

Yahoo Files Suit Demanding Greater Accountability from the U.S. Government - elliottcarlson
http://yahoopolicy.tumblr.com/post/60753842342/yahoo-files-suit-demanding-greater-accountability-from

======
spodek
How can every citizen of the country not have standing to sue the government
about this spying, national-security-letter gags, and so on?

At the very least, shareholders of companies like Yahoo! are seeing lower
shareholder value. That's a loss. They're harmed. There's a lot greater harm
than that, but at least it's a starting point.

EDIT: come to think of it, I don't know why I wrote citizen of the country.
Citizens aren't the only ones hurt. I'm no lawyer. Can non-citizens sue too?

~~~
wheaties
You have to show proof that you've been harmed in some way. Unfortunately, and
via circular logic inanity, because the "harm" that is befallen you is unknown
to you, you don't have the ability to prove harm. Someone with more legalese
skills could put it better than I but that's essentially the gist of it.

~~~
ihsw
It doesn't need to be through the logical inanity, surveillance by itself is
benign. If you choose to self-censor your online activities because you worry
about surveillance then that would be your prerogative (the government didn't
_force_ you to change your expression of opinion to something less politically
sensitive).

The inanity you're referring to is this: surveillance of the communications of
any individual American would reveal that all Americans are under regular
surveillance. It's not really as inane as you think, however that doesn't make
it any less ridiculous.

------
nathanstitt
Look I'm not a "big conspiracy guy", but how does knowing the number of user
data requests create any additional transparency?

For all we know, there's only been one request, but maybe that request is
something like: "Give us a plaintext copy of each email sent and received for
all of your users for the last 10 years"

The only thing that will create transparency is to eliminate secret orders all
together. That's what these guys should be arguing and I find it strange that
they are not. Instead they are all fixated on just being able to show how many
requests they've complied with and not what those requests were actually for.

~~~
MisterWebz
There's nothing "conspiracy" about the NSA being able to access anyone's data
on Yahoo's servers without needing a warrant. It's actually expected at this
point.

What they're trying to achieve by making a public stink about this is good PR.
The real fight -if there is actually a real fight between the tech giants and
the government- will happen behind closed doors.

------
natch
So, the government is burning your house down, and rather than fight the fire
directly, you sue them to allow you to reveal the exact amount of gasoline
being used?

Why? Because it's an easier PR ploy. What these companies really should fight
is the government's so far successful attempts to compel them to violate
users' privacy.

~~~
freehunter
Why not assess just how big the fire is? That determines if you need a fire
extinguisher, a fire truck, or a new house altogether.

~~~
natch
They already know the numbers.

~~~
freehunter
1) They know _their_ numbers. Not the numbers for other companies.

2) _We_ don't know _any_ of the numbers.

If my apartment was on fire, I'd like to know how many other apartments were
burning, and so would my landlord. Yahoo is one apartment on the web, and we
are the landlords of our government. Yahoo knows how much of their apartment
is on fire, but they know nothing about Google across the hall from them.

~~~
natch
1) Wrong. They do know the numbers for other companies, as ranges, which are
plenty sufficient for comparison:
[http://www.google.com/transparencyreport/userdatarequests/US...](http://www.google.com/transparencyreport/userdatarequests/US/)

2) Wrong again. We know ranges (see link above) and we don't need to know the
exact numbers. All we need to know is that the house is on fire, and we
already know that.

> they know nothing about Google

Sigh. See above.

The exact number issue is a red herring. Again, this is simply a PR ploy.

------
josephby
"Yahoo filed suit in the Foreign Intelligence Surveillance Court (FISC) this
morning demanding the right to publicly disclose the number of user data
requests that we receive from the U.S. Government under national security
statutes."

This is either a first step or a smokescreen, depending on how one looks at
it. It's good to know "the number" in order to determine the scope of the
problem. It would be better if service providers could actually stop
governments from using overly-broad requests to go after user data of
indeterminate intelligence-fighting value.

~~~
eli
I agree, but how exactly does a company go about that? Fight the order? For
all I know they already do that.

~~~
natch
[https://en.wikipedia.org/wiki/Civil_disobedience](https://en.wikipedia.org/wiki/Civil_disobedience)

~~~
freehunter
Civil disobedience in the case of Yahoo means their company shots down ala
Lavabit. I'm sure they would rather keep running under poor conditions than
shut down.

~~~
natch
The government is not going to shut down all of Yahoo just because they
publish the value of a 16 bit integer.

~~~
eli
You misunderstand. The government didn't shut down Lavabit. They (allegedly)
ordered them to insert a backdoor. Not doing so could have caused the
principles to face _personal_ criminal charges. I love my customers, but I'm
probably not going to go to federal prison for them.

~~~
natch
Yes I know what happened at Lavabit. And seeing the Google/Yahoo execs going
to prison to protect their users was exactly what I had in mind. I'm not
saying I expect them to do it, but it would be admirable. We could get into
hypotheticals about in which scenarios would this even help... and I admit
that in many scenarios it would be futile, but for some scenarios, it would be
an option, even though it would come at great cost.

------
devx
I hope besides all these lawsuits asking for "disclosure", all these companies
are also working (lobbying) hard to push the "Repeal of the Surveillance State
Act" in Congress:

[http://holt.house.gov/index.php?option=com_content&task=view...](http://holt.house.gov/index.php?option=com_content&task=view&id=1200&Itemid=18)

It's a much better and much more effective "fix" against all of this, for us
individuals, and for the corporations, too, if they want foreign (and local)
customers to trust them again.

The real prize is ending the mass surveillance, not just being able to
"disclose" it.

------
mathattack
Will it come back to bite Yahoo if they are the only ones doing this? I can't
see them going alone.

~~~
freehunter
Haven't Microsoft and Google already filed a suit along the same lines?

------
frank_boyd
Just some more PR.

They would like you to forget that the real question is their collaboration
with the NSA.

------
DanielBMarkham
This looks like a mostly PR move by Yahoo, but still, I'm happy for whatever
momentum can be gained, even if mostly illusory.

The amount of economic damage that has been done to the national
infrastructure will be measured in the tens of billions of dollars, at least,
and the damage will go on for decades. Twenty years from now, people will be
making decisions about technology and these issues will still come up, even if
the public manages to wrest control over the ruling class and bring sanity
back.

------
Zigurd
Who cares. Start with your products.

If you are first to market with strong encryption, web-of-trust, zero-
knowledge, open-client email, you take all your competitors' customers who
care about privacy.

Then you can tell me how many intrusions that thwarted.

~~~
gcv
Then the NSA tells you to put backdoors in all that nice crypto you put
together, and keep mum about it. If you refuse, it shuts you down, either in
court or by force. You think Yahoo execs want to get categorized as "enemy
combatants" and go to Gitmo?

~~~
Zigurd
If you implement encryption client-side, have a web-of-trust to catch
compromised keys, and have an open source client, how is that going to happen?

That's what "zero knowledge" means: You don't have to trust your own
infrastructure. Your mail server could be in Fort Meade. The user's data is
still protected.

Perhaps they could be ordered to shut down. But that wouldn't result in your
data being compromised.

~~~
mindslight
The problem is that this kind of technology is incompatible with creating a
lucrative business. Investment seeks out prospects of creating a new middlemen
for high-margin success. But if users don't have to trust the server, that
means they can easily switch to a different one. So you're left in a highly
competitive market of selling commodity storage and bandwidth instead of the
scalable home run that VCs seek.

I do think this is where our technologies have needed to head for at least the
past ten years. But real progress occurs slowly, and most of the tech
community's attention is captured by the VC-fueled marketing circus.

~~~
Zigurd
You don't think loss of confidence will have an impact?

~~~
mindslight
Well sure, and hopefully progress will even speed up as people are forced to
think about the fundamental insecurities of web toys and realize their hipster
"disruptive" day job is actually just the status quo. But that doesn't mean
things are suddenly going to change overnight, and the noise over these
revelations will have long died down by the time privacy systems become
popular.

The direct point I am making is that privacy preserving tools necessarily run
on a user's computer completely under their control and need to be open source
to be trustable. Which means they're incompatible with business unless you
want to fall back on support and custom development. So they won't be promoted
or purposely developed by established companies such as Yahoo, or VC-funded
startups looking for a big exit.

~~~
Zigurd
Carbonite IPO'ed as a pure subscription based and (if you generate your own
keys) zero-knowledge service.

