Microsoft's Spying Disclosure Request Shot Down by Feds
- By Kurt Mackie
- October 03, 2013
The U.S. Department of Justice (DoJ) this week rejected motions filed by communications service providers including Microsoft and Google to disclose the number of national security surveillance requests they receive.
Microsoft, Facebook, Google and Yahoo have all filed motions to have permission to list the number of requests received from the Foreign Intelligence Surveillance Court (FISC). In a response (PDF) issued Monday by John P. Carlin, acting assistant attorney general for national security, and Tashina Gauhar, deputy assistant attorney general for intelligence, the DoJ indicated the FISC should reject the motions to disclose the information. The DoJ's position appears to be that if people know what services get tapped, then that would harm U.S. national security.
Providing such information "would be invaluable to our adversaries, who could thereby derive a clear picture of where the Government's surveillance efforts are directed and how its surveillance activities change over time, including when the Government initiates or expands surveillance efforts involving providers or services that adversaries previously considered 'safe,'" the DoJ argued in its response (p. 3).
Microsoft and the other companies had all filed amended motions in September after earlier unsuccessful talks with the U.S. government about the matter. Most of those amended motions sought permission to report FISC requests in specific numbers, but the DoJ rejected that idea.
The DoJ said that the companies' amended motions "would present an even greater risk to national security: the right to disclose the precise number of FISA process they may receive under each separate provision of FISA." The disclosure of the information would "undermine the secrecy of the surveillance," the DoJ argued. It would "reveal sources and methods of surveillance potentially nationwide."
Microsoft and the other service providers had complained in their amended motions about "inaccurate media reporting" by the press, which suggested that their networks are subject to direct wiretaps by the National Security Agency (NSA). That capability was suggested as being a relatively easy task that didn't require a court order by NSA whistleblower Edward Snowden in describing the PRISM program. Microsoft allegedly joined the PRISM program in 2007, with other service providers joining later.
In response to the inaccurate media reporting contention, the DoJ cited a Reuters story from last month, "Analysis: Despite fears, NSA revelations helping U.S. tech industry." The story cites unnamed sources from Google, Facebook and Microsoft as saying there has been little impact or no fallout from the government snooping disclosures on their businesses. So, while the DoJ didn't respond to claim of inaccurate media reporting, it did point to a single unsourced media report suggesting that the companies are not experiencing any financial harm from the secrecy.
However, a report produced by a lobbying group for technology companies has suggested otherwise. It estimated that service providers could lose $21.5 billion to $35.0 billion over the next three years if companies and individuals elect to use cloud-based services located outside the United States to avoid the routine massive U.S. spying.
The motions by the service providers also argued that they had First Amendment speech rights to describe the FISC orders to the public. However, the DoJ rejected that idea, too, saying that "it is well-settled that prohibitions on the disclosure of classified information, such as the ones contained in this Court's orders, satisfy the First Amendment."
The DoJ further asserted that the executive branch has sole authority to decide on the classification of information, and that it has decided that the number of specific FISC requests is "secret."
And even though it's widely known that the U.S. government routinely uses commercial communications networks to tap the traffic of U.S. citizens, as well as the traffic of those living abroad, the service provider companies can't talk about the number of snooping requests they get, according to the DoJ.
"The public debate about surveillance does not give the companies the First Amendment right to disclose information that the Government has determined must remain classified," according to the DoJ's response (p. 20).
It's not clear what the response will be from the FISC, which is a secret court, but the DoJ's position is clear. As for Microsoft and the other service providers, they have the ability to respond to the DoJ's arguments on Oct. 21, according to a Microsoft spokesperson.
"We will continue to press for additional transparency, which is critical to understanding the facts and having an informed debate about the right balance between personal privacy and national security," a Microsoft spokesperson stated via e-mail today.
Microsoft recently reported six months of law enforcement requests in aggregate numbers, but that report did not include the FISC requests. The FISC information will be bundled with other law enforcement requests once a year under a recent agreement with the U.S. government, but service providers won't be permitted to break out the specific numbers.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.