National Security Agency headquarters at Ft. Meade, Maryland. (Image: file photo)
A US company refused to comply with a top-secret order that compelled it to facilitate government surveillance, according to newly declassified documents.
It’s thought to be only the second instance of an American company refusing to comply with a government surveillance order. The first was Yahoo in 2008. It was threatened with hefty daily fines if it didn’t hand over customer data to the National Security Agency.
While the company was not named in the 2014-dated document, released Wednesday, it’s thought that it may be an internet provider or a tech company — rather than a telecoms provider.
The news comes from a collection of documents that were declassified and released as part of a Freedom of Information lawsuit filed by the Electronic Frontier Foundation and the American Civil Liberties Union.
All of the documents relate to the government’s use of the so-called Section 702 statute, named after its place in the law books, a provision of the Foreign Intelligence Surveillance Act. The statute authorizes the collection of data on foreign persons overseas who use US tech and telecoms services.
The law is widely known in national security circles as forming the legal basis authorizing the so-called PRISM surveillance program, which reportedly taps data from nine tech titans including Apple, Facebook, Google, Microsoft, and others. It also permits “upstream” collection from the internet fiber backbones of the internet.
The fight came around the time that Congress was debating provisions in the Freedom Act, a bill that eventually passed in 2015 as an effort to reform the intelligence community in the wake of the Edward Snowden revelations.
According to the document, the unnamed company’s refusal to participate in the surveillance program was tied to an apparent expansion of the foreign surveillance law, details of which were redacted by the government prior to its release, as it likely remains classified.
While tech companies and internet providers are required to provide the government access to customer data when requested, they have the right to push back on the government’s demands by bringing a challenge before the Foreign Intelligence Surveillance Court, which oversees and authorizes the government’s surveillance activities.
But despite the company’s efforts to argue that the surveillance order was unlawful, the company was later forced to comply by the court.
“This challenge to the government’s warrantless spying under Section 702 underscores just how controversial this mass surveillance program really is, and why it must be significantly reformed,” said Ashley Gorski, an attorney at the ACLU’s National Security Project.
“The anonymous tech company that brought this challenge should be commended for defending its users’ privacy, and other companies must do the same by fighting for critical reforms in the courts and in Congress,” she said.
Congress is currently debating whether to keep the controversial Section 702 statute, which is set to expire at the end of the year.
The Trump administration and senior intelligence officials want the provisions to be permanently written into law. Others have expressed skepticism and are seeking reforms.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
ZDNET INVESTIGATIONS
US government pushed tech firms to hand over source code
At the US border, expect discrimination, detention, searches, and interrogation
Leaked: TSA documents reveal New York airport’s wave of security lapses
Meet the shadowy tech brokers that deliver your data to the NSA
Trump aides’ use of encrypted messaging may violate records law
An unsecured database leaves off-the-grid energy customers exposed
Inside the global terror watchlist that secretly shadows millions
Security flaws in Pentagon servers “likely” under attack by hackers
Revealed: How one Amazon Kindle scam made millions of dollars
US government subcontractor leaks confidential military personnel data