Friday, September 7, 2007

FBI Can't Stop an ISP from Telling Its Customers that the Government Wants Their Data

Yesterday the ACLU won a significant victory as the U.S. district court for the southern district of New York struck down certain provisions of the PATRIOT which information requests by the FBI (the decision can be found here). The basic subject matter of the lawsuit was national security letters (NSLs) which the FBI could send to wire and electronic communication service providers requesting information about their subscribers, such as the subscribers' names, addresses, lengths of service and records of their transactions. Under the challenged provision of the PATRIOT Act, the FBI could also prohibit the recipient of an NSL from disclosing that the FBI had sought or obtained access to information or records using an NSL if the director of the FBI, or his designee, certifies that disclosure "may result in a danger to the national security of the United States, interference with a criminal, counterterrorism, or coutnerintelligence investigation, [or other ennumerated harms]". Thus, not only could the FBI use a NSL to obtain information about an individual's electronic communications, but the FBI could prevent the individual from ever finding out about the NSL by stating that disclosing the NSL "may" pose a danger to certain listed (but generally poorly defined) interests. The judge analyzed the law under the rubric of a license to speak and found that the procedural safeguards necessary for such a licensing regime to survive were not present - a result the ACLU was understandably happy about (their press release can be found here).

The difficulty with this ruling though, is that it might not have any effect on the behavior of private entities. The judge struck down the portion of the PATRIOT act which allowed the FBI to prevent private entities from disclosing that they had received an NSL. However, the behavior of most entities when called on to do the government's bidding indicates that such a prohibition might not be necessary. For example, AT&T is currently in court for (allegedly) assisting the national security agency in illegally violating the rights of AT&T customers (the EFF page on the case can be found here). It doesn't take much imagination to visualize a situation where an entity such as AT&T receives an NSL, and then voluntarily declines to disclose the receipt of that letter (or anything about its contents) to anyone. While there have been some notable instances of businesses resisting the government (e.g., Google), in general, the government has substantial power to convince companies to cooperate even without being able to issue legally binding gag orders. Thus, until there is some indication that ISPs (and other relevant entities) won't simply cooperate with the government and voluntarily maintain their silence upon receipt of an NSL, there is a real danger that the ACLU's recent win may turn out to be a hollow victory.

In completely unrelated news, the Department of Justice has issued a public statement opposing Net Neutrality (link), a principle which would prevent ISPs from charging differential rates for internet traffic. Net Neutrality is generally opposed by telephone companies (e.g., AT&T) who would stand to profit from being able to charge higher rates for preferred access to internet resources link. Proponents of Net Neutrality generally include software companies (e.g., Google) which benefit from low cost internet access link.

No comments: