27 Jan 2013

The problem with Google’s so-called transparency report: it isn’t all that transparent

By Madison Ruppert: As I mentioned in my report on the recently released Google Transparency Report which revealed, for the first time, just how many requests are filed without a probable cause search warrant, there is much left unsaid in the report.
In the article I focused on the mysterious relationship between Google and the National Security Agency (NSA) and just how little we’ll ever know about what that relationship actually involves, but there is still another layer to the issue.
As a recent article in Computer World points out, there is indeed a massive amount that is not covered in the report, namely, the amount of requests made under the auspices of the PATRIOT Act, the Foreign Intelligence Surveillance Act (or the recently reauthorized FISA Amendments Act), or through the use of National Security Letters (NSLs).
Let’s not forget that NSLs are easily abused along with the fact that the FBI claims their agents can bend or suspend the law and conduct surveillance without any firm evidence.
While Jaikumar Vijayan, writing for Computer World, points out, “Google has said that it will try to release more information about such requests in the future,” this claim is dubious at best.
Since companies that receive NSLs and requests filed under the PATRIOT Act or FISA are usually barred from disclosing anything about the requests publicly, it is unclear how Google would release any information at all.
Trevor Timm of the Electronic Frontier Foundation pointed out that because of this secrecy, it is far from clear how many requests Google actually received from the government.
We also do not know just how intrusive those requests may be or how many individuals could have been impacted as a result of the requests.

Timm said that obtaining this information publicly is “incredibly important, because we have no idea how much surveillance requests Google is getting or how many people are being targeted.”
Timm noted that both the PATRIOT Act and FISA “give the government enormous leeway” and give the government the ability to collect tons of information on a wide range of people without having to obtain a probable cause warrant.
“Even a few senators have said that if people knew how [the Patriot Act and FISA] are being interpreted they would be shocked,” Timm said, likely referring to Senators Ron Wyden and Mark Udall.
“They have insinuated that the government is using [these laws] as a dragnet to gather information” on massive numbers of people, Timm said.
Former employees of the NSA actually exposed this massive surveillance program in court and the National Counterterrorism Center employs a similar dragnet surveillance program targeting innocent Americans.
“We notify users about legal demands when appropriate, unless prohibited by law or court order,” said Google spokesman Chris Gaither. The obvious problem is that it is often prohibited by law.
“And if we believe a request is overly broad, we seek to narrow it — like when we persuaded a court to drastically limit a U.S. government request for two months’ of user search queries,” Gaither said to Computer World via email.
However, given the tight relationship between Google and the U.S. intelligence community, one must wonder just how much they “drastically limit” the government’s requests.
According to Computer World, “Gaither noted that Google has insisted on government agencies getting an ECPA search warrant based on probable cause for access to stored contents of Gmail and other Google services.”
Is that true? The most recent transparency report indicates otherwise, though Gaither claimed that the information provided by Google varies quite a bit.
Gaither claimed that an Electronic Communications Privacy Act (ECPA) subpoena for a Gmail address “could compel Google to disclose the name listed when creating the account, and the IP address from which the user created the account and signed in and signed out, along with all relevant dates and times.”
A valid ECPA court order, on the other hand, could “compel Google to disclose the IP address associated with a particular email sent from that account or used to change the account password, along with the non-content portion of email heads such as the ‘from,’ ‘to’ and ‘date’ fields.”
“A valid ECPA warrant could compel us to disclose stored content such as the contents of a Gmail account,” Gaither said.
Yet it must be emphasized that the report did not actually outline what information was provided in each request. These are simply claims made by a Google spokesperson. How accurate they actually are can only be assumed.
Once again, it must be emphasized that the ECPA requests make up an unknown fraction of the overall requests filed through other means.
How many requests is Google actually getting? How much information are they actually providing? Since their transparency reports don’t say and the relationship between Google and the intelligence community has been protected by the court system, we very well might never know.

No comments:

Post a Comment