NSA Forced Tech Companies to Cooperate with Spying

The National Security Agency persuades and coerces U.S. technology companies to comply with its requests for access to encrypted data, according to stories published online yesterday by The New York Times, The Guardian and Pro Publica.

What kind of pressure might be applied to technology companies that won't immediately comply?

Secret court orders and threats of imprisonment have been cited. One top telecommunications executive claimed his conviction on unrelated charges was rigged by the NSA after he refused to cooperate with a surveillance request.

MORE: 7 Ways to Lock Down Your Online Privacy

We'd be happy to help

In most cases, coercion is not necessary. The NSA will first approach a company and ask for voluntary cooperation on the grounds of national security. Many companies agree, though few do so openly.

Only a few examples of voluntary cooperation have arisen. The best known involves "Room 641A" at an AT&T Internet hub in San Francisco.

In 2006, a former AT&T technician came forward to say that the NSA had set up a special room at the facility. All Internet traffic was allegedly "split," with one path routed into NSA-placed and -staffed equipment.

A class-action suit filed against AT&T over Room 641A was dismissed following the passage of the Foreign Intelligence Surveillance Act (FISA) Amendment Act of 2008, which granted retroactive immunity to companies participating in the Bush administration's warrantless wiretapping program.

Other evidence of cooperation is more subtle. Some career military officers with substantial intelligence experience have retired at fairly young ages to take top security-related positions at telecommunications companies.

Let's make it look good

To protect themselves from legal liability under the pre-2008 warrantless wiretapping program, many cooperating companies insisted on a legal paper trail showing that the government had ordered them to do so.

Such may have been the case with Verizon Business Services, the corporate-phone-exchange division of Verizon, which in 2006 began receiving FISA court orders every 90 days compelling the unit to turn over all its call logs to the NSA.

(Because the NSA is generally not allowed to operate on U.S. soil, the court orders take the form of waivers requested by the director of the FBI to allow the NSA to do so in specific cases.)

The most recent of those court orders was the first document from former NSA contractor Edward Snowden that The Guardian revealed on June 6, 2013, beginning a steady stream of NSA leaks that, after three months, shows no signs of slowing.

FISA court orders are secret, and hence companies receiving them cannot even reveal their existence.

MORE: FAQ: What's Going On With These Tapped Verizon Calls?

Do what we say, but don't talk about it

The same blanket secrecy applies to National Security Letters (NSLs), the next step in persuading a reluctant company to cooperate.

NSLs are not court orders, and can be issued by any government agency regarding matters of national security, but can compel provision only of metadata, not the contents. (The FBI is the largest user of NSLs.)

Companies generally can't refuse NSLs, though a few have taken the agencies issuing them to court, mostly over the gag-order aspect that forbids even the existence of the NSL from being disclosed.

A well-publicized case brought by a small Internet service provider (ISP) in 2004 dragged on for years until the gag order was partly lifted in 2010.

A federal judge in San Francisco ruled this past March that the NSL gag-order rule may be contrary to the First Amendment, but stayed implementation of her decision to allow the federal government time to appeal.

Following the initial Snowden revelations in June of this year, Microsoft, Google, Yahoo and Facebook appealed to the government for a relaxation of the gag order covering NSLs and FISA court orders.

The government allowed them to do so on a limited basis, as long as the orders and NSLs were lumped in with other orders and warrants; Google has rejected the provision as too vague, even as it added NSLs to its regular transparency reports in March.

More recently, Ladar Levison, the operator of Lavabit, an encrypted-email service used by Snowden, strongly hinted that an NSL was behind his decision to shut down the service last month.

"I wish that I could legally share with you the events that led to my decision," Levison wrote. "Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests."

Meanwhile, the NSA, under pressure from both the White House and digital-liberties advocates, says it will next month disclose most FISA court orders and NSLs from 2004 to mid-2011.

Director of National Intelligence James Clapper has said the intelligence community will subsequently release similar information on a yearly basis.

MORE: How to Wade Through Spy Agencies' Acronym Soup

Contempt of the NSA

What if you don't want to turn anything over? Hire a team of lawyers.

In 2008, Yahoo challenged the FISA Amendments Act as unconstitutional, but the effort failed.

Google has been very vocal about its opposition to government surveillance — it refused to unlock the Android smartphone used by a convicted pimp for the FBI — but has managed to do so without having any executives locked up.

That wasn't the case with former Qwest Communications chairman and chief executive officer Joseph Nacchio, who claimed his 2007 conviction on insider-trading charges was based on his refusal to cooperate with a warrantless 2001 NSA request to hand over call logs.

Ironically, Nacchio's demand that the NSA take the request to the FISA court, which the NSA found too onerous, was later enshrined into law by the 2008 FISA Amendments Act.

Follow us @tomsguide, on Facebook and on Google+.

This thread is closed for comments