Posts

Is Twitter EFF’s Second NSL Client?

/12 Comments/in /by

In the past, I’ve tracked the efforts of a telecom — which WSJ convincingly argued was Credo — to challenge a 2011 National Security Letter. It has the support of EFF on that challenge. I also noted language in Credo’s Transparency Report (which was issued after DOJ permitted providers to give broad bands for NSLs, but before DOJ permitted them to give broad bands for other national security demands) saying it was prohibited from giving more information about NSLs and Section 215 orders.

It is important to note that it may not be possible for CREDO or any telecom carrier to release to the public a full transparency report, as the USA PATRIOT Act and other statutes give law enforcement the ability to prevent companies from disclosing whether or not they have received certain orders, such as National Security Letters (NSLs) and Section 215 orders seeking customer information. [my emphasis]

Today, EFF noted that it has filed what should be its response to the government’s appeal in that case.

Only, it makes it it representing not just the known telecom client, but also an Internet client.

The Electronic Frontier Foundation (EFF) filed two briefs on Friday challenging secret government demands for information known as National Security Letters (NSLs) with the Ninth Circuit Court of Appeals.  The briefs—one filed on behalf of a telecom company and another for an Internet company—remain under seal because the government continues to insist that even identifying the companies involved might endanger national security.

While the facts surrounding the specific companies and the NSLs they are challenging cannot be disclosed, their legal positions are already public: the NSL statute is a violation of the First Amendment as well as the constitutional separation of powers.

Now, one obvious potential Internet client would be Google. It is known to have fought NSLs in Judge Susan Illston’s court and lost.

But I wonder whether it isn’t Twitter.

I say that, first of all, because of the cryptic language in Twitter’s own Updated Transparency Report, which was released after the DOJ settlement which should have permitted it to report NSLs. But instead of doing so, it pointed out that it can’t report its national security orders, if any, with enough particularity. It called out NSLs specifically. And it used a language of prohibition.

Last week, the U.S. Department of Justice and various communications providers reached an agreement allowing disclosure of national security requests in very large ranges. While this agreement is a step in the right direction, these ranges do not provide meaningful or sufficient transparency for the public, especially for entities that do not receive a significant number of – or any – national security requests.

As previously noted, we think it is essential for companies to be able to disclose numbers of national security requests of all kinds – including national security letters and different types of FISA court orders – separately from reporting on all other requests. For the disclosure of national security requests to be meaningful to our users, it must be within a range that provides sufficient precision to be meaningful. Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency. In addition, we also want the freedom to disclose that we do not receive certain types of requests, if, in fact, we have not received any.

Unfortunately, we are currently prohibited from providing this level of transparency. We think the government’s restriction on our speech not only unfairly impacts our users’ privacy, but also violates our First Amendment right to free expression and open discussion of government affairs. We believe there are far less restrictive ways to permit discussion in this area while also respecting national security concerns. Therefore, we have pressed the U.S. Department of Justice to allow greater transparency, and proposed future disclosures concerning national security requests that would be more meaningful to Twitter’s users. We are also considering legal options we may have to seek to defend our First Amendment rights. [my emphasis]

It was a defiant Transparency Report, and it discussed prohibitions in a way that no one else — except Credo — had done.

Moreover, it would make sense that EFF would be permitted to represent Twitter in such a matter, because it already had a role in Twitter’s challenge of the Administrative subpoena for various WikiLeaks’ associates Twitter data.

Finally, EFF notes that this Internet client is fighting just 2 NSLs; Google is fighting 19.

The very same day that the district court issued that order striking down the statute, a second EFF client filed a similar petition asking the same court to declare the NSL statute to be unconstitutional and to set aside the two NSLs that it received.

Notwithstanding the fact that it had already struck down the NSL statute on constitutional grounds in EFF’s first NSL case, but indicating that it would be up to the Ninth Circuit to evaluate whether that evaluation was correct, the district court denied EFF’s client’s petitionand ordered them to comply with the remaing NSL in the interim.

If Twitter is the client, it would present real First Amendment issues. It would suggest that, after Twitter took the rare step of not just challenging but giving notice in an Administrative subpoena, DOJ decided to use NSLs, which are basically Administrative subpoenas with additional gags, in response.

Update: in potentially related news, Verizon just updated its Transparency Report, claiming it can’t provide details on some bulk orders.

We note that while we now are able to provide more information about national security orders that directly relate to our customers, reporting on other matters, such as any orders we may have received related to the bulk collection of non-content information, remains prohibited.

Between Two Ends of the WikiLeaks Investigation: Parallel Constructing the FBI’s Secret Authorities

/19 Comments/in , , /by

Two pieces of news on the government’s investigation of WikIleaks came out yesterday.

At the Intercept, Glenn Greenwald reported:

  • In 2010, a “Manhunting Timeline” described efforts to get another country to prosecute what it called the “rogue” website
  • In a targeting scenario dating to July 25, 2011, the US’ Targeting and General Counsel personnel responded to a question about targeting WikiLeaks’ or Pirate Bay’s server by saying they’d have to get back to the questioner
  • In 2012, GCHQ monitored WikiLeaks — including its US readers — to demonstrate the power of its ANTICRISIS GIRL initiative

Screen Shot 2014-02-19 at 9.42.54 AM
Also yesterday, Alexa O’Brien reported (and contextualized with links back to her earlier extensive reporting):

  • The grand jury investigation of WikiLeaks started at least as early as September 23, 2010
  • On January 4, 2011 (21 days after the December 14, 201 administrative subpoena for Twitter records on Appelbaum and others), DOJ requested Jacob Appelbaum’s Gmail records
  • On April 15, 2011, DOJ requested Jacob Appelbaum’s Sonic records

Now, as O’Brien lays out in her post, at various times during the investigation of WikiLeaks, it has been called a Computer Fraud and Abuse investigation, an Espionage investigation, and a terrorism investigation.

Which raises the question why, long after DOJ had deemed the WikiLeaks case a national security case that under either the terrorism or Espionage designation would grant them authority to use tools like National Security Letters, they were still using subpoenas that were getting challenged and noticed to Appelbaum? Why, if they were conducting an investigation that afforded them all the gagged orders they might want, were they issuing subpoenas that ultimately got challenged and exposed?

Before you answer “parallel construction,” lets reconsider something I’ve been mulling since the very first Edward Snowden disclosure: the secret authority DOJ and FBI (and potentially other agencies) used to investigate not just WikiLeaks, but also WikiLeaks’ supporters.

Back in June 2011, EPIC FOIAed DOJ and FBI (but not NSA) for records relating to the government’s investigation of WikiLeaks supporters.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

In their motion for summary judgment last February, DOJ said a lot of interesting things about the records-but-not-lists they might or might not have and generally subsumed the entire request under an ongoing investigation FOIA exemption.

Most interesting, however, is in also claiming that some statute prevented them from turning these records over to EPIC, they refused to identify the statute they might have been using to investigate WikiLeaks’ supporters.

All three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham – claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

Invoking a statutory exemption but refusing to identify the statute was, as far as I’ve been able to learn, unprecedented in FOIA litigation.

The case is still languishing at the DC District.

I suggested at the time that the statute in question was likely Section 215; I suspected at the time they refused to identify Section 215 because they didn’t want to reveal what Edward Snowden revealed for them four months later: that the government uses Section 215 for bulk collection.

While they may well have used Section 215 (particularly to collect records, if they did collect them, from Visa, MasterCard, and PayPal — but note FBI, not NSA, would have wielded the Section 215 orders in that case), they couldn’t have used the NSA phone dragnet to identify supporters unless they got the FISC to approve WikiLeaks as an associate of al Qaeda (update: Or got someone at NSA’s OGC to claim there were reasons to believe WikiLeaks was associated with al Qaeda). They could, however, have used Section 215 to create their own little mini WikiLeaks dragnet.

Read more

The Twitter Gag

/in /by

Like a bunch of tech companies, Twitter has now released an updated transparency report since last week’s settlement.

But unlike the other tech companies, Twitter offers no information about national security requests. It suggests, at first, that last week’s settlement (to which it was not a party) does not allow it to provide reporting that would be meaningful to Twitter users.

Last week, the U.S. Department of Justice and various communications providers reached an agreement allowing disclosure of national security requests in very large ranges. While this agreement is a step in the right direction, these ranges do not provide meaningful or sufficient transparency for the public, especially for entities that do not receive a significant number of – or any – national security requests.

As previously noted, we think it is essential for companies to be able to disclose numbers of national security requests of all kinds – including national security letters and different types of FISA court orders – separately from reporting on all other requests. For the disclosure of national security requests to be meaningful to our users, it must be within a range that provides sufficient precision to be meaningful. Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency. In addition, we also want the freedom to disclose that we do not receive certain types of requests, if, in fact, we have not received any. [my emphasis]

This suggests (as would be consistent with earlier reporting) that Twitter receives no national security requests — or so few it is unwilling to report it as a 0 – 250 or 0 – 999 band it is permitted to report under the new Guidelines.

But I wonder. Note that Twitter says the Guidelines “unfairly impacts our users’ privacy,” which would only be the case if Twitter’s users had been impacted by NatSec requests. In addition, they provide two years of data: precisely the time period that would be covered by a new access to communication technology.

While it definitely seems like Twitter hasn’t gotten many requests, it also seems possible they’re being affected by that two year gag for whatever request they get.

WikiLeaks: Court Upholds US Subpoena For Twitter Records

/in , , , /by

In a 21 page opinion, US Magistrate Judge Theresa Buchanan of the Eastern District of Virginia District Court has just granted the United States Department of Justice subpoena demand for records in the WikiLeaks investigation.

Three people associated with WikiLeaks – Jacob Appelbaum, Birgitta Jonsdottir, and Rop Gonggrijp – had petitioned the court to vacate the subpoena and to unseal the court pleadings. The court held:

For the foregoing reasons, petitioners’ Motion to Vacate is DENIED. Petitioners’ Motion to Unseal is DENIED as to docket 10- gj-3793, and GRANTED as to the 1:11-dm-00003 docket, with the exception of the government attorney’s email address in Twitter’s Motion for Clarification (Dkt. 24), which shall be redacted. Petitioners’ request for public docketing of the material within 10-gj-3793 shall be taken under consideration. An Order shall follow.

The three WikiLeaks individuals had argued the subpoena violated constitutional protections for free speech and association; the court disagreed. Appelbaum, Gonggrijp and Jonsdottir have already stated they will appeal.

You can read the full opinion here. I will be updating the post as I read the decision.

In December of last year, the US government, upon ex parte motion, moved the EDVA Court to enter a sealed Order (“Twitter Order”) pursuant to 18 U.S.C. § 2703(d) of the Stored Communications Act, which governs government access to customer records stored by a service provider. The Twitter Order, which was unsealed on January 5, 2010, at the request of Twitter, required Twitter to turn Read more

Political Giving and Willingness to Cave to Law Enforcement

/in , /by

When Jason Leopold linked to a WSJ report titled, “Obama breaks bread with Silicon Valley execs,” I quipped, “otherwise known as, Obama breaks bread w/our partners in domestic surveillance.” After all, some of the companies represented–Google, Facebook, Yahoo–are among those that have been willingly sharing customer data with federal law enforcement officials.

Which is why I found this Sunlight report listing lobbying and political donations of the companies so interesting.

 Lobbying (2010) Contributions to Obama (2008)
Apple $1,610,000.00 $92,141.00
Google $5,160,000.00 $803,436.00
Facebook $351,390.00 $34,850.00
Yahoo $2,230,000.00 $164,051.00
Cisco Systems $2,010,000.00 $187,472.00
Twitter $0.00 $750.00
Oracle $4,850,000.00 $243,194.00
NetFlix $130,000.00 $19,485.00
Stanford University $370,000.00 $448,720.00
Genentech $4,922,368.00 $97,761.00
Westly Group $0.00 $0.00

Just one of the companies represented at the meeting, after all, has recently challenged the government’s order in its pursuit of WikiLeaks to turn over years of data on its users: Twitter. And the difference between Twitter’s giving and the others’ is stark.

Does Twitter have the independence to challenge the government WikiLeaks order because it hasn’t asked or owed anyone anything, politically?

Mind you, there’s probably an interim relationship in play here, as well. Those companies that invest a lot in politics also have issues–often regulatory, but sometimes even their own legal exposure–that they believe warrant big political investments. Which in turn gives the government some issue with which to bargain on.

Maybe this is all a coinkydink. And maybe having broken bread with Obama, Twitter will cave on further government orders.

But I do wonder whether there’s a correlation between those telecommunication companies that try to buy political favors and those that offer federal law enforcement favors in return.