The satirical Onion News Network recently reported on new government funding for that “massive online surveillance program run by the CIA,” known as Facebook — dreamed up by “secret C.I.A. agent Mark Zuckerberg.” The report made light of how much information we’re willing to make available to a third party — information that we would never consider freely handing over to the feds. While funny, the report speaks to serious concerns about privacy. Civil liberties advocates like Christopher Soghoian and Nicholas Merrill worry about the ease with which the government can get access to the digital information we store with third-parties like Facebook, Yahoo!, and Google, as well as to the rich databases that our mobile phone providers have.
Should we call it the Tech.B.I. or the Dot.Com.I.A.?
Critics worry that technology companies are being turned into unofficial intelligence agents with increasing regularity, as law enforcement turns to them for access to our electronic communications and location data. In a new research paper, Chris Soghoian – a privacy advocate and FTC technologist whom I profiled last year – argues that the scope of government surveillance in the digital era is not fully realized, alleging that instances of wiretapping are woefully under-reported and that no official government reports on electronic surveillance currently exist. Companies sometimes do opt to reveal how many requests they get — like AOL telling the New York Times in 2006 that it gets a 1,000 requests per month, and Google creating a page devoted to reporting the numbers of government requests it gets world-wide (the U.S. and Brazil top the list). Soghoian suggests that all big Internet Service Providers should follow Google’s lead and be required to file annual reports on this. (My Forbes colleague, Andy Greenberg, summarizes the paper’s key points here.)
Nick Merrill, meanwhile, used to run one of the tech companies that the government turned to for intel. He had founded Calyx Internet Access in 1994, an Internet Service Provider that served clients ranging from Ikea and Mitsubishi to civil rights groups and nonprofits engaged in controversial political speech. In 2004, an FBI agent (in a trench coat) came to his office with a national security letter asking for 16 pieces of information about one of Calyx’s clients. The letter was accompanied by a gag order, which meant Merrill couldn’t tell anyone about the request.
“I immediately disobeyed the letter and called my lawyer,” says Merrill, 38. He worried about the legitimacy of the national security letter request and thought the agents were actually going after his client because of political speech. Merrill’s lawyer suggested they talk to the ACLU. That was the beginning of a six-year legal battle — the first of its kind to challenge national security letters, and leading to parts of the Patriot Act being ruled unconstitutional. It led Congress to amend the Patriot Act to allow those who receive national security letters to talk to their lawyers and to challenge gag orders, and a settlement that partially released Merrill from his gag order so that he can now talk about some aspects of his case.