In Bizarre Move, Dianne Feinstein Attacks Tech Companies for Profiting Off Spying on Their Customers

Dianne Feinstein attacked PRISM providers’ use of encryption in yesterday’s Senate Judiciary Committee hearing with Loretta Lynch in really bizarre fashion.

Feinstein: Google, Microsoft, Dropbox, and other email and cloud servers use forms of encryption to protect customer data. Their encryption techniques are strong and that makes them relatively well protected against outside attack. But the reality is that many companies only protect data like your email in ways that they can still use it themselves, and profit from it. I believe that the amount of personal information in the hands of private corporations and what some of those corporations are doing with that data is concerning. Isn’t it true that private companies can encrypt data so that it is protected from outsiders but at the same time those same companies can use our personal content data to target advertisements?

Attorney General Lynch: Thank you Senator for raising this important issue. It certainly is the case that many companies — those that you mentioned and others — have strong encryption, which we think is a very positive thing, and yet retain the ability to use the data that is transmitted along their systems, both for security purposes  as well as for marketing purposes. And so it is certainly the case, as we have seen in our talks with various companies, that strong encryption can be accompanied with the ability to still access the data and use the data in relevant ways. And we think that this is something that’s part of the overall debate on this important issue as we all consider — as you have also noted — how much personal information we willingly turn over to private companies and how we want that information handled. And certainly as we continue to discuss this issues I thank you for raising them and making them part of the debate.

Feinstein: Well, thank you very much because with my own devices, and I’m not the most “hep” person when it comes to all of this [raising phone] I’ve been amazed to learn what I can’t control. And my understanding is that it’s private information like web browsing history, email content, geolocation information, even when encrypted on smart phones. So I think it is an area of concern as companies want to defy a probable cause warrant, that they can use this data for their own profit making motives, and that’s of concern.

First, let me remind you: this woman represents Silicon Valley! And yet it’s not clear precisely what she means here.

Don’t get me wrong: I’d love to have a service with the facility of Google but without all the snooping on content and location. It concerns me that Google keeps much of that information even if you opt out of most data sharing.

But why is the Ranking Member of the Collect It All Committee raising these concerns — aside from maybe just now learning how much companies have on her? Indeed, it seems there are at least three reasons why a Collect It All fan should prefer this option:

  • The proprietary information these companies collect — at least the cookies and location data — is available both with a subpoena and under PRISM. Indeed, it should provide some of the most interesting information about intelligence and law enforcement targets.
  • DiFi has just championed a bill that makes the packet sniffing DiFi claims to be concerned about — which allows Google to target us for advertising — more useful for government cybersecurity purposes, too, as Google can not only sniff for their own security purposes, but also share what they find with the government.
  • The Administration is in the middle of a campaign — successful with at least Facebook and probably with some services on Google as well — to ask tech companies to use their marketing algorithm function to disfavor ISIS propaganda and favor counter-propaganda.

In other words, DiFi should love this state of affairs!

The only explanation (aside from some recent discovery of how much of her own data these companies have) I can think of is that DiFi has learned how little data iMessage and Signal collect on people, and was supposed to complain that she is furious that companies that, by collecting so little, limit how cooperative they can be in cases of legal requests, also offer security for their customers. But she appeared to be reading from a written statement, so that doesn’t make sense either.

The only other possibility I can imagine is that the government is trying to expand its access to this proprietary information under PRISM, and providers are balking. Which would be rather interesting.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

9 replies
  1. Rayne says:

    What-the-what?! Does DiFi not understand the fundamental quid pro quo users make with service providers like Google and Facebook? We agree for use of their “free” services like email and social media to allow them to advertise to us, serving customized content based on the services we use. But we don’t consent to third parties outside of that quid pro quo to use our data — hence the encryption. Is she going to take issue with newspapers and online media companies, too?

    Is DiFi just now offering a backhanded, roundabout critique of business models we’ve used for the last couple decades — business models that support her constituents and her continued office?

  2. jerryy says:

    .
    “… they can use this data for their own profit making motives, and that’s of concern.”
    .
    She is just upset she is not getting her cut, excuse me, share of the proceeds, uh let me try that again… The private companies are not allowing easy snooping on the encrypted web surfing etc. so that the ic has to work harder to figure out what the public is up to.
    .
    Someone might have explained to her the difference between https, tls , ssl etc. vs. encrypted data storage, in relation to which Reuters reported a while back, she is proposing along with her twin Burr, companies that resist decrypting stored data will face civil penalties.

  3. jerryy says:

    .
    You were not really expecting consistency from her were you?
    .
    After all, Ms. Emptywheel reported some time back regarding her (DiFi’s) reaction to the Sony Playstation hack that she was worried on one day about hackers getting her grandchildren’s credit card info and then on another day that terrorists would be using the secure gamers communication mode to plot to take over the world.

  4. pdaly says:

    I agree. It seems Difi starts out complaining that we citizens have to rely on companies to keep our privacy. I agree there; our privacy should be protected by more than just the whim of a corporation choosing to follow good corporate behavior. Our privacy should be protected by law.
    .
    But then Difi seems UPSET that encrypted info is kept from the government.
    Difi is against good encryption? She appears to be making this presentation merely to undermine Apple’s claim that it cannot decrypt “information” for government use.

  5. Bitter Angry Drunk says:

    How’s that line go? You’ll never go broke underestimating the intelligence of the average American (serving in Congress)?

    Seriously, our leaders don’t understand this stuff, and it’s a problem.

  6. orionATL says:

    now, with feinstein’s attack on “profit making companies, as if this were unamerican business behavior, one can see what james “big scare” comey and the obama admin (for whom feinstein is a mouthpiece) are up to when comey talks about” changing the apple business model”. it has nothing whatever to do with actual considerations of changing the way apple receives its income.

    “changing apple’s business model” is just comey’s indirect, coded way of saying apple is putting its corporate, monied interests above the common good. this is government propaganda designed to influence legislators and judges, and the few citizens paying attention, and thereby influence their decisions on endless government right to suveill – right down to solving a traffic accident responsibility.

    some time back i pointed out the obvious – apple can both be a private, for-profit organization and act in the public interest. hospitals do this all the time. i’m surprised apple hasn’t fought back against the comey- feinstein canard. one would think the fbi/nsa/cia’s extraordinary policing record of complete incompetence in failing to identify malfactoctors beforehand and thereby prevent an attack would be easy pickings.

    gov is saying, “we need to build just one more haystack – just one more, honest”.

  7. orionATL says:

    apropo –

    the ranking member and former chair of the most surveillance-legislation-generating committe in congress confesses her ignorance:

    “… Feinstein: Well, thank you very much because with my own devices, and I’m not the most “hep” person when it comes to all of this [raising phone] I’ve been amazed to learn what I can’t control…” 

    i’m not at all surprised. feinstein’s just another powerful politician.

Comments are closed.