from the inalienable-right-to-STFU dept
Despite the DOJ recently drawing heat for its targeting of journalists during internal leak investigations, a lot still hasn’t changed about the way demands for data are handled by the feds. Over the past couple of decades, the DOJ and its components have been asking for and obtaining data from service providers, utilizing subpoenas and National Security Letters that come with indefinite gag orders attached.
These orders swear recipients like Microsoft and Google to secrecy, forbidding them from notifying targeted customers and users. (Even Techdirt has been hit with one.) Unlike regular search warrants, where the target is made aware of the rummaging by the physical presence of law enforcement officers, warrants, subpoenas, and NSLs allow the government to go about its rummaging unnoticed.
Reforms to surveillance powers by the USA Freedom Act have at least forced the government to perform periodic reviews of ongoing gag orders. It has also given companies a way to challenge gag orders and demands for data, but that’s only useful if the companies have some idea who is being targeted. As this report on the ongoing abuse of gag orders by Jay Greene and Drew Harwell for the Washington Post points out, it’s not always clear who the government is seeking information about. (Alternative link here.)
[T]ech company officials said it is often difficult to tell which orders are worth fighting. The orders are often vague — sometimes just email addresses — and the owner of the account isn’t always obvious.
Microsoft provided two secrecy orders to The Post with the names of the customers redacted. Each is only about four paragraphs long and declares that notifying the customer about the existence of the data request could lead to evidence tampering or flight from prosecution.
Neither order offers any support for those claims, or any details to indicate why secrecy is necessary. Microsoft complied with both orders and notified customers of the seizure only after the orders expired.
Even with those limitations, some companies are doing what they can to push back on these unreasonable restrictions.
Microsoft said it generally complies with secrecy orders because it is legally required to do so. At Google, director of law enforcement and information security Richard Salgado said the company will challenge nondisclosure orders if there are “external signals” that the orders lack merit.
But those are the exceptions, not the rule. Nearly 70% of the 62,000 government requests Facebook received during the last six months of 2020 came with gag orders attached. Microsoft receives far fewer requests, but still sees 7-10 requests with gag orders per day. Add in Google and Apple and the number of requests easily tops 100,000 per year. If Facebook is an outlier, it’s still probably safe to assume nearly half of those come with gag orders. That’s a lot of secrecy and it’s absolutely certain all of it isn’t justified.
The government claims the courts keep it honest, but given the dearth of challenges, it’s a claim the feds can make only because the pushback is so limited. And it’s deliberately limited. If a judge clears it, recipients have to assume the secrecy is warranted.
But agencies like the FBI issue their own paperwork and gag orders that don’t require any judicial oversight. NSLs begin and end inside agencies, reliant only on whatever internal oversight there is to ensure these aren’t abused. And history shows they are abused — something the FBI turns to when its demands for information or data are rejected by the judicial oversight the DOJ claims keeps its vast power in check.
Even when targets are finally notified, they aren’t given all the information. The Washington Post article details a former Defense Department contractor (Ryan Lackey) who was informed the government demanded data from Facebook, a platform he has used regularly for the last 15 years. Even though he was told the government sought his data, he was unable to find out what the government sought and for what time period. And that notification arrived nearly two years after Facebook had handed over his data.
The government won’t answer any questions about it. Neither will Facebook, which suggested he get a lawyer.
After receiving the March email, Lackey asked Facebook what information it had handed over and what time frame the request covered. In an emailed response reviewed by The Post, the tech giant wrote that it couldn’t give him “legal advice” and suggested that he “consult with an attorney.”
Lackey said he has been left with “low-level anxiety” and lots of unanswered questions.
“I’m not opposed to helping law enforcement with a legitimate investigation,” he said. “But if it’s a civil liberties violation or a fishing expedition, I don’t want to help them in that.”
Legislative efforts continue to rein in these powers and limit demands for indefinite secrecy. But the feds are fond of these 9/11-enabled powers and in no hurry to see them restricted. Claims about public safety and national security tend to be all that’s needed to convince certain legislators that the government’s business should continue as usual. Those pushing back have limited information to work with, thanks to years of deference in service to the never-ending War on Terror.
This shouldn’t be considered business as usual in a free country where citizens have inalienable rights that are supposed to protect them against unchecked snooping by the government, as well as grant them the ability to challenge unjustified demands for their possessions and papers. But a handful of wars engaged in by the government against its citizens (Terror, Drugs) have reduced these rights to privileges only very occasionally recognized by the agencies engaging in unwarranted seizures and only slightly more occasionally recognized by the courts, which have largely shrugged off their obligations to keep the government in check.