Slashdot Mirror
Yahoo Becomes First Company To Disclose FBI National Security Letters (tumblr.com)
Yahoo has disclosed receipt of three national security letters (FBI requests for data that Yahoo is typically barred from sharing) and published redacted copies of the letters online for anyone to see. The company says that the move "marks the first time any company has publicly acknowledged receiving an NSL following the reforms of the USA Freedom Act." The bill was created last year allowing companies to gag orders relating to National Security Letters. Engadget reports: It takes some doing to get permission to acknowledge the receipt of a letter, too -- Yahoo says that the FBI needs to review if the nondisclosure provision is still necessary for each specific NSL before allowing a company to publish it, and even then certain information needs to be redacted before being made available to the public. Still, when companies do get these gag orders lifted, it allows them to notify the investigated parties that the FBI was looking into their data, and it's a big win for transparency overall.
"The bill was created last year allowing companies to gag orders relating to National Security Letters."
That sentence in TFS makes absolutely no sense.
Not only is this banal, monosyllabic expression now so diluted as to be meaningless, it's really, really not a "big win" for transparency if individual arbitrarily secret letters secured on the basis of absurd penalty can be exposed to the public long after they have ceased to be relevant.
It's not even a small win.
Marissa Mayer must really be on her way out. She rolled over for them often enough.
All the letters really say is that we want info on xxxxx@yahoo.com (actual emails are all censored), we want every scrap of info you have, and that you can't tell anyone about this and shouldn't block their account unless you tip them off.
Everything else looks like non-specific boilerplate, so it's amazing it took so long to publish these, when they might as well just have handed out the NSL form template without filling it in.
How is a gag order like this in the first place not a violation of the First Ammendment?
What the FBI wanted:
In preparing your response to this National Security Letter, you
should determine whether your company maintains the following types
of information which may be considered by you to be an electronic
communications transactional record in accordance with Title 18 United
States Code 2709.
Subscriber name and related subscriber information
Account numberls)
Date the account opened or closed
Physical and or postal addresses associated with the account
Subscriber day/evening telephone numbers
Screen names or other on-line names associated with the account
All billing and method of payment related to the account including
alternative billed numbers or calling cards
All e-mail addresses associated with the account to include any and all
of the above information for any secondary or additional e-mail addresses
and or user names identified by you as belonging to the targeted account
in this letter
Internet Protocol IIP} addresses assigned to this account and related
e-mail accounts
Uniform Resource Locator {URL} assigned to the account
Plain old te1ephonc(s) (POTS), ISDN circuit(s), Voice over internet
protocol (VOIP), Cable modem service, Internet cable service, Digital
Subscriber Line (DSL) asymmetrical/symmetrical relating to this account
The names of any and all upstream and downstream providers facilitating
this account's communications
The above—listed information from "inception of the targeted account to
the present" if this request cannot be processed as presently written.
What they didn't want:
We are not directing you to provide, nor should you provide, information
pursuant to this letter that would disclose the content of any electronic
communication. Title 18 United States Code 2510(8) defines content
as "any information concerning the substance, purport, or meaning of"
a communication. Subject lines of e-mails are content information and
should not be provided pursuant to this letter. If the records provided
are particularly large we request that you provide this information in
electronic format, preferably on a CD—ROM.
The FBI thinks that yahoo is still relevant . Hurrah !!! they should throw a party.
I don't understand the redacting methodology of these letters. Various pieces have been redacted, including the NSL number in the upper left of almost all the pages, but they left it at the end of one of the paragraphs, and also on the first page. Why redact it in some places but not others? Are they morons? (Occam's Razor would imply yes)
If every one who has never been served a national security letter just posted a simple note to the effect of "as of date xx/xx/xxxx this site has never been served a NSL" on their website then I would be much happier. ALl you have to do is fail to update it if that bad even occurs.
Interesting that they left the FBI agent's name and the office they are working out of at the time.
In Charlotte, NC the FBI field office is just a pretty short walk down the street from Microsoft. hmmmmmmm.
Yahoo the first company to get completely destroyed by "terrorists" in an overnight terrorist attack.
FBI issued a response moments after, "If you tell anyone about our requests, the terrorists win. We Warned them against this.
Look at what happened to yahoo..... Anyone else interested in telling others what we asked for?"
The FBI director when questioned was quoted as saying "fugeddaboutit" and called for his man Vinnie.
Do not look at laser with remaining good eye.
You still have to beg for permission and even then large parts may need to be redacted, how is that a big win?
Yahoo had already lost their lawsuit attempting to defend against it. They were the only company to do so, and if I remember correctly they paid a hefty financial burden in the process (wasn't it millions of dollars in penalties to the US government for attempting to withhold said information?)
It was even mentioned here on slashdot.
Point is Yahoo has shown more respect for privacy than any of the much bigger companies have. And while my usage of them has dwindled, I still trust them more than the alternatives (M$, Google, Apple, AOL, etc all)
This has been described multiple times before yet we continue to repeat the mistakes. A Nazi style repeat is coming. People are morons.
That will not stand up to much scrutiny. Logically and legally, that counts as a disclosure.
Random thought: Maybe companies should start crying wolf. The security letter may gag companies, but if a company never received one, there is no reason that the company can't claim to have received one. At least it would bring attention to the general public about the fact that such letters exist. If the FBI dared to claim it never sent one, they still wouldn't speak about companies they did serve one to. Overall, these one or two stories a year that might make it to the general population serve them and not the people. If everyone claims it is happening to them, at least the public may see the light. Then again, I am unfortunately seeing how many attacks against the 4th amendment are successful...
Yahoo may be the first since "the reforms of the USA Freedom Act", but the Internet Archive fought and won back in '08. I'm pretty sure Slashdot covered it when it happened, but I'm too lazy to hunt down the link.
It's not clear to me if the USA Freedom Act made this harder (in which case, why are we calling them "reforms"?) or easier. That would make this story a lot more interesting.
(The EFF has the Archive's slightly-redacted NSL on file, for anyone who's interested in comparisons.)
The 1st letter is dated March 29th 2013 is NSL 13-371110, the 2nd letter is dated August 1 2013 and is NSL 13-365658. Assuming the letters are produced sequentially 5452 letters were sent in the 126 days between the two 2013 Yahoo letters at the rate of ~43 letters/day. If the sequence continues through to 2015, an additional 49412 letters were sent during the 667 days between August 2013 and May 2015 at the rate of ~74 letters/day.
I was pleased to note that they do consider subject lines as data ("content"), but the status of email addresses isn't so clear.
Envelope addresses are clearly metadata, but there are also addresses in the data part of an smtp transaction. RFC 5321 vs RFC 2822, I think.
The real "Libtards" are the Libertarians!
after some period. As I understand it the whole point of keeping the existence of a NSL secret is to stop the crook/whoever from being alerted to the police/whatever investigation into him. So: once the crook is locked up there is little reason to keep it secret. There is also an argument that the NSLs should be disclosed at the crook's trial.
I do understand that matters are more complex, a crook could be part of a gang and investigations into other gangsters could be hampered by disclosure that is too early.
There should be an assumption in law that all NSLs should be disclosed after some time, eg 10 or 30 years. It would be up to the police to argue that disclosure should be delayed in particular cases.
Above I talk of crooks, much the same arguments apply about terrorists, paedophiles, etc. Ditto: police to be FBI, NSA, etc
This TOTALLY makes up for the all-encompassing digital surveillance throughout the western world that is a pneumatic nail gun hammering our coffin shut forever
Here's what the letters asked Yahoo! to hand over:
We are not directing you to provide, nor should you provide, information pursuant to this letter that would disclose the content of any electronic communication. Title 18 United States Code 2510(8) defines content as "any information concerning the substance, purport, or meaning of" a communication. Subject lines of e-mails are content information and should not be provided pursuant to this letter.
Of course it it disclosure, that it the whole point. The interesting part is: "Can the U.S government force people to actively lie?" Forcing some silence is one thing, forcing someone to go out and lie publically every day is something else. (It violates various religious beliefs, such as "You shall not lie".)
Of course, this could be taken further. Yahoo and others could publish lists every day, lists of e-mail adresses and ip-adressses and customers for which they have not yet gotten a NSL. This is equivalent to the broader "we have not yet gotten a NSL at all", but it is now a simple matter of using "diff" to get exactly who they got a NSL for and when.
Yahoo disclosing their bullshit means dick. It is old fucking news.
dabbbft
Subsequent to the release of some NSL information, the Directors of the various Three Letter Agencies burst into flames and their heads exploded.
One was heard to babble, "But terrorism! National security! State secrets! What will happen to us?! The End is Nigh!!"
If every one who has never been served a national security letter just posted a simple note to the effect of "as of date xx/xx/xxxx this site has never been served a NSL" on their website then I would be much happier. ALl you have to do is fail to update it if that bad even occurs.
Yes, that's called a "warrant canary"
See, e.g.: https://canarywatch.org/faq.ht...
That will not stand up to much scrutiny. Logically and legally, that counts as a disclosure.
The point is that the disclosure part-- disclosing that you haven't received a letter-- is done before receiving the gag order. So, you have made a disclosure, but have not violated the gag order.
FBI Director (((James Comey))) can't put you in jail for violating an order before the order was issued.