Secret Court Ruling Put Tech Companies in Data Bind
June 15, 2013
SAN FRANCISCO — In a secret court in Washington, Yahoo’s
top lawyers made their case. The government had sought help in spying
on certain foreign users, without a warrant, and Yahoo had refused,
saying the broad requests were unconstitutional.
The judges disagreed. That left Yahoo two choices: Hand over the data or break the law.
So Yahoo became part of the National Security
Agency’s secret Internet surveillance program, Prism, according to
leaked N.S.A. documents, as did seven other Internet companies.
Like almost all the actions of the secret court, which operates under the Foreign Intelligence Surveillance Act, the details of its disagreement with Yahoo were never made public beyond a heavily redacted court order,
one of the few public documents ever to emerge from the court. The name
of the company had not been revealed until now. Yahoo’s involvement was
confirmed by two people with knowledge of the proceedings. Yahoo
declined to comment.
But the decision has had
lasting repercussions for the dozens of companies that store troves of
their users’ personal information and receive these national security
requests — it puts them on notice that they need not even try to test
their legality. And despite the murky details, the case offers a glimpse
of the push and pull among tech companies and the intelligence and law
enforcement agencies that try to tap into the reams of personal data
stored on their servers.
It also highlights a
paradox of Silicon Valley: while tech companies eagerly vacuum up user
data to track their users and sell ever more targeted ads, many also
have a libertarian streak ingrained in their corporate cultures that
resists sharing that data with the government.
“Even though they have an
awful reputation on consumer privacy issues, when it comes to government
privacy, they generally tend to put their users first,” said
Christopher Soghoian, a senior policy analyst studying technological
surveillance at the American Civil Liberties Union. “There’s this
libertarian, pro-civil liberties vein that runs through the tech
companies.”
Lawyers who handle national
security requests for tech companies say they rarely fight in court,
but frequently push back privately by negotiating with the government,
even if they ultimately have to comply. In addition to Yahoo, which
fought disclosures under FISA, other companies, including Google, Twitter,
smaller communications providers and a group of librarians, have fought
in court elements of National Security Letters, which the F.B.I. uses
to secretly collect information about Americans. Last year, the
government issued more than 1,850 FISA requests and 15,000 National Security Letters.
FISA requests can be as
broad as seeking court approval to ask a company to turn over
information about the online activities of people in a certain country.
Between 2008 and 2012, only two of 8,591 applications were rejected, according to data
gathered by the Electronic Privacy Information Center, a nonprofit
research center in Washington. Without obtaining court approval,
intelligence agents can then add more specific requests — like names of
individuals and additional Internet services to track — every day for a
year.
National Security Letters
are limited to the name, address, length of service and toll billing
records of a service’s subscribers.
The Yahoo ruling, from
2008, shows the company argued that the order violated its users’ Fourth
Amendment rights against unreasonable searches and seizures. The court
called that worry “overblown.”
“Notwithstanding the parade
of horribles trotted out by the petitioner, it has presented no
evidence of any actual harm, any egregious risk of error, or any broad
potential for abuse,” the court said, adding that the government’s
“efforts to protect national security should not be frustrated by the
courts.”
One of the most notable
challenges to a National Security Letter came from an unidentified
electronic communications service provider in San Francisco. In 2011,
the company was presented with a letter from the F.B.I., asking for
account information of a subscriber for an investigation into
“international terrorism or clandestine intelligence activities.”
The company went to court.
In March, a Federal District Court judge, Susan Illston, ruled the
information request unconstitutional, along with the gag order. The case
is under appeal, which is why the company cannot be named.
Google filed a challenge
this year against 19 National Security Letters in the same federal
court, and in May, Judge Illston ruled against the company. Google was
not identified in the case, but its involvement was confirmed by a
person briefed on the case.
In 2011, Twitter successfully challenged a silence order on a National Security Letter related to WikiLeaks members.
Nicole Perlroth and Somini Sengupta contributed reporting from San Francisco.交出數據或違法,法官讓雅虎二選一
2013年06月15日
舊金山——在華盛頓一個秘密法庭,雅虎(Yahoo)的頂尖律師拿出了自己的依據。政府在監視某些外國用戶時,在沒有法庭授權的情況下尋求雅虎的幫助,雅虎對此予以拒絕,並表示這種寬泛的要求是違憲的。
法官不這麼認為。現在雅虎有兩個選擇:要麼交出數據,要麼違反法律。
因此,從泄露的美國國家安全局(National Security Agency,簡稱NSA)文檔來看,雅虎也成了NSA互聯網秘密監視項目「稜鏡」(Prism)的一部分。
和它幾乎所有的其他行動一樣,這個依循《外國情報監視法
案》(Foreign Intelligence Surveillance
Act,簡稱FISA)行事的秘密法院和雅虎之間的分歧細節從未公開過,只有一張經過大量塗黑加密的法院判令,這是少數從該法院流出的公開文檔之一。公司
的名稱一直到現在才揭曉。雅虎的涉案情況得到兩名對該訴訟有了解的人士確認。該公司拒絕置評。
然而這個裁決給其他幾十家公司帶來了深遠的影響,它們也都
保存着大量用戶個人信息,並接到了這種國家安全要求——該裁決提醒它們,根本不必去驗證這些要求的合法性。儘管細節模糊不清,此案還是讓我們有機會一窺科
技公司和情報、執法部門之間的拉拉扯扯,後者在想方設法利用前者服務器中的海量個人數據。
此外它還突顯了硅谷的一個悖論:科技公司一方面急切地收集着用戶數據,用以追蹤它們的用戶,來銷售更精確定向的廣告,另一方面很多公司的企業文化里又有着深入骨髓的自由主義氣息,拒絕和政府分享數據。
「它們在消費者隱私問題上都聲名狼藉,但一旦事關政府隱
私,它們通常都傾向於將用戶置於首位,」正在從事技術性監視研究的美國公民自由聯盟(American Civil Liberties
Union)高級策略分析師克里斯托弗·索戈延(Christopher Soghoian)說。「科技公司有一種自由主義的、重民權的自由派精神。」
幫科技公司處理國家安全要求的律師說,他們很少需要出庭,
但經常私下裡和政府談判推脫,雖然最終還是得服從。除了雅虎曾經就FISA要求的數據披露進行抗爭,包括谷歌(Google)、Twitter以及一些較
小的通訊供應商在內的其他公司和一些圖書館,也就國家安全公函(National Security
Letter)的要件在法院上進行了爭辯,這種公函是聯邦調查局(FBI)用來秘密收集美國人信息的。去年政府簽發了超過1850份FISA請求函和
1.5萬份國家安全公函。
FISA請求的內容可以寬泛到向一個公司索取某個國家的用
戶的網絡活動信息。據華盛頓非營利性研究中心電子隱私信息中心(Electronic Privacy Information
Center)的數據,2008年到2012年間,8591份申請中只有兩份被法院拒絕。而後情報機關特工可以在無需法院核准的情況下在請求函中加入更多
具體要求——比如某些人的姓名和更多需要追蹤的互聯網服務——在一年內什麼時候加都可以。
國家安全公函僅限於一個服務的訂購者的姓名、地址、服務時長以及產生的費用。
2008年的雅虎裁決顯示,公司辯稱這種命令侵犯了第四修正案賦予用戶的權力,是無理的搜查和攫取。法院認為這一擔憂「言過其實。」
「儘管呈請人描述了諸多駭人聽聞的情形,但究竟會造成何種傷害,有何種異乎尋常的過失風險,或任何寬泛的濫用可能性,這些方面還缺乏證據支持,」法院說,另外還提到政府「保護國家安全的努力不應受到法院的阻撓。」
在國家安全公函遇到過的質疑中,最值得注意的一起來自舊金山一家未具名的電子通信服務提供商。2011年,這家公司收到FBI的一封公函,要求提供一名服務訂購者的賬號信息,用於一項「國際恐怖主義或秘密情報活動」調查。
公司為此上了法庭。三月,聯邦地區法院法官蘇珊·伊爾斯頓(Susuan Illston)裁定信息索取及相關的禁言要求違憲。本案還在上訴中,因此該公司的名稱不可以公開。
谷歌今年在同一家聯邦法院向19封國家安全公函發起過挑戰,伊爾斯頓法官在五月裁決谷歌敗訴。本案並未公開谷歌身份,公司涉案一事得到了一位對案情有了解的人士確認。
2011年,因一封涉及維基解密(WikiLeaks)成員的國家安全公函而簽發的禁言令被Twitter成功推翻。
Nicole Perlroth和Somini Sengupta自舊金山對本文有報道貢獻。翻譯:經雷
Amazon Drives Seattle Office Market Surge
沒有留言:
張貼留言