Google filed a petition in March 2013 resisting a national security letter (NSL) from the FBI demanding that it offer up private information about its users.
NSLs enable intelligence organizations to send secret requests to web and telecom companies to gather data that is “relevant to an investigation.” They do not need a judge’s approval and come with a gag order. The FBI’s and NSA’s ability to issue NSLs was expanded under the Patriot Act, which passed in 2001 and President Barack Obama renewed in 2011 to give the U.S. government broad-reaching powers to collect data on Americans.
News broke today that a number of U.S. tech companies are participating in a top secret data mining program for the FBI and NSA called PRISM. The Washington Post reported that these agencies were tapping directly into the central servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple to grab data including photos, videos, emails, documents, audio files, and connection logs.
Interestingly, the author of the Patriot Act published a letter to U.S. Attorney General Eric Holder today saying that he is “disturbed” that the NSA can collect data on American citizens without their knowledge or suspicion of wrongdoing.
Google filed the NSL-related petition shortly after U.S. District Judge Susan Illston in San Francisco ruled that NSLs are unconstitutional because they “violate the First Amendment and separation of powers principles.” Google’s petition asked to “set aside the legal process” citing a provision that enables judges to modify or deny NSLS that are “unreasonable, oppressive, or otherwise unlawful.”
But on May 28, Illston reversed her opinion and rejected Google’s argument that NSLs were unconstitutional and unnecessary and ordered the company to comply with the government’s demands for secrecy. She put the Google ruling on hold until the 9th U.S. Circuit Court of Appeals could decide the matter, and until then, Google had to comply unless it could show that the FBI did not follow proper procedures in its demands for the data. Google maintains that it cares about privacy and does not freely permit the government access.
According to a report in Bloomberg, Google has been the only major communications company to fight back against NSLs. Challenges are rare: Of 300,000 government-issued NSLs since 2000, only a handful of companies have resisted.
Google director of law enforcement Richard Salgado wrote a blog post at the time saying that the company has been “trying to find a way to provide more information about the NSLs we get” and would include data about them in its transparency report. Google’s recent transparency report said “government surveillance is on the rise” and government requests for user data spiked but that Google is turning over less data than ever before.
“I certainly appreciate that Google put out a transparency report, but it appears that the transparency didn’t include this. I wouldn’t be surprised if they were subject to a gag order,” said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, in an interview with VentureBeat. (With regard to the legitimacy of its transparency reports, a Googler told VentureBeat, “We stand behind them, absolutely.”
“Google cares deeply about the security of our users’ data,” a Googler said in an email to VentureBeat. “We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”
It is still unclear what type of information the government was trying to obtain from Google. Still, we’re concerned that government agencies may secretly access our personal data, either via “font door” permissions involving warrants and subpoenas or “back door” methods wherein the agencies simply slip in and take what they want regardless of what tech companies have to say about it.