Apple, Facebook and Google all are updating their policies to expand routine notification of users about government data seizures, unless specifically gagged by a judge or other legal authority, officials at all four companies said. Yahoo announced similar changes in July.
As this position becomes uniform across the industry, U.S. tech companies will ignore the instructions stamped on the fronts of subpoenas urging them not to alert subjects about data requests, industry lawyers say. Companies that already routinely notify users have found that investigators often drop data demands to avoid having suspects learn of inquiries.
“It serves to chill the unbridled, cost-free collection of data,” said Albert Gidari Jr., a partner at Perkins Coie who represents several technology companies. “And I think that’s a good thing.”
This is a joke! the White House wants to provide legal immunity to telecomm companies that hand over data!
The White House has asked legislators crafting competing reforms of the National Security Agency to provide legal immunity for telecommunications firms that provide the government with customer data.
In a statement of principles privately delivered to lawmakers some weeks ago to guide surveillance reforms, the White House said it wanted legislation protecting “any person who complies in good faith with an order to produce records” from legal liability for complying with court orders for phone records to the government once the NSA no longer collects the data in bulk.
The brief request, contained in a four-page document, echoes a highly controversial provision of the 2008 Fisa Amendments Act, which provided retroactive immunity to the telecommunications companies that allowed the NSA to access calls and call data between Americans and foreigners, voiding lawsuits against them. Barack Obama’s vote for that bill as a senator and presidential candidate disappointed many supporters. Click here to read more.
A senior administration official noted that the provision is typical for surveillance law, to protect companies who comply with Fisa court orders for customer data.
“This would refer to any new orders issued by the court under the new regime we are proposing. This is similar to the way the rest of Fisa already operates, and Fisa already contains virtually identical language for its other provisions, including Section 215,” the official said, referring to the portion of the Patriot Act cited as justification for bulk phone data collection.
The telecommunications immunity is already contained within a bill authored by the House intelligence committee leadership, key legislative allies of the NSA.
Most telecomm companies now refuse to disclose the contents of e-mails or social media posts when presented with subpoenas, insisting that the government instead seek search warrants, which are issued only by judges and allegedly require a stricter legal standard of probable cause.
Subpoenas, by contrast, can be issued by a broader range of authorities and require only that the information sought be deemed “relevant” to an investigation. A 2010 ruling by the U.S. Court of Appeals for the 6th Circuit backed the industry’s contention that search warrants should be required for digital content, a standard now widely accepted.
For data other than content — such as records showing the senders and recipients of e-mails, the phone numbers registered with accounts or identifying information about the computers used to access services — companies have continued accepting subpoenas but warn investigators that users will be notified before disclosure occurs.
The Justice Department disagrees, saying in a statement that new industry policies threaten investigations and put potential crime victims in greater peril.
“These risks of endangering life, risking destruction of evidence, or allowing suspects to flee or intimidate witnesses are not merely hypothetical, but unfortunately routine,” department spokesman Peter Carr said, citing a case in which early disclosure put at risk a cooperative witness in a case. He declined to offer details because the case was under seal.
The changing tech company policies do not affect data requests approved by the Foreign Intelligence Surveillance Court, which are automatically kept secret by law. National security letters, which are administrative subpoenas issued by the FBI for national security investigations, also carry binding gag orders.
A secret opinion of the Foreign Intelligence Surveillance Court recently released to the public is a reminder that the NSA is still conducting mass surveillance on millions of Americans, even if that fact has faded from the headlines. Which is a violation of the Fourth Amendment.
The DOJ has just published the 2013 FISA Report the brief report provides summary information about the government’s use of the Foreign Intelligence Surveillance Act. In 2012 the Foreign Intelligence Surveillance Court granted 1,789 FISA orders and 212 “Section 215” orders. In 2013, there were 1,588 requests to conduct FISA surveillance, with 34 modifications. The FISC also granted 178 business record orders under Section 215, with 141 modified by the court. The significant number of modified orders indicates that the government’s initial applications are too broad. The controversial NSA Metadata program, was authorized by the surveillance court under a modified order. It’s possible that in 2013 the court authorized other bulk collection programs.
“We can’t have an informed debate about mass surveillance with access to only half the story,” EFF Staff Attorney Mark Rumold said. “The government’s secret interpretation of laws and the Constitution needs to end. Disclosure of the opinions we’ve requested will be an important step towards providing the public with the information it needs to meaningfully debate the propriety of these programs.”
“With all the disclosures that have taken place over the past year, there’s no valid reason these opinions are still secret,” EFF Senior Counsel David Sobel said. “The government’s refusal to provide these opinions looks more like an attempt to control public opinion about the NSA’s operations, rather than protecting any legitimate intelligence sources or methods. “
EFF demands the release of secret court rulings, click here to read more.
The FISC is a puppet used by the NSA/DHS, what’s changed?
Many tech companies once followed a similar model of quietly cooperating with law enforcement. Courts, meanwhile, ruled that it was sufficient for the government to notify the providers of Internet services of data requests, rather than the affected customers.
Twitter, founded in 2006, became perhaps the first major tech company to routinely notify users when investigators collected data, yet few others followed at first. When the Electronic Frontier Foundation began issuing its influential “Who Has Your Back?” report in 2011 — rating companies on their privacy and transparency policies — Twitter was the only company to get a star under the category “Tell users about data demands.” Google, the next mostly highly rated, got half a star from the civil liberties group.
The following year, four other companies got full stars. The preparation of this year’s report, due in mid-May, has prompted a new flurry of activity in the legal offices of tech companies eager to gain a coveted star.
Google already routinely notified users of government data requests but adopted an updated policy this week detailing the few situations in which notification is withheld, such as when there is imminent risk of physical harm to a potential crime victim. “We notify users about legal demands when appropriate, unless prohibited by law or court order,” the company said in a statement.
Lawyers at Apple, Facebook and Microsoft are working on their own revisions, company officials said, although the details have not been released. All are moving toward more routinely notifying users, said the companies, which had not previously disclosed these changes.
“Later this month, Apple will update its policies so that in most cases when law enforcement requests personal information about a customer, the customer will receive a notification from Apple,” company spokeswoman Kristin Huguet said.
The technological linchpin to everything the NSA is doing from a data-analysis (spying) perspective is Accumulo — an open-source database the agency built in order to store and analyze huge amounts of data. Adam Fuchs knows Accumulo well because he helped build it during a nine-year stint with the NSA; he’s now co-founder and CTO of a company called Sqrrl that sells a commercial version of the database system.
The NSA began building Accumulo in late 2007, Fuchs said, because they were trying to do automated analysis for tracking and discovering new terrorism suspects. “We had a set of applications that we wanted to develop and we were looking for the right infrastructure to build them on,” he said.
Fuchs said “It’s operating at thousands-of-nodes scale” within the NSA’s data centers. There are multiple instances each storing tens of petabytes (1 petabyte equals 1,000 terabyes or 1 million gigabytes) of data and it’s the backend of the agency’s most widely used analytical capabilities. Accumulo’s ability to handle data in a variety of formats (a characteristic called “schemaless” in database jargon) means the NSA can store data from numerous sources all within the database and add new analytic capabilities in days or even hours.
Take the PRISM program that’s gathering data from web properties including Google, Facebook, Microsoft, Apple, Yahoo and AOL. It seems the NSA would have to be selective in what it grabs.
Assuming it includes every cost associated with running the program, the $20 million per year allocated to PRISM, according to the slides published by the Washington Post, wouldn’t be nearly enough to store all the raw data — much less new datasets created from analyses — from such large web properties. Yahoo was spending over $100 million a year to operate its approximately 42,000-node Hadoop environment, consisting of hundreds of petabytes, a few years ago. Facebook users are generating more than 500 terabytes of new data every day.
Using about the least-expensive option around for mass storage — cloud storage provider Backblaze’s open source storage pod designs — just storing 500 terabytes of Facebook data a day would cost more than $10 million in hardware alone over the course of a year. Using higher-performance hard drives or other premium gear — things Backblaze eschews because it’s concerned primarily about cost and scalability rather than performance — would cost even more.
Even at the Backblaze price point, though, which is pocket change for the NSA, the agency would easily run over $20 million trying to store too many emails, chats, Skype calls, photos, videos and other types data from the other companies it’s working with.
Actually, it’s possible the intelligence community is taking advantage of the Backblaze designs. In September 2011, Backblaze CEO Gleb Budman says, he met with CIA representatives who discussed that agency’s five-year plan “to centralize data services into a large private cloud” and how Backblaze’s technology might fit into it. Its plans for analyzing this data, as illustrated in the slide below (and discussed by CIA CTO Ira “Gus” Hunt at Structure: Data in March), seem to mirror what the NSA has in mind.
http://www.washingtonpost.com/business/technology/apple-facebook-others-defy-authorities-increasingly-notify-users-of-secret-data-demands-after-snowden-revelations/2014/05/01/b41539c6-cfd1-11e3-b812-0c92213941f4_story.html
https://gigaom.com/2013/06/07/under-the-covers-of-the-nsas-big-data-effort/
Image source: http://www.brennancenter.org/analysis/what-happens-when-nsa-collects-americans-data
http://massprivatei.blogspot.com/2014/05/apple-facebook-and-google-claim-theyll.html