Risk
6/18/2013
05:58 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Challenges Surveillance Gag Order

Google argues it has a First Amendment Right to report the number of demands for information it receives under national security laws.

Google I/O: 10 Key Developments
Google I/O: 10 Key Developments
(click image for larger view and for slideshow)
Seeking to undo the damage to its business and reputation as a result of "false or misleading reports in the media," Google has asked the United States Foreign Intelligence Surveillance Court (FISC) to affirm its right to publish limited statistical data about orders it receives from the court.

The Foreign Intelligence Surveillance Court oversees surveillance requests from the nation's intelligence agencies. The requests, made under the Foreign Intelligence Surveillance Act (FISA), typically come with a gag order. In April, as revealed two weeks ago by The Guardian, the court approved a request by the National Security Agency for ongoing daily access to the phone records of Verizon Business Services.

In reports based on information provided by former NSA contractor Edward Snowden earlier this month about the extent of U.S. government surveillance operations, The Guardian and The Washington Post said that Google and other technology companies, including Apple, Facebook, Microsoft and Yahoo, provided the NSA with direct access to company servers through as system called Prism, to sift through customer data in pursuit of national security.

[ Google cooperates with the government in other ways. Read Google Defends Efforts Against Rogue Pharmacies. ]

Google CEO Larry Page and chief legal officer David Drummond promptly rebutted the claim that their company provides U.S. authorities with direct access to customer data. And a week ago, Drummond published an open letter to Attorney General Eric Holder and Federal Bureau of Investigation Director Robert Mueller seeking permission to publish aggregate numbers of national security requests, including FISA orders in its Transparency Report.

Despite this, Google says that the Department of Justice and the FBI maintain that publishing the number of FISA requests the company receives is unlawful. Thus it has asked the FISC for a summary judgment declaring that it has the right to publish two numbers.

The company's legal motion states, "Google seeks a declaratory judgment that Google has the right under the First Amendment to publish, and that no applicable law or regulation prohibits Google from publishing, two aggregate unclassified numbers: (1) the total number of FISA requests it receives, if any; and (2) the total number of users or accounts encompassed within such requests."

In an emailed statement, a Google spokeswoman said that Google has long pushed for transparency so that users can understand the extent of government demands for data, noting that the company was the first to release data on the number of National Security Letters it receives.

"However, greater transparency is needed, so today we have petitioned the Foreign Intelligence Surveillance Court to allow us to publish aggregate numbers of national security requests, including FISA disclosures, separately," Google's spokeswoman said. "Lumping national security requests together with criminal requests would be a backward step for Google and our users."

Apple, Facebook, Microsoft and Yahoo have all taken such a step, publishing statistics on government demands for user data that combine national security requests with requests related to criminal investigations.

As if to underscore the difficulties that Google faces in dealing with supposedly inaccurate claims about its cooperation with U.S. authorities while under a gag order, Google's legal filing notes, "Nothing in this Motion is intended to confirm or deny that Google has received any order or orders issued by this Court."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
geek2geek
50%
50%
geek2geek,
User Rank: Apprentice
6/19/2013 | 4:14:35 PM
re: Google Challenges Surveillance Gag Order
Google gets busted for sleeping with NSA and then pleads "battered spouse" syndrome. lol what a bunch of tools
smartmind
50%
50%
smartmind,
User Rank: Apprentice
6/19/2013 | 1:43:31 PM
re: Google Challenges Surveillance Gag Order
Bet if it was the Chinese government asking Google.CN for access to confidential data - it would up sticks and stop operating in China.... oops that is exactly what it did, isn't it? Perhaps it should also leave the USA and operate from elsewhere. I am sure that Ecuador would provide Google with a safe haven?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-4801
Published: 2014-12-18
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.