Microsoft Releases Details Of Law Enforcement Requests

from the good-move dept

Kudos to Microsoft for joining companies like Google and Twitter in releasing transparency reports about government/law enforcement requests for information. On Thursday, Microsoft released data on law enforcement requests from 2012. The report covers requests for pretty much all of Microsoft's key online services, including Hotmail/Outlook, SkyDrive, XBox Live, Office 365 and even Skype. Microsoft has actually gone a step further than others in some areas, such as separating out which law enforcement requests involved sharing "customer content" data (such as images or email subject lines) vs. those that shared "non-content" data (such as identifying information).

Because of this distinction, Microsoft points out how rarely it ends up giving law enforcement customer content, noting it happened in only 2.1% of cases (1,558 requests). Nearly all of those requests came from the US government. The only non-US requests that resulted in the sharing of customer content were 14 disclosures given to Brazil, Ireland, Canada and New Zealand.

As for non-content information (i.e., identifying info), Microsoft disclosed that information 56,388 times (excluding Skype, which reported its data separately due to differences in the way they recorded data -- something that is being standardized). The top countries getting such info were the US, UK, Turkey, Germany and France. Turkey seems a bit surprising there. As for Skype, the top requests were from the UK, US, Germany, France and Taiwan. Microsoft also delivered no information at all 18% of the time, either because the company rejected the request or because no info was found, though they apparently don't break down the difference there.

Like Google, Microsoft also revealed how many National Security Letters it received, using a format nearly identical to the way Google released its data not too long ago: It's good to see Microsoft following in the footsteps of Google and Twitter in providing this kind of transparency. Hopefully we'll see even more companies follow as well.

Filed Under: information requests, nsls, privacy, transparency
Companies: microsoft, skype

Google Reveals Some Data About National Security Letters, May Have Exposed DOJ Duplicity

from the transparency... dept

We've talked for years about the government's use of "national security letters" or NSLs, which are effectively a way for law enforcement types to seek information with less oversight than a subpoena, and which usually come with a very, very extreme gag order attached. Despite the fact that, by their own admission, law enforcement has regularly and systematically abused this tool, they are still widely used and there has been little effort to block the abuses. Google's latest transparency report is seeking to reveal some data about the NSLs it has received, but without revealing too much. Rather than directly revealing how many NSLs it has received, it is posting ranges (in bunches of 1,000) -- and apparently the company got at least some level of approval from the government to do this ("We're thankful to U.S. government officials for working with us").

By itself, the data doesn't seem that enlightening. However, there is some useful information you can pick out of there, and who better to pick out that info that Julian Sanchez, who has followed this issue closely. He's found that you can actually tease out some useful info even with those broad ranges.

It's illuminating to compare the minimum number of users affected by NSLs each year to the numbers we find in the government's official annual reports. In 2011—the last year for which we have a tally—the Justice Department acknowledged issuing 16,511 NSLs seeking information about U.S. persons, with a total of 7,201 Americans' information thus obtained. That's actually down from a staggering 14,212 Americans whose information DOJ reported obtaining via NSL the previous year. Remember, this total includes National Security Letters issued not just to all telecommunications providers—including online services like Google, broadband Internet companies, and cell phone carriers—but also "financial institutions," which are defined broadly to include a vast array of businesses beyond such obvious candidates as banks and credit card companies.

What ought to leap out at you here is the magnitude of Google's tally relative to that total: They got requests affecting at least 1,000 users in a year when DOJ reports just over 7,000 Americans affected by all NSLs—and it seems impossible that Google could account for anywhere remotely near a seventh of all NSL requests. Google, of course, is not limiting their tally to requests for information about Americans, which may explain part of the gap—but we know that, at least of a few years ago, the substantial majority of NSLs targeted Americans, and the proportion of the total targeting Americans was increasing year after year. As of 2006, for instance, 57 percent of NSL requests were for information about U.S. persons. So even if we reduce Google's minimum proportionately, that seems awfully high.

Sanchez wonders if the DOJ is effectively under-counting how many NSLs it uses by pretending that some of the NSLs they issue shouldn't count towards its official tally of NSLs.

There's a simple enough explanation for this apparent discrepancy: The numbers DOJ reports each year explicitly exclude NSL requests for “basic subscriber information,” meaning the “name, address, and length of service” associated with an account, and only count more expansive requests that also demand more detailed “electronic communications transactional records” that are “parallel to” the “toll billing records” maintained by traditional phone companies.

That would mean that the NSL number that the DOJ reports is not particularly accurate, and that the FBI really issues a hell of a lot more NSLs (not so). Shocking reveal of the day: the DOJ may not be entirely forthright about how often it's spying on Americans using a widely abused process with little oversight.

Filed Under: doj, fbi, national security letters, nsls, privacy, transparency
Companies: google

Unconstitutional Fishing Expeditions: The Massive Abuse Of Administrative Subpoenas By The Government

from the depressing dept

For years, we've talked about how the Justice Department has massively abused the "National Security Letters" (NSLs) process that lets it seek information from third parties without judicial oversight. At least with FBI NSLs, the FBI is required to release some (though not all) info on how they're used, which is why we have some indication of how widely they're abused. However, as Dave Kravets recently detailed in a fantastic article at Wired.com, the use of "administrative subpoenas" (NSLs are a form of administrative subpoena) allowing government officials to issue mandatory subpoenas to third parties with no oversight at all has become quite widespread. Even worse: most government agencies don't seem to have any interest in revealing any data about them. In other words, if you thought the FBI was abusing NSLs, you should probably be even more concerned about some of these others administrative subpoenas.

Meet the administrative subpoena (.pdf): With a federal official’s signature, banks, hospitals, bookstores, telecommunications companies and even utilities and internet service providers — virtually all businesses — are required to hand over sensitive data on individuals or corporations, as long as a government agent declares the information is relevant to an investigation. Via a wide range of laws, Congress has authorized the government to bypass the Fourth Amendment — the constitutional guard against unreasonable searches and seizures that requires a probable-cause warrant signed by a judge.

In fact, there are roughly 335 federal statutes on the books (.pdf) passed by Congress giving dozens upon dozens of federal agencies the power of the administrative subpoena, according to interviews and government reports. (.pdf)

It's worth reading Kravets' full article, even if it is depressing. What amazes me is that we let this kind of stuff continue unabated. We've seen increasing surveillance and abuse over the years, but it seems that any time people push back on these processes, they're brushed off because "OMG!Terrorists!" or something along those lines. It's sad that we, as a country, seem so accepting of the government taking away basic Constitutional rights if it just screams something about terrorists and crime.

Filed Under: abuse, administrative subpoenas, justice department, national security letters, nsls, oversight

ISP Owner Finally Able To Admit That He Stood Up To The FBI Over Questionable Data Request

from the only-six-years-later dept

We've noted, repeatedly, that the feds have been caught abusing National Security Letters (NSLs) to try to get information they had no legal right to get. Because these NSLs usually contained an immediate gag order and no judicial review, basically the FBI could request whatever it wanted, and no one would review it and people couldn't speak out against it. So it was great to hear, about three years ago, that one ISP owner recipient of such an NSL was anonymously fighting back, specifically about the required gag order. We were disappointed last year, when a judge refused to drop the gag order, even if the actual request had been dropped by the feds.

However, six years after first receiving the NSL, Nicholas Merrill, the head of Calyx Internet Access is finally able to admit that he's the guy who's been fighting this legal battle. Prior to this, he'd even kept it secret from his fiancee, family and friends -- even when they happened to bring up the case in casual conversation. Of course, this doesn't change that it happened, and even if we keep being told that the feds have been ordered to stop abusing these processes, there's little to no evidence that anything is really being done. For every Nicholas Merrill, you can bet that thousands of others just gave in and didn't put up a fight -- even if the requests were bogus.

There is a clear legal process for obtaining information, involving warrants and judicial oversight. I have no problem with attempts to get information through such means. But when law enforcement routes around those oversight channels, and then tries to gag people from even talking about it, there's a serious problem.

Filed Under: free speech, gag order, national security, nsls
Companies: calyx internet access, fbi

White House Seeks Easier FBI Access To Internet Records, Blocks Oversight Attempt... Just As FBI Caught Cheating On Exam To Stop Abuse

from the feel-safer? dept

We're still at a loss to explain why there's been so little outrage over the fact that the FBI got a total free pass for its massive abuse in getting phone records. As you may recall, reports came out about how the FBI regularly abused the official process for obtaining phone records, avoiding any of the required oversight, but right before that info came out the White House issued a ruling saying that it was okay for the FBI to break the law. That's not how things are supposed to work.

And, it appears that since there was no outrage over all of this, the White House keeps pushing further. Three new articles highlight what a travesty this has become. First, the White House wants to quietly make it easier for the FBI to demand internet log file information without a judge's approval." Just as I finished reading that, I saw Julian Sanchez's new writeup about how the White House blocked and killed a proposal to give the GAO power to review US intelligence agencies. The GAO is the one government operation that seems to actually focus on doing what's right, rather than what's politically expedient. Sanchez notes that, beyond the sterling reputation of the GAO, it's also ready, willing and able to handle this kind of oversight:

The GAO has the capacity Congress lacks: as of last year, the office had 199 staffers cleared at the top-secret level, with 96 holding still more rarefied "sensitive compartmented information" clearances. And those cleared staff have a proven record of working to oversee highly classified Defense Department programs without generating leaks. Gen. Clapper, the prospective DNI, has testified that the GAO "held our feet to the fire" at the Pentagon with thorough analysis and constructive criticism.

Unlike the inspectors general at the various agencies--which also do vital oversight work--the GAO is directly answerable to Congress, not to the executive branch. And while it's in a position to take a broad, pangovernmental view, the GAO also hosts analysts with highly specialized economic and management expertise the IG offices lack. Unleashing GAO would be the first step in discovering what the Post couldn't: whether the billions we're pouring into building a surveillance and national security state are really making us safer.

Oh, and just to make this all more comically depressing, just as I finished reading both of these stories, I saw a story about a new investigation into reports that FBI agents were caught cheating on an exam, which was designed to get them to stop abusing surveillance tools. Yes, you read that right. After all the reports of abuse of surveillance tools, the FBI set up a series of tests to train FBI agents how to properly go about surveillance without breaking the law... and a bunch of FBI agents allegedly cheated on the test that's supposed to stop them from "cheating" on the law. And, not just a few. From the quotes, it sounds like this cheating was "widespread." But, of course, it might not matter, since the requirements for surveillance are being lowered, oversight is being blocked, and apparently the White House is willing to retroactively "legalize" any illegal surveillance anyway.

Filed Under: abuse, fbi, nsls, oversight, surveillance, white house

Court Limits, But Doesn't Eliminate, Secrecy Of National Security Letters

from the partial-win dept

The Patriot Act, among other things, allows law enforcement to issue "National Security Letters" to ISPs and telcos to obtain certain information about individuals. The letters are, as the name implies, designed for situations where national security is at stake, and a more thorough process of going through legal channels to gain approval would be a serious threat to national security. Except, of course, that's not how things have worked in practice. The FBI was found to have engaged in "serious misuse" of NSLs on a regular basis, issuing tens of thousands of them. Even worse, part of the rules surrounding NSLs are that they must be kept entirely secret. This raises very serious First Amendment questions. While a lower court agreed that the secrecy on NSLs violated the Constitution, an Appeals Court, that had initially seemed skeptical has allowed the secrecy to continue, though with some limitations.

Rather than saying secrecy was okay, if revealing the NSL would create "interference with diplomatic relations, or danger to the life or physical safety of any person" (the old rule), the court has said the rule should be that secrecy is allowed if revealing the NSL "may result in an enumerated harm that is related to an authorized investigation to protect against international terrorism or clandestine intelligence activities." It is certainly more of a limitation, though some may note that it may not make much of a difference in actual application. NSLs are still likely to be abused, and it's unlikely that most ISPs or telcos on the receiving end of such NSLs will feel concerned enough to challenge them.

Filed Under: fbi, first amendment, gag orders, national security letters, nsls

Judges Question Whether National Security Letters Need To Come With Gag Orders

from the where's-that-copy-of-the-constitution? dept

The Patriot Act allows the FBI to issue "National Security Letters" to ISPs and other organizations, seeking information on users of those service providers -- with an automatic gag order forbidding the service provider from telling anyone that they have received an NSL. Not surprisingly, this resulted in the NSLs being widely abused, with the FBI issuing them in many, many cases when they were not appropriate. But, of course, since no one could complain, there was no incentive for the FBI to actually follow the rules. A panel of judges is now reviewing the overall constitutionality of the gag order on NSLs -- and, so far, they seem skeptical. It seems ridiculous that the FBI should be allowed to impart an automatic gag order without any sort of judicial overview -- especially when it's already been shown that the FBI can and does abuse this power quite often.

Filed Under: fbi, first amendment, gag orders, national security letters, nsls