Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Monday, 15 September 2014
Feds Threatened to Fine Yahoo $250K Daily for Not Complying With PRISM
A secret and scrappy court battle that Yahoo launched to resist the NSA’s PRISM spy program came to an end in 2008 after the Feds threatened the internet giant with a massive $250,000 a day fine if it didn’t comply and a court ruled that Yahoo’s arguments for resisting had no merit.
The detail of the threat became public today after 1,500 pages worth of documents were unsealed in the case, revealing new information about the aggressive battle the Feds fought to force the company to bow to its demands. The information was first reported by the Washington Post following a blog post published by Yahoo’s general counsel disclosing that the documents had been unsealed and revealing for the first time the government’s threat of a fine.
Yahoo fought to unseal the case documents to provide better transparency about the government’s data collection programs and the FISA Court’s controversial history in approving nearly every data request the government makes.
The company disputed the initial order in 2007 because it deemed the bulk demand for email metadata to be unconstitutionally broad, but it lost that fight both in the Foreign Intelligence Surveillance Court and during appeal to the Foreign Intelligence Court of Review. It was among the first of nine internet companies to fall to the government’s demands for customer data and was a crucial win for the Feds since they were allowed to wield the ruling as part of their demand to other companies to comply.
Each of the internet companies fell in line with the program at separate times in the wake of that ruling.
“The released documents underscore how we had to fight every step of the way to challenge the U.S. Government’s surveillance efforts,” Yahoo General Counsel Ron Bell wrote in a post published after the unsealing. “At one point, the U.S. Government threatened the imposition of $250,000 in fines per day if we refused to comply.”
The unsealing of FISA Court documents is extremely rare but, as Bell noted, it was
“an important win for transparency, and [we] hope that these records help promote informed discussion about the relationship between privacy, due process, and intelligence gathering.”
The documents were posted online today by the Office of the Director of National Intelligence. Bell noted that “[d]espite the declassification and release, portions of the documents remain sealed and classified to this day, unknown even to our team.”
The American Civil Liberties Union praised Yahoo for pushing back on the government’s unreasonable surveillance.
“Yahoo should be lauded for standing up to sweeping government demands for its customers’ private data,” Patrick Toomey, staff attorney with the ACLU said in a statement.”But today’s [document] release only underscores the need for basic structural reforms to bring transparency to the NSA’s surveillance activities.”
Yahoo’s secret battle, and the PRISM program, came to light only last year after documents released by NSA whistleblower Edward Snowden exposed the data-collection program. Yahoo, Google, Apple and other companies were harshly criticized for complying with the program and seemingly putting up no resistance to it. But shortly after the program was exposed, Yahoo’s dogged battle with the Feds to resist its inclusion in the program came to light only after another document leaked by Snowden exposed the company’s legal fight against the FISA Court order.
Yahoo fought back on Fourth Amendment grounds, insisting that such a request required a probable-cause warrant and that the surveillance request was too broad and unreasonable and, therefore, violated the Constitution.
Yahoo also felt that warrantless requests placed discretion for data collection “entirely in the hands of the Executive Branch without prior judicial involvement” thereby ceding to the government “overly broad power that invites abuse” and possible errors that would result in scooping up data of U.S. citizens as well.
The request for data initially came under the Protect America Act, legislation passed in the wake of the 9/11 terrorist attacks that allowed the Director of National Intelligence and the Attorney General to authorize “the acquisition of foreign intelligence information concerning persons reasonably believed to be outside the United States” for periods of up to one year, if the acquisition met five criteria. The Protect America Act sunset in February 2008, but was incorporated into the FISA Amendments Act in July that year.
Under the law, the government has to ensure that reasonable procedures are in place to ensure that the targeted person is reasonably believed to be located outside the U.S. and that a significant purpose of the collection is to obtain foreign intelligence. In its request to Yahoo, the government apparently proposed additional measures it planned to use to ensure that its data collection was reasonable.
But Yahoo felt the procedures and measures the government proposed to undertake were insufficient and refused to comply with the data request. The government then asked the FISA Court to compel Yahoo to comply, which it did.
Yahoo applied to appeal the decision and requested a stay in the data collection pending the appeal. But the FISA Court refused the stay, and beginning in March 2008, Yahoo was forced to comply with the request for data in the meantime “under threat of civil contempt.”
Five months later, in August 2008, the FISA Court of Review found that the data request, undertaken for national security reasons, qualified for an exception to the warrant requirement under the Fourth Amendment and upheld the original court’s order to comply.
As for Yahoo’s concern that the request was too broad and opened the possibility for potential abuse, the judges wrote that the company had “presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse in the circumstances of the instant case” and called Yahoo’s concerns “little more than a lament about the risk that government officials will not operate in good faith.”
To support their ruling, the judges wrote that the government “assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary.”
A year’s worth of Snowden revelations, however, have now shown this to have been a misguided statement on the part of the judges.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment