back to article Web giants cry foul over US gov's refusal to budge on NSA spy gag orders

Google, Microsoft, Yahoo! and Facebook are still fighting for permission to warn people who are under online surveillance, after their campaign for transparency was derailed by the US Department of Justice. The web giants had asked the DoJ to lift restrictions on alerting users when they are being snooped on by intelligence …

COMMENTS

This topic is closed for new posts.
  1. Schultz
    Big Brother

    Clash of the titans

    The trillion dollar national security establishment versus the trillion dollar internet economy. And both include well-meaning big brother types. This might become quite interesting.

    Popcorn, please!

    1. Thorne

      Re: Clash of the titans

      It would be except they're fighting over who gets to screw us.....

      1. Charles 9

        Re: Clash of the titans

        Well, the Internet is basically "Bend Over" territory. If neither of them are doing it, it's someone else like the Chinese.

        1. Anonymous Coward
          Anonymous Coward

          Re: Clash of the titans

          At least the Chinese aren't pretending they're not doing it, or attempt to keep up a myth of democracy to peddle their warez.

    2. Haku

      Re: Clash of the titans

      It's like Alien vs Predator.

      Whoever wins... We lose.

      1. MJI Silver badge

        Re: Clash of the titans

        Well get Sigourney and Arnold in to help.

  2. doronron

    Lavabit keys

    Lavabit was required to hand over the keys while they went after 1 account, Snowdens, and required to have a box on their network. The Judge was told the box would only record Snowdens account and everyone elses would be discarded, which might well be true....of the box.

    i.e. Lavabit's transparency report would say "1 request about 1 account".

    But the NSA has the backbone tapped, and it keeps all encrypted traffic for when it can get the keys. The NSA also is the technical center for this tapping. So it *would* get the keys.

    So in reality, by giving them the keys, you gave them every past and present Lavabit users account. The box isn't needed because the backbone tap provides the data and they have all the encrypted emails on file.

    So suppose the Fed did agree to release the warrants, there would be large blacked out bits to hide the key requests (Lavabit could hardly have been the first, they have the boxes already, so there must be a system of grabbing the keys for these boxes and many boxes on many US networks).

    So the release would shed more light on this practice, which is enlightening for the judges I think, because I suspect they've been duped as to the 'narrow' nature of these taps. As well as enlightening Congress and Senate.

    1. Sir Runcible Spoon
      Joke

      Re: Lavabit keys

      I wonder what the NSA would have done had Lavabit provided Snowdens key in clear (digitally I mean - not the paper trick :) ) and included all the others but redacted them?

      What's good for the goose etc.

      NSA, you are a bunch of <redacted> <redacted>.

      or perhaps that would read better as..

      NSA, <redacted> <redacted> <redacted> <redacted> <redacted> fucking cunts.

  3. Anonymous Coward
    Happy

    Poetic justice would be....

    If the NSA created "corporate profiles" for each of these companies and treated those the way that these companies treat user profiles.

    "We've changed our corporate profile privacy settings. You can change these settings, but different privacy aspects are controlled by three different spots on our website. In the meantime, we've changed your profile settings to our default levels--full government access." :)

    (More seriously though, I hope these companies can make some headway.)

  4. Anonymous Coward
    Anonymous Coward

    StartMail Beta

    I got my email today that the StartMail beta is about to launch. Should be interesting, the email says:

    "The revelations this summer of NSA spying through the PRISM program prompted us to add even more features to our already rock-solid privacy."

    Features of StartMail are supposed to be:

    - fully-encrypted user vault,

    - protection of perfect forward secrecy and transport layer security,

    - state-of-the-art SSL encryption,

    - email provider based in the Netherlands, outside of US jurisdiction

    1. Charles 9

      Re: StartMail Beta

      To each point, I challenge:

      - Who keeps the keys to the user vault? You and you alone? Remember, a master key was what nailed Lavabit.

      - Neither forward secrecy nor TLS can do much against cryptanalysis: attacks on the PROTOCOLS using side-channel techniques. That's what led to BEAST and all the other secure-channel attacks.

      - Again, the spooks are targeting the protocols, not the keys. IOW, they're not trying to get a key to copy; they're trying to secretly cut a way through the wall.

      - May not be good enough. As noted, the NSA can already possess international shared-secret agreements with other nations. That can include the EU at large, of which the Netherlands is a member. Either that or the NSA can compromise those countries even against their wishes. I'm inclined to think the ONLY countries the NSA can't tap in some way are countries that are in turn beholden to ANOTHER, anti-Western state spook authority like the Russians or the Chinese.

      1. Anonymous Coward
        Anonymous Coward

        Re: StartMail Beta

        To each point, I challenge:

        - They have their core DNS records in the US (GoDaddy registration, DNS geo-locates to Manchester, US). In other words, if anyone wants to grab that traffic they're already set up for a MITM attack.

        - The company appears to be in the Netherlands, which is not exactly the most benevolent country when it comes to wiretapping. I found their national security services to be rather aggressive - no idea how they behave in relation to following the law, though (haven't had time to dig deeper).

        - Storage encryption is actually a problem rather than a solution. If a company supplies the means to encrypt, it can be legally forced to undo that (which makes it pointless), or be told close shop (which then hurts every client they have) - it's only if the CLIENTS encrypt (like you'd do before you go near any cloud service) that you're home free as a provider. An alternative route to that is to use software which the clients can get from anywhere like Open Source derived code, so being forced to supplying a version with a backdoor would be pointless. The UK Regulation of Investigative Powers Act is in that respect actually clearest, but I would suspect the Netherlands have an equivalent as it is derived from EU provided models.

        In this last context, trying to bypass local laws or telling people they don't apply (which is really what Lavabit and Silent Circle were doing - it's not like US intercept laws have only sprung up in the last few years) means that you're quite simply lying to your clients. Call me picky, but I don't consider that the best starting point for selling protection.

  5. Anonymous Coward
    Anonymous Coward

    [REDACTED]

    The [REDACTED] [REDACTED] [REDACTED] fluffy bunny [REDACTED] [REDACTED] [REDACTED] [REDACTED]cucumber [REDACTED] over 16 [REDACTED] [REDACTED] [REDACTED] [REDACTED] or else.

  6. Random Q Hacker

    These companies were complicit all the way, and are now covering their asses.

    1. Anonymous Coward
      Anonymous Coward

      I read somewhere it's actually worse, apparently they actually pushed for some of those laws. Oops.

      1. Anonymous Coward
        Anonymous Coward

        Ooh, ooh, me too!

        Yeah, I read somewhere that they fucked my dog! Bastards!

        1. Great Bu

          Re: Ooh, ooh, me too!

          No, that was me. Sorry.

          (In my defence, it's a pretty sexy dog...)

      2. Anonymous Coward
        Anonymous Coward

        I read somewhere it's actually worse

        Umm, yes, since then caffeine has found its way into my blood stream, so I found the "somewhere". Well, duh. Serves them right IMHO.

  7. This post has been deleted by its author

  8. John Smith 19 Gold badge
    Unhappy

    A secret opinion issued by a court meeting in secret about secret warrants with a gag order

    The only way that gets changed is if the law FISA operates under gets changed, as (IIRC) it was a lot by various clauses in THE PATRIOT Act.

    Americans. How does this equate to the principles of democracy you are familiar with?

    1. ratfox
      Devil

      Re: A secret opinion issued by a court meeting in secret about secret warrants with a gag order

      "It's fine! They are only listening to foreigners, not us. Or really really bad Americans. And anyway, we're the good guys."

      1. Anonymous Coward
        Anonymous Coward

        Re: A secret opinion issued by a court meeting in secret about secret warrants with a gag order

        Ironically, that seems to be the exact attitude. In the US; they have indeed managed to frame the debate so that every time you question these laws you're automatically ranked as bad guy. They really, really have come off the rails there.

    2. Gray
      FAIL

      Re: A secret opinion issued by a court meeting in secret about secret warrants with a gag order

      Why do you assume we Americans are familiar with the principles of democracy?

      We've not practiced it since the days of the smoke-filled back rooms and the truck (lorry) loads of cash passing through the back doors. America has long lived by the golden rule*.

      If you think it is fun now, just wait until that big-eared, dark-complected person who currently resides in the White House is replaced by a more extreme, fascist-leaning chap with Tea Party affiliations. Several candidates come to mind. Ted Cruz is one. (A pity that he'll never be able to travel abroad; he still believes the 'round earth' theory is so much scientific deception. Those 'photos from space' were filmed in a secret warehouse in the Nevada desert.)

      NSA/CIA violations of the Constitution and their Congressional mandate is really nothing new. J. Edgar and his FBI set the standard many years ago; we're just seeing the extension of that practice. To oppose the NSA/CIA intelligence gathering mission is to weaken America's national security. So reads the Gospel of St. Vigilant.

      Trust US. We're the good guys.

      (* He who has the gold, rules.)

  9. Maharg

    I feel sorry for the CIA and NSA

    According to the Onion, they have only just realised they have been using black highlighters on documents for years…

    1. Gannon (J.) Dick

      Re: I feel sorry for the CIA and NSA

      "they have only just realised they have been using black highlighters on documents for years…"

      Every Parent can sympathize ... but apparently the NSA and the CIA did not even know they had a two year old in the House (let alone 435 of them), a hundred more in the Senate and one in the White House.

      You didn't see Mary Poppins letting the little monsters play with black highlighters, did you ? A spoonful of sugar makes the Laudanum go down, sing it with me ....

  10. John Robson Silver badge

    Why not submit

    Another heavily redacted document with the opposite conclusion at the bottom. Heck you don't even have to write it...

  11. T. F. M. Reader

    "permission to warn people who are under online surveillance"

    isn't that everyone?

  12. RobHib
    Angel

    The US is a country steeped in commerce

    The US is a country steeped in commerce. When the bottom line falls and it's measurably attributable to the NSA then legislators will legislate.

    If they don't then it'll be the first time in history.

  13. mfritz0

    Yea, it's all fine, but let one person spy on them and it's off to war they go!

  14. Thunderbird 2
    Big Brother

    Google et al need not warn you per se, they can instead choose which adverts to display inline with / alongside your mail, and if it was an advert for FB I /CIA / NSA or other TLA i'm sure you'd get the drift.

    1. This post has been deleted by its author

  15. This post has been deleted by its author

  16. Anonymous Coward
    Anonymous Coward

    Bloodbath

    Wow. May you live in interesting times.... The privacy issue is definitely becoming overshadowed by the only thing America truly cares about... the bottom line. The whistle-blowing privacy war has morphed into a hotbed credibility war, with the creditability of US corps now open to question. So Google, Facebook, Yahoo, MS et al are worried that their tech empires are threatened. There'll be some heated conversations going on behind closed doors I imagine.... After all politicians set policy and policy sets NSA behaviour. But Lobby groups set policy too by buying their own politicians. This could lead to a bloodbath...

This topic is closed for new posts.

Other stories you might like