Twitter Sues The US Government For The Right To Disclose Surveillance Requests
from the good-for-them dept
As you may recall, in the wake of the Snowden revelations, various tech companies got into a bit of a spat with the US government over the right to disclose FISA orders received under Section 702 of the FISA Amendments Act. These orders are what made up the PRISM program that got so much early attention, with some early reports implying, incorrectly, that the tech companies had given the NSA full access to their systems under the program. The reality is that the 702 program includes specific FISA court orders for access to specific information, not blanket access. What’s unknown is just how narrow or broad those orders are, and that’s partly because of a gag order that comes with any of those FISA court orders. In response, a bunch of those tech companies filed a lawsuit arguing they had a First Amendment right to reveal the number of orders they had received. Further, they noted that due to the early, misinterpreted reporting, they needed to be able to reveal how many orders they received, and how many people it impacted, to correct the faulty record on their level of sharing with the NSA.
In January, the tech companies and the DOJ settled the lawsuit, with the US government agreeing to specific ways in which tech companies could reveal some information on those orders, but in a very limited way. Basically they could reveal some information in “bands.” Depending on how they revealed the info, it could be in bands of 250 people or bands of 1,000 people — but if you chose the 250 option, you also had to lump in National Security Letters (NSLs), making the information even harder to parse. While this was progress over nothing, it was a pretty small step forward.
That’s why we were happy to see Twitter come out in February and say that, while those other companies (including Google, Facebook and Microsoft) had agreed to that settlement, it was not good enough for Twitter, and that the company would keep pushing for the right to say how many FISA orders it had received. Apparently those negotiations with the DOJ haven’t gone very well, as the company has now sued the US government over the issue. Twitter claims that it even asked for the ability to publish a redacted transparency report, but the DOJ even tried to block that. The full filing is worth reading.
Twitter seeks to lawfully publish information contained in a draft Transparency Report submitted to the Defendants on or about April 1, 2014. After five months, Defendants informed Twitter on September 9, 2014 that ?information contained in the [transparency] report is classified and cannot be publicly released? because it does not comply with their framework for reporting data about government requests under the Foreign Intelligence Surveillance Act (?FISA?) and the National Security Letter statutes. This framework was set forth in a January 27, 2014 letter from Deputy Attorney General James M. Cole to five Internet companies (not including Twitter) in settlement of prior claims brought by those companies (also not including Twitter) (the ?DAG Letter?).
The Defendants? position forces Twitter either to engage in speech that has been preapproved by government officials or else to refrain from speaking altogether. Defendants provided no authority for their ability to establish the preapproved disclosure formats or to impose those speech restrictions on other service providers that were not party to the lawsuit or settlement.
Twitter?s ability to respond to government statements about national security surveillance activities and to discuss the actual surveillance of Twitter users is being unconstitutionally restricted by statutes that prohibit and even criminalize a service provider?s disclosure of the number of national security letters (?NSLs?) and court orders issued pursuant to FISA that it has received, if any. In fact, the U.S. government has taken the position that service providers like Twitter are even prohibited from saying that they have received zero national security requests, or zero of a particular type of national security request.
These restrictions constitute an unconstitutional prior restraint and content-based restriction on, and government viewpoint discrimination against, Twitter?s right to speak about information of national and global public concern. Twitter is entitled under the First Amendment to respond to its users? concerns and to the statements of U.S. government officials by providing more complete information about the limited scope of U.S. government surveillance of Twitter user accounts?including what types of legal process have not been received by Twitter?and the DAG Letter is not a lawful means by which Defendants can seek to enforce their unconstitutional speech restrictions.
It will be interesting to see how far this lawsuit goes. Unfortunately, the courts are often willing to give great deference to the government when it insists things need to be secret, but there’s always a chance that a court may recognize the problematic nature of how the government gags companies in this manner.
Filed Under: doj, first amendment, fisa, fisa court orders, free speech, nsa, section 702, surveillance, transparency
Companies: twitter
Comments on “Twitter Sues The US Government For The Right To Disclose Surveillance Requests”
This is why it’s very important to avoid US-based sites whenever possible. (except Techdirt, of course)
We might even get more privacy in “Russian Facebook” VKontakte (in English now) despite its location in a country that historically had an infamous spying apparatus.
Re: Re:
It’s important to avoid giving any data to US companies that you don’t want strangers or the government to know.
“except Techdirt, of course”
No, not except Techdirt. If Techdirt got an NSL, they’d have to do exactly the same thing as any other US company. This is the real shame: the law makes it impossible to be able to trust US companies to keep information to themselves, even when those companies are trustworthy.
Re: Re: Re:
This is the real shame: the law makes it impossible to be able to trust US companies to keep information to themselves, even when those companies are trustworthy.
Sadly true, the mere existence of NSL’s means the safest default assumption regarding a US company is that it’s already compromised, and needs to be treated accordingly.
Re: Re: Re: Re:
And despite all the bizarre, Orwellian lengths the NSA & company have gone to, they’ve accomplished absolutely nothing. If they had done something, anything that could justify any of their actions, they would have had the media make it into headline news and kept it in the news indefinitely. Instead, their press releases are comprised entirely of ad hominem attacks and vague references to events that they had little to nothing to do with; the actions of someone trying desperately to defend the indefensible.
Of course, when their failures (e.g. the Boston Bombing) make news headlines, they claim they failed because they aren’t spying enough. By which logic, if pouring gasoline on a fire doesn’t put it out, it’s because you didn’t pour enough.
Really, even if it did work it’d be inexcusable, but we aren’t even getting any security in exchange for losing our liberty. All so a small army of spies can keep collecting their paychecks and abusing their power (e.g. LOVEINT).
Re: Re:
Unless you have a trusted https connection to the foreign site then how can you trust that the government isn’t intercepting your traffic? You need to make sure that the foreign site uses the same public key(s) for U.S. traffic as it does for its own native traffic otherwise you can’t tell if the U.S. can intercept and decrypt the U.S. based traffic and is perhaps working with various foreign site owners (and governments) to ensure that the U.S. govt can decrypt U.S. bound traffic (under the threat that they can cut off access to the U.S. market if the foreign companies don’t cooperate). Foreign companies may not announce what’s going on especially if it could mean losing access to the U.S. market (something that neither foreign businesses nor foreign governments would want).
I think what the government doing is wrong.
Warrant canaries prohibited ?
“the U.S. government has taken the position that service providers like Twitter are even prohibited from saying that they have received zero national security requests, or zero of a particular type of national security request” – does this explain the change in Apple’s NSL canary thing ?
Re: Warrant canaries prohibited ?
I was thinking the same thing as I read this.
Re: Warrant canaries prohibited ?
I always wondered why this canary got the hype. What would stop a devious administration like this from demanding Apple to keep up their canary posts up despite being served with an NSL?
The movement of corporations out of the US due to high tax rates (inversion) is probably aided in that decision by the distrust it’s potential customers have over the control the US government has in spying on anyone it deems interested in.
While the NSA and assorted others of its’ ilk claim no harm and no foul in this spying, I suggest that when the government starts hitting high inflation because the tax revenue drop has created yet more run-a-way money printing that it may dawn on congress that something finally has to be done.
Many businesses and corporations are seeing a distinct advantage in not being associated with the US as their home base.
Re: Re:
What high tax rates? You do realize that corporate taxes are currently at historic lows, the lowest they’ve been in this country since the Great Depression, right?
Re: Re: Re:
Whether they are high or low relative to historical values is less interesting to the company than whether they are high or low relative to other jurisdictions in which it could be located. By that measure, US corporate taxes are one of the highest, if not the highest, among stable countries.
Personal income tax rates are also much lower than they were during the confiscatory years, but that does not excuse the level they are set at, either.
if (this.judge.wisdom == “gullible”) {
while (gov.propaganda == “TERRORISTS!!!”) {
this.judge.verdict(“Not Guilty”);
}
}
foreach judge in usa {
judge.wisdom = “gullible”;
}
Our government is corrupt in every corner, nothing good will come of anything until we the people issue a reset.
Re: Re:
I would prefer an orderly pivot_root followed by kexec.
Re: Re:
and nothing good would probably come of that either. Corruption is human nature.
It will be interesting to see how far this lawsuit goes. Unfortunately, the courts are often willing to give great deference to the government when it insists things need to be secret, but there’s always a chance that a court may recognize the problematic nature of how the government gags companies in this manner.
I’m surprised you didn’t link back to your post from last year about Judge Illston’s holding that the NSLs unconstitutional: https://www.techdirt.com/articles/20130315/14254522342/shocker-court-says-national-security-letters-are-unconstitutional-bans-them.shtml I think Judge Illston’s conclusions are very persuasive. As far as I know, that was appealed to the Ninth Circuit but there’s been no ruling yet. I wonder if this action will be put on hold until that appeal is decided.
Re: Re:
Good catch.
Unfortunately, it looks like the judge allowed them to continue issuing them since the government planned to appeal(obviously, they really couldn’t do anything else), and given the ‘speed’ court cases can take at that level, even if the next judge again finds against the government, that’ll likely be several years after the original ruling, and in the meantime, NSL’s for everyone.
Re: Re: Re:
Good catch.
Unfortunately, it looks like the judge allowed them to continue issuing them since the government planned to appeal(obviously, they really couldn’t do anything else), and given the ‘speed’ court cases can take at that level, even if the next judge again finds against the government, that’ll likely be several years after the original ruling, and in the meantime, NSL’s for everyone.
I just found a page on the Ninth Circuit’s website dedicated to the NSL litigation: http://www.ca9.uscourts.gov/content/view.php?pk_id=0000000715 It appears that Judge Illston’s opinion has been consolidated with two other cases. Appeal No. 13-15957 is the one from Judge Illston’s opinion. I’m not sure what the other two cases are (I’ll have to read through the filings). It looks like the final reply brief was filed in June, so I doubt it will be much longer before the Ninth Circuit decides the issue. Given that these NSL recipients are arguing the same things as Twitter, I suspect that Twitter’s case will be put on hold pending the Ninth Circuit’s decision.
Re: Re: Re: Re:
Hmm, so might very well be decided before the year is out then, here’s hoping for some sanity in the court-room with the judges ruling against the government regarding NSL’s.
Re: Re: Re: Re:
The appeal is actually being heard today on that case… I had meant to do a separate post on it, but ran out of time…
Re: Re: Re:2 Re:
The appeal is actually being heard today on that case… I had meant to do a separate post on it, but ran out of time…
Oh, that’s very cool! I can’t wait to see what the Ninth says. I’m torn on the prior restraint issue. I’m not sure that it qualifies as a prior restraint since it’s not a typical licensing scheme and I’m not sure that the speech is even substantively protected. But… then the government is allowing recipients to release some numbers, so that makes it seem like a licensing scheme. It’s a head scratcher! I think the best argument is that the speech is substantively protected since there’s insufficient narrow tailoring. But… then I think I agree with the government that it’s not a content-based restriction. It’s a content-neutral restriction, so it gets intermediate scrutiny (and thus not strict narrow tailoring). But I’m not sure it even meets that lower standard. I could see this going either way. That’s what makes it fun.
By the way, I posted a comment in this thread a few minutes ago: https://www.techdirt.com/articles/20141007/17534928757/shameful-harvard-law-review-copyright-maximalism-over-legal-citations-put-to-test-with-new-public-domain-effort.shtml It got caught in your spam filter. This means you’re still routing posts from my home IP to the spam filter. Given your beliefs about censorship, and given that I’m a financial supporter of your site, this is really troubling. And, as you know, it’s trivially easy to circumvent the block (as I’m doing with this comment). I’d really appreciate it if you’d remove that block. I know you don’t want to talk about it. Neither do I. But as long as I’m still blocked, I’ll keep bringing it up. I’d rather the block be removed so we can both put that behind us. If you have any concerns, you know my email address. Thanks.
Re: Re: Re:3 Re:
This means you’re still routing posts from my home IP to the spam filter.
I have no clue how Techdirt’s multiple spam filters work, but if I was designing one, any IP address that constantly gets excessive “report” votes would automatically go into the spam filter forever.
Have you ever thought that this is a situation that you’ve created all by yourself?
Re: Re: Re:4 Re:
I have no clue how Techdirt’s multiple spam filters work, but if I was designing one, any IP address that constantly gets excessive “report” votes would automatically go into the spam filter forever.
Have you ever thought that this is a situation that you’ve created all by yourself?
I’m sure Mike doesn’t appreciate me bringing it up, but this all went down the summer before last. There was nothing automatic about it. There was a period of a week or two when every new IP address I’d post from would be summarily blocked. Mike, or one of his flunkies, was desperate to keep me from posting. They were even blocking certain words. For example, if the post included the word “cluck,” it was sent to the spam filter. The same exact post with the word “cluck” removed would post just fine. They weren’t just blocking my IPs, they were blocking certain keywords and even certain links I was posting. Again, it wasn’t automatic. It was blatant censorship because I was critical of Mike. I’m kind of surprised he’s still blocking my home IP over a year later. Seems really childish. I’ve try to get him to discuss what happened openly and honestly, but he won’t. I can easily circumvent the block, but it’s the principle of it. You’d think a guy who is so anti-censorship wouldn’t do this, but you’d think wrong.
Re: Re: Re:5 Re:
Again, it wasn’t automatic. It was blatant censorship because I was critical of Mike.
To be honest, all of those things you mentioned seem like automatic flags to me. An IP address that gets tons of report clicks – blacklist it. Someone keeps sending a certain keyword over and over again – blacklist that keyword. A link from a unregistered user usually always gets flagged (I know this one from personal experience).
I’ve try to get him to discuss what happened openly and honestly, but he won’t.
Yes he has, repeatedly. Here is the most recent:
https://www.techdirt.com/articles/20140904/09583328416/tor-asks-help-keeping-net-anonymity-as-option-anyone-any-site.shtml#c1219
Mike’s responses to you concerning this have been open and honest. If you feel that someone’s responses to you are not open and honest just because it isn’t the answer you wanted, that is really your problem, not anyone else’s.
Re: Re: Re:6 Re:
To be honest, all of those things you mentioned seem like automatic flags to me. An IP address that gets tons of report clicks – blacklist it. Someone keeps sending a certain keyword over and over again – blacklist that keyword. A link from a unregistered user usually always gets flagged (I know this one from personal experience).
I appreciate the comment. It wasn’t a matter of a link being “reported” and the software picking up on it. It was a link being posted once, and then hours later that same link would cause a different post to go to the spam filter–with it never getting out of that limbo. This happened whether the original post with the link was hidden as “reported” or not. It was deliberate action on TD’s part to prevent me from posting the links. The links were being blocked because they led to a post of mine that criticized Mike. For about two weeks, Mike et al. did everything they could to prevent me from posting on TD because I was critical of Mike. Blocking IPs, keywords, links, etc. It was an incredible display on their part.
Yes he has, repeatedly. Here is the most recent:
https://www.techdirt.com/articles/20140904/09583328416/tor-asks-help-keeping-net-anonymity-as -option-anyone-any-site.shtml#c1219
Mike’s responses to you concerning this have been open and honest. If you feel that someone’s responses to you are not open and honest just because it isn’t the answer you wanted, that is really your problem, not anyone else’s.
I appreciate the link. Sorry to say this, but Mike is simply being less than honest about his desperate attempts to silence me last year. It’s really as simple as that. Regardless, I wouldn’t even be bringing this up if he’d lift the block he has on my home IP address. I know he won’t admit that he did what he did. I don’t care. It’s the principle that he’s blocking my IP address, which he could fix so easily, that bothers me. If my IP weren’t blocked, I’d be happy to drop this. But it’s not. And the fact that I financially support the site makes it suck all the more. Hell, I didn’t even complain when I ordered goods from his online shop and he failed to send me one of the items I ordered. I’d like to think it was a mistake, but I honestly think it was probably intentional.
Well, given that Twitter is a corporation, and we all know that corporations aren’t people and therefore have no 1A rights, this is bound to fail.
Unless we want Corporations to have rights. But only some. And only when we agree with them.
On the topic of NSL's in bands...
I’ve just deleted my Dropbox account. (Yes, I know my stuff remains in their servers, I don’t care) However, I’m in the painful process of detaching myself from all US companies I’ve trusted with my data.
I’m taking my time tough, since it’s of no use reacting in anger. I just thought appropriate to share with you my feedback to Dropbox when they asked for it, right before you press that button:
(Mind you, of all those conveniently formatted reason as to why “you are leaving”, ‘Privacy related issues’ was nowhere to be seen. So, Reason: Other.
Why:
I’ll let others do the talking:
https://www.youtube.com/watch?v=L_amBkYx_Fk
Not that this comes as a shocking surprise nowadays but still… I value my privacy more than anything because it’s the foundation of liberty as a citizen under any democracy. It’s a fundamental human right.
The fundamental thing here is that I don’t use these words as a punchline, as the lame rhetoric you put in your privacy policy and other documents in your website.
https://www.dropbox.com/privacy
Adding insult to injury you mislead the users and potential customers with numbers and charts that do not resist the most superficial scrutiny:
https://www.dropbox.com/transparency
National Security Process received 0-249
Accounts affected 0-249
We all know that you are not allowed to disclose how many NSL’s you have been served, much less disclose how much information you produced, but what you are saying here, the way I see it, is that you have received 249 NSL’s and of course you complied with every single one of them. That is particularly damaging, first and foremost to your company, because many of us lost the only thing that keeps this relationship going: Trust.
I was planning on upgrading my account maybe next year, for professional and academic reasons I will need the space to store a lot of data. I’m forced to look elsewhere, spideroak seems to be a promising alternative, we’ll see…
Needless to say I am NO criminal, nor I intend to become one in the foreseeable future, I’m just a regular guy who wants to mind his own business and enjoy my well earned liberty as a free citizen. I’m a productive member of society, and I contribute in several ways to the betterment of my community.
I will neither tolerate nor sit idle when my personal data is shared willingly or otherwise with a dark branch of your government that is violating your own Constitution and your Bill of Rights, and let’s not forget, the Universal Declaration of Human Rights.
We, in the rest of the world, are well aware that in the eyes of your government, foreigners do not have any rights, by your laws we are sub-humans. So much for having “the moral high ground”…
It’s a shame really, because I really liked your service, and I’m the first to acknowledge that you provide it for free. I guess I should thank you for that…
This service is really useful, the UI is neat and clean, but the blatant privacy violations you have been complicit/facilitators/compelled to forward to your government, who by the way is not mine, far outweighs the practical benefits.
Don’t get me wrong, I understand that you, as a private company may be the last to deserve the blame, I’m not accusing you of this whole ordeal, however you are deceiving people with a really lame PR + Damage control campaign with what you say in your policies.
Much better than displaying “empty numbers” that lead to believe or assume the worst possible scenario, adopt a warrant canary.
https://en.wikipedia.org/wiki/Warrant_canary
That may not be much better, but it’s still something, of course, if you really care about your customers and users. “Put your money where your mouth is”, as you guys say up there…
To end on a positive note, thank you for all these years providing a great service, and I hope my files on Object Oriented Programming 101 have been of use to the NSA. (Don’t think so, but hey… we never know) In my modest opinion, they are of little intelligence value. I’d advice looking for more renown authors. 😛
Note: sorry for poor formatting, couldn’t get to display hyperlinks correctly