Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Becomes First Company To Disclose FBI National Security Letters (tumblr.com)

Posted by msmash on from the setting-precedent dept.

Yahoo has disclosed receipt of three national security letters (FBI requests for data that Yahoo is typically barred from sharing) and published redacted copies of the letters online for anyone to see. The company says that the move "marks the first time any company has publicly acknowledged receiving an NSL following the reforms of the USA Freedom Act." The bill was created last year allowing companies to gag orders relating to National Security Letters. Engadget reports: It takes some doing to get permission to acknowledge the receipt of a letter, too -- Yahoo says that the FBI needs to review if the nondisclosure provision is still necessary for each specific NSL before allowing a company to publish it, and even then certain information needs to be redacted before being made available to the public. Still, when companies do get these gag orders lifted, it allows them to notify the investigated parties that the FBI was looking into their data, and it's a big win for transparency overall.

37 of 74 comments (clear)

  1. WTF does this mean? by Anonymous Coward · · Score: 2, Informative

    "The bill was created last year allowing companies to gag orders relating to National Security Letters."

    That sentence in TFS makes absolutely no sense.

    1. Re:WTF does this mean? by orion205 · · Score: 2

      "The bill was created last year allowing companies to gag orders relating to National Security Letters."

      That sentence in TFS makes absolutely no sense.

      I have to guess that it should say "allowing companies to challenge gag orders" or something like that.

    2. Re:WTF does this mean? by Anonymous Coward · · Score: 1

      Challenge accepted.

    3. Re:WTF does this mean? by Anonymous Coward · · Score: 5, Funny

      That word was redacted by NSL mandate

  2. "big win" by Anonymous Coward · · Score: 2, Insightful

    Not only is this banal, monosyllabic expression now so diluted as to be meaningless, it's really, really not a "big win" for transparency if individual arbitrarily secret letters secured on the basis of absurd penalty can be exposed to the public long after they have ceased to be relevant.

    It's not even a small win.

    1. Re:"big win" by TheGratefulNet · · Score: 1

      let me take 10 of your marbles away.

      now, I'll give you 2 of them back.

      see, you now have a big win!

      (pathetic.)

      --

      --
      "It is now safe to switch off your computer."
  3. Looks like somebody is no longer calling the shots by Revek · · Score: 1

    Marissa Mayer must really be on her way out. She rolled over for them often enough.

  4. Hardly worth reading by Anonymous Coward · · Score: 1

    All the letters really say is that we want info on xxxxx@yahoo.com (actual emails are all censored), we want every scrap of info you have, and that you can't tell anyone about this and shouldn't block their account unless you tip them off.

    Everything else looks like non-specific boilerplate, so it's amazing it took so long to publish these, when they might as well just have handed out the NSL form template without filling it in.

    1. Re: Hardly worth reading by mcswell · · Score: 1

      Which law would that be?

  5. First Ammendment by Anonymous Coward · · Score: 3, Insightful

    How is a gag order like this in the first place not a violation of the First Ammendment?

    1. Re:First Ammendment by afidel · · Score: 1

      National security exception, same reason we have FISA (the rubber stamp court).

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    2. Re:First Ammendment by Anonymous Coward · · Score: 1

      The FBI has no jurisdiction over national security. They are a federal police force. By mandate everything they have the authority to do by themselves is purely domestic.

      Or in another way, what does the contents of a citizen's search history in regard to a domestic crime have to do with the security of the nation as a whole? Are petty criminals such a dire national security threat worthy of suspending the fundamental rights of third parties?

    3. Re:First Ammendment by swalve · · Score: 1

      There is no law against slander in the US. It's a civil matter.

    4. Re:First Ammendment by dunkindave · · Score: 2

      There is no law against slander in the US. It's a civil matter.

      While it isn't a criminal matter, it is a civil matter BECAUSE THERE ARE LAWS AGAINST IT!

      At the federal level, the law is part of common law, but the definition is in 28 U.S. Code 4101. Also, all but three states have their own defamation laws; for example, Illinois' is 740 ILCS 145, AKA "The Slander and Libel Act".

    5. Re:First Ammendment by Dog-Cow · · Score: 2

      Freedom of Expression is not the same as Freedom from Consequences.

    6. Re:First Ammendment by EndlessNameless · · Score: 2

      The FBI has jurisdiction in several matters that might lead to NSLs. Terrorist acts are federal crimes, as are other things that might involve NSLs such as espionage.

      Anything touching classified information can land in their lap as well. In fact, most of it will, as local law enforcement generally will not have clearance.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
    7. Re:First Ammendment by swalve · · Score: 1

      Where in the Illinois law does it say you aren't allowed to slander someone? All it does is codify what slander is. I can slander all I want and the government can't (legally) do anything about it.

    8. Re:First Ammendment by Khashishi · · Score: 1

      The constitution is just a piece of paper.

    9. Re:First Ammendment by dunkindave · · Score: 1

      Where in the Illinois law does it say you aren't allowed to slander someone?

      Umm, 740 ILCS 145. As I said before.

      In California it is in Cal. Civil Code 44 through 46. In Florida it is in Flor. Stat. 836.04. In most states though it is carried as part of Common Law.

      I can slander all I want and the government can't (legally) do anything about it.

      Partially true. It is against Illinois and federal law and grants the injured a private right of action. It isn't a criminal offense in those jurisdictions, it is a tort.

      In some states though, like in Virginia, there are criminal laws that cover some forms of slander, such as Code of Virginia 18.2-417:

      Any person who shall falsely utter and speak, or falsely write and publish, of and concerning any female of chaste character, any words derogatory of such female's character for virtue and chastity, or imputing to such female acts not virtuous and chaste, or who shall falsely utter and speak, or falsely write and publish, of and concerning another person, any words which from their usual construction and common acceptation are construed as insults and tend to violence and breach of the peace or shall use grossly insulting language to any female of good character or reputation, shall be guilty of a Class 3 misdemeanor.

      You said "There is no law against slander in the US" and I quoted laws against slander as a rebuttal. Perhaps you misunderstand what the word "law" means in these contexts.

  6. AT Least by invictusvoyd · · Score: 1

    The FBI thinks that yahoo is still relevant . Hurrah !!! they should throw a party.

  7. Only redacted most? by dunkindave · · Score: 1

    I don't understand the redacting methodology of these letters. Various pieces have been redacted, including the NSL number in the upper left of almost all the pages, but they left it at the end of one of the paragraphs, and also on the first page. Why redact it in some places but not others? Are they morons? (Occam's Razor would imply yes)

  8. Tomorrow on slashdot... by Lumpy · · Score: 1

    Yahoo the first company to get completely destroyed by "terrorists" in an overnight terrorist attack.

    FBI issued a response moments after, "If you tell anyone about our requests, the terrorists win. We Warned them against this.
      Look at what happened to yahoo..... Anyone else interested in telling others what we asked for?"

    The FBI director when questioned was quoted as saying "fugeddaboutit" and called for his man Vinnie.

    --
    Do not look at laser with remaining good eye.
    1. Re:Tomorrow on slashdot... by l0n3s0m3phr34k · · Score: 1

      Putting on my tin-foil hat, perhaps this is why Yahoo spent an extra $500,000 on security just for her and family.

    2. Re:Tomorrow on slashdot... by EndlessNameless · · Score: 1

      Yeah, that's the most generic and uninteresting paranoia I've seen lately. The FBI doesn't assassinate people for taking them to court.

      It is vastly more likely that she received some personal threats. With the company being broken up and sold off, there are probably a lot of disgruntled employees.

      Especially with her $160M golden parachute, plus a potential bonus from the sale.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  9. In her defense... by Anonymous Coward · · Score: 1

    Yahoo had already lost their lawsuit attempting to defend against it. They were the only company to do so, and if I remember correctly they paid a hefty financial burden in the process (wasn't it millions of dollars in penalties to the US government for attempting to withhold said information?)

    It was even mentioned here on slashdot.

    Point is Yahoo has shown more respect for privacy than any of the much bigger companies have. And while my usage of them has dwindled, I still trust them more than the alternatives (M$, Google, Apple, AOL, etc all)

    1. Re:In her defense... by Dog-Cow · · Score: 1

      Not that it particularly bothers me, but Apple routinely provides information from its servers in response to Government requests. Even in the recent case where Apple didn't have to decrypt the phone, the only reason they couldn't provide iCloud data is because the FBI was stupid enough to change the password themselves. (Why they didn't know the password has been left unsaid.)

    2. Re:In her defense... by TheCastro1689 · · Score: 1

      The FBI didn't change the password, the company that owned the phone did. But the problem was that the phone had not been backed up for a long time. If they had not changed the password, the phone would still be connected to that icloud and a manual backup could have somehow been performed without unlocking the phone and then the FBI could have gotten the backup information. Since the phone was locked there was no way to update the icloud info on the phone so that it would sync and backup to the now changed icloud account.

  10. Re:microsoft just down the street by Motherfucking+Shit · · Score: 1

    According to the redacted NSLs, the FBI field office is actually located at 7915 Microsoft Way.

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  11. Re:Please post on your website that yo have never. by swalve · · Score: 1

    That will not stand up to much scrutiny. Logically and legally, that counts as a disclosure.

  12. Internet Archive did it first! by Xtifr · · Score: 1

    Yahoo may be the first since "the reforms of the USA Freedom Act", but the Internet Archive fought and won back in '08. I'm pretty sure Slashdot covered it when it happened, but I'm too lazy to hunt down the link.

    It's not clear to me if the USA Freedom Act made this harder (in which case, why are we calling them "reforms"?) or easier. That would make this story a lot more interesting.

    (The EFF has the Archive's slightly-redacted NSL on file, for anyone who's interested in comparisons.)

  13. Number of letters sent... by Anonymous Coward · · Score: 1

    The 1st letter is dated March 29th 2013 is NSL 13-371110, the 2nd letter is dated August 1 2013 and is NSL 13-365658. Assuming the letters are produced sequentially 5452 letters were sent in the 126 days between the two 2013 Yahoo letters at the rate of ~43 letters/day. If the sequence continues through to 2015, an additional 49412 letters were sent during the 667 days between August 2013 and May 2015 at the rate of ~74 letters/day.

  14. Data vs metadata by whoever57 · · Score: 1

    I was pleased to note that they do consider subject lines as data ("content"), but the status of email addresses isn't so clear.

    Envelope addresses are clearly metadata, but there are also addresses in the data part of an smtp transaction. RFC 5321 vs RFC 2822, I think.

    --
    The real "Libtards" are the Libertarians!
  15. All NSL letters should be released ... by Alain+Williams · · Score: 3, Interesting

    after some period. As I understand it the whole point of keeping the existence of a NSL secret is to stop the crook/whoever from being alerted to the police/whatever investigation into him. So: once the crook is locked up there is little reason to keep it secret. There is also an argument that the NSLs should be disclosed at the crook's trial.

    I do understand that matters are more complex, a crook could be part of a gang and investigations into other gangsters could be hampered by disclosure that is too early.

    There should be an assumption in law that all NSLs should be disclosed after some time, eg 10 or 30 years. It would be up to the police to argue that disclosure should be delayed in particular cases.

    Above I talk of crooks, much the same arguments apply about terrorists, paedophiles, etc. Ditto: police to be FBI, NSA, etc

    1. Re:All NSL letters should be released ... by drinkypoo · · Score: 2

      There should be an assumption in law that all NSLs should be disclosed after some time, eg 10 or 30 years.

      The rights of the people to know have to be balanced against the need for security, but 10 to 30 years is way too long. Five years might be a good upper bound. If you can't move a problem forward in five years such that we can talk about it, we probably need to talk about it.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:All NSL letters should be released ... by Alain+Williams · · Score: 1

      If you do not have a trial, how do you know if they are guilty or not ?

  16. A GREAT VICTORY by axewolf · · Score: 1

    This TOTALLY makes up for the all-encompassing digital surveillance throughout the western world that is a pneumatic nail gun hammering our coffin shut forever

  17. Here's what they asked for... by nuckfuts · · Score: 4, Informative

    Here's what the letters asked Yahoo! to hand over:

    • Subscriber name and related subscriber information
    • Account number(s)
    • Date the account opened or closed
    • Physical and or postal addresses associated with the account
    • Subscriber day/evening telephone numbers
    • Screen names or other on-line names associated with the account
    • All billing and method of payment related to the account including alternative billed numbers or calling cards
    • All e-mail addresses associated with the account to include any and all of the above information for any secondary or additional e-mail addresses and or user names identified by you as belonging to the targeted account in this letter
    • Internet Protocol (IP) addresses assigned to thi3 account and related e-mail accounts
    • Uniform Resource Locator (URL) assigned to the account
    • Plain old telephone
    • The names of any and all upstream and downstream providers facilitating this account's communications
    • The above-listed information from "inception of the targeted account to the present" if this request cannot be processed as presently written

    We are not directing you to provide, nor should you provide, information pursuant to this letter that would disclose the content of any electronic communication. Title 18 United States Code 2510(8) defines content as "any information concerning the substance, purport, or meaning of" a communication. Subject lines of e-mails are content information and should not be provided pursuant to this letter.