Limiting the feds' snooping
Recent developments could portend the demise of National Security Letters, which allow the FBI to get private customer information without a judge's approval
Computerworld - For the first time, Microsoft and Google have publicly revealed roughly how often they have been issued National Security Letters (NSL), which allow the Federal Bureau of Investigation to get private customer information without a judge's approval. It highlights why the letters, created in their current form by the Patriot Act, should be done away with -- and a recent court ruling may lead the way to doing just that.
The Patriot Act allows the FBI to issue NSLs to companies seeking a customer's "name, address, length of service, and local and long distance toll billing records" without a judge's prior approval. An FBI agent only needs to say that the request is "relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities." A superior at the FBI must approve each request, but otherwise, there's no oversight.
The law has a gag provision that bans the company from saying anything about NSLs, not even so much as acknowledging that it has received one. That provision is invoked if the FBI deems that the disclosure would be a "danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or physical safety of any person."
Again, there's no oversight.
In early March, under a deal with the Obama administration, Google became the first company to publicly reveal anything about the NSLs it has received from the FBI. Under the deal, it can disclose a range of the number of NSLs, but not the precise number. Still, the disclosure is revealing. In a "transparency report," Google said the company had received between 0 and 999 NSLs each year for 2009, 2010, 2011 and 2012.Those requests covered between 1,000 and 1,999 accounts each year, except for 2010, when they covered between 2,000 and 2,099.
Several weeks after Google released its report, Microsoft followed suit. Microsoft has been targeted more heavily than Google -- in 2009 it received between 0 and 999 NSLs for between 2,000 and 2,999 accounts; in 2010 it received between 1,000 and 1,999 NSLs for between 5,000 and 5,999 accounts; in 2011 it received between 1,000 and 1,999 NSLs for between 3,000 and 3,999 accounts; and in 2012 it received between 0 and 999 NSLs for between 1,000 and 1,999 accounts.
Both companies should be commended for bringing these numbers to light, because it reminds people how this portion of the Patriot Act endangers their liberties. Even at the low range, those numbers show that a great number of people in the U.S. have been subjected to intrusive prying by the government without their knowledge.
More by Preston Gralla
- Preston Gralla: Jeff Bezos hates you
- Preston Gralla: Straight A's for Microsoft CEO Nadella at the 60-day mark
- Preston Gralla: With Comcast deal, say goodbye to the Internet as we've known it
- Preston Gralla: Patents don't equal innovation
- Preston Gralla: There's time to fix Net neutrality
- Preston Gralla: Can Amazon drones save the economy?
- Preston Gralla: Apple still making it hard to think differently
- Preston Gralla: Why Ford's CEO is wrong for Microsoft
- Preston Gralla: Time to break up Microsoft? Not so fast
- Preston Gralla: Why Bill Gates Can't Save Microsoft
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!