Tech Companies Don't Tell Whole Truth About Data They Send to Feds

By Wayne Rash  |  Posted 2013-06-17

Tech Companies Don't Tell Whole Truth About Data They Send to Feds

When the revelations about surveillance by the National Security Agency and other services including the Federal Bureau of Investigation came to light early in June, the companies singled out denied that they'd been providing information.

Initially, the companies said that they didn't provide any data at all under PRISM. Then they said they only provided information on their customers that was legally required. Likewise, when leaks revealed the delivery of phone call metadata to the NSA, Verizon simply didn't want to talk about it.

But if you read the statements from each of the technology companies singled out, what was more interesting wasn't what they said, but what they didn't say. What they didn't say was that they were delivering data under secret court orders to government investigators.

The reason for their silence on this issue was that the orders that directed them to deliver the data also ordered them to maintain secrecy regarding the request. Considering that violation of the order of the intelligence community's secret Foreign Intelligence Surveillance Act (FISA) court is a serious felony, you can understand why these companies tended to respond as if they'd never heard of a court order.

But, of course, they had. Facebook was the first to admit that it had, indeed, been ordered to turn over customer records and the content of their Facebook communications in thousands of instances since the beginning of the year. Then Microsoft admitted the same thing and now Apple has admitted to getting such government requests.

But it's important to realize that these are data requests by any government agency for any number of reasons. For example, Apple revealed that these included helping to recover stolen iPhones, helping to find lost children and elderly people who had wandered off.

What's not in the numbers given by the technology companies is how many of the requests were for the purpose of gathering intelligence. They didn't reveal how much data of what type went to the NSA and how much to other agencies. Chances are that they won't say unless their requests to the court to allow them to release more information are granted. Don't hold your breath on this.

You'll notice that so far, only these three companies have admitted to providing data to law enforcement or the intelligence community. This is a lot fewer than the number that had been listed and the chances are excellent that those companies also had similar data requests, but just aren't talking. It's unclear whether Google, Yahoo or the others will talk or what they will reveal. But you can assume that if the first three don't get punished for what they revealed, then that will take the stigma off the companies that haven't talked yet.


Tech Companies Don't Tell Whole Truth About Data They Send to Feds

So the next obvious question that needs to be answered is whether your emails and phone calls are being monitored, whether your metadata is being harvested and if you can do anything about it. The short answer is that there isn't much you can do about it right now. But there's a longer answer.

The intelligence community is doing what it's allowed to do under the Patriot Act and some additional enabling legislation. This means that the relevant federal court has ruled that what's happening is legal. In addition, it's pretty clear from the strong support for the surveillance from both sides of the aisle in Congress that the Patriot Act isn't going to be repealed in the immediate future.

The only way you're going to change this is to elect lawmakers who don't think that the Patriot Act is a good idea. While it is the democratic solution, it's not immediate. But what you can do now is decide just what your risk actually is. Because the primary focus of the monitoring is metadata supported by keyword monitoring, then you have to know that your relationships may be studied if they reveal specific kinds of activity such as terrorism.

But metadata is a very powerful way to reveal relationships, so if you're a government official taking bribes or having an illicit affair, somebody might find out. Unfortunately, if you're leaking secrets to the media, the government might find out about that, too. But the metadata is supposedly limited to foreign contacts and to terror suspects, so you're protected, right?

Probably not. While the law is pretty clear that the NSA can only track foreign suspects, they have the data. And while it's not supposed to be used for domestic reasons, such as to see who is leaking sensitive data to a reporter, you have to trust that it's not being used for that. I'm not convinced that the Department of Justice, given its track record, can be trusted to that extent.

But what can you do? Apple has revealed that Facetime uses end-to-end encryption that Apple can't decrypt. BlackBerry says the same thing about BlackBerry Messenger. Even the connection information is supposed to be encrypted with those services. Is it? Perhaps, or there wouldn't be so many intelligence services trying to shut down BlackBerry. But even then, the only safe assumption is that someone is always listening.

Rocket Fuel