July 2, 2020

Judge Urges U.S. to Consider Releasing N.S.A. Data on Calls

Judge F. Dennis Saylor IV issued the opinion in a response to a motion filed by the American Civil Liberties Union, saying such a move would add to “an informed debate” about privacy and might even improve the reputation of the Foreign Intelligence Surveillance Court on which he sits.

The ruling was the latest development to show the seismic impact of the disclosures by Edward J. Snowden, the former N.S.A. contractor, on the secrecy that has surrounded both the agency and the court. It came a day after the director of national intelligence, James R. Clapper Jr., said in a speech that Mr. Snowden’s leak of secret documents had set off a “needed” debate.

Judge Saylor of Boston, one of the 11 federal judges who take turns sitting on the court operated under the Foreign Intelligence Surveillance Act, said in his ruling that the publication in June of a court order leaked by Mr. Snowden regarding the phone logs had prompted the government to release a series of related documents and “engendered considerable public interest and debate.”

Among the documents voluntarily made public by the Obama administration since then are two FISA court rulings from 2009 and 2011 that were highly critical of the N.S.A., which the judges said had not only violated the agency’s own rules and the law, but had repeatedly misled them.

Those disclosures ran counter to a longstanding assertion by the court’s critics that it acts as a rubber stamp for the N.S.A. and the F.B.I., since statistics show that it has rarely turned down a request for a government eavesdropping warrant.

Judge Saylor seemed to applaud the fuller picture of the court’s actions from the disclosures to date, saying of the possibility of the release of more declassified rulings that “publication would also assure citizens of the integrity of this court’s proceedings.”

The court was responding to the A.C.L.U.’s request for public release of rulings related to the N.S.A.’s collection of the so-called metadata of virtually all phone calls in the United States — phone numbers, time and duration of calls, but not their content. The collection takes place under a provision of the Patriot Act that allows the government to gather “business records” if they are relevant to a terrorism or foreign intelligence investigation.

Though the intelligence court has continued to approve orders to the telephone companies to turn over the call logs, members of Congress — including Representative Jim Sensenbrenner of Wisconsin, a Republican and an author of the Patriot Act, and Senator Patrick J. Leahy of Vermont, the Democratic chairman of the Judiciary Committee — have said the N.S.A.’s collection goes too far.

Alex Abdo, a staff lawyer with the A.C.L.U.’s national security project, said the ruling showed that the court “has recognized the importance of transparency to the ongoing public debate about the N.S.A.’s spying.” Mr. Abdo added, “For too long, the N.S.A.’s sweeping surveillance of Americans has been shrouded in unjustified secrecy.”

Before Mr. Snowden began his release of documents in June, intelligence officials insisted that any public discussion of N.S.A. programs or the secret court rulings governing them would pose a danger to national security. But the strong public and Congressional response to many of the disclosures has forced the spy agency to shift its stance, and President Obama has directed it to make public as much as possible about its operations and rules.

In response, Mr. Clapper’s office has created a new Web page to make public documents, statements by officials and other explanatory material.

On Thursday, in a talk to intelligence contractors, Mr. Clapper said he thought Mr. Snowden’s leaks had started a valuable discussion. “It’s clear that some of the conversations this has generated, some of the debate, actually needed to happen,” he said, according to The Los Angeles Times. “If there’s a good side to this, maybe that’s it.”

But he denounced Mr. Snowden’s leaks, saying they had damaged national security. “Unfortunately, there is more to come,” he said, referring to the fact that news reports have covered only a small fraction of the tens of thousands of documents Mr. Snowden took.

Article source: http://www.nytimes.com/2013/09/14/us/judge-urges-us-to-consider-releasing-nsa-data-on-calls.html?partner=rss&emc=rss

Secret Court Ruling Put Tech Companies in Data Bind

The judges disagreed. That left Yahoo two choices: Hand over the data or break the law.

So Yahoo became part of the National Security Agency’s secret Internet surveillance program, Prism, according to leaked N.S.A. documents, as did seven other Internet companies.

Like almost all the actions of the secret court, which operates under the Foreign Intelligence Surveillance Act, the details of its disagreement with Yahoo were never made public beyond a heavily redacted court order, one of the few public documents ever to emerge from the court. The name of the company had not been revealed until now. Yahoo’s involvement was confirmed by two people with knowledge of the proceedings. Yahoo declined to comment.

But the decision has had lasting repercussions for the dozens of companies that store troves of their users’ personal information and receive these national security requests — it puts them on notice that they need not even try to test their legality. And despite the murky details, the case offers a glimpse of the push and pull among tech companies and the intelligence and law enforcement agencies that try to tap into the reams of personal data stored on their servers.

It also highlights a paradox of Silicon Valley: while tech companies eagerly vacuum up user data to track their users and sell ever more targeted ads, many also have a libertarian streak ingrained in their corporate cultures that resists sharing that data with the government.

“Even though they have an awful reputation on consumer privacy issues, when it comes to government privacy, they generally tend to put their users first,” said Christopher Soghoian, a senior policy analyst studying technological surveillance at the American Civil Liberties Union. “There’s this libertarian, pro-civil liberties vein that runs through the tech companies.”

Lawyers who handle national security requests for tech companies say they rarely fight in court, but frequently push back privately by negotiating with the government, even if they ultimately have to comply. In addition to Yahoo, which fought disclosures under FISA, other companies, including Google, Twitter, smaller communications providers and a group of librarians, have fought in court elements of National Security Letters, which the F.B.I. uses to secretly collect information about Americans. Last year, the government issued more than 1,850 FISA requests and 15,000 National Security Letters.

“The tech companies try to pick their battles,” said Stephen I. Vladeck, a law professor at American University who has challenged government counterterrorism surveillance. “Behind the scenes, different tech companies show different degrees of cooperativeness or pugnaciousness.”

But Mr. Vladeck added that even if a company resisted, “that may not be enough, because any pushback is secret and at the end of the day, even the most well-intentioned companies are not going to be standing in the shoes of their customers.”

FISA requests can be as broad as seeking court approval to ask a company to turn over information about the online activities of people in a certain country. Between 2008 and 2012, only two of 8,591 applications were rejected, according to data gathered by the Electronic Privacy Information Center, a nonprofit research center in Washington. Without obtaining court approval, intelligence agents can then add more specific requests — like names of individuals and additional Internet services to track — every day for a year.

National Security Letters are limited to the name, address, length of service and toll billing records of a service’s subscribers.

Because national security requests ban recipients from even acknowledging their existence, it is difficult to know exactly how, and how often, the companies cooperate or resist. Small companies are more likely to take the government to court, lawyers said, because they have fewer government relationships and customers, and fewer disincentives to rock the boat. One of the few known challenges to a National Security Letter, for instance, came from a small Internet provider in New York, the Calyx Internet Access Corporation.

The Yahoo ruling, from 2008, shows the company argued that the order violated its users’ Fourth Amendment rights against unreasonable searches and seizures. The court called that worry “overblown.”

“Notwithstanding the parade of horribles trotted out by the petitioner, it has presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse,” the court said, adding that the government’s “efforts to protect national security should not be frustrated by the courts.”

One of the most notable challenges to a National Security Letter came from an unidentified electronic communications service provider in San Francisco. In 2011, the company was presented with a letter from the F.B.I., asking for account information of a subscriber for an investigation into “international terrorism or clandestine intelligence activities.”

The company went to court. In March, a Federal District Court judge, Susan Illston, ruled the information request unconstitutional, along with the gag order. The case is under appeal, which is why the company cannot be named.

Google filed a challenge this year against 19 National Security Letters in the same federal court, and in May, Judge Illston ruled against the company. Google was not identified in the case, but its involvement was confirmed by a person briefed on the case.

In 2011, Twitter successfully challenged a silence order on a National Security Letter related to WikiLeaks members.

Other companies are asking for permission to talk about national security requests. Google negotiated with Justice officials to publish the number of letters they received, and were allowed to say they each received between zero and 999 last year, as did Microsoft. The companies, along with Facebook and Twitter, said Tuesday that the government should give them more freedom to disclose national security requests.

The companies comply with a vast majority of nonsecret requests, including subpoenas and search warrants, by providing at least some of the data.

For many of the requests to tech companies, the government relies on a 2008 amendment to FISA. Even though the FISA court requires so-called minimization procedures to limit incidental eavesdropping on people not in the original order, including Americans, the scale of electronic communication is so vast that such information — say, on an e-mail string — is often picked up, lawyers say.

Last year, the FISA court said the minimization rules were unconstitutional, and on Wednesday, ruled that it had no objection to sharing that opinion publicly. It is now up to a federal court.

Nicole Perlroth and Somini Sengupta contributed reporting from San Francisco.

Article source: http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html?partner=rss&emc=rss

3 Tech Giants Want to Reveal Data Requests

They made the request after revelations about the National Security Agency’s secret Internet surveillance program, known as Prism, for collecting data from technology companies like e-mail messages, photos, stored documents, videos and online chats. The collection is legally authorized by the Foreign Intelligence Surveillance Act, which forbids companies from acknowledging the existence of requests or revealing any details about them.

Google for the first time publicly acknowledged it had received FISA requests and said it had complied with far fewer of the requests than it received. Facebook and Microsoft did not go as far as discussing requests they had received but, like Google, said they wanted to be able to publish information on the volume and scope of the government requests.

Christopher Soghoian, a senior policy analyst studying privacy, technology and surveillance at the American Civil Liberties Union, said that while he appreciated the statements from the companies, they were largely meant to save face with users and employees.

“If nothing else happens, this is a way of putting the government on the defensive and shifting the blame from the companies to the government,” he said.

Many questions remain unanswered after the leak of N.S.A. documents about Prism, including precisely how the tech companies and the government cooperate. Prism refers to an automated system for electronically exchanging information regarding FISA requests, according to people briefed on how it works. On Tuesday, David Drummond, Google’s chief legal officer, said in an interview on British television that Google hands over the information to the government in person or by using a file-transferring technology called secure FTP.

But the companies say they are frustrated that they are unable, because of a government gag order, to give more details of sharing user data with the government.

That gap in information has fed speculation that is untrue, Mr. Drummond wrote in a letter on Tuesday to Eric H. Holder Jr., the attorney general, and Robert S. Mueller, the director of the F.B.I. In the letter, Mr. Drummond asked for permission to publish both the number of national security requests, including FISA disclosures, that Google receives and their scope.

“Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made,” Mr. Drummond wrote. “Google has nothing to hide.” Mr. Drummond was unavailable for an interview.

In a statement, Leslie Miller, a Google spokeswoman, said “only a tiny fraction” of Google’s hundreds of millions of users worldwide were subject to government data requests each year.

Google has said it scrutinizes each government request and narrows the scope if it is overly broad. In 2010, it became the first major tech company to publish a transparency report detailing certain government requests for user information. In March, after long negotiations with law enforcement, it added national security letters, which the F.B.I. uses to ask for information and which companies are generally not permitted to disclose. Still, Google was allowed to report only that it received zero to 999 such letters.

Microsoft released its first transparency report in March. The company said on Thursday that the report went as far as it legally could and urged the government to allow it to publish more information.

Facebook has never published a transparency report, despite pressure to do so. On Thursday, it said it would start publishing one if the government gave it permission to release information on the size and scope of national security requests.

“We have questioned the value of releasing a transparency report that, because of exactly these types of government restrictions on disclosure, is necessarily incomplete and therefore potentially misleading to users,” Ted Ullyot, Facebook’s general counsel, said in a statement.

Article source: http://www.nytimes.com/2013/06/12/technology/google-asks-to-reveal-details-about-classified-requests.html?partner=rss&emc=rss