Risk
6/18/2013
05:58 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Challenges Surveillance Gag Order

Google argues it has a First Amendment Right to report the number of demands for information it receives under national security laws.

Google I/O: 10 Key Developments
Google I/O: 10 Key Developments
(click image for larger view and for slideshow)
Seeking to undo the damage to its business and reputation as a result of "false or misleading reports in the media," Google has asked the United States Foreign Intelligence Surveillance Court (FISC) to affirm its right to publish limited statistical data about orders it receives from the court.

The Foreign Intelligence Surveillance Court oversees surveillance requests from the nation's intelligence agencies. The requests, made under the Foreign Intelligence Surveillance Act (FISA), typically come with a gag order. In April, as revealed two weeks ago by The Guardian, the court approved a request by the National Security Agency for ongoing daily access to the phone records of Verizon Business Services.

In reports based on information provided by former NSA contractor Edward Snowden earlier this month about the extent of U.S. government surveillance operations, The Guardian and The Washington Post said that Google and other technology companies, including Apple, Facebook, Microsoft and Yahoo, provided the NSA with direct access to company servers through as system called Prism, to sift through customer data in pursuit of national security.

[ Google cooperates with the government in other ways. Read Google Defends Efforts Against Rogue Pharmacies. ]

Google CEO Larry Page and chief legal officer David Drummond promptly rebutted the claim that their company provides U.S. authorities with direct access to customer data. And a week ago, Drummond published an open letter to Attorney General Eric Holder and Federal Bureau of Investigation Director Robert Mueller seeking permission to publish aggregate numbers of national security requests, including FISA orders in its Transparency Report.

Despite this, Google says that the Department of Justice and the FBI maintain that publishing the number of FISA requests the company receives is unlawful. Thus it has asked the FISC for a summary judgment declaring that it has the right to publish two numbers.

The company's legal motion states, "Google seeks a declaratory judgment that Google has the right under the First Amendment to publish, and that no applicable law or regulation prohibits Google from publishing, two aggregate unclassified numbers: (1) the total number of FISA requests it receives, if any; and (2) the total number of users or accounts encompassed within such requests."

In an emailed statement, a Google spokeswoman said that Google has long pushed for transparency so that users can understand the extent of government demands for data, noting that the company was the first to release data on the number of National Security Letters it receives.

"However, greater transparency is needed, so today we have petitioned the Foreign Intelligence Surveillance Court to allow us to publish aggregate numbers of national security requests, including FISA disclosures, separately," Google's spokeswoman said. "Lumping national security requests together with criminal requests would be a backward step for Google and our users."

Apple, Facebook, Microsoft and Yahoo have all taken such a step, publishing statistics on government demands for user data that combine national security requests with requests related to criminal investigations.

As if to underscore the difficulties that Google faces in dealing with supposedly inaccurate claims about its cooperation with U.S. authorities while under a gag order, Google's legal filing notes, "Nothing in this Motion is intended to confirm or deny that Google has received any order or orders issued by this Court."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
geek2geek
50%
50%
geek2geek,
User Rank: Apprentice
6/19/2013 | 4:14:35 PM
re: Google Challenges Surveillance Gag Order
Google gets busted for sleeping with NSA and then pleads "battered spouse" syndrome. lol what a bunch of tools
smartmind
50%
50%
smartmind,
User Rank: Apprentice
6/19/2013 | 1:43:31 PM
re: Google Challenges Surveillance Gag Order
Bet if it was the Chinese government asking Google.CN for access to confidential data - it would up sticks and stop operating in China.... oops that is exactly what it did, isn't it? Perhaps it should also leave the USA and operate from elsewhere. I am sure that Ecuador would provide Google with a safe haven?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.