US government: 'Tech firms should not be allowed to publish data requests'

[Lee J <lee () riskbasedsecurity com>]

http://www.computing.co.uk/ctg/news/2298449/us-government-tech-firms-should-not-be-allowed-to-publish-data-requests

The US government has continued its battle with some of the biggest
technology names in the world, by claiming that the companies should not be
allowed to disclose the number of user data requests they receive from
Washington.

The US government has been put under pressure after former National
Security Agency (NSA) contractor Edward Snowden leaked documents that
showed that the agency was involved in a mass surveillance operation, with
the collaboration of the technology industry in the US, UK and many other
countries.

IT giants including Microsoft, Google and Facebook have moved to distance
themselves from any part in the surveillance operation, and have filed
motions to the US Foreign Intelligence Surveillance Court (FISC), asking
for permission to publish details of national security requests they
receive from the US government for user data.

Yahoo's general counsel, Ron Bell, had explained that the firm filed the
suit because it is not authorised to break out the number of requests, if
any, that it receives for user data under specific national security
statutes. The US government prohibits companies from disclosing this
information.

In a filing with FISC, the US Department of Justice claims that the
information that the companies seek to disclose is "classified" and could
cause harm to national security.

It states that the companies "fail to address the harm their disclosures
would cause to national security, beyond pointing out that they do not seek
to disclose individual surveillance targets".

It goes on to explain that the companies focus on individual targets
ignores the fact that the disclosures would "risk revealing the
government's collection capabilities as they presently exist and as they
develop in the future".

It says that the disclosure of such information, and the relationship the
government has with certain vendors would enable "adversaries... to switch
providers to avoid surveillance".

As a result the FBI has classified the data the companies seek to publish
at the ‘secret' level.

The latest ruling follows a letter from the Center for Democracy and
Technology to the Senate and House Judiciary Commitees, requesting the
commitees to start putting into action plans to create more transparency.

The number of companies supporting the centre's position include Apple,
CloudFlare, Dropbox, Facebook, Google, LinkedIn, Twitter, Yahoo and
Foursquare.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.