The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user communications — a request the company believed was unconstitutional — according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the National Security Agency’s controversial PRISM program.
The documents, roughly 1,500 pages worth, outline a secret and ultimately unsuccessful legal battle by Yahoo to resist the government’s demands. The company’s loss required Yahoo to become one of the first to begin providing information to PRISM, a program that gave the NSA extensive access to records of online communications by users of Yahoo and other U.S.-based technology firms.
The ruling by the Foreign Intelligence Surveillance Court of Review became a key moment in the development of PRISM, helping government officials to convince other Silicon Valley companies that unprecedented data demands had been tested in the courts and found constitutionally sound. Eventually, most major U.S. tech companies, including Google, Facebook, Apple and AOL, complied. Microsoft had joined earlier, before the ruling, NSA documents have shown.
A version of the court ruling had been released in 2009 but was so heavily redacted that observers were unable to discern which company was involved, what the stakes were and how the court had wrestled with many of the issues involved.
“We already knew that this was a very, very important decision by the FISA Court of Review, but we could only guess at why,” said Stephen Vladeck, a law professor at American University.
PRISM was first revealed by former NSA contractor Edward Snowden last year, prompting intense backlash and a wrenching national debate over allegations of overreach in government surveillance.
Documents made it clear that the program allowed the NSA to order U.S.-based tech companies to turn over e-mails and other communications to or from foreign targets without search warrants for each of those targets. Other NSA programs gave even more wide-ranging access to personal information of people worldwide, by collecting data directly from fiber-optic connections.
In the aftermath of the revelations, the companies have struggled to defend themselves against accusations that they were willing participants in government surveillance programs — an allegation that has been particularly damaging to the reputations of these companies overseas, including in lucrative markets in Europe.
Yahoo, which endured heavy criticism after The Washington Post and Britain’s Guardian newspaper used Snowden’s documents to reveal the existence of PRISM last year, was legally bound from revealing its efforts in attempting to resist government pressure. The New York Times first reported Yahoo’s role in the case in June 2013, a week after the initial PRISM revelations.
Both the Foreign Intelligence Surveillance Court and the Foreign Intelligence Surveillance Court of Review, an appellate court, ordered declassification of the case last year, amid a broad effort to make public the legal reasoning behind NSA programs that had stirred national and international anger. Judge William C. Bryson, presiding judge of the Foreign Intelligence Surveillance Court of Review, ordered the documents from the legal battle unsealed Thursday. Documents from the case in the lower court have not been released.
Yahoo hailed the decision in a Tumblr post Thursday afternoon. “The released documents underscore how we had to fight every step of the way to challenge the U.S. Government’s surveillance efforts,” Ron Bell, the company’s general counsel, wrote in the post.
The Justice Department and the Office of the Director of National Intelligence published their own Tumblr post Thursday evening offering a detailed description of the court proceedings and posting several related documents. It noted that both the Foreign Intelligence Surveillance Court and the appeals court sided with the government on the main questions at issue, and added that a subsequent law added more protections, making it “even more protective of the Fourth Amendment rights of U.S. persons than the statute upheld by the [appeals court] as constitutional.”
At issue in the original court case was a recently passed law, the Protect America Act of 2007, that allowed the government to collect data for significant foreign intelligence purposes on targets “reasonably believed” to be outside of the United States. Individual search warrants were not required for each target. That law has lapsed but became the foundation for the FISA Amendments Act of 2008, which created the legal authority for some of the NSA programs later revealed by Snowden.
The order requiring data from Yahoo came in 2007, soon after the Protect America Act passed. It set off alarms at the company because it sidestepped the traditional requirement that each target be subject to court review before surveillance could begin. The order also went beyond “metadata” — records of communications but not their actual content — to include the full e-mails.
A government filing from February 2008 described the order to Yahoo as including “certain types of communications while those communications are in transmission.” It also made clear that while this was intended to target people outside the United States, there inevitably would be “incidental collection” of the communications of Americans. The government promised “stringent minimization procedures to protect the privacy interests of United States persons.”
Rather than immediately comply with the sweeping order, Yahoo sued.
Central to the case was whether the Protect America Act overstepped constitutional bounds, particularly the Fourth Amendment prohibition on unreasonable searches and seizures without a warrant. An early Yahoo filing said the case was “of tremendous national importance. The issues at stake in this litigation are the most serious issues that this Nation faces today — to what extent must the privacy rights guaranteed by the United States Constitution yield to protect our national security.”
The appeals court, however, ruled that the government had put in place adequate safeguards to avoid constitutional violations.
“We caution that our decision does not constitute an endorsement of broad-based, indiscriminate executive power,” the court wrote on Aug. 22, 2008. “Rather, our decision recognizes that where the government has instituted several layers of serviceable safeguards to protect individuals against unwarranted harms and to minimize incidental intrusions, its efforts to protect national security should not be frustrated by the courts. This is such a case.”
The government threatened Yahoo with the $250,000-a-day fine after the company had lost an initial round before the Foreign Intelligence Surveillance Court but was still pursuing an appeal. Faced with the fine, Yahoo began complying with the legal order as it continued with the appeal, which it lost several months later.
Stewart Baker, a former NSA general counsel and Bush administration Department of Homeland Security official, said it’s not unusual for courts to order compliance with rulings while appeals continue before higher courts.
“I’m always astonished how people are willing to abstract these decisions from the actual stakes,” Baker said. “We’re talking about trying to gather information about people who are trying to kill us and who will succeed if we don’t have robust information about their activities.”
The American Civil Liberties Union applauded Thursday’s move to release the documents but said it was long overdue.
“The public can’t understand what a law means if it doesn’t know how the courts are interpreting that law,” said Patrick Toomey, a staff attorney with the ACLU’s National Security Project.
Carol D. Leonnig and Julie Tate contributed to this report.
Follow The Post’s tech blog, The Switch, where technology and policy connect.
Craig Timberg is a national technology reporter for The Post.