Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Friday, 10 January 2014
Telecom Believed to Be at Center of Government Court Fight Files Surveillance Transparency Report
A small telecom believed to be at the center of a historic court battle over government surveillance published its first transparency report on Thursday, noting that it had received 16 government requests for customer data in 2013. But the report may be most significant for what it doesn’t say.
Credo Mobile, the first telecom to release a transparency report, received just 15 requests for customer data pursuant to subpoena, summons or court order and one emergency request for data. But the most significant part of the report may be the government requests it doesn’t list.
A press release accompanying the report notes that it may be incomplete because legal restrictions prevent companies like Credo from disclosing certain kinds of government requests for customer data, such as those requested with a so-called National Security Letter or NSL.
“[D]ue to existing U.S. surveillance statutes that Credo is on the record opposing, such as the USA PATRIOT Act and the FISA Amendments Act, this report and those of other service providers may fall short of full transparency,” the note reads.
The report and statement are significant because Credo is believed to be the anonymous plaintiff at the heart of a historic legal battle over NSLs — a fight that began before documents leaked by Edward Snowden revealed the extent of the government’s sweeping surveillance programs. That legal battle resulted in a court ruling last year saying that NSLs, and the mandatory gag orders that accompany them, are unconstitutional.
By law, gag orders can be imposed on telecom companies prohibiting them from disclosing requests for customer information that are issued under an NSL or under Section 215 of the PATRIOT Act. The gag order also prohibits companies from disclosing whether they have complied with the order or challenged it in court.
Last year, after one telecom challenged the NSL it received, U.S. District Judge Susan Illston in San Francisco ruled ultra-secret National Security letters are an unconstitutional impingement on free speech, and ordered the government to stop issuing NSLs, a stunning defeat for the Obama administration’s surveillance practices. She also ordered the government to cease enforcing the gag provision in any other cases. However, she stayed her order for 90 days to give the government a chance to appeal to the Ninth Circuit Court of Appeals, which it did.
The telecom, which is not identified in court documents but is believed to be Credo, received an NSL in 2011 from the FBI. The company took the extraordinary and rare step of challenging the underlying authority of the NSL, as well as the legitimacy of the gag order accompanying it. Both challenges are allowed under a federal law that governs NSLs, a power greatly expanded under the Patriot Act that allows the government to get detailed information on Americans’ finances and communications without judicial oversight. The FBI has issued hundreds of thousands of NSLs over the years and has been reprimanded for abusing them, though few requests have been challenged by the recipients.
After the telecom challenged the NSL, the Justice Department made the extraordinary move of suing the company, arguing in court documents that the company was violating the law by challenging its authority. That stunned the Electronic Frontier Foundation, which is representing the anonymous telecom.
“It’s a huge deal to say you are in violation of federal law having to do with a national security investigation,” EFF’s Matt Zimmerman told WIRED at the time. “That is extraordinarily aggressive from my standpoint. They’re saying you are violating the law by challenging our authority here.”
In her ruling, Judge Illston said the NSL nondisclosure provisions “significantly infringe on speech regarding controversial government powers.” She noted that the telecom had been “adamant about its desire to speak publicly about the fact that it received the NSL at issue to further inform the ongoing public debate” on the government’s use of the letters. Illaston also said the review process for challenging an order violated the separation of powers. Because the gag order provisions cannot be separated from the rest of the statute, Illston ruled that the entire statute was unconstitutional.
The judge found that although the government made a strong argument for prohibiting the recipients of NSLs from disclosing to the target of an investigation or the public the specific information being sought by an NSL, the government did not provide compelling argument that the mere fact of disclosing that an NSL was received harmed national security interests. A blanket prohibition on disclosure, she found, was overly broad and “creates too large a danger that speech is being unnecessarily restricted.” She noted that 97 percent of the more than 200,000 NSLs that have been issued by the government were issued with nondisclosure orders.
Although the telecom was not identified in court documents that were released publicly, the Wall Street Journal used details that were revealed in them to narrow the likely plaintiffs to Credo in a story published in 2012. The company’s CEO, Michael Kieschnick, didn’t confirm or deny his company was the unidentified recipient of the NSL, but did release a statement following Illston’s ruling.
“This ruling is the most significant court victory for our constitutional rights since the dark day when George W. Bush signed the Patriot Act,” Kieschnick said. “This decision is notable for its clarity and depth. From this day forward, the U.S. government’s unconstitutional practice of using National Security Letters to obtain private information without court oversight and its denial of the First Amendment rights of National Security Letter recipients have finally been stopped by our courts.”
The redacted documents don’t indicate the exact information the government was seeking from the telecom, and EFF won’t disclose the details. But by way of general explanation, Zimmerman said at the time that the NSL statute allows the government to compel an ISP or website to hand over information about someone who posted anonymously to a message board or to compel a phone company to hand over “calling circle” information — that is, information about who has communicated with someone by phone.
An FBI agent could give a telecom a name or a phone number, for example, and ask for the numbers and identities of anyone who has communicated with that person. “They’re asking for association information – who do you hang out with, who do you communicate with, [in order] to get information about previously unknown people.
“That’s the fatal flaw with this [law],” Zimmerman told WIRED last year. “Once the FBI is able to do this snooping, to find out who Americans are communicating with and associating with, there’s no remedy that makes them whole after the fact. So there needs to be some process in place so the court has the ability ahead of time to step in [on behalf of Americans].”
The company said in its statement Thursday that it supports the full repeal of the USA PATRIOT Act and the FISA Amendments Act and is working to pass Rep. Rush Holt’s Surveillance State Repeal Act.
“Credo, which supports the repeal of the USA PATRIOT Act and FISA Amendments Act, a plea bargain or clemency for Edward Snowden, and an end to the retroactive immunity granted to protect telecom companies from facing charges for colluding with the NSA in the illegal wiretapping of Americans, is releasing the report to increase transparency around governmental requests for customer information,” the company said in a statement.
Credo’s transparency report follows in the tradition begun by Google and other internet service providers to release transparency reports about the number of government requests they receive for customer data. Google and other companies have been battling the government to be able to release more information than their transparency reports currently cover. Late last year, Verizon and AT&T announced that they would be releasing a transparency report in 2014 — their first.
But Credo took a swipe at its fellow telecoms in its statement on Thursday, saying that it had opposed the immunity granted by Congress to telecoms like Verizon and AT&T after previous revelations that the companies cooperated with the Bush administration’s illegal wiretapping program without trying to fight it.
“During the Bush Administration, Credo fought against the unprecedented federal wiretapping of American citizens without any court order and the cover up that followed, including the granting of retroactive immunity to large telecom companies that made the warrantless wiretapping possible,” the company noted in its statement.
“Credo has a decades-long record fighting for the civil liberties, not just of our phone customers, but of all Americans,” Kieschnick was quoted in the statement saying. “Despite the shocking revelations of NSA abuses, the U.S. government continues to defend unconstitutional programs to systematically spy on Americans. So it’s up to companies like ours to lift the curtain to the extent allowed by law and fight for our customers’ constitutional rights.”
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment