BreachExchange mailing list archives
US government: 'Tech firms should not be allowed to publish data requests'
From: Lee J <lee () riskbasedsecurity com>
Date: Thu, 3 Oct 2013 23:43:38 +1000
http://www.computing.co.uk/ctg/news/2298449/us-government-tech-firms-should-not-be-allowed-to-publish-data-requests The US government has continued its battle with some of the biggest technology names in the world, by claiming that the companies should not be allowed to disclose the number of user data requests they receive from Washington. The US government has been put under pressure after former National Security Agency (NSA) contractor Edward Snowden leaked documents that showed that the agency was involved in a mass surveillance operation, with the collaboration of the technology industry in the US, UK and many other countries. IT giants including Microsoft, Google and Facebook have moved to distance themselves from any part in the surveillance operation, and have filed motions to the US Foreign Intelligence Surveillance Court (FISC), asking for permission to publish details of national security requests they receive from the US government for user data. Yahoo's general counsel, Ron Bell, had explained that the firm filed the suit because it is not authorised to break out the number of requests, if any, that it receives for user data under specific national security statutes. The US government prohibits companies from disclosing this information. In a filing with FISC, the US Department of Justice claims that the information that the companies seek to disclose is "classified" and could cause harm to national security. It states that the companies "fail to address the harm their disclosures would cause to national security, beyond pointing out that they do not seek to disclose individual surveillance targets". It goes on to explain that the companies focus on individual targets ignores the fact that the disclosures would "risk revealing the government's collection capabilities as they presently exist and as they develop in the future". It says that the disclosure of such information, and the relationship the government has with certain vendors would enable "adversaries... to switch providers to avoid surveillance". As a result the FBI has classified the data the companies seek to publish at the ‘secret' level. The latest ruling follows a letter from the Center for Democracy and Technology to the Senate and House Judiciary Commitees, requesting the commitees to start putting into action plans to create more transparency. The number of companies supporting the centre's position include Apple, CloudFlare, Dropbox, Facebook, Google, LinkedIn, Twitter, Yahoo and Foursquare.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- US government: 'Tech firms should not be allowed to publish data requests' Lee J (Oct 11)