
Google challenges U.S. gag order, citing First Amendment - stfu
http://www.washingtonpost.com/business/technology/google-challenges-us-gag-order-citing-first-amendment/2013/06/18/96835c72-d832-11e2-a9f2-42ee3912ae0e_story.html
======
jstalin
Now that EFF broke the barrier in filing with the FISC, I have a feeling we'll
see a lot more of this. And that's a good thing.

I expect Google's filing to show up here shortly:
[http://www.uscourts.gov/uscourts/courts/fisc/index.html](http://www.uscourts.gov/uscourts/courts/fisc/index.html)

~~~
rasterizer
Here it is: [http://www.scribd.com/doc/148608149/Foreign-Intelligence-
Sur...](http://www.scribd.com/doc/148608149/Foreign-Intelligence-Surveillance-
Court-Motion-for-Declaratory-Judgment)

------
vanattab
They are fighting for the right to tell their customers about the government
mining their data(through google). Google already tells their customers what
they mine in theToS and Privacy Policy. I see no hypocrisy.

~~~
alexqgb
Also, Google isn't brokering the information they gather. From what I
understand they're simply using it to target ads (which is what they actually
sell), while keeping the data itself very close to the vest.

If you've got something on offer, and want to know who might buy, Google won't
tell you who is interested. They'll just deliver your message to the right
people, and if you get a suitable response, you'll know that their service was
worth the price.

There's a world of difference between the mediated transactions they have with
their customers, and the exchange that takes place when the government says
"hand over the data itself."

~~~
humanspecies
Google fanboys make this discussion hard to take seriously.

Google was caught pants down spying on everyone, stop trying to white wash it.

~~~
Karunamon
>Google was caught pants down spying on everyone

If you're referring to the whole wifi thing, tell me, what information do you
expect the street view car to be able to pick up in the 10 or so seconds it
would have been associated with the AP? Their engineers have basically come
out and said that was a fuckup, and I'm inclined to believe them because I
find it hard to imagine what use that random data would be.

And to be honest, I'm more likely to believe a Google engineer rather than a
namecalling troll who's virulently against them for no good reason.

------
slg
Anyone familiar with the constitutional law on this? From a laymen's
perspective it seems obvious that the government has some ability to restrict
1st amendment rights on matters of national security. If that wasn't the case,
there would be no way to enforce legal restrictions on classified information.
It would be the end of all government secrets, both good and bad. Or is this
debate simply about where the actual line is drawn for national security and
whether this this type of disclosure crosses that line?

~~~
zachrose
Here's a place to start:
[http://en.wikipedia.org/wiki/Strict_scrutiny](http://en.wikipedia.org/wiki/Strict_scrutiny)

National security most likely qualifies as "compelling state interest" in
general, but it's not the only thing the government needs to infringe on
constitutional rights. The government also needs to prove that the
infringement is narrow and specific.

Even then, I wonder if the "compelling state interest" could be challenged on
not being compelling enough.

(I am definitely not a lawyer, just remembering a con law class I took and
refreshing my memory with Wikipedia.)

~~~
andrewfong
I'm a lawyer, although not one that regularly practices First Amendment law.
That said, zachrose is right that strict scrutiny applies here. Usually, to
restrict truthful speech based on the content of the speech, the government
must show that (1) there is a compelling state interest and (2) that the
government's restriction on speech is narrowly tailored.

National security is pretty compelling, but it's unclear how prohibiting
disclosure of the number of requests is narrowly tailored to that interest.
Without knowing more details about the nature of the program, it's hard to say
why the number matters. But if the NSA can't demonstrate how disclosing a
specific number, as opposed to an approximate range, has a noticeable impact
on national security, the law would likely not be in their favor.

~~~
icambron
I guess I don't really understand "national security is compelling". National
security, like basically everything else, is a matter of degree. There are
presumably compelling and uncompelling national security risks. If the court
is weighing some amount of speech restriction against some amount of national
security risk, presumably the size of the risk matters?

What are the governments burdens here? Can they merely assert there's a
security issue here or do they have to prove it? Does it have to pass some
kind of severity test in order to restrict speech? I'm genuinely curious what
the case law says on this stuff.

------
genwin
> In the petition, Google is seeking permission to publish the total numbers
> of requests the court makes of the company and the numbers of user accounts
> they affect.

Nice confirmation that the "in the last 6 months" numbers reported by Facebook
et al are worthless. No company has yet said how many users are affected
total. I assume it's _all_ users, by an earlier "request" (actually all but an
order). Why shouldn't an organization that gains a bigger budget the more
people it surveils demand the moon?

If we're to believe the number of requests reported so far are 1-to-1 with
users, all the information could fit on a single drive. The Bluffdale, UT
facility seems capable of handling a good amount of data for each of the
entire digital population, even if half of the buildings is space for
bureaucrats.

------
mtgx
Hey, Google. Reporting what the government is requesting en-masse is nice, but
how about you actually give us end-to-end encryption for as many of your
services as possible, so we don't have to second-guess our thoughts and chats
anymore simply because we know the government is watching and _will_ be
getting that data no matter what? It might help with the whole trust issue
you're having now.

~~~
magicalist
As has been replied to you several times, you don't want your web-based client
in charge of client-side encryption. Yes, it may help as a second line of
defence against run-of-the-mill phishing and hacking attempts, but it does
absolutely nothing against government requests, as the government can either
request the private key that you've stored on their servers, or the government
can force them to give you broken encryption software. See, as always, [1].

Whether or not your browser client is providing the encryption, however,
you've also rendered completely useless any reason for having web mail in the
first place, as you've become next-to-useless to them (no content for ads, no
content for things like Google Now) and all their infrastructure is useless to
you (no content to search over, no content to spam filter, etc). You no longer
have a relationship except they're your SMTP gateway and a backup drive. You
can get those today all over the place, you don't need google. If you want to
stick with Google, go download a desktop mail client and chat client and
install the open source PGP and OTR plugins for them. You can do this _right
now_.

[1]
[http://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_p...](http://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_privacy)

~~~
declan
First, that was the non-original version of Hushmail, and over a decade (of
development of more capable browsers) has elapsed since the original. Second,
the business model would then change to charging for email. Google does that
for many services already; paid Google business apps accounts currently
provide "no content for ads."

~~~
magicalist
I'm not saying it's not possible (business-wise) as a product offering, I'm
just saying there's not really any point to webmail at that point. You can pay
Google to be an SMTP gateway and encrypted mail backup now, true, but there's
no difference between that and any other email provider at that point, except
maybe uptime. No web interface, no search, no spam filtering, no label
filtering, no Google Now interaction. Those are all the reasons I like gmail,
so I'm not sure about the point of it if those are gone. Just go client-side
at that point; at least you'd be able to search your email. And if you're
using an email client, you don't need (and probably don't want) google to
provide content encryption.

As for the browser side of things, it seems like it would be much much better
not to rely on google, but to write a browser extension that identifies the
gmail textbox and runs some version of PGP using a private key in your
OS/lastpass/whatever keychain. The main thing you'd want to do is somehow
isolate the input textbox from the page so that keystrokes only go to the
extension, and only the encrypted data goes into the page, preferably when the
Send button is pressed.

If Google were to be technically capable of decrypting your email so they can
show it to you in a browser, and you're a target for an investigation (a
narrow one or an overly broad NSA one), why on earth would the court
order/warrant not demand that they decrypt your email to show them, too?

~~~
declan
All of these are good points. You make a strong argument that there might be
little need for a web interface.

A few other thoughts, though:

\- You could still do spam filtering, of course. If it scores highly as spam
and the user trusts the spam filtering, it could be deleted or moved into a
likely spam folder. (I'm assuming plaintext email is encrypted automatically
right away.)

\- There are provably secure techniques to perform searches on encrypted data
assuming an untrusted server, such as:
[http://www.cs.berkeley.edu/~dawnsong/papers/se.pdf](http://www.cs.berkeley.edu/~dawnsong/papers/se.pdf)

\- If the encryption is handled on the client side, Google would NOT be
technically capable of decrypting your mail. They would not be able to comply
with a court order demanding they decrypt your mail. This is what the original
version of Hushmail did, before they added the flawed later version that was
exploited by FedGov in, if I recally properly, precisely the way you describe.

------
namank
It's a start!

So what _can_ the gov't do if companies don't co-operate? With individuals,
there is blackmail and illicit co-ercion. What does the gov't do to
corporations worth updwards of 100B to get them to comply?

~~~
gsmaverick
[http://en.wikipedia.org/wiki/Joseph_Nacchio](http://en.wikipedia.org/wiki/Joseph_Nacchio)

~~~
namank
So, if Google does continue like it should, at the very least we should watch
out for Sergei & Larry's dirty laundry hitting the internet soon enough?

------
thelukester
Yeah, that's right according to the Supreme Court, corporations now have
citizenship, so they should have First Amendment rights too. Wouldn't that be
ironic if that ruling actually did some good for our nation.

~~~
rayiner
If anything good comes out of this NSA thing, I think it's the fact that
liberals will be forced to concede that Citizens United was, in fact, the
right decision. Do you really want the government arbitrarily banning speech
by corporations that it deems to be impermissible? There is a reason the ACLU
came out in favor of the ruling in Citizens United...

~~~
clicks
For as much as I'm familiar with the CU vs. FEC case, the reasons don't stack
up all that well for corportation's 'right of speech' in this context. Trevor
Potter I think very reasonably explains why here:
[http://www.pbs.org/moyers/journal/09042009/watch2.html](http://www.pbs.org/moyers/journal/09042009/watch2.html)

Mainly, that it's essentially overstepping the speech of the less powerful. It
results in the poor having unequal, _lesser_ freedom of speech.

I would have expected you to be on my side on this issue, as you seemed to be
more of a 'spirit of the law' guy rather a 'letter of the law' kind of guy.

~~~
rayiner
I've got a bit of a textualist streak. I'm more amenable to looking at the
spirit of the law and the motivating justifications in something like the 4th
amendment, where you can hang your hat on the word "unreasonable" than with
something like the 1st amendment, which is written in terms of "Congress shall
make no law."

~~~
clicks
I was recalling your take on taxes (and some other things): you can't possibly
make them airtight, there'll always be loopholes:
[https://news.ycombinator.com/item?id=5734713](https://news.ycombinator.com/item?id=5734713)

Anyway, I'm curious to know more on why you think CU was the right decision. I
advise watching all 31 minutes of the Trevor Potter vs. Floyd Abram debate if
you have time and if you haven't watched/read it already.

I was very sad that ACLU came out in support of CU, I think they were wrong on
this one.

------
jacoblyles
I don't see how freedom can last in a country for long with secret laws.

------
GreatBuck
Google's Court document is here:
[http://assets.nationaljournal.com/img/MOTION.pdf](http://assets.nationaljournal.com/img/MOTION.pdf)

------
blisterpeanuts
I'm not a terrorist; I'm a law abiding citizen of the U.S. Can I opt out of
the PRISM thing? All I'm doing is adding unnecessary noise to their data. I
want to do the patriotic thing and help my country, and in this case the best
way to do that is to shrink the pool of data that they must monitor. (And no,
I'm not kidding!)

~~~
jfoster
If you're ordinary enough you're probably not triggering any flags, so you'd
probably already not really being considered part of the dataset.

One person opting out probably won't help them at all, but it would be
interesting to consider a more scaled up "opt out" program whereby you go
through a one-time deep check and might be granted less monitoring as a
result. They would need to sufficiently automate it to make it feasible,
though. I also suspect the people who feel most strongly about opting out
would also be against the idea of even a one-time check.

~~~
sneak
> but it would be interesting to consider a more scaled up "opt out" program
> whereby you go through a one-time deep check and might be granted less
> monitoring

No, that would not be interesting, that would be treason.

------
logn
Hypothetically, couldn't Google just decide to break the gag order, be charged
with a crime, and then argue this issue in front of a jury of their peers, and
then be acquitted, establishing a precedent? It would probably be appealed all
the way to the Supreme Court. I know Google is probably risk-averse enough to
not do this, but they'd garner a lot of good will I think. Maybe I'm missing
some gotcha that they'd never be granted a trial and the board of Google would
end up in secret prisons.

~~~
SEMW
> ...argue this issue in front of a jury of their peers, and then be
> acquitted, establishing a precedent?

This is conceptually confused. Juries aren't judges or lawyers. They don't get
to rule on questions of law, and their verdicts don't set precedent.

If Google does what you suggest and then a judge rules that, as a matter of
law, the FISC order was unconstitutional, that means that _what Google would
have been accused of doing was not illegal_ \-- which means no jury ever gets
involved.

If on the other hand a judge holds that what Google would be accused of _was_
illegal, then you get a jury to decide whether, as a matter of fact, they did
what they're accused of. But in that case, an acquittal by the jury wouldn't
set a precedent that their actions were legal, any more than a jury finding
someone not guilty of murder sets a precedent that murder is legal.

All of which means there's no reason for them not to seek a declaration of the
order's unconstitutionality _before_ breaching it.

~~~
pilsetnieks
Jury nullification:
[https://en.wikipedia.org/wiki/Jury_nullification](https://en.wikipedia.org/wiki/Jury_nullification)

A jury can rule on questions of law.

~~~
SEMW
No. Jury nullification does not mean a jury gets to rule that 'thing X is not
illegal'.

Rather, it's a jury saying 'I know thing X is illegal (and I can't change
that), but I'm going to say that the defendant _is not guilty of doing thing
X_ , even though I think he did, _because I think thing X shouldn 't be
illegal_'.

That may sound like a fine distinction, but it isn't, it's crucial. A legal
precedent that X is not a crime means no-one can thereafter get tried for X
(where the precedent applies). A jury nullification doesn't have that effect.

~~~
mullingitover
True, but if it happens regularly enough that the law can't be successfully
enforced, the law itself would be de facto nullified.

------
veidr
This is, I think, the _only_ way for these tech giants to come out of this
scandal better off than they went in -- to take a stand, and take the fight to
the feds, hard.

Google does have legal resources far beyond anything a normal citizen has, and
since they have been compelled to secretly give up their data, they also have
the legal standing to file suit (presumably, although who can know when you
have secret laws decided in secret courts via secret decisions...).

So uh, go google!

~~~
white_devil
> This is, I think, the only way for these tech giants to come out of this
> scandal better off than they went in -- to take a stand, and take the fight
> to the feds, hard.

This is a PR-stunt, nothing more. Google could have "challenged" any and all
gag-orders even _before_ PRISM was leaked.

Was giving NSA wholesale access to user data _bad_ in 2009? -Why not
_challenge_ that shit in 2009? Gag-orders getting in the way? -Well why not
challenge _those_ in 2009 then?

I guess they were too busy extolling the virtues of being Open and
Transparent: [http://googleblog.blogspot.com/2009/12/meaning-of-
open.html](http://googleblog.blogspot.com/2009/12/meaning-of-open.html) \-
that's December 2009, with PRISM in place for almost a year. Fucking scumbags.

~~~
veidr
I'm not as emotionally invested as you seem to be in whether Google is good or
bad. It's a corporation, so I assume they will do whatever they can to make
money, and will be generally okay with fucking people over if needed,
especially if not many people will know about it. Just like Yahoo, Apple,
Microsoft, and everybody else on that scale.

So why didn't they challenge it in 2009? Probably because there wasn't that
much in it for Google, since wasn't a big national shitstorm blowing that way.
But now there is. _That_ is the point I am making.

So, _now_ , Google could serve their own corporate interests by fighting hard
against the rise of the secret police. Would that make Google an awesome
person? No, it would still be a selfish corporate entity trying to get money,
just like it always has been

But, it would (rightly) be perceived as a force for good, on the right side of
this particular battle with tyranny. That would help you, me, America, and the
world... but it would also help Google, it would seem.

And some of these other "fucking scumbags" (which I assume is your term for
"corporations acting normally"), like Apple, Yahoo, etc., might be encouraged
to do likewise.

In other words, it takes public outrage to create the shitstorm (which you
will have noticed is in the mainstream media, not just nerd forums like this
one), but once the outrage is in place, that helps align the interests of
corporate behemoths like Google with what you and I would probably agree is
Good (i.e., not having fucking secret police using secret laws to evade the
control by the citizens of the nation).

~~~
white_devil
I'm well aware that they're all just huge corporations going after their own
interests. That's beside the point. You seemed to be commending Google on _"
taking the fight to the feds, hard"_, and I just wanted to point out that
there's no reason to commend them.

> So why didn't they challenge it in 2009? Probably because there wasn't that
> much in it for Google, since wasn't a big national shitstorm blowing that
> way. But now there is. That is the point I am making.

Yes. I'm also well aware that corporations engage in damage control only when
it's necessary. But again, there's no reason to _commend_ them for doing
precisely that, especially when _that 's all this is about_.

>>> _So, now, Google could serve their own corporate interests by fighting
hard against the rise of the secret police. Would that make Google an awesome
person? No, it would still be a selfish corporate entity trying to get money,
just like it always has been_ >>> _But, it would (rightly) be perceived as a
force for good, on the right side of this particular battle with tyranny. That
would help you, me, America, and the world... but it would also help Google,
it would seem._

Even in 2009, all those huge corporations were well aware of the "rise of the
secret police", because all of them were either already participating in
PRISM, or in the process of being strong-armed into doing so. _Had they
perceived fighting this kind of evil to be in their own self-interest, they
would have done it right from the start_. They could even have joined their
forces in opposing the government, but they chose to remain silent. _Not a
word_ about the systematic raping of people's privacy all over the world.

PRISM was just as evil in 2009 as it is now, and taking a stand against evil
was the right thing to do in 2009, just like it is now. Parading around as
some kind of paragon of corporate virtue while _secretly shitting all over
your users ' privacy_, on the other hand, was something that _only Google
did_. Also, if a highly intelligent bunch of people running a powerful
corporation is interested in fighting the rise of the secret police, it'll be
aware that's something that should be done _right away_ instead of after
waiting around for several years for the situation to get even worse.

Google can't be _rightly_ seen as a "force for good", no matter how eagerly
you swallowed their disingenuous PR-bullshit about the joys of being Open back
in 2009.

>>> _but once the outrage is in place, that helps align the interests of
corporate behemoths like Google with what you and I would probably agree is
Good (i.e., not having fucking secret police using secret laws to evade the
control by the citizens of the nation)._

It's important to realize that they've already proven they simply don't give a
fuck. As long as they're making pleasantly massive piles of money and their
armies of lawyers are keeping their taxes low, they're quite happy with the
Status Quo. Don't think Google gives a fuck or even thinks it can change
anything. Don't think it even _wants_ to change anything.

~~~
veidr
I'm not commending them, I'm simply pointing out that in the new
circumstances, these corporations might benefit from fighting the creeping
police state, and thereby doing The Right Thing™.

Back in 2009, they wouldn't benefit from it, so none of them did it.

I don't believe Google is inherently "open" or "not evil" any more than I
believe Big Macs are "nutritious" or "delicious".

What I am saying is that massive public outcry about secret police
circumventing democracy may not affect the government or their secret police
very much -- not until it gets a lot _more_ massive anyway -- but it could
have the effect of making the interests of multinationals like Google more
aligned with _our_ interests.

Which would be a force multiplier, since one Google has the firepower of two
or three million average citizens.

~~~
white_devil
Did they benefit from fighting the creeping police state in 2009? -Apparently
not, because they didn't.

Do they benefit from fighting the creeping police state in 2013? -Apparently
not, because they didn't - at least until there was that massive shitstorm
blowing their way.

Again, if they considered fighting the police state to be in their interests,
all of those companies would have done it long ago. Since they haven't, we can
conclude that they don't, and therefore, if a massive shitstorm prompts them
into doing damage control and _pretending_ they give a fuck, that _still_
doesn't amount to Doing The Right Thing. It only amounts to bullshitting us
some more.

------
marme
I think too many people and companies are tip toeing around the issue. Some
more people need to take a stand for what they believe in and stand up to the
government. If google believes so strongly that their rights are being
violated they should hold a press conference and publicly release all the gag
orders and data requests they have received. Let the government try to charge
them with violating the gag order and then they can really challenge the order
Federal court not this secret court.

The justice department almost certainly wont try to charge them with violating
the order because they know that it will get declared unconstitutional by the
supreme court and a giant company like google has plenty of money and lawyers
to take it all the way to the supreme court. Most companies are too scared to
see what will happen if they violate the unconstitutional order

------
motters
My current theory on this is that companies such as Google probably generate
vast amounts of metadata (there must be a fair amount of it behind Google
Now), primarily for advertising purposes, and that it's this which PRISM has
"direct access" to under some sort of gagging order.

------
r-shirt
Let's presume that PRISM is the NSA getting the ability to copy unencrypted
data being transferred across these companies' internal networks. Is that one
request that affects _every_ account or one request that affects _zero_
accounts? I would expect that the latter would be asserted while the former is
more true. And I can almost hear the justification: "if people weren't sending
email from Gmail to Gmail and instead from Gmail to foomail, we could be
collecting all of this information. You need to give us access to your
network, or we need to break you up into smaller pieces which need to send
information unencrypted to work."

~~~
mpyne
It's not copying data being transferred, it's copying data sitting on-disk
(which does include sending along updates to that data on-disk). NSA was
getting that data even before PRISM, but companies were compiling it and
sending it manually.

~~~
r-shirt
Was this stated somewhere that I didn't see it?

------
asab
I appreciate how the article frames it as a matter of Google preserving their
own reputation, as opposed to principle, or it being "the right thing to do."
They have been receiving information requests with gag orders attached for
years, but are only fighting it now that the cat's out of the bag and they
have something to lose. Until then, it seems that Google was fine with the
situation as it stood.

I think it's an important distinction to make, and underlines how companies
ultimately serve their own self interest before anything else; they're not
acting nobly, and the ultimate responsibility lies with the individual.

------
arunabha
Much as I would love to see Google prevail in this, there is just no chance
that would happen. The implications to _any_ other form of Govt gag orders
(think sealed court records) would be immense.

~~~
e3pi
> ...The implications to any other form of Govt gag orders (think sealed court
> records) would be immense.

Gag order also of Greenberg/Guardian, then what are ES' options?

> "....The Ministry of Defence has issued a D notice preventing the UK media
> from 'publish[ing] information that may "jeopardise both national security
> and possibly UK personnel"'.

[http://www.guardian.co.uk/world/2013/jun/17/defence-d-bbc-
me...](http://www.guardian.co.uk/world/2013/jun/17/defence-d-bbc-me..).

what's left-- pastebin, Kim Dotcom, Prate's Bay, that New Yorker thing(no, gag
order), Anonymous posting onto defaced sites, Wikileaks, ... ?

------
skygazer
It will be interesting to see how few or many FISA requests there really are.
Google implies its a small number. The government was okay releasing the
numbers opaquely, inside an aggregate of all law enforcement requests, which
also implies to me the number may actually be low. If it's conspicuously low,
we're left to wonder what alternative sources of raw data they're relying upon
primarily. They may be trying to avoid that implication, thus, release of a
low number may appeal to Google, but not the government.

------
contingencies
_Google reputation in shreds; funds transparent PR stunt_

------
spoiledtechie
I am sort of upset with Google. Why didn't they do this in the first place?
Honestly, seems like they are back pedaling to save face.

------
hkmurakami
My initial reaction to all the positive actions by these companies is to be a
cheerleader and urge them on for "fighting the good fight", but I can't help
but then turn around and be cynical. After all, as far as we know they were
not proactive at all until the leak happened.

Do they have the users' best interests in mind? I honestly can't say so.

------
blackaspen
This is where we get see what "Too Big to Fail" actually looks like.

If Google's too big to fail on it's own, but the Feds want them to fail
because they're (Google) are poking around too much, what happens?

~~~
AnthonyMouse
This is where we need more than one company to stand up. If Google is the only
one doing it, and the government vigorously slaps them around a few times,
more than likely they'll stop before they go out of business. And then _all_
the tech companies get put in their place -- want to resist government
overreach? You're going to get damaged.

On the other hand, if they all resist, who is the government going to
retaliate against? The entire industry? It would be too great a hit to the
economy.

So the question is whether Facebook, Apple et al are going to take the short
view or the long view. If they let Google be the only one to stand up then
maybe it will encourage the government to damage their competitor, but in so
doing set the precedent that the industry won't stand together on issues like
this, which can only make the government more brazen in the future.

------
MiguelHudnandez
Could this lead to an interesting development in the issue of "corporate
personhood?"

I would love to see a ruling that corporations have no constitutional rights.
But the people running them do, of course.

------
pconf
I would rather see them challenge FISA requests on the basis of tax law. These
requests are, in addition to everything else, a form of taxation.

------
triplesec
A little late, methinks. Why didn't they - in concert with the other large
companies - do this before, if they're so not evil?

~~~
tomkarlo
Ultimately, a company has to have a compelling business interest to justify
pursuing something like this. Until this became a public issue for these
companies, it might be hard to argue that they'd be acting responsibly to
pursue a legal case where the only result would be more detailed disclosure of
these requests (not any change to the requests themselves.)

Google's arguably been the most active of the major tech firms in getting
permission to disclose ranges of requests to date (has anyone else?); it's not
clear there would have been a good business reason to pursue what may end up
being a very expensive case if it proceeds all the way up through the court
system.

~~~
triplesec
And herein lies the issue of "companies exist solely to line the coffers of
shareholders", with no responsibility to other stakeholders which is a narrow
interpretation which had come about especially in the last 30 years or so.
It's not a certain thing, although very common. Thorsten Veblen would call it
a problem of remote capital, although other factors have also been at work
since the 1960s.

~~~
tomkarlo
For your statement to be relevant, you'd have to show that if they were
concerned about stakeholders other than shareholders, they would have acted
differently. That's not self-evident. It's not clear that this suit would have
a material benefit for _any_ stakeholders - including users - until now.

It would only do slightly more than the current disclosure to expose the issue
of such requests, and it would incur significant risk and cost in return.
Given the recent controversy, I'd say this suit now benefits Google employees
and shareholders, but I'm not sure it really does a lot for customers in
reality.

Let's say Google wins the right to disclose the exact number of requests
instead of the range it's been reporting. Will that really materially improve
the situation for users?

~~~
triplesec
I do not see how your points are relevant to my argument.

Not everything needs material benefit. Symbolic benefit can be as structurally
useful and beneficial as a countable material benefit. For if a powerful set
of companies acts, the power relationship with the government (and consumers,
not always beneficially of course) then changes.

the whole point is that Google did't ask before, so the benefit is less than
it would have been had they (and others) acted earlier. I am suggesting this
is because of a lack of real stakeholder accountability. The benefit to users
now is still appreciable, even though they weren't looking after their
customers' interests as strongly as perhaps they might have in another era.

Relevance to what? This is a most pertinent issue with respect to the actions
of executives of a large business. If executives are competent, then if their
concerns are broader, they will act. And there is certainly no requirement for
me to demonstrate this in conversation such as this. Your statement appears to
commit a burden of proof fallacy.

~~~
tomkarlo
And the point I'm making (which you seem to miss) is that the value of taking
this step has actually risen. Prior to PRISM, if Google did this, it would
incur similar risks/costs but only a limited number of people would care.
Post-PRISM, when it's a national issue, the PR benefit for it has risen
tenfold, while none of the other prior benefits have decreased. Regardless of
how they're prioritizing stakeholders, the overall balance of risk/reward has
changed drastically, so it doesn't tell you much about which stakeholders were
prioritized.

------
adamconroy
Its not a big deal, google should quietly announce they are retiring the API
and the government can try and contact someone at google.

------
coherentpony
I guess since now corporations are people, this should be no problem.

------
rasterizer
Again with the 'carefully worded denials' \- the denials were similar because
they were accused of the same thing, which is allowing "direct access".

The most worrisome and misunderstood part of these reports is the "direct
access" bit: can the government arbitrarily query company servers? their
denials address that, they clearly say that is not the case, instead they sftp
the data after being served with court orders or warrants and yes also the
secretive FISA requests.

So by revealing the number of FISA requests they receive and their scope they
hope to clear this "direct access" mess. As even FISA orders are much more
acceptable than wholesale access.

As for the development being reported here: I think it has merit seeing how
this clearly falls under the first amendment, but I'd like a lawyer to chip
in.

[edit: clarity]

~~~
discostrings
From what Google's said, it appears the government can't arbitrarily query
Google's servers. Google has stated pretty clearly that someone at Google has
to check off before an account is pushed to a machine that the government can
access and that the data cannot be accessed without this happening.

That's Google. We've yet to hear from many of the other companies in the
program about whether this sort of access is technically impossible, or
whether it's an honor system that the government is supposed to follow.[1] I
haven't been closely following the Facebook, Microsoft, or Apple statements,
so maybe they have also been explicit that it is a restriction that is
implemented by technical means. Some of the companies haven't said anything
yet.

How many of the companies really make sure there is legitimate documentation
for each request? Do they really do this every time, or have they become
resigned to the fact that there's nothing they can do, so they just rubber
stamp each request coming through, even without the proper legal
documentation?

[1] This seems to be a major issue--the President and NSA leaders have claimed
that analysts "cannot" access your phone metadata and phone call content
without the correct legal instruments. But by "cannot", they seem to mean
"they are not allowed to" rather than "it is not possible for them to".

~~~
famousactress
re: [1]... Right. In fact, this morning I think we heard this is definitely
policy and not technology. We were told that for this to happen [paraphrasing
from memory] "One person would have to break the law [analyst], his boss would
have to break the law [because he's supposed to approve the access], and
remember this entire process is 100% auditable, so we'd catch them for sure."

Of course, this isn't remotely reassuring for a bunch of reasons. Most of all
though, I'd be curious to hear more about how the auditing process works. He
kept saying "auditable" I noticed, not you know... _" actually audited"_.

~~~
mpyne
Snowden mentioned in the Q&A that 5% of the GCHQ accesses are audited, as one
example. He mentioned 5% as if it's a low value but that's actually fairly
high, especially if randomly-picked.

~~~
venomsnake
There are targets that are worth the risk of 1/20 being caught.

~~~
jonknee
Especially with what being caught means. It's a secret program so no one will
know and I doubt the analysts risk jail time.

------
humanspecies
I recommend everyone have a look at the leaked documents and the extent to
which all those companies participated in it and then judge their public
relations reactions afterwards.

After the scandal was revealed, and only after it was revealed in an
unprecedented act by Snowden, did Google come out in favor of their customers.
This is ridiculous.

Google was caught pants down and there's no amount of PR bullshit they can use
to white wash this and pretend the government forced them to do it. They
willingly participated in exchange for political status with the government,
that is the raw truth.

~~~
pyre

      | After the scandal was revealed, and only after it
      | was revealed in an unprecedented act by Snowden,
      | did Google come out in favor of their customers
    

Was Google not already in court opposing NSLs? Filing with FISA was something
that the EFF recently spear-headed.

I'm not saying you should trust Google with all of your secrets, or even all
of your data, but it should be an informed decision.

~~~
humanspecies
We have enough information for an informed decision now, thanks to Edward
Snowden.

~~~
pyre
Right, but saying "Google only starts caring about its users now," is not
true. For example, Google challenged the National Security Letters prior to
the Snowden leak.

------
throwaway10001
_> > The court approved each of the 1,789 government requests it received in
2012, except for one that was withdrawn._

Scary as hell, considering that one request can be as broad as: _“It is hereby
ordered that [Verizon Business Network Services '] Custodian of Records shall
produce to the National Security Agency…all call detail records or ‘telephony
metadata’ created by Verizon for communications (i) between the United States
and abroad; or (ii) wholly within the United States, including local telephone
calls,”_

Google should cut the crap with PR moves and stop hoarding so much data about
everything we do online. If they have, NSA will get it--one way or another.

~~~
burntsushi
> Google should cut the crap with PR moves and stop hoarding so much data
> about everything we do online.

I like that Google has a lot of data on me---it makes their services much more
valuable to me. I don't like that the government can access it secretly.

These are distinct opinions and both can be reasonably satiated simultaneously
if there are proper checks and balances in government.

------
humanspecies
Fucking Google is manipulating these threads, trying to white wash their
secret spying deals.

Don't fall for this bullshit, Google has been in the spying business for ages
now. They joined the NSA program in 2009 and have been in trouble constantly
in every spy scandal there is some google product involved. Wake up already.

------
bifrost
This is sortof hillarious, Google fighting for this when they mine ALL of your
data...

~~~
nostromo
The government has a monopoly on violence. They can kill you, send you to
gitmo, take all of your money and possessions, etc.

Google by comparison can turn off your gmail account.

~~~
dragonwriter
> The government has a monopoly on violence.

No, it doesn't.

People who aren't the government, and who lack its sanction in doing so, apply
violence every day.

~~~
gyardley
I don't know why you're being downvoted.

I'm certainly not the government, and I can quite legitimately be violent when
defending myself from illegitimate (aka non-governmental) violence.

For example, if someone breaks into my home and behaves threateningly, I can
(rather violently) shoot them, and the government won't object in the
slightest. So much for them having a monopoly.

~~~
kaoD
Yeah but the world is not the USA. Some states DO have the monopoly of
violence. E.g.: if you try to kill me in Spanish with a knife and I shoot you,
I'll go to jail.

~~~
gyardley
Since we're talking about Google and the American government here, I thought
the context of the conversation was understood.

~~~
kaoD
_Sorry, I was editing and just addressing that :( It 's a bad habit of mine. I
moved the edit here._

Okay, I know that he specifically refers to the US (he mentioned Gitmo) but
remember that even then the state is the one who lets you exercise violence.
The monopoly's just lending some of its power to make you shut up and stop
whining so he can keep minding his (evil) business.

Also: Windows had a monopoly even when Linux existed. Monopolies don't always
have 100% of the market share, but they're still a monopoly _de facto_ and
will fight hard to achieve the full monopoly.

