Risk
6/18/2013
05:58 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Challenges Surveillance Gag Order

Google argues it has a First Amendment Right to report the number of demands for information it receives under national security laws.

Google I/O: 10 Key Developments
Google I/O: 10 Key Developments
(click image for larger view and for slideshow)
Seeking to undo the damage to its business and reputation as a result of "false or misleading reports in the media," Google has asked the United States Foreign Intelligence Surveillance Court (FISC) to affirm its right to publish limited statistical data about orders it receives from the court.

The Foreign Intelligence Surveillance Court oversees surveillance requests from the nation's intelligence agencies. The requests, made under the Foreign Intelligence Surveillance Act (FISA), typically come with a gag order. In April, as revealed two weeks ago by The Guardian, the court approved a request by the National Security Agency for ongoing daily access to the phone records of Verizon Business Services.

In reports based on information provided by former NSA contractor Edward Snowden earlier this month about the extent of U.S. government surveillance operations, The Guardian and The Washington Post said that Google and other technology companies, including Apple, Facebook, Microsoft and Yahoo, provided the NSA with direct access to company servers through as system called Prism, to sift through customer data in pursuit of national security.

[ Google cooperates with the government in other ways. Read Google Defends Efforts Against Rogue Pharmacies. ]

Google CEO Larry Page and chief legal officer David Drummond promptly rebutted the claim that their company provides U.S. authorities with direct access to customer data. And a week ago, Drummond published an open letter to Attorney General Eric Holder and Federal Bureau of Investigation Director Robert Mueller seeking permission to publish aggregate numbers of national security requests, including FISA orders in its Transparency Report.

Despite this, Google says that the Department of Justice and the FBI maintain that publishing the number of FISA requests the company receives is unlawful. Thus it has asked the FISC for a summary judgment declaring that it has the right to publish two numbers.

The company's legal motion states, "Google seeks a declaratory judgment that Google has the right under the First Amendment to publish, and that no applicable law or regulation prohibits Google from publishing, two aggregate unclassified numbers: (1) the total number of FISA requests it receives, if any; and (2) the total number of users or accounts encompassed within such requests."

In an emailed statement, a Google spokeswoman said that Google has long pushed for transparency so that users can understand the extent of government demands for data, noting that the company was the first to release data on the number of National Security Letters it receives.

"However, greater transparency is needed, so today we have petitioned the Foreign Intelligence Surveillance Court to allow us to publish aggregate numbers of national security requests, including FISA disclosures, separately," Google's spokeswoman said. "Lumping national security requests together with criminal requests would be a backward step for Google and our users."

Apple, Facebook, Microsoft and Yahoo have all taken such a step, publishing statistics on government demands for user data that combine national security requests with requests related to criminal investigations.

As if to underscore the difficulties that Google faces in dealing with supposedly inaccurate claims about its cooperation with U.S. authorities while under a gag order, Google's legal filing notes, "Nothing in this Motion is intended to confirm or deny that Google has received any order or orders issued by this Court."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
geek2geek
50%
50%
geek2geek,
User Rank: Apprentice
6/19/2013 | 4:14:35 PM
re: Google Challenges Surveillance Gag Order
Google gets busted for sleeping with NSA and then pleads "battered spouse" syndrome. lol what a bunch of tools
smartmind
50%
50%
smartmind,
User Rank: Apprentice
6/19/2013 | 1:43:31 PM
re: Google Challenges Surveillance Gag Order
Bet if it was the Chinese government asking Google.CN for access to confidential data - it would up sticks and stop operating in China.... oops that is exactly what it did, isn't it? Perhaps it should also leave the USA and operate from elsewhere. I am sure that Ecuador would provide Google with a safe haven?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.