

Smith is set to take part Wednesday in a World Economic Forum panel discussion about the consequences of public concern over surveillance, data security, and privacy. Revelations about the US National Security Agency's efforts to crack into domestic and overseas networks, spy on foreign citizens, and influence international security standards have created an outcry in various countries. Brazilian President Dilma Rousseff, for example, has called for a law that would compel companies such as Google to store data from Brazilians within that country's borders.

Smith said he hopes the Economic Forum discussions could lead to the surveillance and data-access convention he feels is needed.

"The cornerstone of such a convention should be respect for human rights and individual privacy," Smith wrote. But he also discussed reducing "the legal uncertainty that currently risks slowing new cloud-based technology services internationally" and said "clearer rules for access to data internationally would help open borders and enable companies to host services and data in one country for citizens in another."

Smith's remarks echo one of the principles laid out in the Reform Government Surveillance campaign launched late last year by Apple, Facebook, Google, Microsoft, Yahoo, and other tech companies.

In a full page ad that ran in The New York Times and other high-visibility publications, the firms said "there should be a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved...MLAT processes. Where the laws of one jurisdiction conflict with the laws of another, it is incumbent upon governments to work together to resolve the conflict."

Bigwigs from the companies, including Smith, also met with President Obama at the White House in December to air their concerns and desires.

In his speech on Friday, President Obama said he'd taken the "unprecedented step of extending certain protections that we have for the American people to people overseas. I have directed the [director of National Intelligence], in consultation with the attorney general, to develop these safeguards, which will limit the duration that we can hold personal information, while also restricting the use of this information."

He also said he'd ordered a review of data practices:

I have also asked my counselor, John Podesta, to lead a comprehensive review of big data and privacy. This group will consist of government officials who -- along with the President's Council of Advisors on Science and Technology -- will reach out to privacy experts, technologists, and business leaders, and look at how the challenges inherent in big data are being confronted by both the public and private sectors; whether we can forge international norms on how to manage this data; and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.
Featured Video