Google In Secret Legal Battle With Feds Over Consumer Data
In 2006, AOL, Microsoft and Yahoo all complied with Bush Administration Justice Department (DOJ) subpoenas to turn over search records — without a fight. The subpoenas were issued pursuant to the Child Online Protection Act of 1998, which the Supreme Court had previously ruled to be unconstitutional. The requests were made anyway, and Google was […]
In 2006, AOL, Microsoft and Yahoo all complied with Bush Administration Justice Department (DOJ) subpoenas to turn over search records — without a fight. The subpoenas were issued pursuant to the Child Online Protection Act of 1998, which the Supreme Court had previously ruled to be unconstitutional. The requests were made anyway, and Google was the only major search engine to resist.
Whether the Bush Administration anti-child porn search subpoenas were a pretext for other types of inquiries we’ll never know. But now, history is repeating itself. This time it’s the Obama Administration seeking Google user data.
Google is fighting the Justice Department in two federal court cases, trying to avoid turning over user data on the basis of so-called National Security Letters (NSLs). NSLs are warrantless requests for information — and their constitutionality is in doubt. But, that hasn’t stopped their increasing use.
News of the Google cases was first reported by CNET on Friday. Also on Friday, in one of the cases, a federal judge in San Francisco ordered Google to comply with the DOJ’s NSL requests. One particularly odious aspect of the process is that it’s effectively illegal for parties to reveal that they’ve been served with an NSL.
As a general matter, NSLs seek to identify individuals and obtain selected records from telephone companies and Internet services providers. (Telcos and ISPs have been immunized by Congress from liability to their users for turning over the data.) CNET does a good job of summarizing what NSLs can access and their history:
NSLs to telecom firms originated with a 1986 law called the Electronic Communications Privacy Act, which permitted them only in relation to an investigation of “an agent of a foreign power.” That once-strict requirement was broadened in 1993 and again by the Patriot Act eight years later . . . .
An inspector general’s report (PDF) found that the FBI made 50,000 NSL requests in 2006, and 97 percent of those included mandatory gag orders. NSLs can demand user profile information, but the law does not permit them to be used to obtain the text of e-mail messages or most log files.
Google has started to include NSLs in its “transparency reports,” even though, as mentioned, recipients aren’t supposed to discuss the fact that they’ve received them.
This case and others like it illustrate the dangers of having so much information online. It’s extremely tempting for the government to simply try and tap into all that information and monitor people and their activities without going through the customary legal process. This has significant implications for individuals and the society as a whole. Think about the FBI’s surveillance of Martin Luther King and John Lennon (among others) in the 1960s, as “subversives.”
Accordingly, it’s not so much Google or Facebook we have to worry about (or their ad targeting), it’s third parties — corporate employers, insurance companies, banks or the US — that can access (by hook or by crook) and abuse the information they collect and maintain.
Google, Facebook, Yahoo and so on are like giant vaults of consumer data that can be “cracked” without warning or, in the case of NSLs, much legal process. While most people would argue that in the US, consumers have little to fear from the government, there are many societies (e.g., China) that readily monitor Internet activity as a way to suppress speech and political dissent.
As the CNET material quoted above makes plain, initiatives that are often justified in a narrow context for legitimate purposes are subject to creeping expansion and thereby subject to potential abuse.
One of our core concerns is that unless people fight for privacy, they will lose it in countries which have no history of concern over privacy. In the Western world, the governments will ultimately figure out a balance between these two: the legitimate use … by the police of this kind of information, and the incorrect use by others. But in many countries, there’s no history of privacy at all, and so the government can go in and essentially create a police state without any protections for citizens, and no one will even notice. And once those systems are in place in those countries, it’ll be difficult to reform them.
Schmidt sees the risk to personal privacy and freedom being much greater in non-democratic societies. However, if people in “the Western world” are complacent or willingly sacrifice “freedom” for security, we may wake up one day in the real-world equivalent of a dystopian novel where the Internet has become a tool of social and political control.
Call me paranoid, but I believe that we’re not that far away from such a reality today.