on March 6, 2013 by admin in National News, Comments (0)

Google Breaks Silence On FBI’s National Security Letters That Demand Its Users …

National security letters are the Fight Club of government data surveillance. Thanks to the gag orders that accompany those FBI requests for users’ private information, the first rule for any company that receives an NSL is that it doesn’t talk about receiving an NSL. Now Google is doing its best to blur–if not quite break–that rule.

In a new section of its bi-annual Transparency Report on government censorship and surveillance of its data, Google on Tuesday issued its first ever accounting of how many NSLs it has received for the last four years along with how many users were affected, albeit in extremely broad terms. For each of those years, for instance, Google says it has received less than one thousand NSLs. In 2012, those requests for users’ data targeted somewhere between one and two thousand of its users, the same numbers as 2011 and down from between two and three thousand users affected in 2010.

Vague as those revelations may be, they start to give some sense of the scale of how often NSLs are used to obtain user data in investigations of purported national security threats. In the second half of 2012, for instance, Google says that it received requests for at least some data from 14,791 accounts. More than 10,000 of those users were targeted with subpoenas, and another 3,000 had their information requested with a search warrant.

But Google previously labeled another 1,249 accounts as having had their data requested by “other” means. With more than a thousand users affected by NSLs sent to Google in 2012, it seems a significant chunk of those users had their data taken from Google’s servers using the FBI’s un-discussable letters.

Correction: Google spokesperson Chris Gaither writes to me in an email that those NSL numbers aren’t in fact included in the “other” category of Google’s Transparency Report, but have simply been left out of the Transparency Report’s statistics until now. The “other” category, according to Gaither, consists of “court orders issued under [the Electronic Communications Privacy Act] by a judge and other court-issued legal process.”

“The FBI has the authority to prohibit companies from talking about these requests,” reads a blog post about the new numbers on Google’s public policy blog. “But we’ve been trying to find a way to provide more information about the NSLs we get—particularly as people have voiced concerns about the increase in their use since 9/11. Starting today, we’re now including data about NSLs in our Transparency Report. We’re thankful to U.S. government officials for working with us to provide greater insight into the use of NSLs.”

NSLs have come under fire not just for their secrecy, but for their lack of judicial review; They require far less oversight than a search warrant or even a subpoena, can be issued by any FBI field office, and have been applied much more widely in the post-9/11 era. The Electronic Frontier Foundation has called NSLs “one of the most frightening and invasive…of all the dangerous government surveillance powers that were expanded by the USA PATRIOT Act.”

Google specifies in an FAQ included with its report on NSLs that the letters can only legally seek “the name, address, length of service, and local and long distance toll billing records” of a Google user. Those outmoded legal terms mean that the FBI shouldn’t be able to get actual content data such as Gmail messages or private YouTube videos. Perhaps surprisingly, even IP addresses are off limits, Google says.

But Julian Sanchez, a research fellow at the Cato Institute who has tracked the NSL issue, says that NSLs sent to an Internet service like Google could still be used to de-anonymize Internet content when the FBI knows an IP address but not a name or other identifying details. “These kinds of requests are supposed to to be limited to less sensitive information,” says Sanchez. “But if the point is to de-anonymize anonymous information, it’s not clear that’s less sensitive.”

Google’s numbers also indicate that the use of NSLs might be far more widespread than previously thought. Sanchez refers to the government’s own tally of NSLs issued in 2011 that excluded the kind of non-content requests sent to Google. Those letters targeted information about 7,201 people that year, according to the Department of Justice.

According to Google’s new report, the company received requests that targeted more than a thousand people that same year. So either Google’s alone received NSLs that affected close to one out seven of the people targeted by NSLs in total, or far more likely, the Department of Justice tally represents only a small fraction of requests actually sent.

“This is a tool that can be sued to strip away online anonymity,” says Sanchez. “And extrapolating from these numbers it’s being used on a much larger scale than the official numbers would lead one to believe.”

Read Google’s full blog post here.

Follow me on Twitter, and check out my new book, This Machine Kills Secrets: How WikiLeakers, Cypherpunks and Hacktivists Aim To Free The World’s Information.

Article source: http://www.forbes.com/sites/andygreenberg/2013/03/05/google-breaks-silence-on-fbis-national-security-letters-that-demand-its-users-data/

Tags: ,

No Comments

Comments are disabled.