

Government to Allow Companies to Disclose More Data on Surveillance Requests - brnstz
http://www.nytimes.com/2014/01/28/business/government-to-allow-technology-companies-to-disclose-more-data-on-surveillance-requests.html

======
pippy
They can now declare how many National Security Letters and FISA requests they
get in increments of 250.

That's absolutely ridiculous. It's no better than not stating at all. They
also still can't state if the request is relating to terrorism, or industrial
espionage under the guise of alleged crimes. For now foreign companies have to
assume the worst.

It's pretty depressing knowing that the United States has one of the best, and
most clear constitutions ever written. You can't misinterpret the First
Amendment, and yet it's now completely void.

~~~
drewbug
> It's no better than not stating at all.

I mean, it's at least _slightly_ better, right?

~~~
mpyne
Of course it is, as it allows us to at least determine if "mass" surveillance
is going on, as opposed to the "good old-fashioned police work" that everyone
here claims to want.

~~~
Zigurd
No, actually. We only know the number of documents, not the number of users
affected. The numbers we get to see are nearly meaningless.

------
rst
Analysis by Marcy Wheeler here: [http://www.emptywheel.net/2014/01/27/the-new-
transparency-gu...](http://www.emptywheel.net/2014/01/27/the-new-transparency-
guidelines/)

Quoting the nub of it (please note, this is all her, not me):

First, you can sort of see what the government really wants to hide with these
schemes. They don’t want you to know if they submit a single NSL or 215 order
affecting 1000 customers, which it’s possible might appear without the
bands.They don’t want you to see if there’s a provider getting almost no
requests (which would be hidden by the initial bands).

And obviously, they don’t want you to know when they bring new capabilities
online, in the way they didn’t want users to know they had broken Skype.
Though at this point, what kind of half-ased terrorist wouldn’t just assume
the NSA has everything?

I think the biggest shell game might arise from the distinction between
account (say, my entire Google identity) and selector (my various GMail email
addresses, Blogger ID, etc). By permitting reporting on selectors, not users,
this could obscure whether a report affects 30 identities of one customer or
the accounts of 30 customers. Further, there’s a lot we still don’t know about
what FISC might consider a selector (they have, in the past, considered entire
telecom switches to be).

------
MWil
This is tiered justice aka not justice.

"New" companies can be less open with their users?! Is company defined by it's
specific name? If Google snaps up the service, does that make it less new? If
my LLC moves to another corporate form, is it "new"?

What can make the six-month delay more delayed? How indefinitely can an
investigation that lasts longer than six-months take?

I'm also confused about the and/or status for NSLs, "selectors", and FISA
orders. "Selectors" seems the most specific but the use of "will also be
allowed" makes me question whether it's subject to the 250/1000 increment
requirements at all.

------
14th
How kind of them to allow freedom of speech!

~~~
eksith
Define _speech_ ;)

As it is, people have been circumventing fundamental rights by calling them
other names. E.G. "Disclosure" or "Leak" or "Disturbance". I understand the
need to prevent certain pieces of information falling into the wrong hands,
however a blanket sweep of all activities with the implicit understanding that
it's _potentially_ unconstitutional, is a bit much.

------
qwerty_asdf
Makes perfect sense!

I mean, thank god. I was really worried that they weren't disclosing nearly
enough of my ostensibly confidential information.

God bless America.

------
mcphilip
>The Justice Department had endorsed the new rules months ago but intelligence
officials argued they still revealed too much information. The breakthrough
came in recent weeks with a rule requiring new companies to wait two years
before publishing data.

> That provision means nobody will know whether the government is
> eavesdropping on a new email platform or chat service. And itpersuaded
> intelligence officials to endorse the rules, a U.S. official familiar with
> the discussions said. The Justice Department proposed the changes to the
> companies late last week and, by the end of the weekend, they agreed to drop
> their case before the FISA court.

Does this imply that the two year waiting period (as opposed to 1-year, six
month delay) is a new restriction specifically added in for new companies in
order to get Microsoft, Google, Yahoo, and Facebook to drop their case?

I don't expect that too many new companies would be eager to report that data,
but I'm curious if this is ultimately a win for intelligence officials.

~~~
mpyne
I got the impression the requirement on _new_ companies was to satisfy the
Intelligence Community, not the existing tech companies.

The presumable idea being that if a new email/social provider pops up and has,
say, a 2,000 subscribers after the end of the first year, saying that there
have been <500 NSLs is more individually-specific than saying there were
500-1000 (or whatever) for a site like GMail or Facebook.

------
kyleblarson
More gems from the most transparent administration in US history. How stupid
does he think the average American is?

~~~
betterunix
Stupid enough to trust him:

[http://www.nytimes.com/2014/01/16/us/obamas-path-from-
critic...](http://www.nytimes.com/2014/01/16/us/obamas-path-from-critic-to-
defender-of-spying.html)

 _He was surprised at the uproar that ensued, advisers said, particularly that
so many Americans did not trust him..._

