2013 06 14 FRB Yahoo Supplied Data to PRISM Only After Losing Scrappy FISA Fight | Threat Level | Wired.com
Yahoo Supplied Data to PRISM Only After Losing Scrappy FISA Fight
Government slide shows that Microsoft was the first to begin supplying data to the PRISM program in 2007, with Yahoo coming into the program the following year. Image: Courtesy of the Washington Post
A newly leaked NSA document shows that Yahoo began supplying data to the spy agency’s PRISM program after failing a legal fight against a court order it considered too broad, according to a news report.
The internet giant tried to push back against the order some time in 2007 or 2008 and lost, thereby ensuring its entry into the so-called PRISM program the NSA has been using to collect data from internet companies, according to a story published by the New York Times.
PRISM is a classified NSA program, recently exposed by the Guardian and Washington Post, that allows the government to collect and manage data obtained from nine internet companies under secret orders issued by the Foreign Intelligence Surveillance Court.
The news sheds some light on how at least one of nine internet companies came to participate in the PRISM program.
According to news stories, each of the internet companies fell in line with the program at separate times over a number of years. It has been unclear until now what led to their inclusion in the program, but the Times story now provides some insight into how it occurred with Yahoo.
A PowerPoint slide published by the Guardian and Washington Post pertaining to PRISM showed that Yahoo began supplying data for the program in March 2008. That occurred, the New York Times asserts, after the company failed a legal fight it mounted against a government request for data.
The Times doesn’t provide much detail about the incident, but the hardy nature of the fight is laid out in a court ruling that until now has remained a bit of a mystery.
On August, 22, 2008, the FISA Court of Review issued an order upholding the ruling to compel Yahoo to cooperate with the order for data. The order was previously published only in redacted form (.pdf), with the petitioner’s name blocked out. But the New York Times has identified the party as Yahoo.
According to the redacted order, it appears that Yahoo first received the warrantless request for data some time in 2007.
It’s not clear the extent of the data the government sought, but the company fought back against it on Fourth Amendment grounds that such a request required a probable-cause warrant and that the surveillance request was too broad and unreasonable and, therefore, violated the Constitution.
Yahoo also felt that warrantless requests placed discretion for data collection “entirely in the hands of the Executive Branch without prior judicial involvement” thereby ceding to the government “overly broad power that invites abuse” and possible errors that would result in scooping up data of U.S. citizens as well.
The request for data initially came under the Protect America Act, legislation passed in the wake of the 9/11 terrorist attacks that allowed the Director of National Intelligence and the Attorney General to authorize “the acquisition of foreign intelligence information concerning persons reasonably believed to be outside the United States” for periods of up to one year, if the acquisition met five criteria.
Among the criteria were that reasonable procedures were in place to ensure that the targeted person was reasonably believed to be located outside the U.S. and that a significant purpose of the collection was to obtain foreign intelligence.
The Protect America Act sunset in February 2008, but was incorporated into the FISA Amendments Act in July that year.
According to the redacted ruling, the request Yahoo received contained “certain protections above and beyond” the five criteria specified under the PAA that included spelling out “additional safeguards to be employed in effecting the [data] acquisitions.”
But apparently Yahoo was unimpressed by the measures the government proposed to undertake.
“The government’s efforts did not impress the petitioner, which refused to comply with the directives,” the judges wrote. The government moved to compel Yahoo to comply, and following “amplitudinous briefing,” the FISA Court granted the motion to compel.
Six days later, Yahoo applied to appeal the decision and requested a stay in data collection pending the appeal. But the FISA Court refused the stay, and Yahoo was forced to comply with the request for data in the meantime “under threat of civil contempt.”
The FISA Court of Review determined that Yahoo had standing to challenge the data request because it “faces an injury in the nature of the burden that it must shoulder to facilitate the government’s surveillances of its customers,” the court determined.
But the court ultimately found that the data request, undertaken for national security reasons, qualified for an exception to the warrant requirement under the Fourth Amendment.
“For one thing, the purpose behind the surveillances ordered pursuant to the directives goes well beyond any garden variety law enforcement objective,” the judges wrote. “It involves the acquisition from overseas foreign agents of foreign intelligence to help protect national security. Moreover, this is the sort of situation in which the government’s interest is particularly intense.”
The court added that there was “a high degree of probability that requiring a warrant would hinder the government’s ability to collect time-sensitive information and, thus, would impede the vital national security interests that are at stake…. Compulsory compliance with the warrant requirement would introduce an element of delay, thus frustrating the government’s ability to collect information in a timely manner.”
As for Yahoo’s concern that the request was too broad and opened the possibility for potential abuse, the judges wrote that, “Notwithstanding the parade of horribles trotted out by the petitioner, it has presented no evidence of any actual harm, any egregious risk of error, or any broad potential for abuse in the circumstances of the instant case.”
The judges called Yahoo’s concerns “little more than a lament about the risk that government officials will not operate in good faith. That sort of risk exists even when a warrant is required….
“The government assures us that it does not maintain a database of incidentally collected information from non-targeted United States persons, and there is no evidence to the contrary,” the judges wrote.
Home Page Photo: Eric Miraglia / Flickr