WebProNews

Tag: FISA

  • Reddit Has Never Received a National Security Letter

    Reddit Has Never Received a National Security Letter

    Reddit has just released its first ever transparency report, detailing governmental requests for user information, content removal requests, and more.

    What’s striking about reddit’s first report is the low volume of requests – only 55 total user info requests and 218 content removal requests in all of 2014.

    According to reddit, it complied with 58 percent and 31 percent of those, respectively.

    One of the more interesting aspects of the report is this nugget:

    “As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information. If we ever receive such a request, we would seek to let the public know it existed,” says reddit.

    For a site with as many users and as much traffic as reddit, this is rather surprising.

    Of course, what it would be able to say about any hypothetical National Security Letter would be limited, at best. Most NSLs come with a gag order riding piggyback, so the companies who received the letter can’t discuss it with the users whose information has been requested.

    Some companies, like Google and Facebook, are allowed to disclose incredibly vague NSL information to users. How vague? Well, Google, for instance, can tell us that it received somewhere between 0 and 999 NSLs last year, representing between 1,000 and 1,999 user accounts.

    So, pretty vague.

    “Many government requests we receive contain demands to withhold notice from users that carry no legal weight. We actively disregard these non-binding demands.”

    If an NSL ever comes its way, reddit’s going to have a much tougher time “actively disregarding” its terms and conditions.

    You can check out the full report here.

    Images via reddit, reddit on Facebook

  • Facebook Says Government Data Requests Up 24%

    It’s Election Day in the US, and Facebook is reminding everyone to vote with a giant banner at the top of the news feed which asks people to share the vote with friends. By the looks of my news feed, it’s working.

    The company has also chosen today to release its third-ever transparency report – which provides info on how many data and content removal requests it receives, as well as national security requests initiated through FISA. By law, Facebook can’t really say a lot about the latter – but as far as the former goes, things are up in a pretty big way.

    During the first half of 2014, government requests for data and content removal were up 24 percent and 19 percent, respectively, from the latter half of 2013.

    Facebook makes a point to say how they fight “overly broad requests”:

    “As we’ve said before, we scrutinize every government request we receive for legal sufficiency under our terms and the strict letter of the law, and push back hard when we find deficiencies or are served with overly broad requests.”

    The company also reminds people that it’s been busy fighting an unprecedented data grab – a set of “sweeping search warrants” issued by a New York court.

    Finally, Facebook talks legislation:

    “As such, we support recent efforts in the U.S. Senate to pass the USA FREEDOM Act, and we’re hopeful that Congress will update the Electronic Communications Privacy Act to codify our requirement of a warrant to compel disclosure of the stored contents of an account. We will continue to work on our own and with partners, such as the Reform Government Surveillance coalition, to protect the information of the people who use our services.”

    You can check out the full report here. And remember – go vote. It could have an impact on whether or not Facebook is required to give up more and more of your data.

    Image via Facebook

  • Twitter Would Like to Be More Transparent, If They Could

    Twitter has just released their fifth-ever transparency report, and it shows that requests for user data, content removal, and copyright takedowns are all on the rise.

    But the main focus of Twitter’s announcement isn’t really the report itself – instead, Twitter takes a lot of care to express their unhappiness with the US government, specifically the Department of Justice and their rules on how and how much information about national security requests can be revealed to users.

    “As we alluded to in our last post, earlier this year we met with officials from the United States Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) in Washington to push for our ability to provide greater transparency concerning national security requests. Specifically, if the government will not allow us to publish the actual number of requests, we want the freedom to provide that information in much smaller ranges that will be more meaningful to Twitter’s users, and more in line with the relatively small number of non-national security information requests we receive,” says Twitter.

    Twitter references DOJ guidelines that limit how specific service providers can be when discussing national security requests with users. For instance, when reporting on the number of National Security Letters received, companies can only report in “bands of 1,000.” It’s the same for FISA requests. That’s why you’ll see some companies report these numbers as “we’ve received (0 – 999) requests of this nature.”

    Like Google, who began including the incredibly unspecific volume of national security requests in its Transparency Reports back in March of last year.

    Twitter, on the other hand, would rather not include this information at all if they are going to be handcuffed to such an extreme.

    “Unfortunately, we were not able to make any progress at this meeting, and we were not satisfied with the restrictions set forth by the DOJ. So in early April, we sent a draft midyear Transparency Report to DOJ that presented relevant information about national security requests, and asked the Department to return it to us, indicating which information (if any) is classified or otherwise cannot lawfully be published. At this point, over 90 days have passed, and we still have not received a reply.”

    And so, Twitter’s transparency report has no info on national security requests.

    What is does show is that worldwide, there has been a 46 percent increase in governmental user data requests, a 14 percent increase in content removal requests, and a 38 percent increase in copyright takedown requests.

    You can read the whole report here.

    Image via Thinkstock

  • FISA Court Approves Changes To The NSA

    Since June of last year, the Obama administration has been on damage control in regards to the leaks from former NSA contractor Edward Snowden. In various speeches since then, the president has defended the surveillance programs while also promising to reform some of its most controversial elements. Of course, any reform has to be approved by the FISA court and it finally did just that.

    The Hill reports that the FISA court has recently approved President Obama’s two reforms to how the NSA accesses the massive trove of Americans’ cellphone data. The first would require the NSA to seek a court order before looking into its database of phone records. The second would limit the number of phone numbers the NSA could look at when chasing a target. Currently, the agency is allowed to look at numbers that are three steps away from the target, but it’s now been changed to two.

    While reform is certainly welcome, many feel that President Obama’s suggestions don’t go far enough in addressing the issue at hand. Many still feel that the NSA’s collection of Americans’ phone records goes too far. Even if the agency has to obtain a court order to access the database, civil liberty proponents will argue that it’s not enough. Obama’s Civil Liberties board agrees and has argued that it should be shut down.

    While a shut down of the program is unlikely, the FISA court is at least trying to be a little more proactive than the government when it comes to transparency. The court told the government to work on declassifying both its reform request and the court’s response. We’ll see a heavily redacted version of it by February 17.

    So, what’s next for the NSA? In his speech, Obama ordered Attorney General Eric Holder to work with National Intelligence Director James Clapper in devising a way to take the NSA’s database out of its hands. The most popular option seems to be giving the database to a private third party, but many feel that this approach would just lead to Americans’ metadata being stolen by hackers considering the poor security employed by private entities in the U.S.

    Image via Wikimedia Commons

  • Google Can Finally Publish FISA Request Numbers

    For a few years now, Google has been publishing a bi-annual transparency report to let us know how many times governments around the world have petitioned the company for user data. The reports were always missing a few things though – specifically National Security Letters and FISA request numbers. NSL numbers were finally published last year, and now Google can do the same with FISA requests.

    Google announced that it finally has permission to publish FISA request numbers from 2009 onwards. Unfortunately, the government has imposed a six month delay so we don’t have access to the numbers from July to December for last year. January to June and back, however, is a somewhat detailed look at the number of FISA requests Google receives from the government every six months.

    As you will see below, Google is forced to report numbers on a scale of 1,000. That means it can only let us know that it receives between 0 and 999 FISA requests every six months. We do get to see numbers for content and non-content requests which are arguably more interesting as the number of content requests skyrocketed to over 10,000 in the latter half of 2012.

    Google Can Finally Publish FISA Request Numbers

    Google reminds us that FISA requires them to hand over a users’ personal information and the content of their communications whenever the government comes knocking with a court order. That’s why the company feels it’s incredibly important to keep fighting for the right to publish precise numbers so it can let its users know exactly how many user data requests are made every six months. After all, there’s a pretty big difference between 0 and 999.

    To that end, Google is championing legislation in both the House and Senate – H.R. 3035 and S. 1621. Both would allow private entities to report the exact number of information requests they receive from the government. Unfortunately, both bills have only been referred to a committee thus far and it doesn’t look like either will be picked up anytime soon.

    Despite the above bills not having much chance, reform may come in the form of Sen. Patrick Leahy’s USA FREEDOM Act. It seeks to end the dragnet surveillance of Americans’ communications, reform the FISA court and more. Google may want to throw some weight behind Leahy’s bill as it’s the only surveillance-related bill currently floating around Congress that has any chance of passing.

    Image via Google

  • LinkedIn Challenges Government Secrecy in Court

    LinkedIn Challenges Government Secrecy in Court

    With the recent revelations surrounding the U.S. National Security Agency’s (NSA) widespread surveillance of the internet, online privacy concerns have become more widespread in recent months. This is especially true for social media, as the open nature of websites such as Twitter and Facebook makes it even easier for governments to compile information about citizens.

    LinkedIn this week released its bi-annual Transparency Report, something it and a handful of other social media websites do on a regular basis. However, with the nature of NSA surveillance now public, LinkedIn is attempting to come forward with the part it plays in the U.S. government’s national security-related demands for company information. Unfortunately, the government not only prevents companies from releasing such information, but it also prohibits those same companies from even acknowledging how many of those requests have been made. It’s an issue that even Google has had to deal with in recent years.

    Erika Rottenberg, general counsel for LinkedIn, revealed in a LinkedIn blog post this week that the company has been fighting to release the exact number of Foreign Intelligence Surveillance Act (FISA) requests it receives. From the blog post:

    Unfortunately, our Transparency Report doesn’t include requests related to U.S. national security-related matters. This is because the U.S. government prohibits us from doing so. We believe our members and the LinkedIn community deserve to know this information, especially in light of recent revelations about the nature of U.S. government surveillance. We’ve been in discussions with the U.S. government for months in an effort to convince them to allow us to release these numbers as part of our Transparency Report and these discussions recently reached an impasse.

    With no other options, LinkedIn has decided to take legal action against such secrecy. The company this week filed a petition with the Foreign Intelligence Surveillance Court for permission to publish the exact number of FISA requests it receives. LinkedIn has also requested that its petition hearing be public. A similar request has also been filed with the FBI.

    In addition to the petition, LinkedIn has filed an amicus brief with the U.S. Court of Appeals for the Ninth Circuit. The brief is regarding a case about the gag orders that accompany National Security Letters, and argues that such restrictions are not required to maintain national security.

  • FISA Court Orders NSA To Release Phone Surveillance Documents

    Since early June, the U.S. government has been slowly opening up about the NSA’s numerous surveillance programs in response to a number of leaks from former NSA contractor Edward Snowden. Some civil liberty groups, however, think that the government isn’t being as transparent as they should be and have been pushing the government to release more data.

    The Hill reports that the FISA court has sided with the ACLU in a motion filed by the organization that sought to have the government release documents pertaining to Section 215 of the Patriot Act. If you recall, defenders of the NSA say that Section 215 is what allows them to collect Americans’ phone metadata. With this win, the public will finally get to see the legal interpretation of Section 215 that allowed the NSA to collect phone records.

    “We are pleased that the surveillance court has recognized the importance of transparency to the ongoing public debate about the NSA’s spying,” said Alex Abdo, staff attorney with the ACLU National Security Project. “For too long, the NSA’s sweeping surveillance of Americans has been shrouded in unjustified secrecy. Today’s ruling is an overdue rebuke of that practice. Secret law has no place in our democracy.”

    So, what’s next? Well, the government has until October 4 to submit all documents relevant to the surveillance court’s rulings on Section 215. At the time, the government must also propose which information in the documents should be redacted. After that, the documents will be thoroughly reviewed and then released to the public once all the proper redactions have been made.

    As you can imagine, this is a pretty big win for the ACLU. In the past, the organization and others like it have lost similar motions and lawsuits that sought to sought to obtain more information about surveillance programs or even shut them down. With increased pressure from both citizens and Congress, the Obama administration really has no choice but to release the documents. Not doing so would continue to erode faith in the administration, and that’s one thing Obama has continually stated he would like to avoid.

    It should be noted that today’s win does not cover the documents the ACLU is currently seeking to declassify in a lawsuit filed in New York. In that particular lawsuit, the ACLU claims the NSA’s phone metadata collection program violated Americans’ First and Fourth Amendments protections. In recent weeks, other organizations, like the NRA, have joined the lawsuit seeking the same disclosures.

    [Image: Wikimedia Commons]

  • Declassified NSA Documents Reveal Privacy Violations

    Following pressure from lawsuits by both the ACLU and the Electronic Frontier Foundation, the federal government has released 14 documents concerning privacy violations committed by the NSA in their collection of private data from US citizens. Both lawsuits were based on what the ACLU and EFF believe is a misinterpretation of Section 215 of the Patriot Act. According to the USA Patriot Improvement and Reauthorization Act of 2005, any data obtained under Section 215 of the Patriot Act:

    “must be `relevant’ to an authorized preliminary or full investigation to obtain foreign intelligence information not concerning a U.S. person or to protect against international terrorism or clandestine intelligence activities. The provision also requires a statement of facts to be included in the application that shows there are reasonable grounds to believe the tangible things sought are relevant, and, if such facts show reasonable grounds to believe that certain specified connections to a foreign power or an agent of a foreign power are present, the tangible things sought are presumptively relevant.”

    What the 14 documents that were declassified reveal is that the NSA has not been following this revised version of the Patriot Act, but rather gathering whatever information they want despite the fact that they have had several rendezvous with the FISA court (Foreign Intelligence Surveillance Act) regarding the legality of their collections. The FISA court is the court that issues surveillance warrants for perceived foreign threats on US soil. This court was established after the passing of the Foreign Intelligence Surveillance Act in the 1970’s, following the events of Watergate.

    The court cases filed by the ACLU and EFF concerned the actions of the NSA between the years 2006 to 2009. During this time, the NSA collected information on citizens that was not deemed legal under the warrant granted to them by the FISA court. In fact, in 2009 alone, the NSA flagged and gathered information on more than 17,000 citizens, and under 2,000 of those people were on the “flag” list given to the NSA by the FISA order, a list that was composed of people with reasonable articulable suspicion (RAS) of terroristic activity.

    The documents released by the federal government show several court hearings and proceedings that occurred between the NSA and FISA courts concerning this blatant disregard for person privacy. The best reason the NSA could come up for as to why they illegally collected information on more than 17,000 people in one year: “there was no single person who had a complete technical understanding of the BR FISA architecture.” In short, we had an entire governmental agency which specifically deals with the national security of arguably the most powerful nation on the earth, and not one of them could understand the BR FISA, which is a simple document outlining what is and what is not acceptable when gathering information concerning foreign threats within US borders…..

    So, what does all of this tell us? For one, it shows us that government officials may be even more clueless when it comes to legal standards than our friends at the ACLU and even the EFF. Secondly, it shows us that the American people can still use legal means to accomplish large and important goals (except for the fact that it took an extremely large illegal activity by Edward Snowden to even bring the subject to light, and despite the fact that the Director of National Intelligence, James Clapper, wants us to believe that this is another step toward government transparency ). Lastly, it shows us that the events of 9/11 have had much more lasting impact than any American could have imagined, and in ways that we would have never considered. While every American recognizes the events of that day as a tragic loss of American life, no American thought that we would now live in a country in which almost all of our civil liberties and freedoms have been compromised at the behest of “protection from terrorism”. So while this may be a small victory for the American people in regards of data privacy and government transparency, it still reveals how much we actually lost on 9/11, and how much the “terrorists” won.

    Image via Twitter

  • Google Once Again Pushes For Transparency When Dealing With Federal Data Requests

    Does Google hand over your private information to the feds? The company says it doesn’t, but it can’t prove this because of gag orders placed on it by the federal government. That’s why Google, along with Microsoft, have petitioned the government to allow it to be more transparent in reporting the number of federal data requests it receives.

    Google submitted its original petition to the FISA court back in June when it argued that it had a First Amendment right to publish an aggregate figure of all the federal data requests it receives. Now that same petition has been resubmitted with a new request. Google wants the FISA court to hold the debate on whether or not tech companies can publish federal data request numbers in the open.

    The public is not allowed to listen in on any hearings that go on in the FISA court. What’s worse is that there’s no representative of the public in said hearings. The court only hears from the government and then approves or denies the request. Google doesn’t outright say that needs to change, but it does call for greater transparency in the FISA court. The company says its only natural given the “important public policy issues at stake.”

    Besides resubmitting its petition, Google notes that it will be meeting with the President’s Group on Intelligence and Communications Technology today. The company says that it will present the same petition at this meeting demanding the government let it be more transparent regarding data requests.

    While Google is resubmitting its petition, Microsoft last month said it would be getting a little more aggressive in its quest for transparency. The company announced that it would be filing a lawsuit against the government in the hope that it can force transparency with the help of the court.

    [Image: Google]

  • Government To Declassify How Many People Were Targeted By The NSA In 2012

    Earlier this month, President Obama outlined four ways that he would like to reform the NSA and FISA court. A big part of those reforms was increased transparency, and it looks we’ll finally be getting a little more transparency.

    On the new (and hilarious) NSA tumblr blog, Director of National Intelligence James Clapper announced a plan to annually release data pertaining to the number of people and businesses targeted by the NSA. Of course, we won’t get actual numbers as the government will only be publishing aggregate figures, much like what Facebook published earlier this week.

    Unlike Facebook and other tech companies, however, the government’s list of published figures will be much broader in scope. Here’s everything you can expect to see in the upcoming report:

  • FISA orders based on probable cause ( Titles I and III of FISA, and sections 703 and 704).
  • Section 702 of FISA
  • FISA Business Records (Title V of FISA).
  • FISA Pen Register/Trap and Trace ( Title IV of FISA)
  • National Security Letters issued pursuant to 12 U.S.C. § 3414(a)(5), 15 U.S.C. §§ 1681u(a) and (b), 15 U.S.C. § 1681v, and 18 U.S.C. § 2709.

    • You might be disappointed that the government will only be publishing aggregate figures, but Clapper argues that it’s for the good of the nation:

    FISA and national security letters are an important part of our effort to keep the nation and its citizens safe, and disclosing more detailed information about how they are used and to whom they are directed can obviously help our enemies avoid detection.

    Everything that has been leaked by Snowden thus far was kept secret for the good of the nation, but said leaks seem to have had no impact yet. The real bad guys – the ones who would actually do the nation harm – aren’t using Facebook or Google+ to plan out attacks. Sure, the NSA might catch wind of a plot from a really stupid terrorist, but recent leaks suggest that they’re just scooping up data indiscriminately without a lot of oversight.

    Of course, the government should be commended for being even a little more transparent. It’s just unfortunate that transparency was only ever discussed once the Snowden leaks thoroughly embarrassed the government.

    Once the document is published, we’ll be sure to bring you all the information it contains. Just don’t expect a lot of startling revelations. After all, the NSA’s “ability to discuss these activities is limited by [its] need to protect intelligence sources and methods.”

    [Image: IC On The Record]

  • Government Declassifies Court Opinion That Says NSA Violated The Fourth Amendment

    One of the big talking points from NSA proponents is how the agency’s spy programs are constitutional. That’s debatable and many in Congress feel that the agency has largely overstepped its bounds in the collection of American’s cellphone metadata. Even so, the FISA court that oversees these requests for data largely support the NSA’s activities. There was one brief moment in 2011, however, when the court threw the book at the agency.

    In a recently declassified FISA court opinion from May 2011, the government revealed that the NSA was caught to be in violation of the Fourth Amendment by collecting tens of thousands of “wholly domestic” emails. The agency had obtained the emails as part of its Upstream data collection program that taps into the fiber cables that bring data into and out of the U.S.

    The NSA defended itself by saying that the collection of domestic emails was an accident as it had no way to filter out domestic from foreign emails with Upstream. Still, the court unhappy as the NSA had not disclosed its gathering of Americans’ emails until long after its capability to do so was approved.

    In his opinion, FISA judge John D. Bates said that “the government has now advised the court that the volume and nature of the information it has been collecting is fundamentally different from what the court has been led to believe.” In other words, Bates called the NSA out for misleading the court in regards to its activities.

    It was with the revelation that the NSA overstepped its bounds in email collection that the court ordered the Upstream program to be halted immediately until the agency could ensure that its collection of incidental data was within an acceptable range. In November, the court gave upstream the go ahead after the NSA demonstrated its new filtering software that kept the collection of Americans’ emails to a minimum.

    It’s worrisome that the NSA is still being allowed to collect emails, but it’s a little better knowing that the FISA court has at least once slapped down a spy program until it had worked in sufficient safeguards. Some, including those in Congress, may argue that it’s not enough, but we’ll leave that debate for another time.

    For now, let’s focus on the most worrisome part of the declassified court opinion. In a footnote, Bates says the collection of “wholly domestic” emails as described above was actually the third time in three years that the NSA had overstepped its bounds:

    “The Court is troubled that the government’s revelations regarding NSA’s acquisition of Internet transactions mark the third instance in less than three years in which the government has disclosed a substantial misrepresentation regarding the scope of a major collection program.

    In March, 2009, the Court concluded that its authorization of NSA’s bulk acquisition of telephone call detail records from [redacted] in the so-called “big business records” matter “ha[d] been premised on a flawed depiction of how the NSA uses [the acquired] metadata” and that “[t]his misperception by the FISC existed from the inception of its authorized collection in May 2006, buttressed by repeated inaccurate statements made in the government’s submissions, and despite a government-devised and Court mandated oversight regime.”

    Contrary to the government’s repeated assurances, NSA has been routinely running queries of the metadata using querying terms that did not meet the required standard for querying. The Court concluded that this requirement had been “so frequently and systemically violated that it can be fairly said that this critical element of the overall … regime has never functioned effectively.”

    All of this may sound familiar if you were paying attention last week when it was revealed that the NSA had violated its own privacy rules over 2,000 times in 2012. In response to that leak, Reggie B. Walton, chief judge on the FISA court, said that the courts hands were essentially tied when it came to investigating issues of noncompliance. In other words, the FISA court has to rely on the NSA to report its own wrongdoings, and the above declassified opinion shows that the agency isn’t too keen on reporting its own violations until well after the fact.

    It’s a problem that needs to be addressed, but the president seems to think that making the NSA more transparent (i.e. declassifying two-year-old court opinions) will somehow make the agency more accountable. The government’s own piss poor attempts at transparency should make it clear that timely accountability isn’t coming anytime soon.

    [h/t: Washington Post]

  • NSA Violated Its Own Privacy Rules Over 2,000 Times

    Since the NSA’s spy programs were revealed in early June, its proponents have argued that there’s a number of safeguards in place to make sure the agency’s surveillance is under the utmost oversight. A recent report finds that to not be the case.

    The Washington Post reports that it has obtained an internal audit of the NSA’s surveillance program from Edward Snowden that shows the agency has violated rules or court orders. The violations aren’t much of a surprise, but the sheer number of violations definitely is. The audit found that there have been 2,776 rule violations over the past few years.

    So, what does a violation mean in terms of the NSA? A document, humorously titled, “So you got U.S. Person Information?,” points out what analysts must do when collecting information on a U.S. person through incidental data. The slide says to immediately apply “minimization procedures” and to “focus your report on the foreign end of the communication.” That’s all well and good except that the document also says that incidental data collection doesn’t constitute a violation so it “does not have to be reported.”

    What’s more worrisome about this slide is that it says the NSA can keep the incidental data store on its servers. It has to mask the identities of the U.S. person whose data was collected, but it’s still there. The slide also notes that the analyst can obtain permission from a supervisor, not a judge, to unmask the U.S. person if the investigation requires it.

    Besides the retention of incidental data, the leaks also show that the NSA is taught to give as little data as possible when requesting surveillance permission from the FISA court. In a perfect world, the government would hand over all the details of its request so the FISA court could make an informed decision on whether or not it should grant the surveillance request. Instead, the NSA is told to not provide the court with any “extraneous information.” According to the slide, extraneous information includes “probable cause-like information (i.e. proof of your analytic jugdment), how you came to your analytic conclusions, any RAGTIME information, classification marking, or selector information.”

    As TechDirt points out, these surveillance requests are meant to provide only the bare minimum information necessary to initiate surveillance while the surveillance itself can be used to scoop up all kinds of incidental data. In other words, the NSA is subject to very little oversight by its own design.

    In fact, the chief judge for the FISA court, Reggie B. Walton, told The Washington Post that their hands are essentially tied when it comes to granting surveillance orders. He said the FISA court “does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing compliance with its orders.”

    Walton’s statement is a little worrisome because it pretty much says that the court knows it’s being duped, but they can’t do anything about it. The government has stacked the cards against the FISA court system to make sure that the NSA can get away with anything. It appears that President Obama’s proposal to add a privacy proponent to the court would do very little in a system where the NSA holds the power.

  • Senate Wants Somebody To Argue For Your Privacy In The FISA Court

    The NSA can spy on just about everything you do. The agency is able to do this thanks to the FISA Court – a secretive judicial system that approves or denies government requests to collect data. The only problem is that the government is the only one at these court hearings arguing in favor of surveillance. Three senators want to change that.

    The Hill reports that Sens. Ron Wyden, Richard Blumenthal and Tom Udall have introduced the FISA Court Reform Act in the Senate. The bill would create a privacy advocate in the FISA Court to challenge government requests for data. In other words, there would finally be somebody in the court to argue for civil rights.

    A central criticism of the FISA court at this point is that it rubber stamps every government request for data that comes its way. It’s not hard to see why as the judges only hear one side of the story and then they have to determine whether or not the request is constitutional based solely upon their own intuition and what the government says. With a second lawyer arguing on behalf of civil rights, the judges would finally have to consider alternative points of view.

    Surprisingly, it seems that the government isn’t entirely opposed to having somebody challenge it in court. Deputy Attorney General James Cole said during a hearing on Wednesday that they would just have to look into the logistics of it all:

    “There’s obviously issues we’ll have to work through as to clearances and classifications and who would be there and what their role would be. But those are the kinds of discussions we do need to have.”

    In other news, the same three senators have also introduced another bill called the FISA Judge Selection Reform Act. This bill would change how FISA judges are appointed, and ensure that the judges are not all cut from the same cloth.

    Both bills could go a long way in reforming what is obviously a broken system. Unfortunately, it’s only a tiny fix to a big problem. Congress needs to reign in the NSA, but the House proved last week that our lawmakers aren’t ready to put a stop to warrantless surveillance just yet.

  • Google Says It Has A First Amendment Right To Release NSA Data Request Numbers

    UDPATE: It was revealed Wednesday that Microsoft has also filed a motion claiming a First Amendment right to publish federal data request numbers.

    Original Story Below:

    For the past two weeks, Google has been petitioning the government to allow it to publish the exact number of data requests it receives from the NSA. There’s not been a lot of progress made on that front, but now Google is pulling out the big guns in attempt to force transparency.

    In a recent filing, obtained by The Washington Post, before the Foreign Intelligence Surveillance Court, Google argues the gag order that prevents it from publishing the number of data requests it receives is unconstitutional. In particular, Google says that such gag orders violate its First Amendment rights:

    “Google seeks a declaratory judgment that Google has a right under the First Amendment to publish, and that no applicable law or regulation prohibits Google from publishing, two aggregate unclassified numbers: (1) the total number of FISA requests it receives, if any; and (2) the total number of users or accounts encompassed within such requests.”

    Do you think Google is in the right? Does it have a First Amendment right to release these numbers? Let us know in the comments.

    Now, why is this so difficult? What’s wrong with publishing nothing but numbers? Well, it may seem kind of silly to you, but the government argues that even publishing the exact number of data requests it sends would put the nation in danger. Google isn’t asking to publish any specific requests nor it it asking to reveal inner workings of its relationship with the NSA. Google is only asking to publish some numbers, and that has thus far proven to be incredibly difficult.

    In the last week, we’ve seen the government slightly budge on the issue. Facebook, Apple and Yahoo all published statements that listed a ballpark figure of data requests it receives from local, state and federal governments. Google was presumably allowed to publish the same figure, but it refrained because “lumping national security requests together with criminal requests … would be a backward step for our users.”

    Google took that stance because it already publishes the amount of national security letters it receives from the government. Well, it can publish ballpark figures that say it received between 0 and 999 requests for user data in 2012. It’s not exactly helpful and lumping those figures in with criminal requests would make the numbers even more opaque.

    The core argument here is that publishing these wide ranging numbers doesn’t do the public or Google any good. Sure, Google could say it receives anywhere between 9,000 to 12,000 data requests per year, but we wouldn’t know if those requests were from local law enforcement or the NSA. In turn, that unknown factor would only serve to increase consumer distrust for Google and drive them away to competitors.

    What makes this all the more silly is that Google isn’t even asking to publish the exact number of data requests. As per the filing, here’s what Google would like to publish:

    “Google’s publication would disclose numbers as part of the regular Transparency Report publication cycle for National Security Letters, which covers data over calendar year time periods. There would be two new categories to cover requests made under FISA: (a) total requests received and (b) total users/accounts at issue. Each of these entries will be reported at a range, rather than an actual number. That range would be the same as used by Google in its reporting of NSLs currently, in increments of one thousand, starting with zero. As with the NSL reporting, Google would have a Frequently Asked Questions section that would describe the statutory FISA authorities themselves.”

    That doesn’t sound bad at all. The government already lets Google publish a ballpark figure for national security letters, so why not this? What’s the problem with making the federal government more transparent? Doing so would benefit not only the Obama administration’s declining reputation, but it would also immensely help Silicon Valley as well.

    As was argued last week, tech companies have just as much to lose from the government keeping quiet as we do. Publishing opaque data request numbers may initially look good for the likes of Facebook and Apple, but Google is taking the higher ground here. It’s fighting to publish these numbers to advance the public debate over the NSA “in a thoughtful and democratic manner.” Lord knows the issue of NSA spying powers needs that right now.

    Do you think Google should be allowed to publish data request numbers? Would it really impact national security? Let us know in the comments.

  • The NSA Can Use Incidental Data Under Certain Conditions

    One of the scariest parts about the NSA’s spying program is its collection of incidental data – information that may or may not be about American citizens that just so happens to be picked up with information on non-U.S. targets. It’s been said that the NSA can’t use this data, but a new report says they can under certain conditions.

    The Guardian released another two documents today that detail how the NSA can use information it inadvertently collects on Americans. Both documents were submitted to the secretive FISA court by Attorney General Eric Holder as they bear his signature.

    So, without further ado, here’s what the NSA can do with the data it may or may not have collected on Americans:

  • Keep data that could potentially contain details of US persons for up to five years;
  • Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;
  • Preserve “foreign intelligence information” contained within attorney-client communications;
  • Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

    • What makes the above especially worrisome is that the documents reveal there is not a lot of oversight in regards to who the NSA actually targets. NSA analysts are allowed to pick and choose who they target without having to get clearance from the courts. The only thing in place is an internal audit system that reviews targets.

    Another worrisome aspect is a different order from 2010 that says that NSA is allowed to collect information on a target as long at that person “is a non-United States person reasonably believed to be outside the United States.” That doesn’t sound so bad until you read that the order allows the NSA to just automatically assume the target is outside the U.S. if it can’t confirm the target’s location. To make matters worse, the NSA can read messages from and listen in on phone calls of assumed non-U.S. persons to confirm whether or not they are in the U.S.

    Now, what happens once the target has been confirmed to a U.S. person? The NSA must then start what it calls a “minimization procedure.” In short, it means that the NSA must stop collecting information on the target immediately. Of course, the NSA analyst in charge of the investigation can appeal to a higher up to keep the information if they feel that it contains information related to the one of the following:

  • Significant foreign intelligence information
  • Evidence of a crime
  • Technical data base information (a.ka. encrypted data)
  • Information pertaining to a threat of serious harm to life or property

    • The NSA must immediately destroy data on U.S. persons if it does not pertain to one of the above categories. However, the agency is allowed to keep information on U.S. persons if they’re found to be communicating with someone outside the U.S. On top of that, the communications between non-U.S. and U.S. persons can be shared with friendly governments if the U.S. person is anonymized.

    All of these rules fly out the window when the NSA throws out a wide data collection net. In that case, the agency argues that it can’t filter out information on U.S. persons that is inadvertently collected alongside information on non-U.S. persons.

    The big takeaway from all of this is that the NSA is not subjected to as much oversight as President Obama and others have indicated. In fact, it seems that the NSA can pretty much do whatever the hell it wants with only internal audits and individual discretion getting in the way of data collection. It makes you really wish Congress would pass one of those transparency bills that would make the NSA’s data collection open for debate.

  • Yahoo Fought the Good Fight Against PRISM But Failed [REPORT]

    It looks like Yahoo fought the good fight, but ultimately failed to prevent its own forced participation in the recently-revealed PRISM – the NSA’s previously top secret surveillance program.

    The New York Times reports that they have determined the identity of the tech company involved in a specific 2008 review case submitted to a Federal Intelligence Surveillance Court. in which said company objects to the government’s requests to have them participate in the so-called PRISM program. According to sources, that company in the heavily redacted FISA document is Yahoo.

    It appears that much of Yahoo’s objection has to do with “incidental collections” of non-targeted users and how they could violate the Fourth Amendment. The court disagreed:

    “The petitioner’s concern with incidental collections is overblown. It is settled beyond peradventure that incidental collections occurring as a result of constitutionally permissible acquisitions do not render those acquisitions unlawful,” ruled the FISC.

    The court went on to say this about incidental collections and the Fourth Amendment:

    “The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary. On these facts, incidentally collected communications of non-targeted United States persons do not violate the Fourth Amendment.”

    In the end, the court pretty much said that unless there was some specific harm that could be pointed out, national security efforts shouldn’t be “frustrated by the courts.”

    “[W]e caution that our decision does not constitute an endorsement of broad-based, indiscriminate executive power. Rather, our decision recognizes that where the government has instituted several layers of serviceable safeguards to protect individuals against unwarranted harms and to minimize incidental intrusions, its efforts to protect national security should not be frustrated by the courts. This is such a case,” said the FISC decision.

    Like Facebook, Google, and Microsoft, Yahoo was quick to deny any “voluntary involvement” with the PRISM program after reports of it leaked.

    “Yahoo has not joined any program in which we volunteer to share user data with the U.S. government,” said the company’s general counsel Ron Bell. “We do not voluntarily disclose user information. The only disclosures that occur are in response to specific demands.”

    Volunteer. That’s a very well-constructed statement. At least we now know that Yahoo at least tried to fight the good fight. It’ll be interesting to see if the future narrative shifts from tech companies denying any involvement to tech companies touting how they tried to fight it, but ultimately failed.

  • FISA Sponsor Says Domestic Spy Program Must Be Kept Secret For A Secret Reason

    Five more years of warrantless surveillance at the hands of the NSA and other spy agencies was signed into law before the new year thanks to the quick passage of FISA. We already discussed how the bill’s passage proves that Congress and President Obama really don’t care about digital privacy, but a video of the FISA debate provides more insight into just how ridiculous the bill’s domestic spying powers have gotten.

    The CATO Institute recently put together a short video detailing how rushed the FISA debate was before it was passed by the Senate. It goes into detail on all the amendments proposed by the likes of Rand Paul, Patrick Leahy, Ron Wyden and others. These amendments would have better protected the fourth amendment in the digital age, but the bill’s supporters were having none of it.

    As TechDirt points out, the most insane moment of the entire debate is when Sen. Dianne Feinsteine, the bill’s sponsor, said Wyden’s request to know how many Americans have been targeted by FISA must be kept secret for a secret reason. She claims to have a classified document that contains the reason, and she’s willing to show it, but isn’t willing to let anyone read it.

    It’s ridiculous to think that a law that should only be targeting foreign communications is wrapped in so many secrets regarding its use in targeting U.S. citizens. It’s like the government is saying that you signed away your digital rights as soon as you started using the Internet or a mobile device. It seems that the only way to truly protect your privacy anymore is to completely remove yourself from the Internet, and only use forms of communication that are protected by the fourth amendment – like snail mail.

  • The FISA Debate Proves That Congress Doesn’t Care About Your Privacy

    Online privacy was a big ticket item in 2012. More and more people are becoming concerned with just how much of their personal lives are available online for everyone to see. In fact, there’s been a push to adopt certain standards like Do Not Track to better protect the privacy of those who use the Internet day in and day out. Of course, in the end, none of that matters.

    You see, there’s a bill currently up for renewal in Congress that doesn’t care one little bit about your privacy. In fact, it revels in the idea that the Fourth Amendment, which protects against unwarranted search and seizure, doesn’t apply to online communication. Now this bill – FISA – is going to be renewed for 2013, and there’s next to nothing you can do about it.

    Should the Fourth Amendment apply to online communications? Let us know in the comments.

    For a bit of background, FISA, or the Foreign Intelligence Surveillance Act, is a bill that was enacted on October 25, 1978. The initial intent of the bill was to outline the powers of domestic spy agencies when collecting information, both physical and digital, on foreign powers. The bill limited the power of spy agencies to collect information on Americans, but all of that changed with the Patriot Act of 2001 and the Protect America Act of 2007.

    Since the expansion of the bill, many people have come to question the true intention of FISA. Some argue that it’s being used to collect information on Americans without a warrant while others argue that’s an important tool in stopping terrorism. Both sides in the argument are right in their own ways, but there are important concerns that FISA needs to address in the digital age.

    Senators brought forth a number of amendments that would directly address these concerns by making FISA more transparent while protecting the privacy of Americans. Sen. Ron Wyden, friend of the Internet, brought forth an amendment that would make the NSA more transparent on how many Americans have been impacted thus far by the warrantless spying program. For their part, the agency claims that there’s no domestic spying program in place, but NSA whistleblowers insist that there is.

    Another amendment was brought forth by Sen. Rand Paul. He calls it the “Fourth Amendment Protection Act.” The amendment would bring Fourth Amendment protections into the digital age as it would protect Americans from having their data pilfered from third parties like telecoms and email providers. Here’s the relevant text from The New American:

    (a) Except as provided for in subsection (b), the government is prohibited from obtaining or seeking to obtain information related to a person or group of persons held by a third-party in a system of records, and no such information or evidence shall be deemed admissible in a criminal prosecution in a court of law.

    (1) “System of records” shall be defined as any group of records from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular associated with the individual.

    (b) The government may obtain, and a court may deem admissible, information or evidence related to a person held by a third-party in a system of records provided that:

    (1) The individual whose name or identification information the government is using to access the information provides express and informed consent to that search; or

    (2) The government obtains a Warrant, upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    In short, Paul’s bill would extend Fourth Amendment protections to things that you “own” in the digital space. Those in law have battled over this issue with some agreeing that things you create online, even status updates and emails, are yours; while others argue that a person has no ownership over something like a “Tweet.”

    Sen. Jeff Merkley proposed an amendment that would make the government release opinions from the secret FISA court that decides on who can be wiretapped and who can’t. Not all rulings would be made transparent, but rather only those that contain important interpretations of FISA so Americans can know how the government is using FISA.

    Finally, Sen. Patrick Leahy, sponsor of the pro-privacy ECPA update, proposed an amendment that would sunset the privacy infringing amendments to FISA after four years. The current renewal up for debate would add five more years onto the amendments, while Leahy’s amendment would decrease that time for three years. It’s not a major improvement, but at least it’s something.

    Do you think these amendments are good additions to FISA? Should any of them be seriously considered? Let us know in the comments.

    Despite their good intentions, none of these amendments will make into the final FISA. The EFF reports that the Senate systematically shot down every one of the amendments on Thursday night. In fact, the amendments were rejected by an overwhelming number of senators on both sides of aisle.

    The Hill reports that Senate Intelligence Committee Chairwoman Dianne Feinstein disregarded many of the amendments claiming that FISA is already subject to “rigorous oversight.” Wyden responded by saying:

    “I think, when you talk about oversight, and you can’t even get a rough estimate of how many law-abiding Americans had their communications swept up by this law … the idea of robust oversight, really ought to be called toothless oversight if you don’t have that kind of information.”

    Feinstein argued back that she has never sen “a government official engaged in a willful effort to circumvent or violate the law” during her time on the Intelligence Committee. She did, however, state that there have been a “few incidents of non-compliance,” but she chalked those up to “human error or technical defect.”

    Putting the final nail in the argument’s coffin, Feinstein pulled out the terrorism card to support the need for an unamended FISA going forward. She said that there have been over 100 arrests of terrorists over the past four years, and said that a number of those arrests were the direct result of surveillance under FISA. To change the way intelligence is gathered would presumably open the U.S. to more attacks.

    It should be noted that FISA is just one part of the digital privacy landscape. The Senate has already approved ECPA, or the Electronics Communications Privacy Act. The bill would require law enforcement to obtain a warrant when collecting emails of domestic citizens. The bill would do nothing, however, if the email was sent from a U.S. citizen to a friend overseas. The NSA has jurisdiction over that and FISA allows them to gather all that information without a shred of transparency. If you believe whistleblowers, the spy agency is even collecting emails sent to friends in the U.S.

    FISA was pushed through Friday in an effort to quickly pass the bill before the bill expired on Dec. 31. The amendments were most likely rejected as the majority of Congress is too focused on the current fiscal cliff negotiations instead of debating a privacy bill.

    Regardless, there will come a time when digital privacy needs to be debated. It should have happened during the FISA debate, but now it must wait until another chance arises. 2013 may just prove to be that chance as more privacy infringing bills will undoubtedly pop up.

    Do you think online privacy is an important issue? Should Congress take it up again in the near future? Let us know in the comments.

  • The Supreme Court Doesn’t Care About Your Privacy

    After the September 11 terrorist attacks, the government began to implement programs that would “protect” the country and its citizens from future attacks. One of those plans was an amendment to FISA that would allow warrantless wiretapping of American citizens. Lawsuits popped up demanding billions in damages, but Congress passed a retroactive immunity law. Now the last hope of having the immunity law destroyed has been squashed.

    Ars Technica reports that Hepting v. AT&T – a class-action lawsuit that challenged the constitutionality of the immunity provision – has been rejected by the Supreme Court. This knocks the ruling back down to the Appeals Court who ruled in favor of the government’s right to protect telecoms from legal action over their wiretapping program.

    It’s important to note that this particular case was about the immunity provision. All this ruling means is that telecoms have immunity when it comes to handing over your data to the feds. The Obama administration argued that allowing lawsuits to go forward would imperil national security. How? Telecoms would be unwilling to hand over customer data if they could be sued for it. It’s apparently imperative that the U.S. government know your late night drunk texts if they’re going to stop terrorism.

    There’s still one more chance to kill off FISA’s warrantless wiretapping provisions. The EFF will be proceeding with Jewel v. NSA shortly. This particular case goes after FISA’s jugular by fighting to prove that the warrantless wiretapping of American citizens is unconstitutional. It also targets those responsible for signing the FISA amendments into law, including former President George W. Bush, Dick Cheney, and other members of the former administration.

    Unfortunately, Jewel v. NSA is probably going to be shot down by the Supreme Court as well. The consensus among those in government is that your privacy can be completely destroyed in the name of your safety. Never mind the possibility that hackers could easily gain access to this information and destroy countless lives before terrorists even have a chance to act. In an increasingly digital world, we need laws that protect privacy. Eroding privacy in the name of physical safety only opens us up to far more devastating cyber attacks.