They can now declare how many National Security Letters and FISA requests they get in increments of 250.
That's absolutely ridiculous. It's no better than not stating at all. They also still can't state if the request is relating to terrorism, or industrial espionage under the guise of alleged crimes. For now foreign companies have to assume the worst.
It's pretty depressing knowing that the United States has one of the best, and most clear constitutions ever written. You can't misinterpret the First Amendment, and yet it's now completely void.
Of course it is, as it allows us to at least determine if "mass" surveillance is going on, as opposed to the "good old-fashioned police work" that everyone here claims to want.
Quoting the nub of it (please note, this is all her, not me):
First, you can sort of see what the government really wants to hide with these schemes. They don’t want you to know if they submit a single NSL or 215 order affecting 1000 customers, which it’s possible might appear without the bands.They don’t want you to see if there’s a provider getting almost no requests (which would be hidden by the initial bands).
And obviously, they don’t want you to know when they bring new capabilities online, in the way they didn’t want users to know they had broken Skype. Though at this point, what kind of half-ased terrorist wouldn’t just assume the NSA has everything?
I think the biggest shell game might arise from the distinction between account (say, my entire Google identity) and selector (my various GMail email addresses, Blogger ID, etc). By permitting reporting on selectors, not users, this could obscure whether a report affects 30 identities of one customer or the accounts of 30 customers. Further, there’s a lot we still don’t know about what FISC might consider a selector (they have, in the past, considered entire telecom switches to be).
"New" companies can be less open with their users?!
Is company defined by it's specific name? If Google snaps up the service, does that make it less new? If my LLC moves to another corporate form, is it "new"?
What can make the six-month delay more delayed? How indefinitely can an investigation that lasts longer than six-months take?
I'm also confused about the and/or status for NSLs, "selectors", and FISA orders.
"Selectors" seems the most specific but the use of "will also be allowed" makes me question whether it's subject to the 250/1000 increment requirements at all.
As it is, people have been circumventing fundamental rights by calling them other names. E.G. "Disclosure" or "Leak" or "Disturbance". I understand the need to prevent certain pieces of information falling into the wrong hands, however a blanket sweep of all activities with the implicit understanding that it's potentially unconstitutional, is a bit much.
>The Justice Department had endorsed the new rules months ago but intelligence officials argued they still revealed too much information. The breakthrough came in recent weeks with a rule requiring new companies to wait two years before publishing data.
> That provision means nobody will know whether the government is eavesdropping on a new email platform or chat service. And itpersuaded intelligence officials to endorse the rules, a U.S. official familiar with the discussions said. The Justice Department proposed the changes to the companies late last week and, by the end of the weekend, they agreed to drop their case before the FISA court.
Does this imply that the two year waiting period (as opposed to 1-year, six month delay) is a new restriction specifically added in for new companies in order to get Microsoft, Google, Yahoo, and Facebook to drop their case?
I don't expect that too many new companies would be eager to report that data, but I'm curious if this is ultimately a win for intelligence officials.
I got the impression the requirement on new companies was to satisfy the Intelligence Community, not the existing tech companies.
The presumable idea being that if a new email/social provider pops up and has, say, a 2,000 subscribers after the end of the first year, saying that there have been <500 NSLs is more individually-specific than saying there were 500-1000 (or whatever) for a site like GMail or Facebook.
That's absolutely ridiculous. It's no better than not stating at all. They also still can't state if the request is relating to terrorism, or industrial espionage under the guise of alleged crimes. For now foreign companies have to assume the worst.
It's pretty depressing knowing that the United States has one of the best, and most clear constitutions ever written. You can't misinterpret the First Amendment, and yet it's now completely void.